From sle-security-updates at lists.suse.com Mon Jan 2 11:22:39 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 2 Jan 2023 12:22:39 +0100 (CET) Subject: SUSE-SU-2023:0002-1: moderate: Security update for sbd Message-ID: <20230102112239.17159FD84@maintenance.suse.de> SUSE Security Update: Security update for sbd ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0002-1 Rating: moderate References: #1180966 #1181400 #1185182 #1204319 Affected Products: SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for sbd fixes the following issues: Update to version 1.5.1+20221128.8ec8e01: - sbd-inquisitor: fail startup if pacemaker integration is disabled while SBD_SYNC_RESOURCE_STARTUP is conflicting (bsc#1204319) - sbd-inquisitor: do not warn about startup syncing if pacemaker integration is even intentionally disabled (bsc#1204319) - sbd-inquisitor: log a warning if SBD_PACEMAKER is overridden by -P or -PP option (bsc#1204319) - sbd-inquisitor: ensure a log info only tells the fact about how SBD_PACEMAKER is set (bsc#1204319) - Added hardened to systemd service(s) (bsc#1181400). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-2=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-2=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): sbd-1.5.1+20221128.8ec8e01-150400.3.3.1 sbd-debuginfo-1.5.1+20221128.8ec8e01-150400.3.3.1 sbd-debugsource-1.5.1+20221128.8ec8e01-150400.3.3.1 sbd-devel-1.5.1+20221128.8ec8e01-150400.3.3.1 sbd-devel-debuginfo-1.5.1+20221128.8ec8e01-150400.3.3.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): sbd-1.5.1+20221128.8ec8e01-150400.3.3.1 sbd-debuginfo-1.5.1+20221128.8ec8e01-150400.3.3.1 sbd-debugsource-1.5.1+20221128.8ec8e01-150400.3.3.1 References: https://bugzilla.suse.com/1180966 https://bugzilla.suse.com/1181400 https://bugzilla.suse.com/1185182 https://bugzilla.suse.com/1204319 From sle-security-updates at lists.suse.com Mon Jan 2 14:21:29 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 2 Jan 2023 15:21:29 +0100 (CET) Subject: SUSE-SU-2023:0008-1: moderate: Security update for ffmpeg-4 Message-ID: <20230102142129.CF51FFD84@maintenance.suse.de> SUSE Security Update: Security update for ffmpeg-4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0008-1 Rating: moderate References: #1206442 Cross-References: CVE-2022-3109 CVSS scores: CVE-2022-3109 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3109 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ffmpeg-4 fixes the following issues: - CVE-2022-3109: Fixed null pointer dereference in vp3_decode_frame() (bsc#1206442). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-8=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-8=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-8=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-8=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ffmpeg-4-4.4-150400.3.8.1 ffmpeg-4-debuginfo-4.4-150400.3.8.1 ffmpeg-4-debugsource-4.4-150400.3.8.1 ffmpeg-4-libavcodec-devel-4.4-150400.3.8.1 ffmpeg-4-libavdevice-devel-4.4-150400.3.8.1 ffmpeg-4-libavfilter-devel-4.4-150400.3.8.1 ffmpeg-4-libavformat-devel-4.4-150400.3.8.1 ffmpeg-4-libavresample-devel-4.4-150400.3.8.1 ffmpeg-4-libavutil-devel-4.4-150400.3.8.1 ffmpeg-4-libpostproc-devel-4.4-150400.3.8.1 ffmpeg-4-libswresample-devel-4.4-150400.3.8.1 ffmpeg-4-libswscale-devel-4.4-150400.3.8.1 ffmpeg-4-private-devel-4.4-150400.3.8.1 libavcodec58_134-4.4-150400.3.8.1 libavcodec58_134-debuginfo-4.4-150400.3.8.1 libavdevice58_13-4.4-150400.3.8.1 libavdevice58_13-debuginfo-4.4-150400.3.8.1 libavfilter7_110-4.4-150400.3.8.1 libavfilter7_110-debuginfo-4.4-150400.3.8.1 libavformat58_76-4.4-150400.3.8.1 libavformat58_76-debuginfo-4.4-150400.3.8.1 libavresample4_0-4.4-150400.3.8.1 libavresample4_0-debuginfo-4.4-150400.3.8.1 libavutil56_70-4.4-150400.3.8.1 libavutil56_70-debuginfo-4.4-150400.3.8.1 libpostproc55_9-4.4-150400.3.8.1 libpostproc55_9-debuginfo-4.4-150400.3.8.1 libswresample3_9-4.4-150400.3.8.1 libswresample3_9-debuginfo-4.4-150400.3.8.1 libswscale5_9-4.4-150400.3.8.1 libswscale5_9-debuginfo-4.4-150400.3.8.1 - openSUSE Leap 15.4 (x86_64): libavcodec58_134-32bit-4.4-150400.3.8.1 libavcodec58_134-32bit-debuginfo-4.4-150400.3.8.1 libavdevice58_13-32bit-4.4-150400.3.8.1 libavdevice58_13-32bit-debuginfo-4.4-150400.3.8.1 libavfilter7_110-32bit-4.4-150400.3.8.1 libavfilter7_110-32bit-debuginfo-4.4-150400.3.8.1 libavformat58_76-32bit-4.4-150400.3.8.1 libavformat58_76-32bit-debuginfo-4.4-150400.3.8.1 libavresample4_0-32bit-4.4-150400.3.8.1 libavresample4_0-32bit-debuginfo-4.4-150400.3.8.1 libavutil56_70-32bit-4.4-150400.3.8.1 libavutil56_70-32bit-debuginfo-4.4-150400.3.8.1 libpostproc55_9-32bit-4.4-150400.3.8.1 libpostproc55_9-32bit-debuginfo-4.4-150400.3.8.1 libswresample3_9-32bit-4.4-150400.3.8.1 libswresample3_9-32bit-debuginfo-4.4-150400.3.8.1 libswscale5_9-32bit-4.4-150400.3.8.1 libswscale5_9-32bit-debuginfo-4.4-150400.3.8.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): ffmpeg-4-debuginfo-4.4-150400.3.8.1 ffmpeg-4-debugsource-4.4-150400.3.8.1 libavformat58_76-4.4-150400.3.8.1 libavformat58_76-debuginfo-4.4-150400.3.8.1 libswscale5_9-4.4-150400.3.8.1 libswscale5_9-debuginfo-4.4-150400.3.8.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): ffmpeg-4-debuginfo-4.4-150400.3.8.1 ffmpeg-4-debugsource-4.4-150400.3.8.1 libavformat58_76-4.4-150400.3.8.1 libavformat58_76-debuginfo-4.4-150400.3.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): ffmpeg-4-debuginfo-4.4-150400.3.8.1 ffmpeg-4-debugsource-4.4-150400.3.8.1 libavcodec58_134-4.4-150400.3.8.1 libavcodec58_134-debuginfo-4.4-150400.3.8.1 libavutil56_70-4.4-150400.3.8.1 libavutil56_70-debuginfo-4.4-150400.3.8.1 libswresample3_9-4.4-150400.3.8.1 libswresample3_9-debuginfo-4.4-150400.3.8.1 References: https://www.suse.com/security/cve/CVE-2022-3109.html https://bugzilla.suse.com/1206442 From sle-security-updates at lists.suse.com Mon Jan 2 14:22:35 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 2 Jan 2023 15:22:35 +0100 (CET) Subject: SUSE-SU-2023:0005-1: important: Security update for ffmpeg Message-ID: <20230102142235.93BA1FD84@maintenance.suse.de> SUSE Security Update: Security update for ffmpeg ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0005-1 Rating: important References: #1186756 #1186761 #1187852 #1189166 #1190718 #1190719 #1190722 #1190723 #1190726 #1190729 #1190733 #1190734 #1190735 #1206442 Cross-References: CVE-2020-20891 CVE-2020-20892 CVE-2020-20895 CVE-2020-20896 CVE-2020-20899 CVE-2020-20902 CVE-2020-22037 CVE-2020-22042 CVE-2020-35965 CVE-2021-3566 CVE-2021-38092 CVE-2021-38093 CVE-2021-38094 CVE-2022-3109 CVSS scores: CVE-2020-20891 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-20891 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-20892 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-20892 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-20895 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-20896 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-20896 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-20899 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-20902 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2020-20902 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22037 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22037 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22042 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-22042 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-35965 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-35965 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3566 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-3566 (SUSE): 4.4 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N CVE-2021-38092 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38092 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-38093 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38093 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-38094 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38094 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3109 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3109 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for ffmpeg fixes the following issues: - CVE-2022-3109: Fixed null pointer dereference in vp3_decode_frame() (bsc#1206442). - CVE-2020-22042: Fixed a denial of service vulnerability led by a memory leak in the link_filter_inouts function in libavfilter/graphparser.c. (bsc#1186761) - CVE-2021-38094: Fixed an integer overflow vulnerability in function filter_sobel in libavfilter/vf_convolution.c (bsc#1190735). - CVE-2021-38093: Fixed an integer Overflow vulnerability in function filter_robert in libavfilter/vf_convolution.c (bsc#1190734). - CVE-2021-38092: Fixed an Integer Overflow vulnerability in function filter_prewitt in libavfilter/vf_convolution.c (bsc#1190733). - CVE-2020-22037: Fixed a denial of service vulnerability due to a memory leak in avcodec_alloc_context3 at options.c (bsc#1186756). - CVE-2021-3566: Fixed an exposure of sensitive information on ffmpeg version prior to 4.3 (bsc#1189166). - CVE-2020-35965: Fixed an out-of-bounds write in decode_frame in libavcodec/exr.c (bsc#1187852). - CVE-2020-20892: Fixed a division by zero in function filter_frame in libavfilter/vf_lenscorrection.c (bsc#1190719). - CVE-2020-20891: Fixed a buffer overflow vulnerability in function config_input in libavfilter/vf_gblur.c (bsc#1190718). - CVE-2020-20895: Fixed a buffer overflow vulnerability in function filter_vertically_##name in libavfilter/vf_avgblur.c (bsc#1190722). - CVE-2020-20896: Fixed a NULL pointer dereference in function latm_write_packet in libavformat/latmenc.c (bsc#1190723). - CVE-2020-20899: Fixed a buffer overflow vulnerability in function config_props in libavfilter/vf_bwdif.c (bsc#1190726). - CVE-2020-20902: Fixed an out-of-bounds read vulnerability in long_term_filter function in g729postfilter.c (bsc#1190729). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-5=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2023-5=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-5=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2023-5=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2023-5=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-5=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2023-5=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2023-5=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2023-5=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-5=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): ffmpeg-debuginfo-3.4.2-150000.4.44.1 ffmpeg-debugsource-3.4.2-150000.4.44.1 libavcodec-devel-3.4.2-150000.4.44.1 libavcodec57-3.4.2-150000.4.44.1 libavcodec57-debuginfo-3.4.2-150000.4.44.1 libavdevice-devel-3.4.2-150000.4.44.1 libavdevice57-3.4.2-150000.4.44.1 libavdevice57-debuginfo-3.4.2-150000.4.44.1 libavfilter-devel-3.4.2-150000.4.44.1 libavfilter6-3.4.2-150000.4.44.1 libavfilter6-debuginfo-3.4.2-150000.4.44.1 libavformat-devel-3.4.2-150000.4.44.1 libavformat57-3.4.2-150000.4.44.1 libavformat57-debuginfo-3.4.2-150000.4.44.1 libavresample-devel-3.4.2-150000.4.44.1 libavresample3-3.4.2-150000.4.44.1 libavresample3-debuginfo-3.4.2-150000.4.44.1 libavutil-devel-3.4.2-150000.4.44.1 libavutil55-3.4.2-150000.4.44.1 libavutil55-debuginfo-3.4.2-150000.4.44.1 libpostproc-devel-3.4.2-150000.4.44.1 libpostproc54-3.4.2-150000.4.44.1 libpostproc54-debuginfo-3.4.2-150000.4.44.1 libswresample-devel-3.4.2-150000.4.44.1 libswresample2-3.4.2-150000.4.44.1 libswresample2-debuginfo-3.4.2-150000.4.44.1 libswscale-devel-3.4.2-150000.4.44.1 libswscale4-3.4.2-150000.4.44.1 libswscale4-debuginfo-3.4.2-150000.4.44.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libavcodec57-32bit-3.4.2-150000.4.44.1 libavcodec57-32bit-debuginfo-3.4.2-150000.4.44.1 libavdevice57-32bit-3.4.2-150000.4.44.1 libavdevice57-32bit-debuginfo-3.4.2-150000.4.44.1 libavfilter6-32bit-3.4.2-150000.4.44.1 libavfilter6-32bit-debuginfo-3.4.2-150000.4.44.1 libavformat57-32bit-3.4.2-150000.4.44.1 libavformat57-32bit-debuginfo-3.4.2-150000.4.44.1 libavresample3-32bit-3.4.2-150000.4.44.1 libavresample3-32bit-debuginfo-3.4.2-150000.4.44.1 libavutil55-32bit-3.4.2-150000.4.44.1 libavutil55-32bit-debuginfo-3.4.2-150000.4.44.1 libpostproc54-32bit-3.4.2-150000.4.44.1 libpostproc54-32bit-debuginfo-3.4.2-150000.4.44.1 libswresample2-32bit-3.4.2-150000.4.44.1 libswresample2-32bit-debuginfo-3.4.2-150000.4.44.1 libswscale4-32bit-3.4.2-150000.4.44.1 libswscale4-32bit-debuginfo-3.4.2-150000.4.44.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): ffmpeg-debuginfo-3.4.2-150000.4.44.1 ffmpeg-debugsource-3.4.2-150000.4.44.1 libavcodec-devel-3.4.2-150000.4.44.1 libavcodec57-3.4.2-150000.4.44.1 libavcodec57-debuginfo-3.4.2-150000.4.44.1 libavdevice-devel-3.4.2-150000.4.44.1 libavdevice57-3.4.2-150000.4.44.1 libavdevice57-debuginfo-3.4.2-150000.4.44.1 libavfilter-devel-3.4.2-150000.4.44.1 libavfilter6-3.4.2-150000.4.44.1 libavfilter6-debuginfo-3.4.2-150000.4.44.1 libavformat-devel-3.4.2-150000.4.44.1 libavformat57-3.4.2-150000.4.44.1 libavformat57-debuginfo-3.4.2-150000.4.44.1 libavresample-devel-3.4.2-150000.4.44.1 libavresample3-3.4.2-150000.4.44.1 libavresample3-debuginfo-3.4.2-150000.4.44.1 libavutil-devel-3.4.2-150000.4.44.1 libavutil55-3.4.2-150000.4.44.1 libavutil55-debuginfo-3.4.2-150000.4.44.1 libpostproc-devel-3.4.2-150000.4.44.1 libpostproc54-3.4.2-150000.4.44.1 libpostproc54-debuginfo-3.4.2-150000.4.44.1 libswresample-devel-3.4.2-150000.4.44.1 libswresample2-3.4.2-150000.4.44.1 libswresample2-debuginfo-3.4.2-150000.4.44.1 libswscale-devel-3.4.2-150000.4.44.1 libswscale4-3.4.2-150000.4.44.1 libswscale4-debuginfo-3.4.2-150000.4.44.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libavcodec57-32bit-3.4.2-150000.4.44.1 libavcodec57-32bit-debuginfo-3.4.2-150000.4.44.1 libavdevice57-32bit-3.4.2-150000.4.44.1 libavdevice57-32bit-debuginfo-3.4.2-150000.4.44.1 libavfilter6-32bit-3.4.2-150000.4.44.1 libavfilter6-32bit-debuginfo-3.4.2-150000.4.44.1 libavformat57-32bit-3.4.2-150000.4.44.1 libavformat57-32bit-debuginfo-3.4.2-150000.4.44.1 libavresample3-32bit-3.4.2-150000.4.44.1 libavresample3-32bit-debuginfo-3.4.2-150000.4.44.1 libavutil55-32bit-3.4.2-150000.4.44.1 libavutil55-32bit-debuginfo-3.4.2-150000.4.44.1 libpostproc54-32bit-3.4.2-150000.4.44.1 libpostproc54-32bit-debuginfo-3.4.2-150000.4.44.1 libswresample2-32bit-3.4.2-150000.4.44.1 libswresample2-32bit-debuginfo-3.4.2-150000.4.44.1 libswscale4-32bit-3.4.2-150000.4.44.1 libswscale4-32bit-debuginfo-3.4.2-150000.4.44.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): ffmpeg-debuginfo-3.4.2-150000.4.44.1 ffmpeg-debugsource-3.4.2-150000.4.44.1 libavcodec-devel-3.4.2-150000.4.44.1 libavcodec57-3.4.2-150000.4.44.1 libavcodec57-debuginfo-3.4.2-150000.4.44.1 libavdevice-devel-3.4.2-150000.4.44.1 libavdevice57-3.4.2-150000.4.44.1 libavdevice57-debuginfo-3.4.2-150000.4.44.1 libavfilter-devel-3.4.2-150000.4.44.1 libavfilter6-3.4.2-150000.4.44.1 libavfilter6-debuginfo-3.4.2-150000.4.44.1 libavformat-devel-3.4.2-150000.4.44.1 libavformat57-3.4.2-150000.4.44.1 libavformat57-debuginfo-3.4.2-150000.4.44.1 libavresample-devel-3.4.2-150000.4.44.1 libavresample3-3.4.2-150000.4.44.1 libavresample3-debuginfo-3.4.2-150000.4.44.1 libavutil-devel-3.4.2-150000.4.44.1 libavutil55-3.4.2-150000.4.44.1 libavutil55-debuginfo-3.4.2-150000.4.44.1 libpostproc-devel-3.4.2-150000.4.44.1 libpostproc54-3.4.2-150000.4.44.1 libpostproc54-debuginfo-3.4.2-150000.4.44.1 libswresample-devel-3.4.2-150000.4.44.1 libswresample2-3.4.2-150000.4.44.1 libswresample2-debuginfo-3.4.2-150000.4.44.1 libswscale-devel-3.4.2-150000.4.44.1 libswscale4-3.4.2-150000.4.44.1 libswscale4-debuginfo-3.4.2-150000.4.44.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libavcodec57-32bit-3.4.2-150000.4.44.1 libavcodec57-32bit-debuginfo-3.4.2-150000.4.44.1 libavdevice57-32bit-3.4.2-150000.4.44.1 libavdevice57-32bit-debuginfo-3.4.2-150000.4.44.1 libavfilter6-32bit-3.4.2-150000.4.44.1 libavfilter6-32bit-debuginfo-3.4.2-150000.4.44.1 libavformat57-32bit-3.4.2-150000.4.44.1 libavformat57-32bit-debuginfo-3.4.2-150000.4.44.1 libavresample3-32bit-3.4.2-150000.4.44.1 libavresample3-32bit-debuginfo-3.4.2-150000.4.44.1 libavutil55-32bit-3.4.2-150000.4.44.1 libavutil55-32bit-debuginfo-3.4.2-150000.4.44.1 libpostproc54-32bit-3.4.2-150000.4.44.1 libpostproc54-32bit-debuginfo-3.4.2-150000.4.44.1 libswresample2-32bit-3.4.2-150000.4.44.1 libswresample2-32bit-debuginfo-3.4.2-150000.4.44.1 libswscale4-32bit-3.4.2-150000.4.44.1 libswscale4-32bit-debuginfo-3.4.2-150000.4.44.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): ffmpeg-debuginfo-3.4.2-150000.4.44.1 ffmpeg-debugsource-3.4.2-150000.4.44.1 libavcodec-devel-3.4.2-150000.4.44.1 libavcodec57-3.4.2-150000.4.44.1 libavcodec57-32bit-3.4.2-150000.4.44.1 libavcodec57-32bit-debuginfo-3.4.2-150000.4.44.1 libavcodec57-debuginfo-3.4.2-150000.4.44.1 libavdevice-devel-3.4.2-150000.4.44.1 libavdevice57-3.4.2-150000.4.44.1 libavdevice57-32bit-3.4.2-150000.4.44.1 libavdevice57-32bit-debuginfo-3.4.2-150000.4.44.1 libavdevice57-debuginfo-3.4.2-150000.4.44.1 libavfilter-devel-3.4.2-150000.4.44.1 libavfilter6-3.4.2-150000.4.44.1 libavfilter6-32bit-3.4.2-150000.4.44.1 libavfilter6-32bit-debuginfo-3.4.2-150000.4.44.1 libavfilter6-debuginfo-3.4.2-150000.4.44.1 libavformat-devel-3.4.2-150000.4.44.1 libavformat57-3.4.2-150000.4.44.1 libavformat57-32bit-3.4.2-150000.4.44.1 libavformat57-32bit-debuginfo-3.4.2-150000.4.44.1 libavformat57-debuginfo-3.4.2-150000.4.44.1 libavresample-devel-3.4.2-150000.4.44.1 libavresample3-3.4.2-150000.4.44.1 libavresample3-32bit-3.4.2-150000.4.44.1 libavresample3-32bit-debuginfo-3.4.2-150000.4.44.1 libavresample3-debuginfo-3.4.2-150000.4.44.1 libavutil-devel-3.4.2-150000.4.44.1 libavutil55-3.4.2-150000.4.44.1 libavutil55-32bit-3.4.2-150000.4.44.1 libavutil55-32bit-debuginfo-3.4.2-150000.4.44.1 libavutil55-debuginfo-3.4.2-150000.4.44.1 libpostproc-devel-3.4.2-150000.4.44.1 libpostproc54-3.4.2-150000.4.44.1 libpostproc54-32bit-3.4.2-150000.4.44.1 libpostproc54-32bit-debuginfo-3.4.2-150000.4.44.1 libpostproc54-debuginfo-3.4.2-150000.4.44.1 libswresample-devel-3.4.2-150000.4.44.1 libswresample2-3.4.2-150000.4.44.1 libswresample2-32bit-3.4.2-150000.4.44.1 libswresample2-32bit-debuginfo-3.4.2-150000.4.44.1 libswresample2-debuginfo-3.4.2-150000.4.44.1 libswscale-devel-3.4.2-150000.4.44.1 libswscale4-3.4.2-150000.4.44.1 libswscale4-32bit-3.4.2-150000.4.44.1 libswscale4-32bit-debuginfo-3.4.2-150000.4.44.1 libswscale4-debuginfo-3.4.2-150000.4.44.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): ffmpeg-debuginfo-3.4.2-150000.4.44.1 ffmpeg-debugsource-3.4.2-150000.4.44.1 libavcodec-devel-3.4.2-150000.4.44.1 libavcodec57-3.4.2-150000.4.44.1 libavcodec57-debuginfo-3.4.2-150000.4.44.1 libavdevice-devel-3.4.2-150000.4.44.1 libavdevice57-3.4.2-150000.4.44.1 libavdevice57-debuginfo-3.4.2-150000.4.44.1 libavfilter-devel-3.4.2-150000.4.44.1 libavfilter6-3.4.2-150000.4.44.1 libavfilter6-debuginfo-3.4.2-150000.4.44.1 libavformat-devel-3.4.2-150000.4.44.1 libavformat57-3.4.2-150000.4.44.1 libavformat57-debuginfo-3.4.2-150000.4.44.1 libavresample-devel-3.4.2-150000.4.44.1 libavresample3-3.4.2-150000.4.44.1 libavresample3-debuginfo-3.4.2-150000.4.44.1 libavutil-devel-3.4.2-150000.4.44.1 libavutil55-3.4.2-150000.4.44.1 libavutil55-debuginfo-3.4.2-150000.4.44.1 libpostproc-devel-3.4.2-150000.4.44.1 libpostproc54-3.4.2-150000.4.44.1 libpostproc54-debuginfo-3.4.2-150000.4.44.1 libswresample-devel-3.4.2-150000.4.44.1 libswresample2-3.4.2-150000.4.44.1 libswresample2-debuginfo-3.4.2-150000.4.44.1 libswscale-devel-3.4.2-150000.4.44.1 libswscale4-3.4.2-150000.4.44.1 libswscale4-debuginfo-3.4.2-150000.4.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): ffmpeg-debuginfo-3.4.2-150000.4.44.1 ffmpeg-debugsource-3.4.2-150000.4.44.1 libavcodec-devel-3.4.2-150000.4.44.1 libavcodec57-3.4.2-150000.4.44.1 libavcodec57-debuginfo-3.4.2-150000.4.44.1 libavdevice-devel-3.4.2-150000.4.44.1 libavdevice57-3.4.2-150000.4.44.1 libavdevice57-debuginfo-3.4.2-150000.4.44.1 libavfilter-devel-3.4.2-150000.4.44.1 libavfilter6-3.4.2-150000.4.44.1 libavfilter6-debuginfo-3.4.2-150000.4.44.1 libavformat-devel-3.4.2-150000.4.44.1 libavformat57-3.4.2-150000.4.44.1 libavformat57-debuginfo-3.4.2-150000.4.44.1 libavresample-devel-3.4.2-150000.4.44.1 libavresample3-3.4.2-150000.4.44.1 libavresample3-debuginfo-3.4.2-150000.4.44.1 libavutil-devel-3.4.2-150000.4.44.1 libavutil55-3.4.2-150000.4.44.1 libavutil55-debuginfo-3.4.2-150000.4.44.1 libpostproc-devel-3.4.2-150000.4.44.1 libpostproc54-3.4.2-150000.4.44.1 libpostproc54-debuginfo-3.4.2-150000.4.44.1 libswresample-devel-3.4.2-150000.4.44.1 libswresample2-3.4.2-150000.4.44.1 libswresample2-debuginfo-3.4.2-150000.4.44.1 libswscale-devel-3.4.2-150000.4.44.1 libswscale4-3.4.2-150000.4.44.1 libswscale4-debuginfo-3.4.2-150000.4.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libavcodec57-32bit-3.4.2-150000.4.44.1 libavcodec57-32bit-debuginfo-3.4.2-150000.4.44.1 libavdevice57-32bit-3.4.2-150000.4.44.1 libavdevice57-32bit-debuginfo-3.4.2-150000.4.44.1 libavfilter6-32bit-3.4.2-150000.4.44.1 libavfilter6-32bit-debuginfo-3.4.2-150000.4.44.1 libavformat57-32bit-3.4.2-150000.4.44.1 libavformat57-32bit-debuginfo-3.4.2-150000.4.44.1 libavresample3-32bit-3.4.2-150000.4.44.1 libavresample3-32bit-debuginfo-3.4.2-150000.4.44.1 libavutil55-32bit-3.4.2-150000.4.44.1 libavutil55-32bit-debuginfo-3.4.2-150000.4.44.1 libpostproc54-32bit-3.4.2-150000.4.44.1 libpostproc54-32bit-debuginfo-3.4.2-150000.4.44.1 libswresample2-32bit-3.4.2-150000.4.44.1 libswresample2-32bit-debuginfo-3.4.2-150000.4.44.1 libswscale4-32bit-3.4.2-150000.4.44.1 libswscale4-32bit-debuginfo-3.4.2-150000.4.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): ffmpeg-debuginfo-3.4.2-150000.4.44.1 ffmpeg-debugsource-3.4.2-150000.4.44.1 libavcodec-devel-3.4.2-150000.4.44.1 libavcodec57-3.4.2-150000.4.44.1 libavcodec57-debuginfo-3.4.2-150000.4.44.1 libavdevice-devel-3.4.2-150000.4.44.1 libavdevice57-3.4.2-150000.4.44.1 libavdevice57-debuginfo-3.4.2-150000.4.44.1 libavfilter-devel-3.4.2-150000.4.44.1 libavfilter6-3.4.2-150000.4.44.1 libavfilter6-debuginfo-3.4.2-150000.4.44.1 libavformat-devel-3.4.2-150000.4.44.1 libavformat57-3.4.2-150000.4.44.1 libavformat57-debuginfo-3.4.2-150000.4.44.1 libavresample-devel-3.4.2-150000.4.44.1 libavresample3-3.4.2-150000.4.44.1 libavresample3-debuginfo-3.4.2-150000.4.44.1 libavutil-devel-3.4.2-150000.4.44.1 libavutil55-3.4.2-150000.4.44.1 libavutil55-debuginfo-3.4.2-150000.4.44.1 libpostproc-devel-3.4.2-150000.4.44.1 libpostproc54-3.4.2-150000.4.44.1 libpostproc54-debuginfo-3.4.2-150000.4.44.1 libswresample-devel-3.4.2-150000.4.44.1 libswresample2-3.4.2-150000.4.44.1 libswresample2-debuginfo-3.4.2-150000.4.44.1 libswscale-devel-3.4.2-150000.4.44.1 libswscale4-3.4.2-150000.4.44.1 libswscale4-debuginfo-3.4.2-150000.4.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libavcodec57-32bit-3.4.2-150000.4.44.1 libavcodec57-32bit-debuginfo-3.4.2-150000.4.44.1 libavdevice57-32bit-3.4.2-150000.4.44.1 libavdevice57-32bit-debuginfo-3.4.2-150000.4.44.1 libavfilter6-32bit-3.4.2-150000.4.44.1 libavfilter6-32bit-debuginfo-3.4.2-150000.4.44.1 libavformat57-32bit-3.4.2-150000.4.44.1 libavformat57-32bit-debuginfo-3.4.2-150000.4.44.1 libavresample3-32bit-3.4.2-150000.4.44.1 libavresample3-32bit-debuginfo-3.4.2-150000.4.44.1 libavutil55-32bit-3.4.2-150000.4.44.1 libavutil55-32bit-debuginfo-3.4.2-150000.4.44.1 libpostproc54-32bit-3.4.2-150000.4.44.1 libpostproc54-32bit-debuginfo-3.4.2-150000.4.44.1 libswresample2-32bit-3.4.2-150000.4.44.1 libswresample2-32bit-debuginfo-3.4.2-150000.4.44.1 libswscale4-32bit-3.4.2-150000.4.44.1 libswscale4-32bit-debuginfo-3.4.2-150000.4.44.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): ffmpeg-debuginfo-3.4.2-150000.4.44.1 ffmpeg-debugsource-3.4.2-150000.4.44.1 libavcodec-devel-3.4.2-150000.4.44.1 libavcodec57-3.4.2-150000.4.44.1 libavcodec57-debuginfo-3.4.2-150000.4.44.1 libavdevice-devel-3.4.2-150000.4.44.1 libavdevice57-3.4.2-150000.4.44.1 libavdevice57-debuginfo-3.4.2-150000.4.44.1 libavfilter-devel-3.4.2-150000.4.44.1 libavfilter6-3.4.2-150000.4.44.1 libavfilter6-debuginfo-3.4.2-150000.4.44.1 libavformat-devel-3.4.2-150000.4.44.1 libavformat57-3.4.2-150000.4.44.1 libavformat57-debuginfo-3.4.2-150000.4.44.1 libavresample-devel-3.4.2-150000.4.44.1 libavresample3-3.4.2-150000.4.44.1 libavresample3-debuginfo-3.4.2-150000.4.44.1 libavutil-devel-3.4.2-150000.4.44.1 libavutil55-3.4.2-150000.4.44.1 libavutil55-debuginfo-3.4.2-150000.4.44.1 libpostproc-devel-3.4.2-150000.4.44.1 libpostproc54-3.4.2-150000.4.44.1 libpostproc54-debuginfo-3.4.2-150000.4.44.1 libswresample-devel-3.4.2-150000.4.44.1 libswresample2-3.4.2-150000.4.44.1 libswresample2-debuginfo-3.4.2-150000.4.44.1 libswscale-devel-3.4.2-150000.4.44.1 libswscale4-3.4.2-150000.4.44.1 libswscale4-debuginfo-3.4.2-150000.4.44.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libavcodec57-32bit-3.4.2-150000.4.44.1 libavcodec57-32bit-debuginfo-3.4.2-150000.4.44.1 libavdevice57-32bit-3.4.2-150000.4.44.1 libavdevice57-32bit-debuginfo-3.4.2-150000.4.44.1 libavfilter6-32bit-3.4.2-150000.4.44.1 libavfilter6-32bit-debuginfo-3.4.2-150000.4.44.1 libavformat57-32bit-3.4.2-150000.4.44.1 libavformat57-32bit-debuginfo-3.4.2-150000.4.44.1 libavresample3-32bit-3.4.2-150000.4.44.1 libavresample3-32bit-debuginfo-3.4.2-150000.4.44.1 libavutil55-32bit-3.4.2-150000.4.44.1 libavutil55-32bit-debuginfo-3.4.2-150000.4.44.1 libpostproc54-32bit-3.4.2-150000.4.44.1 libpostproc54-32bit-debuginfo-3.4.2-150000.4.44.1 libswresample2-32bit-3.4.2-150000.4.44.1 libswresample2-32bit-debuginfo-3.4.2-150000.4.44.1 libswscale4-32bit-3.4.2-150000.4.44.1 libswscale4-32bit-debuginfo-3.4.2-150000.4.44.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): ffmpeg-debuginfo-3.4.2-150000.4.44.1 ffmpeg-debugsource-3.4.2-150000.4.44.1 libavcodec-devel-3.4.2-150000.4.44.1 libavcodec57-3.4.2-150000.4.44.1 libavcodec57-debuginfo-3.4.2-150000.4.44.1 libavdevice-devel-3.4.2-150000.4.44.1 libavdevice57-3.4.2-150000.4.44.1 libavdevice57-debuginfo-3.4.2-150000.4.44.1 libavfilter-devel-3.4.2-150000.4.44.1 libavfilter6-3.4.2-150000.4.44.1 libavfilter6-debuginfo-3.4.2-150000.4.44.1 libavformat-devel-3.4.2-150000.4.44.1 libavformat57-3.4.2-150000.4.44.1 libavformat57-debuginfo-3.4.2-150000.4.44.1 libavresample-devel-3.4.2-150000.4.44.1 libavresample3-3.4.2-150000.4.44.1 libavresample3-debuginfo-3.4.2-150000.4.44.1 libavutil-devel-3.4.2-150000.4.44.1 libavutil55-3.4.2-150000.4.44.1 libavutil55-debuginfo-3.4.2-150000.4.44.1 libpostproc-devel-3.4.2-150000.4.44.1 libpostproc54-3.4.2-150000.4.44.1 libpostproc54-debuginfo-3.4.2-150000.4.44.1 libswresample-devel-3.4.2-150000.4.44.1 libswresample2-3.4.2-150000.4.44.1 libswresample2-debuginfo-3.4.2-150000.4.44.1 libswscale-devel-3.4.2-150000.4.44.1 libswscale4-3.4.2-150000.4.44.1 libswscale4-debuginfo-3.4.2-150000.4.44.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libavcodec57-32bit-3.4.2-150000.4.44.1 libavcodec57-32bit-debuginfo-3.4.2-150000.4.44.1 libavdevice57-32bit-3.4.2-150000.4.44.1 libavdevice57-32bit-debuginfo-3.4.2-150000.4.44.1 libavfilter6-32bit-3.4.2-150000.4.44.1 libavfilter6-32bit-debuginfo-3.4.2-150000.4.44.1 libavformat57-32bit-3.4.2-150000.4.44.1 libavformat57-32bit-debuginfo-3.4.2-150000.4.44.1 libavresample3-32bit-3.4.2-150000.4.44.1 libavresample3-32bit-debuginfo-3.4.2-150000.4.44.1 libavutil55-32bit-3.4.2-150000.4.44.1 libavutil55-32bit-debuginfo-3.4.2-150000.4.44.1 libpostproc54-32bit-3.4.2-150000.4.44.1 libpostproc54-32bit-debuginfo-3.4.2-150000.4.44.1 libswresample2-32bit-3.4.2-150000.4.44.1 libswresample2-32bit-debuginfo-3.4.2-150000.4.44.1 libswscale4-32bit-3.4.2-150000.4.44.1 libswscale4-32bit-debuginfo-3.4.2-150000.4.44.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): ffmpeg-debuginfo-3.4.2-150000.4.44.1 ffmpeg-debugsource-3.4.2-150000.4.44.1 libavcodec-devel-3.4.2-150000.4.44.1 libavcodec57-3.4.2-150000.4.44.1 libavcodec57-debuginfo-3.4.2-150000.4.44.1 libavdevice-devel-3.4.2-150000.4.44.1 libavdevice57-3.4.2-150000.4.44.1 libavdevice57-debuginfo-3.4.2-150000.4.44.1 libavfilter-devel-3.4.2-150000.4.44.1 libavfilter6-3.4.2-150000.4.44.1 libavfilter6-debuginfo-3.4.2-150000.4.44.1 libavformat-devel-3.4.2-150000.4.44.1 libavformat57-3.4.2-150000.4.44.1 libavformat57-debuginfo-3.4.2-150000.4.44.1 libavresample-devel-3.4.2-150000.4.44.1 libavresample3-3.4.2-150000.4.44.1 libavresample3-debuginfo-3.4.2-150000.4.44.1 libavutil-devel-3.4.2-150000.4.44.1 libavutil55-3.4.2-150000.4.44.1 libavutil55-debuginfo-3.4.2-150000.4.44.1 libpostproc-devel-3.4.2-150000.4.44.1 libpostproc54-3.4.2-150000.4.44.1 libpostproc54-debuginfo-3.4.2-150000.4.44.1 libswresample-devel-3.4.2-150000.4.44.1 libswresample2-3.4.2-150000.4.44.1 libswresample2-debuginfo-3.4.2-150000.4.44.1 libswscale-devel-3.4.2-150000.4.44.1 libswscale4-3.4.2-150000.4.44.1 libswscale4-debuginfo-3.4.2-150000.4.44.1 - SUSE Enterprise Storage 6 (x86_64): libavcodec57-32bit-3.4.2-150000.4.44.1 libavcodec57-32bit-debuginfo-3.4.2-150000.4.44.1 libavdevice57-32bit-3.4.2-150000.4.44.1 libavdevice57-32bit-debuginfo-3.4.2-150000.4.44.1 libavfilter6-32bit-3.4.2-150000.4.44.1 libavfilter6-32bit-debuginfo-3.4.2-150000.4.44.1 libavformat57-32bit-3.4.2-150000.4.44.1 libavformat57-32bit-debuginfo-3.4.2-150000.4.44.1 libavresample3-32bit-3.4.2-150000.4.44.1 libavresample3-32bit-debuginfo-3.4.2-150000.4.44.1 libavutil55-32bit-3.4.2-150000.4.44.1 libavutil55-32bit-debuginfo-3.4.2-150000.4.44.1 libpostproc54-32bit-3.4.2-150000.4.44.1 libpostproc54-32bit-debuginfo-3.4.2-150000.4.44.1 libswresample2-32bit-3.4.2-150000.4.44.1 libswresample2-32bit-debuginfo-3.4.2-150000.4.44.1 libswscale4-32bit-3.4.2-150000.4.44.1 libswscale4-32bit-debuginfo-3.4.2-150000.4.44.1 - SUSE CaaS Platform 4.0 (x86_64): ffmpeg-debuginfo-3.4.2-150000.4.44.1 ffmpeg-debugsource-3.4.2-150000.4.44.1 libavcodec-devel-3.4.2-150000.4.44.1 libavcodec57-3.4.2-150000.4.44.1 libavcodec57-32bit-3.4.2-150000.4.44.1 libavcodec57-32bit-debuginfo-3.4.2-150000.4.44.1 libavcodec57-debuginfo-3.4.2-150000.4.44.1 libavdevice-devel-3.4.2-150000.4.44.1 libavdevice57-3.4.2-150000.4.44.1 libavdevice57-32bit-3.4.2-150000.4.44.1 libavdevice57-32bit-debuginfo-3.4.2-150000.4.44.1 libavdevice57-debuginfo-3.4.2-150000.4.44.1 libavfilter-devel-3.4.2-150000.4.44.1 libavfilter6-3.4.2-150000.4.44.1 libavfilter6-32bit-3.4.2-150000.4.44.1 libavfilter6-32bit-debuginfo-3.4.2-150000.4.44.1 libavfilter6-debuginfo-3.4.2-150000.4.44.1 libavformat-devel-3.4.2-150000.4.44.1 libavformat57-3.4.2-150000.4.44.1 libavformat57-32bit-3.4.2-150000.4.44.1 libavformat57-32bit-debuginfo-3.4.2-150000.4.44.1 libavformat57-debuginfo-3.4.2-150000.4.44.1 libavresample-devel-3.4.2-150000.4.44.1 libavresample3-3.4.2-150000.4.44.1 libavresample3-32bit-3.4.2-150000.4.44.1 libavresample3-32bit-debuginfo-3.4.2-150000.4.44.1 libavresample3-debuginfo-3.4.2-150000.4.44.1 libavutil-devel-3.4.2-150000.4.44.1 libavutil55-3.4.2-150000.4.44.1 libavutil55-32bit-3.4.2-150000.4.44.1 libavutil55-32bit-debuginfo-3.4.2-150000.4.44.1 libavutil55-debuginfo-3.4.2-150000.4.44.1 libpostproc-devel-3.4.2-150000.4.44.1 libpostproc54-3.4.2-150000.4.44.1 libpostproc54-32bit-3.4.2-150000.4.44.1 libpostproc54-32bit-debuginfo-3.4.2-150000.4.44.1 libpostproc54-debuginfo-3.4.2-150000.4.44.1 libswresample-devel-3.4.2-150000.4.44.1 libswresample2-3.4.2-150000.4.44.1 libswresample2-32bit-3.4.2-150000.4.44.1 libswresample2-32bit-debuginfo-3.4.2-150000.4.44.1 libswresample2-debuginfo-3.4.2-150000.4.44.1 libswscale-devel-3.4.2-150000.4.44.1 libswscale4-3.4.2-150000.4.44.1 libswscale4-32bit-3.4.2-150000.4.44.1 libswscale4-32bit-debuginfo-3.4.2-150000.4.44.1 libswscale4-debuginfo-3.4.2-150000.4.44.1 References: https://www.suse.com/security/cve/CVE-2020-20891.html https://www.suse.com/security/cve/CVE-2020-20892.html https://www.suse.com/security/cve/CVE-2020-20895.html https://www.suse.com/security/cve/CVE-2020-20896.html https://www.suse.com/security/cve/CVE-2020-20899.html https://www.suse.com/security/cve/CVE-2020-20902.html https://www.suse.com/security/cve/CVE-2020-22037.html https://www.suse.com/security/cve/CVE-2020-22042.html https://www.suse.com/security/cve/CVE-2020-35965.html https://www.suse.com/security/cve/CVE-2021-3566.html https://www.suse.com/security/cve/CVE-2021-38092.html https://www.suse.com/security/cve/CVE-2021-38093.html https://www.suse.com/security/cve/CVE-2021-38094.html https://www.suse.com/security/cve/CVE-2022-3109.html https://bugzilla.suse.com/1186756 https://bugzilla.suse.com/1186761 https://bugzilla.suse.com/1187852 https://bugzilla.suse.com/1189166 https://bugzilla.suse.com/1190718 https://bugzilla.suse.com/1190719 https://bugzilla.suse.com/1190722 https://bugzilla.suse.com/1190723 https://bugzilla.suse.com/1190726 https://bugzilla.suse.com/1190729 https://bugzilla.suse.com/1190733 https://bugzilla.suse.com/1190734 https://bugzilla.suse.com/1190735 https://bugzilla.suse.com/1206442 From sle-security-updates at lists.suse.com Mon Jan 2 14:24:33 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 2 Jan 2023 15:24:33 +0100 (CET) Subject: SUSE-SU-2023:0011-1: important: Security update for saphanabootstrap-formula Message-ID: <20230102142433.9CAD4FD84@maintenance.suse.de> SUSE Security Update: Security update for saphanabootstrap-formula ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0011-1 Rating: important References: #1185643 #1205990 Cross-References: CVE-2022-45153 CVSS scores: CVE-2022-45153 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for saphanabootstrap-formula fixes the following issues: - Version bump 0.13.1 * revert changes to spec file to re-enable SLES RPM builds * CVE-2022-45153: Fixed privilege escalation for arbitrary users in hana/ha_cluster.sls (bsc#1205990) - Version bump 0.13.0 * pass sid to sudoers in a SLES12 compatible way * add location constraint to gcp_stonith - Version bump 0.12.1 * moved templates dir into hana dir in repository to be gitfs compatible - Version bump 0.12.0 * add SAPHanaSR takeover blocker - Version bump 0.11.0 * use check_cmd instead of tmp sudoers file * make sudoers rules more secure * migrate sudoers to template file - Version bump 0.10.1 * fix hook removal conditions * fix majority_maker code on case grain is empty - Version bump 0.10.0 * allow to disable shared HANA basepath and rework add_hosts code (enables HANA scale-out on AWS) * do not edit global.ini directly (if not needed) - Version bump 0.9.1 * fix majority_maker code on case grain is empty - Version bump 0.9.0 * define vip_mechanism for every provider and reorder resources (same schema for all SAP related formulas) - Version bump 0.8.1 * use multi-target Hook on HANA scale-out - Version bump 0.8.0 * add HANA scale-out support * add idempotence to not affect a running HANA and cluster - Version bump 0.7.2 * add native fencing for microsoft-azure - fixes a not working import of dbapi in SUSE/ha-sap-terraform-deployments#703 - removes the installation and extraction of all hdbcli files in the /hana/shared/srHook directory - fixes execution order of srTakeover/srCostOptMemConfig hook - renames and updates hook srTakeover to srCostOptMemConfig - Changing exporter stickiness to => 0 and adjusting the colocation score from +inf to -inf and changing the colocation from Master to Slave. This change fix the impact of a failed exporter in regards to the HANA DB. - Document extra_parameters in pillar.example (bsc#1185643) - Change hanadb_exporter default timeout value to 30 seconds - Set correct stickiness for the azure-lb resource The azure-lb resource receives an stickiness=0 to not influence on transitions calculations as the HANA resources have more priority Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-11=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-11=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-4.18.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-4.18.1 References: https://www.suse.com/security/cve/CVE-2022-45153.html https://bugzilla.suse.com/1185643 https://bugzilla.suse.com/1205990 From sle-security-updates at lists.suse.com Mon Jan 2 14:25:16 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 2 Jan 2023 15:25:16 +0100 (CET) Subject: SUSE-SU-2023:0010-1: important: Security update for saphanabootstrap-formula Message-ID: <20230102142516.9E726FD84@maintenance.suse.de> SUSE Security Update: Security update for saphanabootstrap-formula ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0010-1 Rating: important References: #1185643 #1205990 Cross-References: CVE-2022-45153 CVSS scores: CVE-2022-45153 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for saphanabootstrap-formula fixes the following issues: - Version bump 0.13.1 * revert changes to spec file to re-enable SLES RPM builds * CVE-2022-45153: Fixed privilege escalation for arbitrary users in hana/ha_cluster.sls (bsc#1205990) - Version bump 0.13.0 * pass sid to sudoers in a SLES12 compatible way * add location constraint to gcp_stonith - Version bump 0.12.1 * moved templates dir into hana dir in repository to be gitfs compatible - Version bump 0.12.0 * add SAPHanaSR takeover blocker - Version bump 0.11.0 * use check_cmd instead of tmp sudoers file * make sudoers rules more secure * migrate sudoers to template file - Version bump 0.10.1 * fix hook removal conditions * fix majority_maker code on case grain is empty - Version bump 0.10.0 * allow to disable shared HANA basepath and rework add_hosts code (enables HANA scale-out on AWS) * do not edit global.ini directly (if not needed) - Version bump 0.9.1 * fix majority_maker code on case grain is empty - Version bump 0.9.0 * define vip_mechanism for every provider and reorder resources (same schema for all SAP related formulas) - Version bump 0.8.1 * use multi-target Hook on HANA scale-out - Version bump 0.8.0 * add HANA scale-out support * add idempotence to not affect a running HANA and cluster - Version bump 0.7.2 * add native fencing for microsoft-azure - fixes a not working import of dbapi in SUSE/ha-sap-terraform-deployments#703 - removes the installation and extraction of all hdbcli files in the /hana/shared/srHook directory - fixes execution order of srTakeover/srCostOptMemConfig hook - renames and updates hook srTakeover to srCostOptMemConfig - Changing exporter stickiness to => 0 and adjusting the colocation score from +inf to -inf and changing the colocation from Master to Slave. This change fix the impact of a failed exporter in regards to the HANA DB. - Document extra_parameters in pillar.example (bsc#1185643) - Change hanadb_exporter default timeout value to 30 seconds - Set correct stickiness for the azure-lb resource The azure-lb resource receives an stickiness=0 to not influence on transitions calculations as the HANA resources have more priority Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2023-10=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150000.1.19.1 References: https://www.suse.com/security/cve/CVE-2022-45153.html https://bugzilla.suse.com/1185643 https://bugzilla.suse.com/1205990 From sle-security-updates at lists.suse.com Mon Jan 2 14:26:05 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 2 Jan 2023 15:26:05 +0100 (CET) Subject: SUSE-SU-2023:0007-1: moderate: Security update for ffmpeg Message-ID: <20230102142605.647CBFD84@maintenance.suse.de> SUSE Security Update: Security update for ffmpeg ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0007-1 Rating: moderate References: #1206442 Cross-References: CVE-2022-3109 CVSS scores: CVE-2022-3109 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3109 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ffmpeg fixes the following issues: - CVE-2022-3109: Fixed null pointer dereference in vp3_decode_frame() (bsc#1206442). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-7=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-7=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-7=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-7=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-7=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ffmpeg-3.4.2-150200.11.20.1 ffmpeg-debuginfo-3.4.2-150200.11.20.1 ffmpeg-debugsource-3.4.2-150200.11.20.1 ffmpeg-private-devel-3.4.2-150200.11.20.1 libavcodec-devel-3.4.2-150200.11.20.1 libavcodec57-3.4.2-150200.11.20.1 libavcodec57-debuginfo-3.4.2-150200.11.20.1 libavdevice-devel-3.4.2-150200.11.20.1 libavdevice57-3.4.2-150200.11.20.1 libavdevice57-debuginfo-3.4.2-150200.11.20.1 libavfilter-devel-3.4.2-150200.11.20.1 libavfilter6-3.4.2-150200.11.20.1 libavfilter6-debuginfo-3.4.2-150200.11.20.1 libavformat-devel-3.4.2-150200.11.20.1 libavformat57-3.4.2-150200.11.20.1 libavformat57-debuginfo-3.4.2-150200.11.20.1 libavresample-devel-3.4.2-150200.11.20.1 libavresample3-3.4.2-150200.11.20.1 libavresample3-debuginfo-3.4.2-150200.11.20.1 libavutil-devel-3.4.2-150200.11.20.1 libavutil55-3.4.2-150200.11.20.1 libavutil55-debuginfo-3.4.2-150200.11.20.1 libpostproc-devel-3.4.2-150200.11.20.1 libpostproc54-3.4.2-150200.11.20.1 libpostproc54-debuginfo-3.4.2-150200.11.20.1 libswresample-devel-3.4.2-150200.11.20.1 libswresample2-3.4.2-150200.11.20.1 libswresample2-debuginfo-3.4.2-150200.11.20.1 libswscale-devel-3.4.2-150200.11.20.1 libswscale4-3.4.2-150200.11.20.1 libswscale4-debuginfo-3.4.2-150200.11.20.1 - openSUSE Leap 15.4 (x86_64): libavcodec57-32bit-3.4.2-150200.11.20.1 libavcodec57-32bit-debuginfo-3.4.2-150200.11.20.1 libavdevice57-32bit-3.4.2-150200.11.20.1 libavdevice57-32bit-debuginfo-3.4.2-150200.11.20.1 libavfilter6-32bit-3.4.2-150200.11.20.1 libavfilter6-32bit-debuginfo-3.4.2-150200.11.20.1 libavformat57-32bit-3.4.2-150200.11.20.1 libavformat57-32bit-debuginfo-3.4.2-150200.11.20.1 libavresample3-32bit-3.4.2-150200.11.20.1 libavresample3-32bit-debuginfo-3.4.2-150200.11.20.1 libavutil55-32bit-3.4.2-150200.11.20.1 libavutil55-32bit-debuginfo-3.4.2-150200.11.20.1 libpostproc54-32bit-3.4.2-150200.11.20.1 libpostproc54-32bit-debuginfo-3.4.2-150200.11.20.1 libswresample2-32bit-3.4.2-150200.11.20.1 libswresample2-32bit-debuginfo-3.4.2-150200.11.20.1 libswscale4-32bit-3.4.2-150200.11.20.1 libswscale4-32bit-debuginfo-3.4.2-150200.11.20.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): ffmpeg-debuginfo-3.4.2-150200.11.20.1 ffmpeg-debugsource-3.4.2-150200.11.20.1 libavcodec-devel-3.4.2-150200.11.20.1 libavformat-devel-3.4.2-150200.11.20.1 libavformat57-3.4.2-150200.11.20.1 libavformat57-debuginfo-3.4.2-150200.11.20.1 libavresample-devel-3.4.2-150200.11.20.1 libavresample3-3.4.2-150200.11.20.1 libavresample3-debuginfo-3.4.2-150200.11.20.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): ffmpeg-debuginfo-3.4.2-150200.11.20.1 ffmpeg-debugsource-3.4.2-150200.11.20.1 libavcodec57-3.4.2-150200.11.20.1 libavcodec57-debuginfo-3.4.2-150200.11.20.1 libavformat57-3.4.2-150200.11.20.1 libavformat57-debuginfo-3.4.2-150200.11.20.1 libavresample-devel-3.4.2-150200.11.20.1 libavresample3-3.4.2-150200.11.20.1 libavresample3-debuginfo-3.4.2-150200.11.20.1 libavutil-devel-3.4.2-150200.11.20.1 libavutil55-3.4.2-150200.11.20.1 libavutil55-debuginfo-3.4.2-150200.11.20.1 libpostproc-devel-3.4.2-150200.11.20.1 libpostproc54-3.4.2-150200.11.20.1 libpostproc54-debuginfo-3.4.2-150200.11.20.1 libswresample-devel-3.4.2-150200.11.20.1 libswresample2-3.4.2-150200.11.20.1 libswresample2-debuginfo-3.4.2-150200.11.20.1 libswscale-devel-3.4.2-150200.11.20.1 libswscale4-3.4.2-150200.11.20.1 libswscale4-debuginfo-3.4.2-150200.11.20.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): ffmpeg-3.4.2-150200.11.20.1 ffmpeg-debuginfo-3.4.2-150200.11.20.1 ffmpeg-debugsource-3.4.2-150200.11.20.1 libavdevice57-3.4.2-150200.11.20.1 libavdevice57-debuginfo-3.4.2-150200.11.20.1 libavfilter6-3.4.2-150200.11.20.1 libavfilter6-debuginfo-3.4.2-150200.11.20.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): ffmpeg-debuginfo-3.4.2-150200.11.20.1 ffmpeg-debugsource-3.4.2-150200.11.20.1 libavcodec57-3.4.2-150200.11.20.1 libavcodec57-debuginfo-3.4.2-150200.11.20.1 libavutil-devel-3.4.2-150200.11.20.1 libavutil55-3.4.2-150200.11.20.1 libavutil55-debuginfo-3.4.2-150200.11.20.1 libpostproc-devel-3.4.2-150200.11.20.1 libpostproc54-3.4.2-150200.11.20.1 libpostproc54-debuginfo-3.4.2-150200.11.20.1 libswresample-devel-3.4.2-150200.11.20.1 libswresample2-3.4.2-150200.11.20.1 libswresample2-debuginfo-3.4.2-150200.11.20.1 libswscale-devel-3.4.2-150200.11.20.1 libswscale4-3.4.2-150200.11.20.1 libswscale4-debuginfo-3.4.2-150200.11.20.1 References: https://www.suse.com/security/cve/CVE-2022-3109.html https://bugzilla.suse.com/1206442 From sle-security-updates at lists.suse.com Mon Jan 2 14:29:05 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 2 Jan 2023 15:29:05 +0100 (CET) Subject: SUSE-SU-2023:0003-1: important: Security update for ca-certificates-mozilla Message-ID: <20230102142905.747F5FD84@maintenance.suse.de> SUSE Security Update: Security update for ca-certificates-mozilla ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0003-1 Rating: important References: #1206212 #1206622 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle "valid before nov 30 2022" and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-3=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2023-3=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-3=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2023-3=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-3=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2023-3=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2023-3=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-3=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): ca-certificates-mozilla-2.60-150000.4.38.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): ca-certificates-mozilla-2.60-150000.4.38.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): ca-certificates-mozilla-2.60-150000.4.38.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): ca-certificates-mozilla-2.60-150000.4.38.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): ca-certificates-mozilla-2.60-150000.4.38.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): ca-certificates-mozilla-2.60-150000.4.38.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): ca-certificates-mozilla-2.60-150000.4.38.1 - SUSE Enterprise Storage 6 (noarch): ca-certificates-mozilla-2.60-150000.4.38.1 - SUSE CaaS Platform 4.0 (noarch): ca-certificates-mozilla-2.60-150000.4.38.1 References: https://bugzilla.suse.com/1206212 https://bugzilla.suse.com/1206622 From sle-security-updates at lists.suse.com Mon Jan 2 14:30:15 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 2 Jan 2023 15:30:15 +0100 (CET) Subject: SUSE-SU-2023:0009-1: important: Security update for saphanabootstrap-formula Message-ID: <20230102143015.43783FD84@maintenance.suse.de> SUSE Security Update: Security update for saphanabootstrap-formula ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0009-1 Rating: important References: #1185643 #1205990 Cross-References: CVE-2022-45153 CVSS scores: CVE-2022-45153 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for saphanabootstrap-formula fixes the following issues: - Version bump 0.13.1 * revert changes to spec file to re-enable SLES RPM builds * CVE-2022-45153: Fixed privilege escalation for arbitrary users in hana/ha_cluster.sls (bsc#1205990) - Version bump 0.13.0 * pass sid to sudoers in a SLES12 compatible way * add location constraint to gcp_stonith - Version bump 0.12.1 * moved templates dir into hana dir in repository to be gitfs compatible - Version bump 0.12.0 * add SAPHanaSR takeover blocker - Version bump 0.11.0 * use check_cmd instead of tmp sudoers file * make sudoers rules more secure * migrate sudoers to template file - Version bump 0.10.1 * fix hook removal conditions * fix majority_maker code on case grain is empty - Version bump 0.10.0 * allow to disable shared HANA basepath and rework add_hosts code (enables HANA scale-out on AWS) * do not edit global.ini directly (if not needed) - Version bump 0.9.1 * fix majority_maker code on case grain is empty - Version bump 0.9.0 * define vip_mechanism for every provider and reorder resources (same schema for all SAP related formulas) - Version bump 0.8.1 * use multi-target Hook on HANA scale-out - Version bump 0.8.0 * add HANA scale-out support * add idempotence to not affect a running HANA and cluster - Version bump 0.7.2 * add native fencing for microsoft-azure - fixes a not working import of dbapi in SUSE/ha-sap-terraform-deployments#703 - removes the installation and extraction of all hdbcli files in the /hana/shared/srHook directory - fixes execution order of srTakeover/srCostOptMemConfig hook - renames and updates hook srTakeover to srCostOptMemConfig - Changing exporter stickiness to => 0 and adjusting the colocation score from +inf to -inf and changing the colocation from Master to Slave. This change fix the impact of a failed exporter in regards to the HANA DB. - Document extra_parameters in pillar.example (bsc#1185643) - Change hanadb_exporter default timeout value to 30 seconds - Set correct stickiness for the azure-lb resource The azure-lb resource receives an stickiness=0 to not influence on transitions calculations as the HANA resources have more priority Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-9=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2023-9=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-9=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-9=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-9=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-9=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-9=1 Package List: - openSUSE Leap 15.4 (noarch): saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150200.3.15.1 - openSUSE Leap 15.3 (noarch): saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150200.3.15.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150200.3.15.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150200.3.15.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (noarch): saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150200.3.15.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150200.3.15.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150200.3.15.1 References: https://www.suse.com/security/cve/CVE-2022-45153.html https://bugzilla.suse.com/1185643 https://bugzilla.suse.com/1205990 From sle-security-updates at lists.suse.com Mon Jan 2 14:31:21 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 2 Jan 2023 15:31:21 +0100 (CET) Subject: SUSE-SU-2023:0004-1: important: Security update for ovmf Message-ID: <20230102143121.2C5EAFD84@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0004-1 Rating: important References: #1188371 Cross-References: CVE-2019-11098 CVSS scores: CVE-2019-11098 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-11098 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ovmf fixes the following issues: - CVE-2019-11098: Fixed insufficient input validation in MdeModulePkg (bsc#1188371). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2023-4=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2023-4=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2023-4=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-4=1 Package List: - SUSE Manager Server 4.1 (noarch): qemu-ovmf-x86_64-201911-150200.7.24.1 - SUSE Manager Server 4.1 (x86_64): ovmf-201911-150200.7.24.1 ovmf-tools-201911-150200.7.24.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): ovmf-201911-150200.7.24.1 ovmf-tools-201911-150200.7.24.1 - SUSE Manager Retail Branch Server 4.1 (noarch): qemu-ovmf-x86_64-201911-150200.7.24.1 - SUSE Manager Proxy 4.1 (x86_64): ovmf-201911-150200.7.24.1 ovmf-tools-201911-150200.7.24.1 - SUSE Manager Proxy 4.1 (noarch): qemu-ovmf-x86_64-201911-150200.7.24.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): qemu-ovmf-x86_64-201911-150200.7.24.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): ovmf-201911-150200.7.24.1 ovmf-tools-201911-150200.7.24.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): ovmf-201911-150200.7.24.1 ovmf-tools-201911-150200.7.24.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): qemu-ovmf-x86_64-201911-150200.7.24.1 qemu-uefi-aarch64-201911-150200.7.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): ovmf-201911-150200.7.24.1 ovmf-tools-201911-150200.7.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): qemu-ovmf-x86_64-201911-150200.7.24.1 qemu-uefi-aarch64-201911-150200.7.24.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): ovmf-201911-150200.7.24.1 ovmf-tools-201911-150200.7.24.1 - SUSE Enterprise Storage 7 (noarch): qemu-ovmf-x86_64-201911-150200.7.24.1 qemu-uefi-aarch64-201911-150200.7.24.1 References: https://www.suse.com/security/cve/CVE-2019-11098.html https://bugzilla.suse.com/1188371 From sle-security-updates at lists.suse.com Mon Jan 2 14:32:19 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 2 Jan 2023 15:32:19 +0100 (CET) Subject: SUSE-SU-2023:0012-1: important: Security update for xrdp Message-ID: <20230102143219.18F8DFD84@maintenance.suse.de> SUSE Security Update: Security update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0012-1 Rating: important References: #1206300 #1206303 #1206306 #1206307 #1206310 #1206311 #1206312 Cross-References: CVE-2022-23468 CVE-2022-23479 CVE-2022-23480 CVE-2022-23481 CVE-2022-23482 CVE-2022-23483 CVE-2022-23484 CVSS scores: CVE-2022-23468 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23468 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2022-23479 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23479 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23480 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23480 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23481 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-23481 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23482 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-23482 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23483 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-23483 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23484 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23484 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for xrdp fixes the following issues: - CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300). - CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303). - CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306). - CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307). - CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310). - CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311). - CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-12=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-12=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-12=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-12=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libpainter0-0.9.6-150000.4.11.1 libpainter0-debuginfo-0.9.6-150000.4.11.1 librfxencode0-0.9.6-150000.4.11.1 librfxencode0-debuginfo-0.9.6-150000.4.11.1 xrdp-0.9.6-150000.4.11.1 xrdp-debuginfo-0.9.6-150000.4.11.1 xrdp-debugsource-0.9.6-150000.4.11.1 xrdp-devel-0.9.6-150000.4.11.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libpainter0-0.9.6-150000.4.11.1 libpainter0-debuginfo-0.9.6-150000.4.11.1 librfxencode0-0.9.6-150000.4.11.1 librfxencode0-debuginfo-0.9.6-150000.4.11.1 xrdp-0.9.6-150000.4.11.1 xrdp-debuginfo-0.9.6-150000.4.11.1 xrdp-debugsource-0.9.6-150000.4.11.1 xrdp-devel-0.9.6-150000.4.11.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libpainter0-0.9.6-150000.4.11.1 libpainter0-debuginfo-0.9.6-150000.4.11.1 librfxencode0-0.9.6-150000.4.11.1 librfxencode0-debuginfo-0.9.6-150000.4.11.1 xrdp-0.9.6-150000.4.11.1 xrdp-debuginfo-0.9.6-150000.4.11.1 xrdp-debugsource-0.9.6-150000.4.11.1 xrdp-devel-0.9.6-150000.4.11.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libpainter0-0.9.6-150000.4.11.1 libpainter0-debuginfo-0.9.6-150000.4.11.1 librfxencode0-0.9.6-150000.4.11.1 librfxencode0-debuginfo-0.9.6-150000.4.11.1 xrdp-0.9.6-150000.4.11.1 xrdp-debuginfo-0.9.6-150000.4.11.1 xrdp-debugsource-0.9.6-150000.4.11.1 xrdp-devel-0.9.6-150000.4.11.1 - SUSE CaaS Platform 4.0 (x86_64): libpainter0-0.9.6-150000.4.11.1 libpainter0-debuginfo-0.9.6-150000.4.11.1 librfxencode0-0.9.6-150000.4.11.1 librfxencode0-debuginfo-0.9.6-150000.4.11.1 xrdp-0.9.6-150000.4.11.1 xrdp-debuginfo-0.9.6-150000.4.11.1 xrdp-debugsource-0.9.6-150000.4.11.1 xrdp-devel-0.9.6-150000.4.11.1 References: https://www.suse.com/security/cve/CVE-2022-23468.html https://www.suse.com/security/cve/CVE-2022-23479.html https://www.suse.com/security/cve/CVE-2022-23480.html https://www.suse.com/security/cve/CVE-2022-23481.html https://www.suse.com/security/cve/CVE-2022-23482.html https://www.suse.com/security/cve/CVE-2022-23483.html https://www.suse.com/security/cve/CVE-2022-23484.html https://bugzilla.suse.com/1206300 https://bugzilla.suse.com/1206303 https://bugzilla.suse.com/1206306 https://bugzilla.suse.com/1206307 https://bugzilla.suse.com/1206310 https://bugzilla.suse.com/1206311 https://bugzilla.suse.com/1206312 From sle-security-updates at lists.suse.com Mon Jan 2 14:33:35 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 2 Jan 2023 15:33:35 +0100 (CET) Subject: SUSE-SU-2023:0006-1: moderate: Security update for nautilus Message-ID: <20230102143335.51F23FD84@maintenance.suse.de> SUSE Security Update: Security update for nautilus ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0006-1 Rating: moderate References: #1205418 Cross-References: CVE-2022-37290 CVSS scores: CVE-2022-37290 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-37290 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nautilus fixes the following issues: - CVE-2022-37290: Fixed a denial of service caused by pasted ZIP archives (bsc#1205418). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-6=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-6=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-41.5-150400.3.6.1 libnautilus-extension1-41.5-150400.3.6.1 libnautilus-extension1-debuginfo-41.5-150400.3.6.1 nautilus-41.5-150400.3.6.1 nautilus-debuginfo-41.5-150400.3.6.1 nautilus-debugsource-41.5-150400.3.6.1 nautilus-devel-41.5-150400.3.6.1 typelib-1_0-Nautilus-3_0-41.5-150400.3.6.1 - openSUSE Leap 15.4 (noarch): nautilus-lang-41.5-150400.3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): gnome-shell-search-provider-nautilus-41.5-150400.3.6.1 libnautilus-extension1-41.5-150400.3.6.1 libnautilus-extension1-debuginfo-41.5-150400.3.6.1 nautilus-41.5-150400.3.6.1 nautilus-debuginfo-41.5-150400.3.6.1 nautilus-debugsource-41.5-150400.3.6.1 nautilus-devel-41.5-150400.3.6.1 typelib-1_0-Nautilus-3_0-41.5-150400.3.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (noarch): nautilus-lang-41.5-150400.3.6.1 References: https://www.suse.com/security/cve/CVE-2022-37290.html https://bugzilla.suse.com/1205418 From sle-security-updates at lists.suse.com Mon Jan 2 23:20:51 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 3 Jan 2023 00:20:51 +0100 (CET) Subject: SUSE-SU-2023:0014-1: important: Security update for samba Message-ID: <20230102232051.92C90FD84@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0014-1 Rating: important References: #1205385 #1205386 #1205946 #1206504 Cross-References: CVE-2022-37966 CVE-2022-37967 CVE-2022-38023 CVSS scores: CVE-2022-37966 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37966 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37967 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-37967 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-38023 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-38023 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for samba fixes the following issues: Update to 4.15.13 - CVE-2022-37966 rc4-hmac Kerberos session keys issued to modern servers (bsc#1205385). - CVE-2022-37967 Kerberos constrained delegation ticket forgery possible against Samba AD DC (bsc#1205386). - CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided (bsc#1206504). - Fixed issue with bind start up (bsc#1205946). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-14=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-14=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-14=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-14=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-14=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-14=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-14=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2023-14=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2023-14=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-14=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-14=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-14=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-14=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-14=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): samba-client-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debugsource-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): libsamba-policy-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy-python3-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debugsource-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-gpupdate-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-tool-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Manager Server 4.2 (x86_64): samba-ad-dc-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ceph-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ceph-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): libsamba-policy-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy-python3-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ceph-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ceph-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debugsource-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-gpupdate-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-tool-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Manager Proxy 4.2 (x86_64): libsamba-policy-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy-python3-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ceph-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ceph-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debugsource-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-gpupdate-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-tool-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): libsamba-policy-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy-python3-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debugsource-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-gpupdate-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-tool-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): samba-ad-dc-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ceph-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ceph-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): libsamba-policy-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy-python3-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debugsource-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-gpupdate-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-tool-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 x86_64): samba-ceph-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ceph-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (x86_64): samba-ad-dc-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): libsamba-policy-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy-python3-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ceph-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ceph-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debugsource-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-gpupdate-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-tool-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): samba-ad-dc-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debugsource-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsamba-policy-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy-python3-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debugsource-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-gpupdate-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-tool-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): samba-ceph-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ceph-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): samba-ad-dc-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): samba-client-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debugsource-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): libsamba-policy-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy-python3-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ceph-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ceph-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debugsource-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-gpupdate-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-tool-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (x86_64): samba-ad-dc-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): libsamba-policy-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy-python3-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ceph-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ceph-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debugsource-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-gpupdate-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-tool-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (x86_64): samba-ad-dc-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ctdb-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 ctdb-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debugsource-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): ctdb-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 ctdb-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy-python3-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 libsamba-policy0-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ceph-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ceph-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-debugsource-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-dsdb-modules-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-gpupdate-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ldb-ldap-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-python3-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-tool-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 - SUSE Enterprise Storage 7.1 (x86_64): samba-ad-dc-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-client-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-devel-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.540.fab3b2a46c6-150300.3.46.1 References: https://www.suse.com/security/cve/CVE-2022-37966.html https://www.suse.com/security/cve/CVE-2022-37967.html https://www.suse.com/security/cve/CVE-2022-38023.html https://bugzilla.suse.com/1205385 https://bugzilla.suse.com/1205386 https://bugzilla.suse.com/1205946 https://bugzilla.suse.com/1206504 From sle-security-updates at lists.suse.com Tue Jan 3 08:48:32 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 3 Jan 2023 09:48:32 +0100 (CET) Subject: SUSE-CU-2023:1-1: Security update of suse/sle15 Message-ID: <20230103084832.CD183FD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:1-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.660 Container Release : 4.22.660 Severity : important Type : security References : 1206212 1206622 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3-1 Released: Mon Jan 2 09:54:15 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 The following package changes have been done: - ca-certificates-mozilla-2.60-150000.4.38.1 updated From sle-security-updates at lists.suse.com Tue Jan 3 09:08:48 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 3 Jan 2023 10:08:48 +0100 (CET) Subject: SUSE-CU-2023:2-1: Security update of suse/sle15 Message-ID: <20230103090848.1AC63FD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:2-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.725 Container Release : 6.2.725 Severity : important Type : security References : 1206212 1206622 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3-1 Released: Mon Jan 2 09:54:15 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 The following package changes have been done: - ca-certificates-mozilla-2.60-150000.4.38.1 updated From sle-security-updates at lists.suse.com Tue Jan 3 11:20:37 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 3 Jan 2023 12:20:37 +0100 (CET) Subject: SUSE-SU-2023:0015-1: moderate: Security update for glibc Message-ID: <20230103112037.5D3B6FD89@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0015-1 Rating: moderate References: #1122729 Cross-References: CVE-2016-10739 CVSS scores: CVE-2016-10739 (NVD) : 5.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2016-10739 (SUSE): 4.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glibc fixes the following issues: - CVE-2016-10739: getaddrinfo: Fully parse IPv4 address strings (bsc#1122729) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2023-15=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-15=1 Package List: - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): glibc-2.22-133.1 glibc-32bit-2.22-133.1 glibc-debuginfo-2.22-133.1 glibc-debuginfo-32bit-2.22-133.1 glibc-debugsource-2.22-133.1 glibc-devel-2.22-133.1 glibc-devel-32bit-2.22-133.1 glibc-devel-debuginfo-2.22-133.1 glibc-devel-debuginfo-32bit-2.22-133.1 glibc-locale-2.22-133.1 glibc-locale-32bit-2.22-133.1 glibc-locale-debuginfo-2.22-133.1 glibc-locale-debuginfo-32bit-2.22-133.1 glibc-profile-2.22-133.1 glibc-profile-32bit-2.22-133.1 nscd-2.22-133.1 nscd-debuginfo-2.22-133.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): glibc-html-2.22-133.1 glibc-i18ndata-2.22-133.1 glibc-info-2.22-133.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): glibc-html-2.22-133.1 glibc-i18ndata-2.22-133.1 glibc-info-2.22-133.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): glibc-2.22-133.1 glibc-32bit-2.22-133.1 glibc-debuginfo-2.22-133.1 glibc-debuginfo-32bit-2.22-133.1 glibc-debugsource-2.22-133.1 glibc-devel-2.22-133.1 glibc-devel-32bit-2.22-133.1 glibc-devel-debuginfo-2.22-133.1 glibc-devel-debuginfo-32bit-2.22-133.1 glibc-locale-2.22-133.1 glibc-locale-32bit-2.22-133.1 glibc-locale-debuginfo-2.22-133.1 glibc-locale-debuginfo-32bit-2.22-133.1 glibc-profile-2.22-133.1 glibc-profile-32bit-2.22-133.1 nscd-2.22-133.1 nscd-debuginfo-2.22-133.1 References: https://www.suse.com/security/cve/CVE-2016-10739.html https://bugzilla.suse.com/1122729 From sle-security-updates at lists.suse.com Tue Jan 3 23:21:01 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 4 Jan 2023 00:21:01 +0100 (CET) Subject: SUSE-SU-2023:0021-1: important: Security update for rmt-server Message-ID: <20230103232101.D06B9FD84@maintenance.suse.de> SUSE Security Update: Security update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0021-1 Rating: important References: #1204285 #1204769 #1205089 Cross-References: CVE-2022-31254 CVSS scores: CVE-2022-31254 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support (bsc#1205089) - Update the `last_seen_at` column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode (bsc#1204769) - CVE-2022-31254: Fixed a local privilege escalation related to the packaging of rmt-server (bsc#1204285). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2023-21=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2023-21=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2023-21=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2023-21=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): rmt-server-2.10-150000.3.61.1 rmt-server-config-2.10-150000.3.61.1 rmt-server-debuginfo-2.10-150000.3.61.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): rmt-server-2.10-150000.3.61.1 rmt-server-config-2.10-150000.3.61.1 rmt-server-debuginfo-2.10-150000.3.61.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): rmt-server-2.10-150000.3.61.1 rmt-server-config-2.10-150000.3.61.1 rmt-server-debuginfo-2.10-150000.3.61.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): rmt-server-2.10-150000.3.61.1 rmt-server-config-2.10-150000.3.61.1 rmt-server-debuginfo-2.10-150000.3.61.1 References: https://www.suse.com/security/cve/CVE-2022-31254.html https://bugzilla.suse.com/1204285 https://bugzilla.suse.com/1204769 https://bugzilla.suse.com/1205089 From sle-security-updates at lists.suse.com Tue Jan 3 23:21:59 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 4 Jan 2023 00:21:59 +0100 (CET) Subject: SUSE-SU-2023:0019-1: important: Security update for rmt-server Message-ID: <20230103232159.A9945FD84@maintenance.suse.de> SUSE Security Update: Security update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0019-1 Rating: important References: #1204285 #1204769 #1205089 Cross-References: CVE-2022-31254 CVSS scores: CVE-2022-31254 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support (bsc#1205089) - Update the `last_seen_at` column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode (bsc#1204769) - CVE-2022-31254: Fixed a local privilege escalation related to the packaging of rmt-server (bsc#1204285). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-19=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-19=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-19=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): rmt-server-2.10-150400.3.9.1 rmt-server-config-2.10-150400.3.9.1 rmt-server-debuginfo-2.10-150400.3.9.1 rmt-server-debugsource-2.10-150400.3.9.1 rmt-server-pubcloud-2.10-150400.3.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): rmt-server-2.10-150400.3.9.1 rmt-server-config-2.10-150400.3.9.1 rmt-server-debuginfo-2.10-150400.3.9.1 rmt-server-debugsource-2.10-150400.3.9.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.10-150400.3.9.1 rmt-server-debugsource-2.10-150400.3.9.1 rmt-server-pubcloud-2.10-150400.3.9.1 References: https://www.suse.com/security/cve/CVE-2022-31254.html https://bugzilla.suse.com/1204285 https://bugzilla.suse.com/1204769 https://bugzilla.suse.com/1205089 From sle-security-updates at lists.suse.com Tue Jan 3 23:23:09 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 4 Jan 2023 00:23:09 +0100 (CET) Subject: SUSE-SU-2023:0023-1: important: Security update for rmt-server Message-ID: <20230103232309.1F74FFD84@maintenance.suse.de> SUSE Security Update: Security update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0023-1 Rating: important References: #1204285 #1204769 #1205089 Cross-References: CVE-2022-31254 CVSS scores: CVE-2022-31254 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support (bsc#1205089) - Update the `last_seen_at` column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode (bsc#1204769) - CVE-2022-31254: Fixed a local privilege escalation related to the packaging of rmt-server (bsc#1204285). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2023-23=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2023-23=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2023-23=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-23=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-23=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2023-23=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2023-23=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-23=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-23=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): rmt-server-2.10-150200.3.29.1 rmt-server-config-2.10-150200.3.29.1 rmt-server-debuginfo-2.10-150200.3.29.1 rmt-server-debugsource-2.10-150200.3.29.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): rmt-server-2.10-150200.3.29.1 rmt-server-config-2.10-150200.3.29.1 rmt-server-debuginfo-2.10-150200.3.29.1 rmt-server-debugsource-2.10-150200.3.29.1 - SUSE Manager Proxy 4.1 (x86_64): rmt-server-2.10-150200.3.29.1 rmt-server-config-2.10-150200.3.29.1 rmt-server-debuginfo-2.10-150200.3.29.1 rmt-server-debugsource-2.10-150200.3.29.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): rmt-server-2.10-150200.3.29.1 rmt-server-config-2.10-150200.3.29.1 rmt-server-debuginfo-2.10-150200.3.29.1 rmt-server-debugsource-2.10-150200.3.29.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): rmt-server-2.10-150200.3.29.1 rmt-server-config-2.10-150200.3.29.1 rmt-server-debuginfo-2.10-150200.3.29.1 rmt-server-debugsource-2.10-150200.3.29.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): rmt-server-2.10-150200.3.29.1 rmt-server-config-2.10-150200.3.29.1 rmt-server-debuginfo-2.10-150200.3.29.1 rmt-server-debugsource-2.10-150200.3.29.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.10-150200.3.29.1 rmt-server-debugsource-2.10-150200.3.29.1 rmt-server-pubcloud-2.10-150200.3.29.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): rmt-server-2.10-150200.3.29.1 rmt-server-config-2.10-150200.3.29.1 rmt-server-debuginfo-2.10-150200.3.29.1 rmt-server-debugsource-2.10-150200.3.29.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): rmt-server-2.10-150200.3.29.1 rmt-server-config-2.10-150200.3.29.1 rmt-server-debuginfo-2.10-150200.3.29.1 rmt-server-debugsource-2.10-150200.3.29.1 References: https://www.suse.com/security/cve/CVE-2022-31254.html https://bugzilla.suse.com/1204285 https://bugzilla.suse.com/1204769 https://bugzilla.suse.com/1205089 From sle-security-updates at lists.suse.com Tue Jan 3 23:24:34 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 4 Jan 2023 00:24:34 +0100 (CET) Subject: SUSE-SU-2023:0020-1: important: Security update for rmt-server Message-ID: <20230103232434.C03D1FD84@maintenance.suse.de> SUSE Security Update: Security update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0020-1 Rating: important References: #1204285 #1204769 #1205089 Cross-References: CVE-2022-31254 CVSS scores: CVE-2022-31254 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP3-BCL SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support (bsc#1205089) - Update the `last_seen_at` column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode (bsc#1204769) - CVE-2022-31254: Fixed a local privilege escalation related to the packaging of rmt-server (bsc#1204285). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2023-20=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-20=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-20=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-20=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-20=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-20=1 - SUSE Linux Enterprise Server 15-SP3-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-BCL-2023-20=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-20=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2023-20=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2023-20=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-20=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-20=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-20=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): rmt-server-2.10-150300.3.21.1 rmt-server-config-2.10-150300.3.21.1 rmt-server-debuginfo-2.10-150300.3.21.1 rmt-server-debugsource-2.10-150300.3.21.1 rmt-server-pubcloud-2.10-150300.3.21.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): rmt-server-2.10-150300.3.21.1 rmt-server-config-2.10-150300.3.21.1 rmt-server-debuginfo-2.10-150300.3.21.1 rmt-server-debugsource-2.10-150300.3.21.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): rmt-server-2.10-150300.3.21.1 rmt-server-config-2.10-150300.3.21.1 rmt-server-debuginfo-2.10-150300.3.21.1 rmt-server-debugsource-2.10-150300.3.21.1 - SUSE Manager Proxy 4.2 (x86_64): rmt-server-2.10-150300.3.21.1 rmt-server-config-2.10-150300.3.21.1 rmt-server-debuginfo-2.10-150300.3.21.1 rmt-server-debugsource-2.10-150300.3.21.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): rmt-server-2.10-150300.3.21.1 rmt-server-config-2.10-150300.3.21.1 rmt-server-debuginfo-2.10-150300.3.21.1 rmt-server-debugsource-2.10-150300.3.21.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): rmt-server-2.10-150300.3.21.1 rmt-server-config-2.10-150300.3.21.1 rmt-server-debuginfo-2.10-150300.3.21.1 rmt-server-debugsource-2.10-150300.3.21.1 - SUSE Linux Enterprise Server 15-SP3-BCL (x86_64): rmt-server-2.10-150300.3.21.1 rmt-server-config-2.10-150300.3.21.1 rmt-server-debuginfo-2.10-150300.3.21.1 rmt-server-debugsource-2.10-150300.3.21.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): rmt-server-2.10-150300.3.21.1 rmt-server-config-2.10-150300.3.21.1 rmt-server-debuginfo-2.10-150300.3.21.1 rmt-server-debugsource-2.10-150300.3.21.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (ppc64le s390x x86_64): rmt-server-2.10-150300.3.21.1 rmt-server-config-2.10-150300.3.21.1 rmt-server-debuginfo-2.10-150300.3.21.1 rmt-server-debugsource-2.10-150300.3.21.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.10-150300.3.21.1 rmt-server-debugsource-2.10-150300.3.21.1 rmt-server-pubcloud-2.10-150300.3.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): rmt-server-2.10-150300.3.21.1 rmt-server-config-2.10-150300.3.21.1 rmt-server-debuginfo-2.10-150300.3.21.1 rmt-server-debugsource-2.10-150300.3.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): rmt-server-2.10-150300.3.21.1 rmt-server-config-2.10-150300.3.21.1 rmt-server-debuginfo-2.10-150300.3.21.1 rmt-server-debugsource-2.10-150300.3.21.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): rmt-server-2.10-150300.3.21.1 rmt-server-config-2.10-150300.3.21.1 rmt-server-debuginfo-2.10-150300.3.21.1 rmt-server-debugsource-2.10-150300.3.21.1 References: https://www.suse.com/security/cve/CVE-2022-31254.html https://bugzilla.suse.com/1204285 https://bugzilla.suse.com/1204769 https://bugzilla.suse.com/1205089 From sle-security-updates at lists.suse.com Tue Jan 3 23:25:55 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 4 Jan 2023 00:25:55 +0100 (CET) Subject: SUSE-SU-2023:0022-1: important: Security update for rmt-server Message-ID: <20230103232555.7030FFD84@maintenance.suse.de> SUSE Security Update: Security update for rmt-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0022-1 Rating: important References: #1204285 #1204769 #1205089 Cross-References: CVE-2022-31254 CVSS scores: CVE-2022-31254 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for rmt-server fixes the following issues: Update to version 2.10: - Add option to turn off system token support (bsc#1205089) - Update the `last_seen_at` column on zypper service refresh - Do not retry to import non-existing files in air-gapped mode (bsc#1204769) - CVE-2022-31254: Fixed a local privilege escalation related to the packaging of rmt-server (bsc#1204285). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-22=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-22=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2023-22=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-22=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-22=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-22=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): rmt-server-2.10-150100.3.42.1 rmt-server-config-2.10-150100.3.42.1 rmt-server-debuginfo-2.10-150100.3.42.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): rmt-server-2.10-150100.3.42.1 rmt-server-config-2.10-150100.3.42.1 rmt-server-debuginfo-2.10-150100.3.42.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): rmt-server-2.10-150100.3.42.1 rmt-server-config-2.10-150100.3.42.1 rmt-server-debuginfo-2.10-150100.3.42.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): rmt-server-debuginfo-2.10-150100.3.42.1 rmt-server-pubcloud-2.10-150100.3.42.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): rmt-server-2.10-150100.3.42.1 rmt-server-config-2.10-150100.3.42.1 rmt-server-debuginfo-2.10-150100.3.42.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): rmt-server-2.10-150100.3.42.1 rmt-server-config-2.10-150100.3.42.1 rmt-server-debuginfo-2.10-150100.3.42.1 - SUSE CaaS Platform 4.0 (x86_64): rmt-server-2.10-150100.3.42.1 rmt-server-config-2.10-150100.3.42.1 rmt-server-debuginfo-2.10-150100.3.42.1 References: https://www.suse.com/security/cve/CVE-2022-31254.html https://bugzilla.suse.com/1204285 https://bugzilla.suse.com/1204769 https://bugzilla.suse.com/1205089 From sle-security-updates at lists.suse.com Thu Jan 5 17:20:14 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 5 Jan 2023 18:20:14 +0100 (CET) Subject: SUSE-SU-2023:0031-1: moderate: Security update for libksba Message-ID: <20230105172014.7C4F8FD89@maintenance.suse.de> SUSE Security Update: Security update for libksba ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0031-1 Rating: moderate References: #1206579 Cross-References: CVE-2022-47629 CVSS scores: CVE-2022-47629 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-47629 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-31=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-31=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libksba-debugsource-1.3.0-24.6.1 libksba-devel-1.3.0-24.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libksba-debugsource-1.3.0-24.6.1 libksba8-1.3.0-24.6.1 libksba8-debuginfo-1.3.0-24.6.1 References: https://www.suse.com/security/cve/CVE-2022-47629.html https://bugzilla.suse.com/1206579 From sle-security-updates at lists.suse.com Thu Jan 5 17:20:57 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 5 Jan 2023 18:20:57 +0100 (CET) Subject: SUSE-SU-2023:0032-1: Security update for rpmlint-mini Message-ID: <20230105172057.01B55FD89@maintenance.suse.de> SUSE Security Update: Security update for rpmlint-mini ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0032-1 Rating: low References: #1206414 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for rpmlint-mini fixes the following issues: Update polkit-default-privs to version 13.2+20221216.a0c29e6: - backport usbguard actions (bsc#1206414). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-32=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-32=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.10-150400.23.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): rpmlint-mini-1.10-150400.23.6.1 rpmlint-mini-debuginfo-1.10-150400.23.6.1 rpmlint-mini-debugsource-1.10-150400.23.6.1 References: https://bugzilla.suse.com/1206414 From sle-security-updates at lists.suse.com Thu Jan 5 17:22:15 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 5 Jan 2023 18:22:15 +0100 (CET) Subject: SUSE-SU-2023:0033-1: important: Security update for xrdp Message-ID: <20230105172215.59765FD89@maintenance.suse.de> SUSE Security Update: Security update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0033-1 Rating: important References: #1206300 #1206302 #1206303 #1206306 #1206307 #1206310 #1206311 #1206312 #1206313 Cross-References: CVE-2022-23468 CVE-2022-23478 CVE-2022-23479 CVE-2022-23480 CVE-2022-23481 CVE-2022-23482 CVE-2022-23483 CVE-2022-23484 CVE-2022-23493 CVSS scores: CVE-2022-23468 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23468 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2022-23478 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23478 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23479 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23479 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23480 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23480 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23481 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-23481 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23482 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-23482 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23483 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-23483 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23484 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23484 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-23493 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-23493 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for xrdp fixes the following issues: - CVE-2022-23468: Fixed a buffer overflow in xrdp_login_wnd_create() (bsc#1206300). - CVE-2022-23478: Fixed an out of bound write in xrdp_mm_trans_process_drdynvc_chan() (bsc#1206302). - CVE-2022-23479: Fixed a buffer overflow in xrdp_mm_chan_data_in() (bsc#1206303). - CVE-2022-23480: Fixed a buffer overflow in devredir_proc_client_devlist_announce_req() (bsc#1206306). - CVE-2022-23481: Fixed an out of bound read in xrdp_caps_process_confirm_active() (bsc#1206307). - CVE-2022-23482: Fixed an out of bound read in xrdp_sec_process_mcs_data_CS_CORE() (bsc#1206310). - CVE-2022-23483: Fixed an out of bound read in libxrdp_send_to_channel() (bsc#1206311). - CVE-2022-23484: Fixed a integer overflow in xrdp_mm_process_rail_update_window_text() (bsc#1206312). - CVE-2022-23493: Fixed an out of bound read in xrdp_mm_trans_process_drdynvc_channel_close() (bsc#1206313). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-33=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-33=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2023-33=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-33=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2023-33=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-33=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2023-33=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-33=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-33=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-33=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-33=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-33=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-33=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-33=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-33=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-33=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-33=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-33=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpainter0-0.9.13.1-150200.4.15.1 libpainter0-debuginfo-0.9.13.1-150200.4.15.1 librfxencode0-0.9.13.1-150200.4.15.1 librfxencode0-debuginfo-0.9.13.1-150200.4.15.1 xrdp-0.9.13.1-150200.4.15.1 xrdp-debuginfo-0.9.13.1-150200.4.15.1 xrdp-debugsource-0.9.13.1-150200.4.15.1 xrdp-devel-0.9.13.1-150200.4.15.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): libpainter0-0.9.13.1-150200.4.15.1 libpainter0-debuginfo-0.9.13.1-150200.4.15.1 librfxencode0-0.9.13.1-150200.4.15.1 librfxencode0-debuginfo-0.9.13.1-150200.4.15.1 xrdp-0.9.13.1-150200.4.15.1 xrdp-debuginfo-0.9.13.1-150200.4.15.1 xrdp-debugsource-0.9.13.1-150200.4.15.1 xrdp-devel-0.9.13.1-150200.4.15.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libpainter0-0.9.13.1-150200.4.15.1 libpainter0-debuginfo-0.9.13.1-150200.4.15.1 librfxencode0-0.9.13.1-150200.4.15.1 librfxencode0-debuginfo-0.9.13.1-150200.4.15.1 xrdp-0.9.13.1-150200.4.15.1 xrdp-debuginfo-0.9.13.1-150200.4.15.1 xrdp-debugsource-0.9.13.1-150200.4.15.1 xrdp-devel-0.9.13.1-150200.4.15.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): libpainter0-0.9.13.1-150200.4.15.1 libpainter0-debuginfo-0.9.13.1-150200.4.15.1 librfxencode0-0.9.13.1-150200.4.15.1 librfxencode0-debuginfo-0.9.13.1-150200.4.15.1 xrdp-0.9.13.1-150200.4.15.1 xrdp-debuginfo-0.9.13.1-150200.4.15.1 xrdp-debugsource-0.9.13.1-150200.4.15.1 xrdp-devel-0.9.13.1-150200.4.15.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libpainter0-0.9.13.1-150200.4.15.1 libpainter0-debuginfo-0.9.13.1-150200.4.15.1 librfxencode0-0.9.13.1-150200.4.15.1 librfxencode0-debuginfo-0.9.13.1-150200.4.15.1 xrdp-0.9.13.1-150200.4.15.1 xrdp-debuginfo-0.9.13.1-150200.4.15.1 xrdp-debugsource-0.9.13.1-150200.4.15.1 xrdp-devel-0.9.13.1-150200.4.15.1 - SUSE Manager Proxy 4.2 (x86_64): libpainter0-0.9.13.1-150200.4.15.1 libpainter0-debuginfo-0.9.13.1-150200.4.15.1 librfxencode0-0.9.13.1-150200.4.15.1 librfxencode0-debuginfo-0.9.13.1-150200.4.15.1 xrdp-0.9.13.1-150200.4.15.1 xrdp-debuginfo-0.9.13.1-150200.4.15.1 xrdp-debugsource-0.9.13.1-150200.4.15.1 xrdp-devel-0.9.13.1-150200.4.15.1 - SUSE Manager Proxy 4.1 (x86_64): libpainter0-0.9.13.1-150200.4.15.1 libpainter0-debuginfo-0.9.13.1-150200.4.15.1 librfxencode0-0.9.13.1-150200.4.15.1 librfxencode0-debuginfo-0.9.13.1-150200.4.15.1 xrdp-0.9.13.1-150200.4.15.1 xrdp-debuginfo-0.9.13.1-150200.4.15.1 xrdp-debugsource-0.9.13.1-150200.4.15.1 xrdp-devel-0.9.13.1-150200.4.15.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): libpainter0-0.9.13.1-150200.4.15.1 libpainter0-debuginfo-0.9.13.1-150200.4.15.1 librfxencode0-0.9.13.1-150200.4.15.1 librfxencode0-debuginfo-0.9.13.1-150200.4.15.1 xrdp-0.9.13.1-150200.4.15.1 xrdp-debuginfo-0.9.13.1-150200.4.15.1 xrdp-debugsource-0.9.13.1-150200.4.15.1 xrdp-devel-0.9.13.1-150200.4.15.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libpainter0-0.9.13.1-150200.4.15.1 libpainter0-debuginfo-0.9.13.1-150200.4.15.1 librfxencode0-0.9.13.1-150200.4.15.1 librfxencode0-debuginfo-0.9.13.1-150200.4.15.1 xrdp-0.9.13.1-150200.4.15.1 xrdp-debuginfo-0.9.13.1-150200.4.15.1 xrdp-debugsource-0.9.13.1-150200.4.15.1 xrdp-devel-0.9.13.1-150200.4.15.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): libpainter0-0.9.13.1-150200.4.15.1 libpainter0-debuginfo-0.9.13.1-150200.4.15.1 librfxencode0-0.9.13.1-150200.4.15.1 librfxencode0-debuginfo-0.9.13.1-150200.4.15.1 xrdp-0.9.13.1-150200.4.15.1 xrdp-debuginfo-0.9.13.1-150200.4.15.1 xrdp-debugsource-0.9.13.1-150200.4.15.1 xrdp-devel-0.9.13.1-150200.4.15.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libpainter0-0.9.13.1-150200.4.15.1 libpainter0-debuginfo-0.9.13.1-150200.4.15.1 librfxencode0-0.9.13.1-150200.4.15.1 librfxencode0-debuginfo-0.9.13.1-150200.4.15.1 xrdp-0.9.13.1-150200.4.15.1 xrdp-debuginfo-0.9.13.1-150200.4.15.1 xrdp-debugsource-0.9.13.1-150200.4.15.1 xrdp-devel-0.9.13.1-150200.4.15.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): libpainter0-0.9.13.1-150200.4.15.1 libpainter0-debuginfo-0.9.13.1-150200.4.15.1 librfxencode0-0.9.13.1-150200.4.15.1 librfxencode0-debuginfo-0.9.13.1-150200.4.15.1 xrdp-0.9.13.1-150200.4.15.1 xrdp-debuginfo-0.9.13.1-150200.4.15.1 xrdp-debugsource-0.9.13.1-150200.4.15.1 xrdp-devel-0.9.13.1-150200.4.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libpainter0-0.9.13.1-150200.4.15.1 libpainter0-debuginfo-0.9.13.1-150200.4.15.1 librfxencode0-0.9.13.1-150200.4.15.1 librfxencode0-debuginfo-0.9.13.1-150200.4.15.1 xrdp-0.9.13.1-150200.4.15.1 xrdp-debuginfo-0.9.13.1-150200.4.15.1 xrdp-debugsource-0.9.13.1-150200.4.15.1 xrdp-devel-0.9.13.1-150200.4.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): libpainter0-0.9.13.1-150200.4.15.1 libpainter0-debuginfo-0.9.13.1-150200.4.15.1 librfxencode0-0.9.13.1-150200.4.15.1 librfxencode0-debuginfo-0.9.13.1-150200.4.15.1 xrdp-0.9.13.1-150200.4.15.1 xrdp-debuginfo-0.9.13.1-150200.4.15.1 xrdp-debugsource-0.9.13.1-150200.4.15.1 xrdp-devel-0.9.13.1-150200.4.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): libpainter0-0.9.13.1-150200.4.15.1 libpainter0-debuginfo-0.9.13.1-150200.4.15.1 librfxencode0-0.9.13.1-150200.4.15.1 librfxencode0-debuginfo-0.9.13.1-150200.4.15.1 xrdp-0.9.13.1-150200.4.15.1 xrdp-debuginfo-0.9.13.1-150200.4.15.1 xrdp-debugsource-0.9.13.1-150200.4.15.1 xrdp-devel-0.9.13.1-150200.4.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libpainter0-0.9.13.1-150200.4.15.1 libpainter0-debuginfo-0.9.13.1-150200.4.15.1 librfxencode0-0.9.13.1-150200.4.15.1 librfxencode0-debuginfo-0.9.13.1-150200.4.15.1 xrdp-0.9.13.1-150200.4.15.1 xrdp-debuginfo-0.9.13.1-150200.4.15.1 xrdp-debugsource-0.9.13.1-150200.4.15.1 xrdp-devel-0.9.13.1-150200.4.15.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): libpainter0-0.9.13.1-150200.4.15.1 libpainter0-debuginfo-0.9.13.1-150200.4.15.1 librfxencode0-0.9.13.1-150200.4.15.1 librfxencode0-debuginfo-0.9.13.1-150200.4.15.1 xrdp-0.9.13.1-150200.4.15.1 xrdp-debuginfo-0.9.13.1-150200.4.15.1 xrdp-debugsource-0.9.13.1-150200.4.15.1 xrdp-devel-0.9.13.1-150200.4.15.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libpainter0-0.9.13.1-150200.4.15.1 libpainter0-debuginfo-0.9.13.1-150200.4.15.1 librfxencode0-0.9.13.1-150200.4.15.1 librfxencode0-debuginfo-0.9.13.1-150200.4.15.1 xrdp-0.9.13.1-150200.4.15.1 xrdp-debuginfo-0.9.13.1-150200.4.15.1 xrdp-debugsource-0.9.13.1-150200.4.15.1 xrdp-devel-0.9.13.1-150200.4.15.1 References: https://www.suse.com/security/cve/CVE-2022-23468.html https://www.suse.com/security/cve/CVE-2022-23478.html https://www.suse.com/security/cve/CVE-2022-23479.html https://www.suse.com/security/cve/CVE-2022-23480.html https://www.suse.com/security/cve/CVE-2022-23481.html https://www.suse.com/security/cve/CVE-2022-23482.html https://www.suse.com/security/cve/CVE-2022-23483.html https://www.suse.com/security/cve/CVE-2022-23484.html https://www.suse.com/security/cve/CVE-2022-23493.html https://bugzilla.suse.com/1206300 https://bugzilla.suse.com/1206302 https://bugzilla.suse.com/1206303 https://bugzilla.suse.com/1206306 https://bugzilla.suse.com/1206307 https://bugzilla.suse.com/1206310 https://bugzilla.suse.com/1206311 https://bugzilla.suse.com/1206312 https://bugzilla.suse.com/1206313 From sle-security-updates at lists.suse.com Thu Jan 5 17:24:13 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 5 Jan 2023 18:24:13 +0100 (CET) Subject: SUSE-SU-2023:0030-1: important: Security update for tcl Message-ID: <20230105172413.D5539FD89@maintenance.suse.de> SUSE Security Update: Security update for tcl ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0030-1 Rating: important References: #1195773 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for tcl fixes the following issues: - Fixed a race condition in test socket-13.1. - Removed the SQLite extension and use the packaged sqlite3 instead (bsc#1195773). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-30=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2023-30=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-30=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2023-30=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-30=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): tcl-8.6.12-150300.14.6.1 tcl-debuginfo-8.6.12-150300.14.6.1 tcl-debugsource-8.6.12-150300.14.6.1 tcl-devel-8.6.12-150300.14.6.1 - openSUSE Leap 15.4 (x86_64): tcl-32bit-8.6.12-150300.14.6.1 tcl-32bit-debuginfo-8.6.12-150300.14.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): tcl-8.6.12-150300.14.6.1 tcl-debuginfo-8.6.12-150300.14.6.1 tcl-debugsource-8.6.12-150300.14.6.1 tcl-devel-8.6.12-150300.14.6.1 - openSUSE Leap 15.3 (x86_64): tcl-32bit-8.6.12-150300.14.6.1 tcl-32bit-debuginfo-8.6.12-150300.14.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): tcl-8.6.12-150300.14.6.1 tcl-debuginfo-8.6.12-150300.14.6.1 tcl-debugsource-8.6.12-150300.14.6.1 tcl-devel-8.6.12-150300.14.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): tcl-32bit-8.6.12-150300.14.6.1 tcl-32bit-debuginfo-8.6.12-150300.14.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): tcl-8.6.12-150300.14.6.1 tcl-debuginfo-8.6.12-150300.14.6.1 tcl-debugsource-8.6.12-150300.14.6.1 tcl-devel-8.6.12-150300.14.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): tcl-32bit-8.6.12-150300.14.6.1 tcl-32bit-debuginfo-8.6.12-150300.14.6.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): tcl-8.6.12-150300.14.6.1 tcl-debuginfo-8.6.12-150300.14.6.1 tcl-debugsource-8.6.12-150300.14.6.1 References: https://bugzilla.suse.com/1195773 From sle-security-updates at lists.suse.com Fri Jan 6 08:40:17 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 6 Jan 2023 09:40:17 +0100 (CET) Subject: SUSE-CU-2023:18-1: Security update of suse/sles12sp4 Message-ID: <20230106084017.CC8F4FD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:18-1 Container Tags : suse/sles12sp4:26.551 , suse/sles12sp4:latest Container Release : 26.551 Severity : moderate Type : security References : 1206579 CVE-2022-47629 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:31-1 Released: Thu Jan 5 13:33:52 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). The following package changes have been done: - base-container-licenses-3.0-1.335 updated - container-suseconnect-2.0.0-1.218 updated - libksba8-1.3.0-24.6.1 updated From sle-security-updates at lists.suse.com Fri Jan 6 08:48:14 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 6 Jan 2023 09:48:14 +0100 (CET) Subject: SUSE-CU-2023:19-1: Security update of suse/sles12sp5 Message-ID: <20230106084814.1122FFD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:19-1 Container Tags : suse/sles12sp5:6.5.422 , suse/sles12sp5:latest Container Release : 6.5.422 Severity : moderate Type : security References : 1206579 CVE-2022-47629 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:31-1 Released: Thu Jan 5 13:33:52 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). The following package changes have been done: - libksba8-1.3.0-24.6.1 updated From sle-security-updates at lists.suse.com Fri Jan 6 14:19:45 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 6 Jan 2023 15:19:45 +0100 (CET) Subject: SUSE-SU-2023:0036-1: important: Security update for ovmf Message-ID: <20230106141945.093EAFD84@maintenance.suse.de> SUSE Security Update: Security update for ovmf ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0036-1 Rating: important References: #1188371 Cross-References: CVE-2019-11098 CVSS scores: CVE-2019-11098 (NVD) : 6.8 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-11098 (SUSE): 6.4 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ovmf fixes the following issues: - CVE-2019-11098: Fixed insufficient input validation in MdeModulePkg (bsc#1188371). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-36=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-36=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-36=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-36=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-36=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-36=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-36=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-36=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-36=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-36=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-36=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-36=1 Package List: - openSUSE Leap Micro 5.2 (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 qemu-uefi-aarch64-202008-150300.10.17.1 - SUSE Manager Server 4.2 (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 - SUSE Manager Server 4.2 (x86_64): ovmf-202008-150300.10.17.1 ovmf-tools-202008-150300.10.17.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): ovmf-202008-150300.10.17.1 ovmf-tools-202008-150300.10.17.1 - SUSE Manager Retail Branch Server 4.2 (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 - SUSE Manager Proxy 4.2 (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 - SUSE Manager Proxy 4.2 (x86_64): ovmf-202008-150300.10.17.1 ovmf-tools-202008-150300.10.17.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): ovmf-202008-150300.10.17.1 ovmf-tools-202008-150300.10.17.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 x86_64): ovmf-202008-150300.10.17.1 ovmf-tools-202008-150300.10.17.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 qemu-uefi-aarch64-202008-150300.10.17.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): ovmf-202008-150300.10.17.1 ovmf-tools-202008-150300.10.17.1 - SUSE Linux Enterprise Micro 5.2 (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 qemu-uefi-aarch64-202008-150300.10.17.1 - SUSE Linux Enterprise Micro 5.1 (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 qemu-uefi-aarch64-202008-150300.10.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): ovmf-202008-150300.10.17.1 ovmf-tools-202008-150300.10.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 qemu-uefi-aarch64-202008-150300.10.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): ovmf-202008-150300.10.17.1 ovmf-tools-202008-150300.10.17.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 qemu-uefi-aarch64-202008-150300.10.17.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): ovmf-202008-150300.10.17.1 ovmf-tools-202008-150300.10.17.1 - SUSE Enterprise Storage 7.1 (noarch): qemu-ovmf-x86_64-202008-150300.10.17.1 qemu-uefi-aarch64-202008-150300.10.17.1 References: https://www.suse.com/security/cve/CVE-2019-11098.html https://bugzilla.suse.com/1188371 From sle-security-updates at lists.suse.com Fri Jan 6 20:21:13 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 6 Jan 2023 21:21:13 +0100 (CET) Subject: SUSE-SU-2023:0037-1: important: Security update for ca-certificates-mozilla Message-ID: <20230106202113.766DAFD84@maintenance.suse.de> SUSE Security Update: Security update for ca-certificates-mozilla ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0037-1 Rating: important References: #1206212 #1206622 Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle "valid before nov 30 2022" and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-37=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-37=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-37=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-37=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2023-37=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-37=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2023-37=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-37=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2023-37=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-37=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-37=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-37=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-37=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-37=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-37=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2023-37=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-37=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2023-37=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-37=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-37=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-37=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-37=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-37=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-37=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-37=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-37=1 Package List: - openSUSE Leap Micro 5.3 (noarch): ca-certificates-mozilla-2.60-150200.27.1 - openSUSE Leap Micro 5.2 (noarch): ca-certificates-mozilla-2.60-150200.27.1 ca-certificates-mozilla-prebuilt-2.60-150200.27.1 - openSUSE Leap 15.4 (noarch): ca-certificates-mozilla-2.60-150200.27.1 ca-certificates-mozilla-prebuilt-2.60-150200.27.1 - SUSE Manager Server 4.2 (noarch): ca-certificates-mozilla-2.60-150200.27.1 - SUSE Manager Server 4.1 (noarch): ca-certificates-mozilla-2.60-150200.27.1 ca-certificates-mozilla-prebuilt-2.60-150200.27.1 - SUSE Manager Retail Branch Server 4.2 (noarch): ca-certificates-mozilla-2.60-150200.27.1 - SUSE Manager Retail Branch Server 4.1 (noarch): ca-certificates-mozilla-2.60-150200.27.1 ca-certificates-mozilla-prebuilt-2.60-150200.27.1 - SUSE Manager Proxy 4.2 (noarch): ca-certificates-mozilla-2.60-150200.27.1 - SUSE Manager Proxy 4.1 (noarch): ca-certificates-mozilla-2.60-150200.27.1 ca-certificates-mozilla-prebuilt-2.60-150200.27.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): ca-certificates-mozilla-2.60-150200.27.1 ca-certificates-mozilla-prebuilt-2.60-150200.27.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): ca-certificates-mozilla-2.60-150200.27.1 ca-certificates-mozilla-prebuilt-2.60-150200.27.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): ca-certificates-mozilla-2.60-150200.27.1 ca-certificates-mozilla-prebuilt-2.60-150200.27.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): ca-certificates-mozilla-2.60-150200.27.1 ca-certificates-mozilla-prebuilt-2.60-150200.27.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): ca-certificates-mozilla-2.60-150200.27.1 ca-certificates-mozilla-prebuilt-2.60-150200.27.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): ca-certificates-mozilla-prebuilt-2.60-150200.27.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): ca-certificates-mozilla-prebuilt-2.60-150200.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): ca-certificates-mozilla-2.60-150200.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): ca-certificates-mozilla-2.60-150200.27.1 - SUSE Linux Enterprise Micro 5.3 (noarch): ca-certificates-mozilla-2.60-150200.27.1 - SUSE Linux Enterprise Micro 5.2 (noarch): ca-certificates-mozilla-2.60-150200.27.1 ca-certificates-mozilla-prebuilt-2.60-150200.27.1 - SUSE Linux Enterprise Micro 5.1 (noarch): ca-certificates-mozilla-2.60-150200.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): ca-certificates-mozilla-2.60-150200.27.1 ca-certificates-mozilla-prebuilt-2.60-150200.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): ca-certificates-mozilla-2.60-150200.27.1 ca-certificates-mozilla-prebuilt-2.60-150200.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): ca-certificates-mozilla-2.60-150200.27.1 ca-certificates-mozilla-prebuilt-2.60-150200.27.1 - SUSE Enterprise Storage 7.1 (noarch): ca-certificates-mozilla-2.60-150200.27.1 ca-certificates-mozilla-prebuilt-2.60-150200.27.1 - SUSE Enterprise Storage 7 (noarch): ca-certificates-mozilla-2.60-150200.27.1 ca-certificates-mozilla-prebuilt-2.60-150200.27.1 References: https://bugzilla.suse.com/1206212 https://bugzilla.suse.com/1206622 From sle-security-updates at lists.suse.com Sat Jan 7 08:44:01 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 7 Jan 2023 09:44:01 +0100 (CET) Subject: SUSE-CU-2023:41-1: Security update of suse/sle15 Message-ID: <20230107084401.6E78BFD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:41-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.251 Container Release : 9.5.251 Severity : important Type : security References : 1206212 1206622 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 The following package changes have been done: - ca-certificates-mozilla-2.60-150200.27.1 updated From sle-security-updates at lists.suse.com Sat Jan 7 08:51:09 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 7 Jan 2023 09:51:09 +0100 (CET) Subject: SUSE-CU-2023:43-1: Security update of bci/bci-micro Message-ID: <20230107085109.B91D0FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:43-1 Container Tags : bci/bci-micro:15.3 , bci/bci-micro:15.3.22.39 Container Release : 22.39 Severity : important Type : security References : 1206212 1206622 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.60-150200.27.1 updated From sle-security-updates at lists.suse.com Sat Jan 7 09:15:20 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 7 Jan 2023 10:15:20 +0100 (CET) Subject: SUSE-CU-2023:47-1: Security update of suse/sle15 Message-ID: <20230107091520.60823FD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:47-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.91 , suse/sle15:15.3 , suse/sle15:15.3.17.20.91 Container Release : 17.20.91 Severity : important Type : security References : 1206212 1206622 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 The following package changes have been done: - ca-certificates-mozilla-2.60-150200.27.1 updated From sle-security-updates at lists.suse.com Sat Jan 7 09:22:45 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 7 Jan 2023 10:22:45 +0100 (CET) Subject: SUSE-CU-2023:52-1: Security update of bci/bci-busybox Message-ID: <20230107092245.E74CBFD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:52-1 Container Tags : bci/bci-busybox:15.4 , bci/bci-busybox:15.4.13.4 , bci/bci-busybox:latest Container Release : 13.4 Severity : important Type : security References : 1206212 1206622 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.60-150200.27.1 updated From sle-security-updates at lists.suse.com Sat Jan 7 09:45:44 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 7 Jan 2023 10:45:44 +0100 (CET) Subject: SUSE-CU-2023:63-1: Security update of bci/bci-micro Message-ID: <20230107094544.C6D12FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:63-1 Container Tags : bci/bci-micro:15.4 , bci/bci-micro:15.4.16.3 , bci/bci-micro:latest Container Release : 16.3 Severity : important Type : security References : 1206212 1206622 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 The following package changes have been done: - ca-certificates-mozilla-prebuilt-2.60-150200.27.1 updated From sle-security-updates at lists.suse.com Sat Jan 7 10:09:45 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 7 Jan 2023 11:09:45 +0100 (CET) Subject: SUSE-CU-2023:87-1: Security update of suse/sle15 Message-ID: <20230107100945.6E696FD84@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:87-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.28 , suse/sle15:15.4 , suse/sle15:15.4.27.14.28 Container Release : 27.14.28 Severity : important Type : security References : 1206212 1206622 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 The following package changes have been done: - ca-certificates-mozilla-2.60-150200.27.1 updated From sle-security-updates at lists.suse.com Mon Jan 9 14:36:59 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 9 Jan 2023 15:36:59 +0100 (CET) Subject: SUSE-SU-2023:0056-1: moderate: Security update for libksba Message-ID: <20230109143659.4F30EFD84@maintenance.suse.de> SUSE Security Update: Security update for libksba ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0056-1 Rating: moderate References: #1206579 Cross-References: CVE-2022-47629 CVSS scores: CVE-2022-47629 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-47629 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-56=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-56=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-56=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-56=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-56=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-56=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-56=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-56=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba-devel-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libksba-debugsource-1.3.5-150000.4.6.1 libksba8-1.3.5-150000.4.6.1 libksba8-debuginfo-1.3.5-150000.4.6.1 References: https://www.suse.com/security/cve/CVE-2022-47629.html https://bugzilla.suse.com/1206579 From sle-security-updates at lists.suse.com Tue Jan 10 08:51:55 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 10 Jan 2023 09:51:55 +0100 (CET) Subject: SUSE-CU-2023:91-1: Security update of suse/sle15 Message-ID: <20230110085155.C12FFFD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:91-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.662 Container Release : 4.22.662 Severity : moderate Type : security References : 1206579 CVE-2022-47629 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). The following package changes have been done: - libksba8-1.3.5-150000.4.6.1 updated From sle-security-updates at lists.suse.com Tue Jan 10 09:09:09 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 10 Jan 2023 10:09:09 +0100 (CET) Subject: SUSE-CU-2023:92-1: Security update of suse/sle15 Message-ID: <20230110090909.F2767FD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:92-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.727 Container Release : 6.2.727 Severity : moderate Type : security References : 1206579 CVE-2022-47629 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). The following package changes have been done: - libksba8-1.3.5-150000.4.6.1 updated From sle-security-updates at lists.suse.com Tue Jan 10 09:24:03 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 10 Jan 2023 10:24:03 +0100 (CET) Subject: SUSE-CU-2023:93-1: Security update of suse/sle15 Message-ID: <20230110092403.BAAE1FD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:93-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.252 Container Release : 9.5.252 Severity : moderate Type : security References : 1206579 CVE-2022-47629 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). The following package changes have been done: - libksba8-1.3.5-150000.4.6.1 updated From sle-security-updates at lists.suse.com Tue Jan 10 09:32:14 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 10 Jan 2023 10:32:14 +0100 (CET) Subject: SUSE-CU-2023:94-1: Security update of bci/bci-init Message-ID: <20230110093214.BD78BFD84@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:94-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.21.109 Container Release : 21.109 Severity : moderate Type : security References : 1199467 1206579 CVE-2022-47629 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). The following package changes have been done: - libksba8-1.3.5-150000.4.6.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - container:sles15-image-15.0.0-17.20.92 updated From sle-security-updates at lists.suse.com Tue Jan 10 09:42:52 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 10 Jan 2023 10:42:52 +0100 (CET) Subject: SUSE-CU-2023:96-1: Security update of bci/nodejs Message-ID: <20230110094252.DDFEEFD89@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:96-1 Container Tags : bci/node:12 , bci/node:12-17.122 , bci/nodejs:12 , bci/nodejs:12-17.122 Container Release : 17.122 Severity : moderate Type : security References : 1199467 1206579 CVE-2022-47629 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). The following package changes have been done: - libksba8-1.3.5-150000.4.6.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - container:sles15-image-15.0.0-17.20.92 updated From sle-security-updates at lists.suse.com Tue Jan 10 09:50:40 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 10 Jan 2023 10:50:40 +0100 (CET) Subject: SUSE-CU-2023:97-1: Security update of bci/python Message-ID: <20230110095040.615B9FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:97-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-22.32 Container Release : 22.32 Severity : moderate Type : security References : 1199467 1206579 CVE-2022-47629 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). The following package changes have been done: - libksba8-1.3.5-150000.4.6.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - container:sles15-image-15.0.0-17.20.92 updated From sle-security-updates at lists.suse.com Tue Jan 10 10:00:30 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 10 Jan 2023 11:00:30 +0100 (CET) Subject: SUSE-CU-2023:98-1: Security update of suse/sle15 Message-ID: <20230110100030.D5E31FD84@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:98-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.92 , suse/sle15:15.3 , suse/sle15:15.3.17.20.92 Container Release : 17.20.92 Severity : moderate Type : security References : 1199467 1206579 CVE-2022-47629 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). The following package changes have been done: - libksba8-1.3.5-150000.4.6.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated From sle-security-updates at lists.suse.com Tue Jan 10 10:10:07 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 10 Jan 2023 11:10:07 +0100 (CET) Subject: SUSE-CU-2023:103-1: Security update of suse/registry Message-ID: <20230110101007.969BBFD84@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:103-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-4.7 , suse/registry:latest Container Release : 4.7 Severity : important Type : security References : 1199467 1205502 1206212 1206622 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) The following package changes have been done: - ca-certificates-mozilla-2.60-150200.27.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - login_defs-4.8.1-150400.10.3.1 updated - shadow-4.8.1-150400.10.3.1 updated - container:micro-image-15.4.0-16.3 updated From sle-security-updates at lists.suse.com Tue Jan 10 11:20:08 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 10 Jan 2023 12:20:08 +0100 (CET) Subject: SUSE-SU-2023:0058-1: moderate: Security update for systemd Message-ID: <20230110112008.43D0FFD89@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0058-1 Rating: moderate References: #1181636 #1205000 Cross-References: CVE-2022-4415 CVSS scores: CVE-2022-4415 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for systemd fixes the following issues: Fixing the following issues: - units: restore RemainAfterExit=yes in systemd-vconsole-setup.service - vconsole-setup: don't concat strv if we don't need to (i.e. not in debug log mode) - vconsole-setup: add more log messages - units: restore Before dependencies for systemd-vconsole-setup.service - vconsole-setup: add lots of debug messages - Add enable_disable() helper - vconsole: correct kernel command line namespace - vconsole: Don't do static installation under sysinit.target - vconsole: use KD_FONT_OP_GET/SET to handle copying (bsc#1181636) - vconsole: updates of keyboard/font loading functions - vconsole: Add generic is_*() functions - vconsole: add two new toggle functions, remove old enable/disable ones - vconsole: copy font to 63 consoles instead of 15 - vconsole: add log_oom() where appropriate - vconsole-setup: Store fonts on heap (#3268) - errno-util: add new errno_or_else() helper The following fix is now integrated upstream: - CVE-2022-4415: coredump: do not allow user to access coredumps with changed uid/gid/capabilities (bsc#1205000). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-58=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-58=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libudev-devel-228-157.49.1 systemd-debuginfo-228-157.49.1 systemd-debugsource-228-157.49.1 systemd-devel-228-157.49.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsystemd0-228-157.49.1 libsystemd0-debuginfo-228-157.49.1 libudev-devel-228-157.49.1 libudev1-228-157.49.1 libudev1-debuginfo-228-157.49.1 systemd-228-157.49.1 systemd-debuginfo-228-157.49.1 systemd-debugsource-228-157.49.1 systemd-devel-228-157.49.1 systemd-sysvinit-228-157.49.1 udev-228-157.49.1 udev-debuginfo-228-157.49.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsystemd0-32bit-228-157.49.1 libsystemd0-debuginfo-32bit-228-157.49.1 libudev1-32bit-228-157.49.1 libudev1-debuginfo-32bit-228-157.49.1 systemd-32bit-228-157.49.1 systemd-debuginfo-32bit-228-157.49.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): systemd-bash-completion-228-157.49.1 References: https://www.suse.com/security/cve/CVE-2022-4415.html https://bugzilla.suse.com/1181636 https://bugzilla.suse.com/1205000 From sle-security-updates at lists.suse.com Tue Jan 10 17:21:25 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 10 Jan 2023 18:21:25 +0100 (CET) Subject: SUSE-SU-2023:0060-1: moderate: Security update for tiff Message-ID: <20230110172125.32ED9FD89@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0060-1 Rating: moderate References: #1204642 #1205422 Cross-References: CVE-2022-3570 CVE-2022-3598 CVSS scores: CVE-2022-3570 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3570 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3598 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-3598 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for tiff fixes the following issues: - CVE-2022-3570: Fixed a potential crash in the tiffcrop utility (bsc#1205422). - CVE-2022-3598: Fixed a potential crash in the tiffcrop utility (bsc#1204642). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-60=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-60=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-44.62.1 tiff-debuginfo-4.0.9-44.62.1 tiff-debugsource-4.0.9-44.62.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.62.1 libtiff5-debuginfo-4.0.9-44.62.1 tiff-4.0.9-44.62.1 tiff-debuginfo-4.0.9-44.62.1 tiff-debugsource-4.0.9-44.62.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libtiff5-32bit-4.0.9-44.62.1 libtiff5-debuginfo-32bit-4.0.9-44.62.1 References: https://www.suse.com/security/cve/CVE-2022-3570.html https://www.suse.com/security/cve/CVE-2022-3598.html https://bugzilla.suse.com/1204642 https://bugzilla.suse.com/1205422 From sle-security-updates at lists.suse.com Tue Jan 10 17:22:34 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 10 Jan 2023 18:22:34 +0100 (CET) Subject: SUSE-SU-2023:0061-1: important: Security update for webkit2gtk3 Message-ID: <20230110172234.61B1AFD89@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0061-1 Rating: important References: #1206474 #1206750 Cross-References: CVE-2022-42852 CVE-2022-42856 CVE-2022-42863 CVE-2022-42867 CVE-2022-46691 CVE-2022-46692 CVE-2022-46698 CVE-2022-46699 CVE-2022-46700 CVSS scores: CVE-2022-42852 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-42852 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-42856 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42856 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42863 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42863 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42867 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-42867 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-46691 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-46691 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-46692 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2022-46692 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2022-46698 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-46698 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-46699 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-46699 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-46700 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.38.3 (bnc#1206750): - CVE-2022-42852: Fixed disclosure of process memory by improved memory handling. - CVE-2022-42856: Fixed a potential arbitrary code execution when processing maliciously crafted web content (bsc#1206474). - CVE-2022-42863: Fixed a potential arbitrary code execution when processing maliciously crafted web content. - CVE-2022-42867: Fixed a use after free issue was addressed with improved memory management. - CVE-2022-46691: Fixed a potential arbitrary code execution when processing maliciously crafted web content. - CVE-2022-46692: Fixed bypass of Same Origin Policy through improved state management. - CVE-2022-46698: Fixed disclosure of sensitive user information with improved checks. - CVE-2022-46699: Fixed an arbitrary code execution caused by memory corruption. - CVE-2022-46700: Fixed a potential arbitrary code execution when processing maliciously crafted web content. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-61=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-61=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-61=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-61=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-61=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-61=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-61=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): libwebkit2gtk3-lang-2.38.3-2.123.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libjavascriptcoregtk-4_0-18-2.38.3-2.123.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-2.123.1 libwebkit2gtk-4_0-37-2.38.3-2.123.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-2.123.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-2.123.1 typelib-1_0-WebKit2-4_0-2.38.3-2.123.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-2.123.1 webkit2gtk-4_0-injected-bundles-2.38.3-2.123.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-2.123.1 webkit2gtk3-debugsource-2.38.3-2.123.1 - SUSE OpenStack Cloud 9 (noarch): libwebkit2gtk3-lang-2.38.3-2.123.1 - SUSE OpenStack Cloud 9 (x86_64): libjavascriptcoregtk-4_0-18-2.38.3-2.123.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-2.123.1 libwebkit2gtk-4_0-37-2.38.3-2.123.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-2.123.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-2.123.1 typelib-1_0-WebKit2-4_0-2.38.3-2.123.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-2.123.1 webkit2gtk-4_0-injected-bundles-2.38.3-2.123.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-2.123.1 webkit2gtk3-debugsource-2.38.3-2.123.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): typelib-1_0-WebKit2WebExtension-4_0-2.38.3-2.123.1 webkit2gtk3-debugsource-2.38.3-2.123.1 webkit2gtk3-devel-2.38.3-2.123.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.38.3-2.123.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-2.123.1 libwebkit2gtk-4_0-37-2.38.3-2.123.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-2.123.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-2.123.1 typelib-1_0-WebKit2-4_0-2.38.3-2.123.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-2.123.1 webkit2gtk-4_0-injected-bundles-2.38.3-2.123.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-2.123.1 webkit2gtk3-debugsource-2.38.3-2.123.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libwebkit2gtk3-lang-2.38.3-2.123.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.38.3-2.123.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-2.123.1 libwebkit2gtk-4_0-37-2.38.3-2.123.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-2.123.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-2.123.1 typelib-1_0-WebKit2-4_0-2.38.3-2.123.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-2.123.1 webkit2gtk-4_0-injected-bundles-2.38.3-2.123.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-2.123.1 webkit2gtk3-debugsource-2.38.3-2.123.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libwebkit2gtk3-lang-2.38.3-2.123.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.38.3-2.123.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-2.123.1 libwebkit2gtk-4_0-37-2.38.3-2.123.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-2.123.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-2.123.1 typelib-1_0-WebKit2-4_0-2.38.3-2.123.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-2.123.1 webkit2gtk-4_0-injected-bundles-2.38.3-2.123.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-2.123.1 webkit2gtk3-debugsource-2.38.3-2.123.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libwebkit2gtk3-lang-2.38.3-2.123.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libwebkit2gtk3-lang-2.38.3-2.123.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.38.3-2.123.1 libjavascriptcoregtk-4_0-18-debuginfo-2.38.3-2.123.1 libwebkit2gtk-4_0-37-2.38.3-2.123.1 libwebkit2gtk-4_0-37-debuginfo-2.38.3-2.123.1 typelib-1_0-JavaScriptCore-4_0-2.38.3-2.123.1 typelib-1_0-WebKit2-4_0-2.38.3-2.123.1 typelib-1_0-WebKit2WebExtension-4_0-2.38.3-2.123.1 webkit2gtk-4_0-injected-bundles-2.38.3-2.123.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.38.3-2.123.1 webkit2gtk3-debugsource-2.38.3-2.123.1 webkit2gtk3-devel-2.38.3-2.123.1 References: https://www.suse.com/security/cve/CVE-2022-42852.html https://www.suse.com/security/cve/CVE-2022-42856.html https://www.suse.com/security/cve/CVE-2022-42863.html https://www.suse.com/security/cve/CVE-2022-42867.html https://www.suse.com/security/cve/CVE-2022-46691.html https://www.suse.com/security/cve/CVE-2022-46692.html https://www.suse.com/security/cve/CVE-2022-46698.html https://www.suse.com/security/cve/CVE-2022-46699.html https://www.suse.com/security/cve/CVE-2022-46700.html https://bugzilla.suse.com/1206474 https://bugzilla.suse.com/1206750 From sle-security-updates at lists.suse.com Wed Jan 11 08:32:19 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 11 Jan 2023 09:32:19 +0100 (CET) Subject: SUSE-CU-2023:113-1: Security update of suse/sles12sp5 Message-ID: <20230111083219.209CCFCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:113-1 Container Tags : suse/sles12sp5:6.5.424 , suse/sles12sp5:latest Container Release : 6.5.424 Severity : moderate Type : security References : 1181636 1205000 CVE-2022-4415 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:58-1 Released: Tue Jan 10 09:15:27 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1181636,1205000,CVE-2022-4415 This update for systemd fixes the following issues: Fixing the following issues: - units: restore RemainAfterExit=yes in systemd-vconsole-setup.service - vconsole-setup: don't concat strv if we don't need to (i.e. not in debug log mode) - vconsole-setup: add more log messages - units: restore Before dependencies for systemd-vconsole-setup.service - vconsole-setup: add lots of debug messages - Add enable_disable() helper - vconsole: correct kernel command line namespace - vconsole: Don't do static installation under sysinit.target - vconsole: use KD_FONT_OP_GET/SET to handle copying (bsc#1181636) - vconsole: updates of keyboard/font loading functions - vconsole: Add generic is_*() functions - vconsole: add two new toggle functions, remove old enable/disable ones - vconsole: copy font to 63 consoles instead of 15 - vconsole: add log_oom() where appropriate - vconsole-setup: Store fonts on heap (#3268) - errno-util: add new errno_or_else() helper The following fix is now integrated upstream: - CVE-2022-4415: coredump: do not allow user to access coredumps with changed uid/gid/capabilities (bsc#1205000). The following package changes have been done: - libsystemd0-228-157.49.1 updated - libudev1-228-157.49.1 updated From sle-security-updates at lists.suse.com Wed Jan 11 09:13:59 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 11 Jan 2023 10:13:59 +0100 (CET) Subject: SUSE-CU-2023:141-1: Security update of suse/sle15 Message-ID: <20230111091359.4508BFCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:141-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.27.14.29 , suse/sle15:15.4 , suse/sle15:15.4.27.14.29 Container Release : 27.14.29 Severity : moderate Type : security References : 1199467 1204585 1205502 1206579 CVE-2022-47629 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). The following package changes have been done: - libksba8-1.3.5-150000.4.6.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - login_defs-4.8.1-150400.10.3.1 updated - shadow-4.8.1-150400.10.3.1 updated From sle-security-updates at lists.suse.com Wed Jan 11 14:20:39 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 11 Jan 2023 15:20:39 +0100 (CET) Subject: SUSE-SU-2023:0066-1: moderate: Security update for w3m Message-ID: <20230111142039.3A54DFD84@maintenance.suse.de> SUSE Security Update: Security update for w3m ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0066-1 Rating: moderate References: #1202684 Cross-References: CVE-2022-38223 CVSS scores: CVE-2022-38223 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-38223 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for w3m fixes the following issues: - CVE-2022-38223: Fixed a memory safety issue when dumping crafted input to standard out (bsc#1202684). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-66=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): w3m-0.5.3.git20161120-161.6.1 w3m-debuginfo-0.5.3.git20161120-161.6.1 w3m-debugsource-0.5.3.git20161120-161.6.1 References: https://www.suse.com/security/cve/CVE-2022-38223.html https://bugzilla.suse.com/1202684 From sle-security-updates at lists.suse.com Wed Jan 11 14:21:21 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 11 Jan 2023 15:21:21 +0100 (CET) Subject: SUSE-SU-2023:0069-1: moderate: Security update for SDL2 Message-ID: <20230111142121.5DEBEFD84@maintenance.suse.de> SUSE Security Update: Security update for SDL2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0069-1 Rating: moderate References: #1206727 Cross-References: CVE-2022-4743 CVSS scores: CVE-2022-4743 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for SDL2 fixes the following issues: - CVE-2022-4743: Fixed a potential memory leak when creating a texture for an OpenGL ES image (bsc#1206727). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-69=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-69=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-69=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-69=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-150200.11.9.1 libSDL2-2_0-0-2.0.8-150200.11.9.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.9.1 libSDL2-devel-2.0.8-150200.11.9.1 - openSUSE Leap 15.4 (x86_64): libSDL2-2_0-0-32bit-2.0.8-150200.11.9.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150200.11.9.1 libSDL2-devel-32bit-2.0.8-150200.11.9.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): SDL2-debugsource-2.0.8-150200.11.9.1 libSDL2-2_0-0-2.0.8-150200.11.9.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.9.1 libSDL2-devel-2.0.8-150200.11.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (x86_64): SDL2-debugsource-2.0.8-150200.11.9.1 libSDL2-2_0-0-32bit-2.0.8-150200.11.9.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150200.11.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-150200.11.9.1 libSDL2-2_0-0-2.0.8-150200.11.9.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.9.1 libSDL2-devel-2.0.8-150200.11.9.1 References: https://www.suse.com/security/cve/CVE-2022-4743.html https://bugzilla.suse.com/1206727 From sle-security-updates at lists.suse.com Wed Jan 11 14:22:11 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 11 Jan 2023 15:22:11 +0100 (CET) Subject: SUSE-SU-2023:0065-1: moderate: Security update for w3m Message-ID: <20230111142211.7A461FD84@maintenance.suse.de> SUSE Security Update: Security update for w3m ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0065-1 Rating: moderate References: #1202684 Cross-References: CVE-2022-38223 CVSS scores: CVE-2022-38223 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-38223 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for w3m fixes the following issues: - CVE-2022-38223: Fixed a memory safety issue when dumping crafted input to standard out (bsc#1202684). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-65=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-65=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-65=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): w3m-0.5.3+git20180125-150000.3.3.1 w3m-debuginfo-0.5.3+git20180125-150000.3.3.1 w3m-debugsource-0.5.3+git20180125-150000.3.3.1 w3m-inline-image-0.5.3+git20180125-150000.3.3.1 w3m-inline-image-debuginfo-0.5.3+git20180125-150000.3.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): w3m-0.5.3+git20180125-150000.3.3.1 w3m-debuginfo-0.5.3+git20180125-150000.3.3.1 w3m-debugsource-0.5.3+git20180125-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): w3m-0.5.3+git20180125-150000.3.3.1 w3m-debuginfo-0.5.3+git20180125-150000.3.3.1 w3m-debugsource-0.5.3+git20180125-150000.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-38223.html https://bugzilla.suse.com/1202684 From sle-security-updates at lists.suse.com Wed Jan 11 14:22:59 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 11 Jan 2023 15:22:59 +0100 (CET) Subject: SUSE-SU-2023:0068-1: moderate: Security update for net-snmp Message-ID: <20230111142259.2F19AFD84@maintenance.suse.de> SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0068-1 Rating: moderate References: #1198059 #1205148 #1205150 Cross-References: CVE-2022-44792 CVE-2022-44793 CVSS scores: CVE-2022-44792 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-44792 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-44793 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-44793 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for net-snmp fixes the following issues: - CVE-2022-44793: Fixed a NULL pointer dereference issue that could allow a remote attacker with write access to crash the server instance (bsc#1205148). - CVE-2022-44792: Fixed a NULL pointer dereference issue that could allow a remote attacker with write access to crash the server instance (bsc#1205150). Other fixes: - Fixed a potential invalid free of memory, and hardened string handling against concurrency issues (bsc#1198059). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-68=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-68=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): net-snmp-debuginfo-5.7.3-11.6.1 net-snmp-debugsource-5.7.3-11.6.1 net-snmp-devel-5.7.3-11.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-11.6.1 libsnmp30-debuginfo-5.7.3-11.6.1 net-snmp-5.7.3-11.6.1 net-snmp-debuginfo-5.7.3-11.6.1 net-snmp-debugsource-5.7.3-11.6.1 perl-SNMP-5.7.3-11.6.1 perl-SNMP-debuginfo-5.7.3-11.6.1 snmp-mibs-5.7.3-11.6.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsnmp30-32bit-5.7.3-11.6.1 libsnmp30-debuginfo-32bit-5.7.3-11.6.1 References: https://www.suse.com/security/cve/CVE-2022-44792.html https://www.suse.com/security/cve/CVE-2022-44793.html https://bugzilla.suse.com/1198059 https://bugzilla.suse.com/1205148 https://bugzilla.suse.com/1205150 From sle-security-updates at lists.suse.com Wed Jan 11 20:21:37 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 11 Jan 2023 21:21:37 +0100 (CET) Subject: SUSE-SU-2023:0071-1: moderate: Security update for openstack-barbican Message-ID: <20230111202137.0D0B2FD84@maintenance.suse.de> SUSE Security Update: Security update for openstack-barbican ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0071-1 Rating: moderate References: #1203873 Cross-References: CVE-2022-3100 CVSS scores: CVE-2022-3100 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N Affected Products: HPE Helion Openstack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openstack-barbican contains the following fix: Security fix included on this update: openstack-barbican: - CVE-2022-3100: Fixed an access policy bypass via query string injection (bsc#1203873). Update for openstack-barbican: - Add patch for CVE-2022-3100 to address access policy bypass via query string injection. (bsc#1203873, CVE-2022-3100) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2023-71=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2023-71=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2023-71=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): openstack-barbican-5.0.2~dev3-3.17.2 openstack-barbican-api-5.0.2~dev3-3.17.2 openstack-barbican-doc-5.0.2~dev3-3.17.2 openstack-barbican-keystone-listener-5.0.2~dev3-3.17.2 openstack-barbican-retry-5.0.2~dev3-3.17.2 openstack-barbican-worker-5.0.2~dev3-3.17.2 python-barbican-5.0.2~dev3-3.17.2 - SUSE OpenStack Cloud 8 (noarch): openstack-barbican-5.0.2~dev3-3.17.2 openstack-barbican-api-5.0.2~dev3-3.17.2 openstack-barbican-doc-5.0.2~dev3-3.17.2 openstack-barbican-keystone-listener-5.0.2~dev3-3.17.2 openstack-barbican-retry-5.0.2~dev3-3.17.2 openstack-barbican-worker-5.0.2~dev3-3.17.2 python-barbican-5.0.2~dev3-3.17.2 venv-openstack-barbican-x86_64-5.0.2~dev3-12.43.2 - HPE Helion Openstack 8 (noarch): openstack-barbican-5.0.2~dev3-3.17.2 openstack-barbican-api-5.0.2~dev3-3.17.2 openstack-barbican-doc-5.0.2~dev3-3.17.2 openstack-barbican-keystone-listener-5.0.2~dev3-3.17.2 openstack-barbican-retry-5.0.2~dev3-3.17.2 openstack-barbican-worker-5.0.2~dev3-3.17.2 python-barbican-5.0.2~dev3-3.17.2 venv-openstack-barbican-x86_64-5.0.2~dev3-12.43.2 References: https://www.suse.com/security/cve/CVE-2022-3100.html https://bugzilla.suse.com/1203873 From sle-security-updates at lists.suse.com Wed Jan 11 20:22:15 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 11 Jan 2023 21:22:15 +0100 (CET) Subject: SUSE-SU-2023:0070-1: important: Security update for openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp Message-ID: <20230111202215.BCED0FD84@maintenance.suse.de> SUSE Security Update: Security update for openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0070-1 Rating: important References: #1203873 #1204326 Cross-References: CVE-2022-3100 CVE-2022-33891 CVSS scores: CVE-2022-3100 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N CVE-2022-33891 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-33891 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openstack-barbican, openstack-heat-gbp, openstack-horizon-plugin-gbp-ui, openstack-neutron, openstack-neutron-gbp fixes the following issues: Security fixes included on this update: openstack-barbican: - CVE-2022-3100: Fixed an access policy bypass via query string injection (bsc#1203873). spark: - CVE-2022-33891: Fixed a command injection vulnerability via Spark UI (bsc#1204326). Non Security fixes: Changes in openstack-barbican: - Add patch to address access policy bypass via query string injection. (bsc#1203873, CVE-2022-3100.) Changes in openstack-heat-gbp: - Update to version group-based-policy-automation-14.0.1.dev5: * Add support for zed Changes in openstack-horizon-plugin-gbp-ui: - Update to version group-based-policy-ui-14.0.1.dev6: * Add support for zed - Update to version group-based-policy-ui-14.0.1.dev5: * fix launch instance GBP issue Changes in openstack-neutron: - Update to version neutron-13.0.8.dev209: * Update documentation link for openSUSE index - Update to version neutron-13.0.8.dev208: * fix: Fix url of Floodlight - Update to version neutron-13.0.8.dev207: * Mellanox\_eth.img url expires, remove the mellanox\_eth.img node Changes in openstack-neutron: - Update to version neutron-13.0.8.dev209: * Update documentation link for openSUSE index - Update to version neutron-13.0.8.dev208: * fix: Fix url of Floodlight - Update to version neutron-13.0.8.dev207: * Mellanox\_eth.img url expires, remove the mellanox\_eth.img node Changes in openstack-neutron-gbp: - Update to version group-based-policy-14.0.1.dev52: * Fix keystone notification listener - Update to version group-based-policy-14.0.1.dev51: * Support for epg subnet 2014.2.0rc1 - Update to version group-based-policy-14.0.1.dev50: * Use top-level contract references 2014.2.rc1 - Update to version group-based-policy-14.0.1.dev48: * Remove py37 jobs from gate 2014.2rc1 Changes in spark: - Avoid using bash -c in ShellBasedGroupsMappingProvider. (bsc#1204326, CVE-2022-33891) - Add _constraints to prevent build from running out of disk space - Update to version group-based-policy-14.0.1.dev47: * Remove python39 from voting Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-70=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-70=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): openstack-barbican-7.0.1~dev24-3.17.1 openstack-barbican-api-7.0.1~dev24-3.17.1 openstack-barbican-keystone-listener-7.0.1~dev24-3.17.1 openstack-barbican-retry-7.0.1~dev24-3.17.1 openstack-barbican-worker-7.0.1~dev24-3.17.1 openstack-heat-gbp-14.0.1~dev5-3.12.1 openstack-horizon-plugin-gbp-ui-14.0.1~dev6-3.15.1 openstack-neutron-13.0.8~dev209-3.43.1 openstack-neutron-dhcp-agent-13.0.8~dev209-3.43.1 openstack-neutron-gbp-14.0.1~dev52-3.37.1 openstack-neutron-ha-tool-13.0.8~dev209-3.43.1 openstack-neutron-l3-agent-13.0.8~dev209-3.43.1 openstack-neutron-linuxbridge-agent-13.0.8~dev209-3.43.1 openstack-neutron-macvtap-agent-13.0.8~dev209-3.43.1 openstack-neutron-metadata-agent-13.0.8~dev209-3.43.1 openstack-neutron-metering-agent-13.0.8~dev209-3.43.1 openstack-neutron-openvswitch-agent-13.0.8~dev209-3.43.1 openstack-neutron-server-13.0.8~dev209-3.43.1 python-barbican-7.0.1~dev24-3.17.1 python-heat-gbp-14.0.1~dev5-3.12.1 python-horizon-plugin-gbp-ui-14.0.1~dev6-3.15.1 python-neutron-13.0.8~dev209-3.43.1 python-neutron-gbp-14.0.1~dev52-3.37.1 spark-2.2.3-5.12.1 - SUSE OpenStack Cloud 9 (noarch): openstack-barbican-7.0.1~dev24-3.17.1 openstack-barbican-api-7.0.1~dev24-3.17.1 openstack-barbican-keystone-listener-7.0.1~dev24-3.17.1 openstack-barbican-retry-7.0.1~dev24-3.17.1 openstack-barbican-worker-7.0.1~dev24-3.17.1 openstack-heat-gbp-14.0.1~dev5-3.12.1 openstack-horizon-plugin-gbp-ui-14.0.1~dev6-3.15.1 openstack-neutron-13.0.8~dev209-3.43.1 openstack-neutron-dhcp-agent-13.0.8~dev209-3.43.1 openstack-neutron-gbp-14.0.1~dev52-3.37.1 openstack-neutron-ha-tool-13.0.8~dev209-3.43.1 openstack-neutron-l3-agent-13.0.8~dev209-3.43.1 openstack-neutron-linuxbridge-agent-13.0.8~dev209-3.43.1 openstack-neutron-macvtap-agent-13.0.8~dev209-3.43.1 openstack-neutron-metadata-agent-13.0.8~dev209-3.43.1 openstack-neutron-metering-agent-13.0.8~dev209-3.43.1 openstack-neutron-openvswitch-agent-13.0.8~dev209-3.43.1 openstack-neutron-server-13.0.8~dev209-3.43.1 python-barbican-7.0.1~dev24-3.17.1 python-heat-gbp-14.0.1~dev5-3.12.1 python-horizon-plugin-gbp-ui-14.0.1~dev6-3.15.1 python-neutron-13.0.8~dev209-3.43.1 python-neutron-gbp-14.0.1~dev52-3.37.1 spark-2.2.3-5.12.1 venv-openstack-barbican-x86_64-7.0.1~dev24-3.37.1 venv-openstack-horizon-x86_64-14.1.1~dev11-4.43.1 venv-openstack-neutron-x86_64-13.0.8~dev209-6.43.1 venv-openstack-nova-x86_64-18.3.1~dev92-3.43.1 References: https://www.suse.com/security/cve/CVE-2022-3100.html https://www.suse.com/security/cve/CVE-2022-33891.html https://bugzilla.suse.com/1203873 https://bugzilla.suse.com/1204326 From sle-security-updates at lists.suse.com Wed Jan 11 23:21:12 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 12 Jan 2023 00:21:12 +0100 (CET) Subject: SUSE-SU-2023:0074-1: important: Security update for php8 Message-ID: <20230111232112.BB9C6FD2D@maintenance.suse.de> SUSE Security Update: Security update for php8 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0074-1 Rating: important References: #1206958 Cross-References: CVE-2022-31631 CVSS scores: CVE-2022-31631 (SUSE): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Web Scripting 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php8 fixes the following issues: - Updated to version 8.0.27: - CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string (bsc#1206958). Non-security fixes: - Fixed a NULL pointer dereference with -w/-s options. - Fixed a crash in Generator when interrupted during argument evaluation with extra named params. - Fixed a crash in Generator when memory limit was exceeded during initialization. - Fixed a memory leak in Generator when interrupted during argument evaluation. - Fixed an issue in the DateTimeZone constructor where an extra null byte could be added to the input. - Fixed a hang in SaltStack when using php-fpm 8.1.11. - Fixed mysqli_query warnings being shown despite using silenced error mode. - Fixed a NULL pointer dereference when serializing a SOAP response call. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-74=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-74=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_php8-8.0.27-150400.4.23.1 apache2-mod_php8-debuginfo-8.0.27-150400.4.23.1 apache2-mod_php8-debugsource-8.0.27-150400.4.23.1 php8-8.0.27-150400.4.23.1 php8-bcmath-8.0.27-150400.4.23.1 php8-bcmath-debuginfo-8.0.27-150400.4.23.1 php8-bz2-8.0.27-150400.4.23.1 php8-bz2-debuginfo-8.0.27-150400.4.23.1 php8-calendar-8.0.27-150400.4.23.1 php8-calendar-debuginfo-8.0.27-150400.4.23.1 php8-cli-8.0.27-150400.4.23.1 php8-cli-debuginfo-8.0.27-150400.4.23.1 php8-ctype-8.0.27-150400.4.23.1 php8-ctype-debuginfo-8.0.27-150400.4.23.1 php8-curl-8.0.27-150400.4.23.1 php8-curl-debuginfo-8.0.27-150400.4.23.1 php8-dba-8.0.27-150400.4.23.1 php8-dba-debuginfo-8.0.27-150400.4.23.1 php8-debuginfo-8.0.27-150400.4.23.1 php8-debugsource-8.0.27-150400.4.23.1 php8-devel-8.0.27-150400.4.23.1 php8-dom-8.0.27-150400.4.23.1 php8-dom-debuginfo-8.0.27-150400.4.23.1 php8-embed-8.0.27-150400.4.23.1 php8-embed-debuginfo-8.0.27-150400.4.23.1 php8-embed-debugsource-8.0.27-150400.4.23.1 php8-enchant-8.0.27-150400.4.23.1 php8-enchant-debuginfo-8.0.27-150400.4.23.1 php8-exif-8.0.27-150400.4.23.1 php8-exif-debuginfo-8.0.27-150400.4.23.1 php8-fastcgi-8.0.27-150400.4.23.1 php8-fastcgi-debuginfo-8.0.27-150400.4.23.1 php8-fastcgi-debugsource-8.0.27-150400.4.23.1 php8-fileinfo-8.0.27-150400.4.23.1 php8-fileinfo-debuginfo-8.0.27-150400.4.23.1 php8-fpm-8.0.27-150400.4.23.1 php8-fpm-debuginfo-8.0.27-150400.4.23.1 php8-fpm-debugsource-8.0.27-150400.4.23.1 php8-ftp-8.0.27-150400.4.23.1 php8-ftp-debuginfo-8.0.27-150400.4.23.1 php8-gd-8.0.27-150400.4.23.1 php8-gd-debuginfo-8.0.27-150400.4.23.1 php8-gettext-8.0.27-150400.4.23.1 php8-gettext-debuginfo-8.0.27-150400.4.23.1 php8-gmp-8.0.27-150400.4.23.1 php8-gmp-debuginfo-8.0.27-150400.4.23.1 php8-iconv-8.0.27-150400.4.23.1 php8-iconv-debuginfo-8.0.27-150400.4.23.1 php8-intl-8.0.27-150400.4.23.1 php8-intl-debuginfo-8.0.27-150400.4.23.1 php8-ldap-8.0.27-150400.4.23.1 php8-ldap-debuginfo-8.0.27-150400.4.23.1 php8-mbstring-8.0.27-150400.4.23.1 php8-mbstring-debuginfo-8.0.27-150400.4.23.1 php8-mysql-8.0.27-150400.4.23.1 php8-mysql-debuginfo-8.0.27-150400.4.23.1 php8-odbc-8.0.27-150400.4.23.1 php8-odbc-debuginfo-8.0.27-150400.4.23.1 php8-opcache-8.0.27-150400.4.23.1 php8-opcache-debuginfo-8.0.27-150400.4.23.1 php8-openssl-8.0.27-150400.4.23.1 php8-openssl-debuginfo-8.0.27-150400.4.23.1 php8-pcntl-8.0.27-150400.4.23.1 php8-pcntl-debuginfo-8.0.27-150400.4.23.1 php8-pdo-8.0.27-150400.4.23.1 php8-pdo-debuginfo-8.0.27-150400.4.23.1 php8-pgsql-8.0.27-150400.4.23.1 php8-pgsql-debuginfo-8.0.27-150400.4.23.1 php8-phar-8.0.27-150400.4.23.1 php8-phar-debuginfo-8.0.27-150400.4.23.1 php8-posix-8.0.27-150400.4.23.1 php8-posix-debuginfo-8.0.27-150400.4.23.1 php8-readline-8.0.27-150400.4.23.1 php8-readline-debuginfo-8.0.27-150400.4.23.1 php8-shmop-8.0.27-150400.4.23.1 php8-shmop-debuginfo-8.0.27-150400.4.23.1 php8-snmp-8.0.27-150400.4.23.1 php8-snmp-debuginfo-8.0.27-150400.4.23.1 php8-soap-8.0.27-150400.4.23.1 php8-soap-debuginfo-8.0.27-150400.4.23.1 php8-sockets-8.0.27-150400.4.23.1 php8-sockets-debuginfo-8.0.27-150400.4.23.1 php8-sodium-8.0.27-150400.4.23.1 php8-sodium-debuginfo-8.0.27-150400.4.23.1 php8-sqlite-8.0.27-150400.4.23.1 php8-sqlite-debuginfo-8.0.27-150400.4.23.1 php8-sysvmsg-8.0.27-150400.4.23.1 php8-sysvmsg-debuginfo-8.0.27-150400.4.23.1 php8-sysvsem-8.0.27-150400.4.23.1 php8-sysvsem-debuginfo-8.0.27-150400.4.23.1 php8-sysvshm-8.0.27-150400.4.23.1 php8-sysvshm-debuginfo-8.0.27-150400.4.23.1 php8-test-8.0.27-150400.4.23.1 php8-tidy-8.0.27-150400.4.23.1 php8-tidy-debuginfo-8.0.27-150400.4.23.1 php8-tokenizer-8.0.27-150400.4.23.1 php8-tokenizer-debuginfo-8.0.27-150400.4.23.1 php8-xmlreader-8.0.27-150400.4.23.1 php8-xmlreader-debuginfo-8.0.27-150400.4.23.1 php8-xmlwriter-8.0.27-150400.4.23.1 php8-xmlwriter-debuginfo-8.0.27-150400.4.23.1 php8-xsl-8.0.27-150400.4.23.1 php8-xsl-debuginfo-8.0.27-150400.4.23.1 php8-zip-8.0.27-150400.4.23.1 php8-zip-debuginfo-8.0.27-150400.4.23.1 php8-zlib-8.0.27-150400.4.23.1 php8-zlib-debuginfo-8.0.27-150400.4.23.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_php8-8.0.27-150400.4.23.1 apache2-mod_php8-debuginfo-8.0.27-150400.4.23.1 apache2-mod_php8-debugsource-8.0.27-150400.4.23.1 php8-8.0.27-150400.4.23.1 php8-bcmath-8.0.27-150400.4.23.1 php8-bcmath-debuginfo-8.0.27-150400.4.23.1 php8-bz2-8.0.27-150400.4.23.1 php8-bz2-debuginfo-8.0.27-150400.4.23.1 php8-calendar-8.0.27-150400.4.23.1 php8-calendar-debuginfo-8.0.27-150400.4.23.1 php8-cli-8.0.27-150400.4.23.1 php8-cli-debuginfo-8.0.27-150400.4.23.1 php8-ctype-8.0.27-150400.4.23.1 php8-ctype-debuginfo-8.0.27-150400.4.23.1 php8-curl-8.0.27-150400.4.23.1 php8-curl-debuginfo-8.0.27-150400.4.23.1 php8-dba-8.0.27-150400.4.23.1 php8-dba-debuginfo-8.0.27-150400.4.23.1 php8-debuginfo-8.0.27-150400.4.23.1 php8-debugsource-8.0.27-150400.4.23.1 php8-devel-8.0.27-150400.4.23.1 php8-dom-8.0.27-150400.4.23.1 php8-dom-debuginfo-8.0.27-150400.4.23.1 php8-embed-8.0.27-150400.4.23.1 php8-embed-debuginfo-8.0.27-150400.4.23.1 php8-embed-debugsource-8.0.27-150400.4.23.1 php8-enchant-8.0.27-150400.4.23.1 php8-enchant-debuginfo-8.0.27-150400.4.23.1 php8-exif-8.0.27-150400.4.23.1 php8-exif-debuginfo-8.0.27-150400.4.23.1 php8-fastcgi-8.0.27-150400.4.23.1 php8-fastcgi-debuginfo-8.0.27-150400.4.23.1 php8-fastcgi-debugsource-8.0.27-150400.4.23.1 php8-fileinfo-8.0.27-150400.4.23.1 php8-fileinfo-debuginfo-8.0.27-150400.4.23.1 php8-fpm-8.0.27-150400.4.23.1 php8-fpm-debuginfo-8.0.27-150400.4.23.1 php8-fpm-debugsource-8.0.27-150400.4.23.1 php8-ftp-8.0.27-150400.4.23.1 php8-ftp-debuginfo-8.0.27-150400.4.23.1 php8-gd-8.0.27-150400.4.23.1 php8-gd-debuginfo-8.0.27-150400.4.23.1 php8-gettext-8.0.27-150400.4.23.1 php8-gettext-debuginfo-8.0.27-150400.4.23.1 php8-gmp-8.0.27-150400.4.23.1 php8-gmp-debuginfo-8.0.27-150400.4.23.1 php8-iconv-8.0.27-150400.4.23.1 php8-iconv-debuginfo-8.0.27-150400.4.23.1 php8-intl-8.0.27-150400.4.23.1 php8-intl-debuginfo-8.0.27-150400.4.23.1 php8-ldap-8.0.27-150400.4.23.1 php8-ldap-debuginfo-8.0.27-150400.4.23.1 php8-mbstring-8.0.27-150400.4.23.1 php8-mbstring-debuginfo-8.0.27-150400.4.23.1 php8-mysql-8.0.27-150400.4.23.1 php8-mysql-debuginfo-8.0.27-150400.4.23.1 php8-odbc-8.0.27-150400.4.23.1 php8-odbc-debuginfo-8.0.27-150400.4.23.1 php8-opcache-8.0.27-150400.4.23.1 php8-opcache-debuginfo-8.0.27-150400.4.23.1 php8-openssl-8.0.27-150400.4.23.1 php8-openssl-debuginfo-8.0.27-150400.4.23.1 php8-pcntl-8.0.27-150400.4.23.1 php8-pcntl-debuginfo-8.0.27-150400.4.23.1 php8-pdo-8.0.27-150400.4.23.1 php8-pdo-debuginfo-8.0.27-150400.4.23.1 php8-pgsql-8.0.27-150400.4.23.1 php8-pgsql-debuginfo-8.0.27-150400.4.23.1 php8-phar-8.0.27-150400.4.23.1 php8-phar-debuginfo-8.0.27-150400.4.23.1 php8-posix-8.0.27-150400.4.23.1 php8-posix-debuginfo-8.0.27-150400.4.23.1 php8-readline-8.0.27-150400.4.23.1 php8-readline-debuginfo-8.0.27-150400.4.23.1 php8-shmop-8.0.27-150400.4.23.1 php8-shmop-debuginfo-8.0.27-150400.4.23.1 php8-snmp-8.0.27-150400.4.23.1 php8-snmp-debuginfo-8.0.27-150400.4.23.1 php8-soap-8.0.27-150400.4.23.1 php8-soap-debuginfo-8.0.27-150400.4.23.1 php8-sockets-8.0.27-150400.4.23.1 php8-sockets-debuginfo-8.0.27-150400.4.23.1 php8-sodium-8.0.27-150400.4.23.1 php8-sodium-debuginfo-8.0.27-150400.4.23.1 php8-sqlite-8.0.27-150400.4.23.1 php8-sqlite-debuginfo-8.0.27-150400.4.23.1 php8-sysvmsg-8.0.27-150400.4.23.1 php8-sysvmsg-debuginfo-8.0.27-150400.4.23.1 php8-sysvsem-8.0.27-150400.4.23.1 php8-sysvsem-debuginfo-8.0.27-150400.4.23.1 php8-sysvshm-8.0.27-150400.4.23.1 php8-sysvshm-debuginfo-8.0.27-150400.4.23.1 php8-test-8.0.27-150400.4.23.1 php8-tidy-8.0.27-150400.4.23.1 php8-tidy-debuginfo-8.0.27-150400.4.23.1 php8-tokenizer-8.0.27-150400.4.23.1 php8-tokenizer-debuginfo-8.0.27-150400.4.23.1 php8-xmlreader-8.0.27-150400.4.23.1 php8-xmlreader-debuginfo-8.0.27-150400.4.23.1 php8-xmlwriter-8.0.27-150400.4.23.1 php8-xmlwriter-debuginfo-8.0.27-150400.4.23.1 php8-xsl-8.0.27-150400.4.23.1 php8-xsl-debuginfo-8.0.27-150400.4.23.1 php8-zip-8.0.27-150400.4.23.1 php8-zip-debuginfo-8.0.27-150400.4.23.1 php8-zlib-8.0.27-150400.4.23.1 php8-zlib-debuginfo-8.0.27-150400.4.23.1 References: https://www.suse.com/security/cve/CVE-2022-31631.html https://bugzilla.suse.com/1206958 From sle-security-updates at lists.suse.com Wed Jan 11 23:21:59 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 12 Jan 2023 00:21:59 +0100 (CET) Subject: SUSE-SU-2023:0072-1: important: Security update for php74 Message-ID: <20230111232159.7FB90FD2D@maintenance.suse.de> SUSE Security Update: Security update for php74 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0072-1 Rating: important References: #1206958 #923946 #935227 Cross-References: CVE-2014-9709 CVE-2015-3411 CVE-2022-31631 CVSS scores: CVE-2015-3411 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-31631 (SUSE): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for php74 fixes the following issues: - CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string (bsc#1206958). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-72=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-72=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): php74-debuginfo-7.4.33-1.50.2 php74-debugsource-7.4.33-1.50.2 php74-devel-7.4.33-1.50.2 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): apache2-mod_php74-7.4.33-1.50.2 apache2-mod_php74-debuginfo-7.4.33-1.50.2 php74-7.4.33-1.50.2 php74-bcmath-7.4.33-1.50.2 php74-bcmath-debuginfo-7.4.33-1.50.2 php74-bz2-7.4.33-1.50.2 php74-bz2-debuginfo-7.4.33-1.50.2 php74-calendar-7.4.33-1.50.2 php74-calendar-debuginfo-7.4.33-1.50.2 php74-ctype-7.4.33-1.50.2 php74-ctype-debuginfo-7.4.33-1.50.2 php74-curl-7.4.33-1.50.2 php74-curl-debuginfo-7.4.33-1.50.2 php74-dba-7.4.33-1.50.2 php74-dba-debuginfo-7.4.33-1.50.2 php74-debuginfo-7.4.33-1.50.2 php74-debugsource-7.4.33-1.50.2 php74-dom-7.4.33-1.50.2 php74-dom-debuginfo-7.4.33-1.50.2 php74-enchant-7.4.33-1.50.2 php74-enchant-debuginfo-7.4.33-1.50.2 php74-exif-7.4.33-1.50.2 php74-exif-debuginfo-7.4.33-1.50.2 php74-fastcgi-7.4.33-1.50.2 php74-fastcgi-debuginfo-7.4.33-1.50.2 php74-fileinfo-7.4.33-1.50.2 php74-fileinfo-debuginfo-7.4.33-1.50.2 php74-fpm-7.4.33-1.50.2 php74-fpm-debuginfo-7.4.33-1.50.2 php74-ftp-7.4.33-1.50.2 php74-ftp-debuginfo-7.4.33-1.50.2 php74-gd-7.4.33-1.50.2 php74-gd-debuginfo-7.4.33-1.50.2 php74-gettext-7.4.33-1.50.2 php74-gettext-debuginfo-7.4.33-1.50.2 php74-gmp-7.4.33-1.50.2 php74-gmp-debuginfo-7.4.33-1.50.2 php74-iconv-7.4.33-1.50.2 php74-iconv-debuginfo-7.4.33-1.50.2 php74-intl-7.4.33-1.50.2 php74-intl-debuginfo-7.4.33-1.50.2 php74-json-7.4.33-1.50.2 php74-json-debuginfo-7.4.33-1.50.2 php74-ldap-7.4.33-1.50.2 php74-ldap-debuginfo-7.4.33-1.50.2 php74-mbstring-7.4.33-1.50.2 php74-mbstring-debuginfo-7.4.33-1.50.2 php74-mysql-7.4.33-1.50.2 php74-mysql-debuginfo-7.4.33-1.50.2 php74-odbc-7.4.33-1.50.2 php74-odbc-debuginfo-7.4.33-1.50.2 php74-opcache-7.4.33-1.50.2 php74-opcache-debuginfo-7.4.33-1.50.2 php74-openssl-7.4.33-1.50.2 php74-openssl-debuginfo-7.4.33-1.50.2 php74-pcntl-7.4.33-1.50.2 php74-pcntl-debuginfo-7.4.33-1.50.2 php74-pdo-7.4.33-1.50.2 php74-pdo-debuginfo-7.4.33-1.50.2 php74-pgsql-7.4.33-1.50.2 php74-pgsql-debuginfo-7.4.33-1.50.2 php74-phar-7.4.33-1.50.2 php74-phar-debuginfo-7.4.33-1.50.2 php74-posix-7.4.33-1.50.2 php74-posix-debuginfo-7.4.33-1.50.2 php74-readline-7.4.33-1.50.2 php74-readline-debuginfo-7.4.33-1.50.2 php74-shmop-7.4.33-1.50.2 php74-shmop-debuginfo-7.4.33-1.50.2 php74-snmp-7.4.33-1.50.2 php74-snmp-debuginfo-7.4.33-1.50.2 php74-soap-7.4.33-1.50.2 php74-soap-debuginfo-7.4.33-1.50.2 php74-sockets-7.4.33-1.50.2 php74-sockets-debuginfo-7.4.33-1.50.2 php74-sodium-7.4.33-1.50.2 php74-sodium-debuginfo-7.4.33-1.50.2 php74-sqlite-7.4.33-1.50.2 php74-sqlite-debuginfo-7.4.33-1.50.2 php74-sysvmsg-7.4.33-1.50.2 php74-sysvmsg-debuginfo-7.4.33-1.50.2 php74-sysvsem-7.4.33-1.50.2 php74-sysvsem-debuginfo-7.4.33-1.50.2 php74-sysvshm-7.4.33-1.50.2 php74-sysvshm-debuginfo-7.4.33-1.50.2 php74-tidy-7.4.33-1.50.2 php74-tidy-debuginfo-7.4.33-1.50.2 php74-tokenizer-7.4.33-1.50.2 php74-tokenizer-debuginfo-7.4.33-1.50.2 php74-xmlreader-7.4.33-1.50.2 php74-xmlreader-debuginfo-7.4.33-1.50.2 php74-xmlrpc-7.4.33-1.50.2 php74-xmlrpc-debuginfo-7.4.33-1.50.2 php74-xmlwriter-7.4.33-1.50.2 php74-xmlwriter-debuginfo-7.4.33-1.50.2 php74-xsl-7.4.33-1.50.2 php74-xsl-debuginfo-7.4.33-1.50.2 php74-zip-7.4.33-1.50.2 php74-zip-debuginfo-7.4.33-1.50.2 php74-zlib-7.4.33-1.50.2 php74-zlib-debuginfo-7.4.33-1.50.2 References: https://www.suse.com/security/cve/CVE-2014-9709.html https://www.suse.com/security/cve/CVE-2015-3411.html https://www.suse.com/security/cve/CVE-2022-31631.html https://bugzilla.suse.com/1206958 https://bugzilla.suse.com/923946 https://bugzilla.suse.com/935227 From sle-security-updates at lists.suse.com Wed Jan 11 23:22:59 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 12 Jan 2023 00:22:59 +0100 (CET) Subject: SUSE-SU-2023:0073-1: important: Security update for php7 Message-ID: <20230111232259.3E142FD2D@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0073-1 Rating: important References: #1206958 Cross-References: CVE-2022-31631 CVSS scores: CVE-2022-31631 (SUSE): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: - CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string (bsc#1206958). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-73=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-73=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-73=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.33-150400.4.16.1 apache2-mod_php7-debuginfo-7.4.33-150400.4.16.1 apache2-mod_php7-debugsource-7.4.33-150400.4.16.1 php7-7.4.33-150400.4.16.1 php7-bcmath-7.4.33-150400.4.16.1 php7-bcmath-debuginfo-7.4.33-150400.4.16.1 php7-bz2-7.4.33-150400.4.16.1 php7-bz2-debuginfo-7.4.33-150400.4.16.1 php7-calendar-7.4.33-150400.4.16.1 php7-calendar-debuginfo-7.4.33-150400.4.16.1 php7-cli-7.4.33-150400.4.16.1 php7-cli-debuginfo-7.4.33-150400.4.16.1 php7-ctype-7.4.33-150400.4.16.1 php7-ctype-debuginfo-7.4.33-150400.4.16.1 php7-curl-7.4.33-150400.4.16.1 php7-curl-debuginfo-7.4.33-150400.4.16.1 php7-dba-7.4.33-150400.4.16.1 php7-dba-debuginfo-7.4.33-150400.4.16.1 php7-debuginfo-7.4.33-150400.4.16.1 php7-debugsource-7.4.33-150400.4.16.1 php7-devel-7.4.33-150400.4.16.1 php7-dom-7.4.33-150400.4.16.1 php7-dom-debuginfo-7.4.33-150400.4.16.1 php7-embed-7.4.33-150400.4.16.1 php7-embed-debuginfo-7.4.33-150400.4.16.1 php7-embed-debugsource-7.4.33-150400.4.16.1 php7-enchant-7.4.33-150400.4.16.1 php7-enchant-debuginfo-7.4.33-150400.4.16.1 php7-exif-7.4.33-150400.4.16.1 php7-exif-debuginfo-7.4.33-150400.4.16.1 php7-fastcgi-7.4.33-150400.4.16.1 php7-fastcgi-debuginfo-7.4.33-150400.4.16.1 php7-fastcgi-debugsource-7.4.33-150400.4.16.1 php7-fileinfo-7.4.33-150400.4.16.1 php7-fileinfo-debuginfo-7.4.33-150400.4.16.1 php7-fpm-7.4.33-150400.4.16.1 php7-fpm-debuginfo-7.4.33-150400.4.16.1 php7-fpm-debugsource-7.4.33-150400.4.16.1 php7-ftp-7.4.33-150400.4.16.1 php7-ftp-debuginfo-7.4.33-150400.4.16.1 php7-gd-7.4.33-150400.4.16.1 php7-gd-debuginfo-7.4.33-150400.4.16.1 php7-gettext-7.4.33-150400.4.16.1 php7-gettext-debuginfo-7.4.33-150400.4.16.1 php7-gmp-7.4.33-150400.4.16.1 php7-gmp-debuginfo-7.4.33-150400.4.16.1 php7-iconv-7.4.33-150400.4.16.1 php7-iconv-debuginfo-7.4.33-150400.4.16.1 php7-intl-7.4.33-150400.4.16.1 php7-intl-debuginfo-7.4.33-150400.4.16.1 php7-json-7.4.33-150400.4.16.1 php7-json-debuginfo-7.4.33-150400.4.16.1 php7-ldap-7.4.33-150400.4.16.1 php7-ldap-debuginfo-7.4.33-150400.4.16.1 php7-mbstring-7.4.33-150400.4.16.1 php7-mbstring-debuginfo-7.4.33-150400.4.16.1 php7-mysql-7.4.33-150400.4.16.1 php7-mysql-debuginfo-7.4.33-150400.4.16.1 php7-odbc-7.4.33-150400.4.16.1 php7-odbc-debuginfo-7.4.33-150400.4.16.1 php7-opcache-7.4.33-150400.4.16.1 php7-opcache-debuginfo-7.4.33-150400.4.16.1 php7-openssl-7.4.33-150400.4.16.1 php7-openssl-debuginfo-7.4.33-150400.4.16.1 php7-pcntl-7.4.33-150400.4.16.1 php7-pcntl-debuginfo-7.4.33-150400.4.16.1 php7-pdo-7.4.33-150400.4.16.1 php7-pdo-debuginfo-7.4.33-150400.4.16.1 php7-pgsql-7.4.33-150400.4.16.1 php7-pgsql-debuginfo-7.4.33-150400.4.16.1 php7-phar-7.4.33-150400.4.16.1 php7-phar-debuginfo-7.4.33-150400.4.16.1 php7-posix-7.4.33-150400.4.16.1 php7-posix-debuginfo-7.4.33-150400.4.16.1 php7-readline-7.4.33-150400.4.16.1 php7-readline-debuginfo-7.4.33-150400.4.16.1 php7-shmop-7.4.33-150400.4.16.1 php7-shmop-debuginfo-7.4.33-150400.4.16.1 php7-snmp-7.4.33-150400.4.16.1 php7-snmp-debuginfo-7.4.33-150400.4.16.1 php7-soap-7.4.33-150400.4.16.1 php7-soap-debuginfo-7.4.33-150400.4.16.1 php7-sockets-7.4.33-150400.4.16.1 php7-sockets-debuginfo-7.4.33-150400.4.16.1 php7-sodium-7.4.33-150400.4.16.1 php7-sodium-debuginfo-7.4.33-150400.4.16.1 php7-sqlite-7.4.33-150400.4.16.1 php7-sqlite-debuginfo-7.4.33-150400.4.16.1 php7-sysvmsg-7.4.33-150400.4.16.1 php7-sysvmsg-debuginfo-7.4.33-150400.4.16.1 php7-sysvsem-7.4.33-150400.4.16.1 php7-sysvsem-debuginfo-7.4.33-150400.4.16.1 php7-sysvshm-7.4.33-150400.4.16.1 php7-sysvshm-debuginfo-7.4.33-150400.4.16.1 php7-test-7.4.33-150400.4.16.1 php7-tidy-7.4.33-150400.4.16.1 php7-tidy-debuginfo-7.4.33-150400.4.16.1 php7-tokenizer-7.4.33-150400.4.16.1 php7-tokenizer-debuginfo-7.4.33-150400.4.16.1 php7-xmlreader-7.4.33-150400.4.16.1 php7-xmlreader-debuginfo-7.4.33-150400.4.16.1 php7-xmlrpc-7.4.33-150400.4.16.1 php7-xmlrpc-debuginfo-7.4.33-150400.4.16.1 php7-xmlwriter-7.4.33-150400.4.16.1 php7-xmlwriter-debuginfo-7.4.33-150400.4.16.1 php7-xsl-7.4.33-150400.4.16.1 php7-xsl-debuginfo-7.4.33-150400.4.16.1 php7-zip-7.4.33-150400.4.16.1 php7-zip-debuginfo-7.4.33-150400.4.16.1 php7-zlib-7.4.33-150400.4.16.1 php7-zlib-debuginfo-7.4.33-150400.4.16.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): php7-embed-7.4.33-150400.4.16.1 php7-embed-debuginfo-7.4.33-150400.4.16.1 php7-embed-debugsource-7.4.33-150400.4.16.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.4.33-150400.4.16.1 apache2-mod_php7-debuginfo-7.4.33-150400.4.16.1 apache2-mod_php7-debugsource-7.4.33-150400.4.16.1 php7-7.4.33-150400.4.16.1 php7-bcmath-7.4.33-150400.4.16.1 php7-bcmath-debuginfo-7.4.33-150400.4.16.1 php7-bz2-7.4.33-150400.4.16.1 php7-bz2-debuginfo-7.4.33-150400.4.16.1 php7-calendar-7.4.33-150400.4.16.1 php7-calendar-debuginfo-7.4.33-150400.4.16.1 php7-cli-7.4.33-150400.4.16.1 php7-cli-debuginfo-7.4.33-150400.4.16.1 php7-ctype-7.4.33-150400.4.16.1 php7-ctype-debuginfo-7.4.33-150400.4.16.1 php7-curl-7.4.33-150400.4.16.1 php7-curl-debuginfo-7.4.33-150400.4.16.1 php7-dba-7.4.33-150400.4.16.1 php7-dba-debuginfo-7.4.33-150400.4.16.1 php7-debuginfo-7.4.33-150400.4.16.1 php7-debugsource-7.4.33-150400.4.16.1 php7-devel-7.4.33-150400.4.16.1 php7-dom-7.4.33-150400.4.16.1 php7-dom-debuginfo-7.4.33-150400.4.16.1 php7-enchant-7.4.33-150400.4.16.1 php7-enchant-debuginfo-7.4.33-150400.4.16.1 php7-exif-7.4.33-150400.4.16.1 php7-exif-debuginfo-7.4.33-150400.4.16.1 php7-fastcgi-7.4.33-150400.4.16.1 php7-fastcgi-debuginfo-7.4.33-150400.4.16.1 php7-fastcgi-debugsource-7.4.33-150400.4.16.1 php7-fileinfo-7.4.33-150400.4.16.1 php7-fileinfo-debuginfo-7.4.33-150400.4.16.1 php7-fpm-7.4.33-150400.4.16.1 php7-fpm-debuginfo-7.4.33-150400.4.16.1 php7-fpm-debugsource-7.4.33-150400.4.16.1 php7-ftp-7.4.33-150400.4.16.1 php7-ftp-debuginfo-7.4.33-150400.4.16.1 php7-gd-7.4.33-150400.4.16.1 php7-gd-debuginfo-7.4.33-150400.4.16.1 php7-gettext-7.4.33-150400.4.16.1 php7-gettext-debuginfo-7.4.33-150400.4.16.1 php7-gmp-7.4.33-150400.4.16.1 php7-gmp-debuginfo-7.4.33-150400.4.16.1 php7-iconv-7.4.33-150400.4.16.1 php7-iconv-debuginfo-7.4.33-150400.4.16.1 php7-intl-7.4.33-150400.4.16.1 php7-intl-debuginfo-7.4.33-150400.4.16.1 php7-json-7.4.33-150400.4.16.1 php7-json-debuginfo-7.4.33-150400.4.16.1 php7-ldap-7.4.33-150400.4.16.1 php7-ldap-debuginfo-7.4.33-150400.4.16.1 php7-mbstring-7.4.33-150400.4.16.1 php7-mbstring-debuginfo-7.4.33-150400.4.16.1 php7-mysql-7.4.33-150400.4.16.1 php7-mysql-debuginfo-7.4.33-150400.4.16.1 php7-odbc-7.4.33-150400.4.16.1 php7-odbc-debuginfo-7.4.33-150400.4.16.1 php7-opcache-7.4.33-150400.4.16.1 php7-opcache-debuginfo-7.4.33-150400.4.16.1 php7-openssl-7.4.33-150400.4.16.1 php7-openssl-debuginfo-7.4.33-150400.4.16.1 php7-pcntl-7.4.33-150400.4.16.1 php7-pcntl-debuginfo-7.4.33-150400.4.16.1 php7-pdo-7.4.33-150400.4.16.1 php7-pdo-debuginfo-7.4.33-150400.4.16.1 php7-pgsql-7.4.33-150400.4.16.1 php7-pgsql-debuginfo-7.4.33-150400.4.16.1 php7-phar-7.4.33-150400.4.16.1 php7-phar-debuginfo-7.4.33-150400.4.16.1 php7-posix-7.4.33-150400.4.16.1 php7-posix-debuginfo-7.4.33-150400.4.16.1 php7-readline-7.4.33-150400.4.16.1 php7-readline-debuginfo-7.4.33-150400.4.16.1 php7-shmop-7.4.33-150400.4.16.1 php7-shmop-debuginfo-7.4.33-150400.4.16.1 php7-snmp-7.4.33-150400.4.16.1 php7-snmp-debuginfo-7.4.33-150400.4.16.1 php7-soap-7.4.33-150400.4.16.1 php7-soap-debuginfo-7.4.33-150400.4.16.1 php7-sockets-7.4.33-150400.4.16.1 php7-sockets-debuginfo-7.4.33-150400.4.16.1 php7-sodium-7.4.33-150400.4.16.1 php7-sodium-debuginfo-7.4.33-150400.4.16.1 php7-sqlite-7.4.33-150400.4.16.1 php7-sqlite-debuginfo-7.4.33-150400.4.16.1 php7-sysvmsg-7.4.33-150400.4.16.1 php7-sysvmsg-debuginfo-7.4.33-150400.4.16.1 php7-sysvsem-7.4.33-150400.4.16.1 php7-sysvsem-debuginfo-7.4.33-150400.4.16.1 php7-sysvshm-7.4.33-150400.4.16.1 php7-sysvshm-debuginfo-7.4.33-150400.4.16.1 php7-tidy-7.4.33-150400.4.16.1 php7-tidy-debuginfo-7.4.33-150400.4.16.1 php7-tokenizer-7.4.33-150400.4.16.1 php7-tokenizer-debuginfo-7.4.33-150400.4.16.1 php7-xmlreader-7.4.33-150400.4.16.1 php7-xmlreader-debuginfo-7.4.33-150400.4.16.1 php7-xmlrpc-7.4.33-150400.4.16.1 php7-xmlrpc-debuginfo-7.4.33-150400.4.16.1 php7-xmlwriter-7.4.33-150400.4.16.1 php7-xmlwriter-debuginfo-7.4.33-150400.4.16.1 php7-xsl-7.4.33-150400.4.16.1 php7-xsl-debuginfo-7.4.33-150400.4.16.1 php7-zip-7.4.33-150400.4.16.1 php7-zip-debuginfo-7.4.33-150400.4.16.1 php7-zlib-7.4.33-150400.4.16.1 php7-zlib-debuginfo-7.4.33-150400.4.16.1 References: https://www.suse.com/security/cve/CVE-2022-31631.html https://bugzilla.suse.com/1206958 From sle-security-updates at lists.suse.com Thu Jan 12 11:23:03 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 12 Jan 2023 12:23:03 +0100 (CET) Subject: SUSE-SU-2023:0076-1: moderate: Security update for python3 Message-ID: <20230112112303.9735BFD84@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0076-1 Rating: moderate References: #1206673 Cross-References: CVE-2022-40899 CVSS scores: CVE-2022-40899 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40899 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3 fixes the following issues: - CVE-2022-40899: Fixed an issue that could allow attackers to cause an excessive CPU usage via a crafted Set-Cookie header (bsc#1206673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-76=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-76=1 - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-76=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python3-base-debuginfo-3.4.10-25.105.1 python3-base-debugsource-3.4.10-25.105.1 python3-dbm-3.4.10-25.105.1 python3-dbm-debuginfo-3.4.10-25.105.1 python3-debuginfo-3.4.10-25.105.1 python3-debugsource-3.4.10-25.105.1 python3-devel-3.4.10-25.105.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.105.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.105.1 libpython3_4m1_0-debuginfo-3.4.10-25.105.1 python3-3.4.10-25.105.1 python3-base-3.4.10-25.105.1 python3-base-debuginfo-3.4.10-25.105.1 python3-base-debugsource-3.4.10-25.105.1 python3-curses-3.4.10-25.105.1 python3-curses-debuginfo-3.4.10-25.105.1 python3-debuginfo-3.4.10-25.105.1 python3-debugsource-3.4.10-25.105.1 python3-devel-3.4.10-25.105.1 python3-tk-3.4.10-25.105.1 python3-tk-debuginfo-3.4.10-25.105.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le s390x x86_64): python3-devel-debuginfo-3.4.10-25.105.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython3_4m1_0-32bit-3.4.10-25.105.1 libpython3_4m1_0-debuginfo-32bit-3.4.10-25.105.1 python3-base-debuginfo-32bit-3.4.10-25.105.1 - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): libpython3_4m1_0-3.4.10-25.105.1 libpython3_4m1_0-debuginfo-3.4.10-25.105.1 python3-3.4.10-25.105.1 python3-base-3.4.10-25.105.1 python3-base-debuginfo-3.4.10-25.105.1 python3-base-debugsource-3.4.10-25.105.1 python3-curses-3.4.10-25.105.1 python3-debuginfo-3.4.10-25.105.1 python3-debugsource-3.4.10-25.105.1 References: https://www.suse.com/security/cve/CVE-2022-40899.html https://bugzilla.suse.com/1206673 From sle-security-updates at lists.suse.com Thu Jan 12 11:23:51 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 12 Jan 2023 12:23:51 +0100 (CET) Subject: SUSE-SU-2023:0078-1: moderate: Security update for python-future Message-ID: <20230112112351.A72D7FD84@maintenance.suse.de> SUSE Security Update: Security update for python-future ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0078-1 Rating: moderate References: #1206673 Cross-References: CVE-2022-40899 CVSS scores: CVE-2022-40899 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40899 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-future fixes the following issues: - CVE-2022-40899: Fixed an issue that could allow attackers to cause an excessive CPU usage via a crafted Set-Cookie header (bsc#1206673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-78=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-future-0.15.2-3.3.1 References: https://www.suse.com/security/cve/CVE-2022-40899.html https://bugzilla.suse.com/1206673 From sle-security-updates at lists.suse.com Thu Jan 12 11:24:47 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 12 Jan 2023 12:24:47 +0100 (CET) Subject: SUSE-SU-2023:0079-1: moderate: Security update for python-future Message-ID: <20230112112447.2C665FD84@maintenance.suse.de> SUSE Security Update: Security update for python-future ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0079-1 Rating: moderate References: #1206673 Cross-References: CVE-2022-40899 CVSS scores: CVE-2022-40899 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40899 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-future fixes the following issues: - CVE-2022-40899: Fixed an issue that could allow attackers to cause an excessive CPU usage via a crafted Set-Cookie header (bsc#1206673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-79=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-79=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-79=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-79=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-79=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-79=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-79=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-79=1 Package List: - openSUSE Leap Micro 5.3 (noarch): python3-future-0.18.2-150300.3.3.1 - openSUSE Leap Micro 5.2 (noarch): python3-future-0.18.2-150300.3.3.1 - openSUSE Leap 15.4 (noarch): python3-future-0.18.2-150300.3.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): python3-future-0.18.2-150300.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-future-0.18.2-150300.3.3.1 - SUSE Linux Enterprise Micro 5.3 (noarch): python3-future-0.18.2-150300.3.3.1 - SUSE Linux Enterprise Micro 5.2 (noarch): python3-future-0.18.2-150300.3.3.1 - SUSE Linux Enterprise Micro 5.1 (noarch): python3-future-0.18.2-150300.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-40899.html https://bugzilla.suse.com/1206673 From sle-security-updates at lists.suse.com Thu Jan 12 11:25:43 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 12 Jan 2023 12:25:43 +0100 (CET) Subject: SUSE-SU-2023:0080-1: moderate: Security update for python-future Message-ID: <20230112112543.79AA5FD84@maintenance.suse.de> SUSE Security Update: Security update for python-future ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0080-1 Rating: moderate References: #1206673 Cross-References: CVE-2022-40899 CVSS scores: CVE-2022-40899 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40899 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-future fixes the following issues: - CVE-2022-40899: Fixed an issue that could allow attackers to cause an excessive CPU usage via a crafted Set-Cookie header (bsc#1206673). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-80=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): python-future-0.15.2-3.5.1 References: https://www.suse.com/security/cve/CVE-2022-40899.html https://bugzilla.suse.com/1206673 From sle-security-updates at lists.suse.com Thu Jan 12 11:26:34 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 12 Jan 2023 12:26:34 +0100 (CET) Subject: SUSE-SU-2023:0075-1: moderate: Security update for net-snmp Message-ID: <20230112112634.78B1EFD84@maintenance.suse.de> SUSE Security Update: Security update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0075-1 Rating: moderate References: #1205148 #1205150 #1206044 #1206828 Cross-References: CVE-2022-44792 CVE-2022-44793 CVSS scores: CVE-2022-44792 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-44792 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-44793 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-44793 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for net-snmp fixes the following issues: - CVE-2022-44793: Fixed a NULL pointer dereference issue that could allow a remote attacker with write access to crash the server instance (bsc#1205148). - CVE-2022-44792: Fixed a NULL pointer dereference issue that could allow a remote attacker with write access to crash the server instance (bsc#1205150). Other fixes: - Enabled AES-192 and AES-256 privacy protocols (bsc#1206828). - Fixed an incorrect systemd hardening that caused home directory size and allocation to be listed incorrectly (bsc#1206044) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-75=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-75=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-75=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-75=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-75=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-75=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libsnmp40-5.9.3-150300.15.8.1 libsnmp40-debuginfo-5.9.3-150300.15.8.1 net-snmp-debuginfo-5.9.3-150300.15.8.1 net-snmp-debugsource-5.9.3-150300.15.8.1 snmp-mibs-5.9.3-150300.15.8.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libsnmp40-5.9.3-150300.15.8.1 libsnmp40-debuginfo-5.9.3-150300.15.8.1 net-snmp-5.9.3-150300.15.8.1 net-snmp-debuginfo-5.9.3-150300.15.8.1 net-snmp-debugsource-5.9.3-150300.15.8.1 net-snmp-devel-5.9.3-150300.15.8.1 perl-SNMP-5.9.3-150300.15.8.1 perl-SNMP-debuginfo-5.9.3-150300.15.8.1 python3-net-snmp-5.9.3-150300.15.8.1 python3-net-snmp-debuginfo-5.9.3-150300.15.8.1 snmp-mibs-5.9.3-150300.15.8.1 - openSUSE Leap 15.4 (x86_64): libsnmp40-32bit-5.9.3-150300.15.8.1 libsnmp40-32bit-debuginfo-5.9.3-150300.15.8.1 net-snmp-devel-32bit-5.9.3-150300.15.8.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): libsnmp40-5.9.3-150300.15.8.1 libsnmp40-debuginfo-5.9.3-150300.15.8.1 net-snmp-5.9.3-150300.15.8.1 net-snmp-debuginfo-5.9.3-150300.15.8.1 net-snmp-debugsource-5.9.3-150300.15.8.1 net-snmp-devel-5.9.3-150300.15.8.1 perl-SNMP-5.9.3-150300.15.8.1 perl-SNMP-debuginfo-5.9.3-150300.15.8.1 snmp-mibs-5.9.3-150300.15.8.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (x86_64): net-snmp-debugsource-5.9.3-150300.15.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libsnmp40-5.9.3-150300.15.8.1 libsnmp40-debuginfo-5.9.3-150300.15.8.1 net-snmp-5.9.3-150300.15.8.1 net-snmp-debuginfo-5.9.3-150300.15.8.1 net-snmp-debugsource-5.9.3-150300.15.8.1 net-snmp-devel-5.9.3-150300.15.8.1 perl-SNMP-5.9.3-150300.15.8.1 perl-SNMP-debuginfo-5.9.3-150300.15.8.1 snmp-mibs-5.9.3-150300.15.8.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libsnmp40-5.9.3-150300.15.8.1 libsnmp40-debuginfo-5.9.3-150300.15.8.1 net-snmp-debuginfo-5.9.3-150300.15.8.1 net-snmp-debugsource-5.9.3-150300.15.8.1 snmp-mibs-5.9.3-150300.15.8.1 References: https://www.suse.com/security/cve/CVE-2022-44792.html https://www.suse.com/security/cve/CVE-2022-44793.html https://bugzilla.suse.com/1205148 https://bugzilla.suse.com/1205150 https://bugzilla.suse.com/1206044 https://bugzilla.suse.com/1206828 From sle-security-updates at lists.suse.com Thu Jan 12 14:22:09 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 12 Jan 2023 15:22:09 +0100 (CET) Subject: SUSE-SU-2023:0081-1: important: Security update for samba Message-ID: <20230112142209.C96B3FD84@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0081-1 Rating: important References: #1200102 #1201490 #1201492 #1201493 #1201495 #1201496 #1204254 #1205126 #1206504 Cross-References: CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-3437 CVE-2022-38023 CVE-2022-42898 CVSS scores: CVE-2022-2031 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2031 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32742 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-32742 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-32744 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32744 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32745 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2022-32745 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-32746 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-32746 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-3437 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L CVE-2022-38023 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-38023 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42898 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42898 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves 8 vulnerabilities and has one errata is now available. Description: This update for samba fixes the following issues: - Updated to version 4.15.13: - CVE-2022-38023: Removed weak cryptographic algorithms from the Netlogon RPC implementation (bsc#1206504). - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on 32-bit systems (bsc#1205126). - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3() (bsc#1204254). - CVE-2022-32742: Fixed an information disclosure issue affecting SMB1 servers (bsc#1201496). - CVE-2022-32746: Fixed a use-after-free occurring in database audit logging (bsc#1201490). - CVE-2022-2031: Fixed an AD restriction bypass associated with changing passwords (bsc#1201495). - CVE-2022-32745: Fixed a remote server crash that could be triggered with certain LDAP requests (bsc#1201492). - CVE-2022-32744: Fixed an issue where AD users could have forged password change requests on behalf of other users (bsc#1201493). Other fixes: - Fixed a potential crash due to a concurrency issue (bsc#1200102). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-81=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-81=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2023-81=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libsamba-policy-devel-4.15.13+git.482.1ac2c665c7-3.74.1 libsamba-policy-python3-devel-4.15.13+git.482.1ac2c665c7-3.74.1 samba-debuginfo-4.15.13+git.482.1ac2c665c7-3.74.1 samba-debugsource-4.15.13+git.482.1ac2c665c7-3.74.1 samba-devel-4.15.13+git.482.1ac2c665c7-3.74.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): samba-devel-32bit-4.15.13+git.482.1ac2c665c7-3.74.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsamba-policy0-python3-4.15.13+git.482.1ac2c665c7-3.74.1 libsamba-policy0-python3-debuginfo-4.15.13+git.482.1ac2c665c7-3.74.1 samba-4.15.13+git.482.1ac2c665c7-3.74.1 samba-client-4.15.13+git.482.1ac2c665c7-3.74.1 samba-client-debuginfo-4.15.13+git.482.1ac2c665c7-3.74.1 samba-client-libs-4.15.13+git.482.1ac2c665c7-3.74.1 samba-client-libs-debuginfo-4.15.13+git.482.1ac2c665c7-3.74.1 samba-debuginfo-4.15.13+git.482.1ac2c665c7-3.74.1 samba-debugsource-4.15.13+git.482.1ac2c665c7-3.74.1 samba-ldb-ldap-4.15.13+git.482.1ac2c665c7-3.74.1 samba-ldb-ldap-debuginfo-4.15.13+git.482.1ac2c665c7-3.74.1 samba-libs-4.15.13+git.482.1ac2c665c7-3.74.1 samba-libs-debuginfo-4.15.13+git.482.1ac2c665c7-3.74.1 samba-libs-python3-4.15.13+git.482.1ac2c665c7-3.74.1 samba-libs-python3-debuginfo-4.15.13+git.482.1ac2c665c7-3.74.1 samba-python3-4.15.13+git.482.1ac2c665c7-3.74.1 samba-python3-debuginfo-4.15.13+git.482.1ac2c665c7-3.74.1 samba-tool-4.15.13+git.482.1ac2c665c7-3.74.1 samba-winbind-4.15.13+git.482.1ac2c665c7-3.74.1 samba-winbind-debuginfo-4.15.13+git.482.1ac2c665c7-3.74.1 samba-winbind-libs-4.15.13+git.482.1ac2c665c7-3.74.1 samba-winbind-libs-debuginfo-4.15.13+git.482.1ac2c665c7-3.74.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsamba-policy0-python3-32bit-4.15.13+git.482.1ac2c665c7-3.74.1 libsamba-policy0-python3-debuginfo-32bit-4.15.13+git.482.1ac2c665c7-3.74.1 samba-client-32bit-4.15.13+git.482.1ac2c665c7-3.74.1 samba-client-debuginfo-32bit-4.15.13+git.482.1ac2c665c7-3.74.1 samba-client-libs-32bit-4.15.13+git.482.1ac2c665c7-3.74.1 samba-client-libs-debuginfo-32bit-4.15.13+git.482.1ac2c665c7-3.74.1 samba-libs-32bit-4.15.13+git.482.1ac2c665c7-3.74.1 samba-libs-debuginfo-32bit-4.15.13+git.482.1ac2c665c7-3.74.1 samba-libs-python3-32bit-4.15.13+git.482.1ac2c665c7-3.74.1 samba-libs-python3-debuginfo-32bit-4.15.13+git.482.1ac2c665c7-3.74.1 samba-winbind-libs-32bit-4.15.13+git.482.1ac2c665c7-3.74.1 samba-winbind-libs-debuginfo-32bit-4.15.13+git.482.1ac2c665c7-3.74.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): libsamba-policy-python3-devel-4.15.13+git.482.1ac2c665c7-3.74.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): samba-devel-4.15.13+git.482.1ac2c665c7-3.74.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): samba-doc-4.15.13+git.482.1ac2c665c7-3.74.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ctdb-4.15.13+git.482.1ac2c665c7-3.74.1 ctdb-debuginfo-4.15.13+git.482.1ac2c665c7-3.74.1 samba-debuginfo-4.15.13+git.482.1ac2c665c7-3.74.1 samba-debugsource-4.15.13+git.482.1ac2c665c7-3.74.1 References: https://www.suse.com/security/cve/CVE-2022-2031.html https://www.suse.com/security/cve/CVE-2022-32742.html https://www.suse.com/security/cve/CVE-2022-32744.html https://www.suse.com/security/cve/CVE-2022-32745.html https://www.suse.com/security/cve/CVE-2022-32746.html https://www.suse.com/security/cve/CVE-2022-3437.html https://www.suse.com/security/cve/CVE-2022-38023.html https://www.suse.com/security/cve/CVE-2022-42898.html https://bugzilla.suse.com/1200102 https://bugzilla.suse.com/1201490 https://bugzilla.suse.com/1201492 https://bugzilla.suse.com/1201493 https://bugzilla.suse.com/1201495 https://bugzilla.suse.com/1201496 https://bugzilla.suse.com/1204254 https://bugzilla.suse.com/1205126 https://bugzilla.suse.com/1206504 From sle-security-updates at lists.suse.com Thu Jan 12 21:04:26 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 12 Jan 2023 22:04:26 +0100 (CET) Subject: SUSE-SU-2023:0084-1: important: Security update for php7 Message-ID: <20230112210426.60F54FD89@maintenance.suse.de> SUSE Security Update: Security update for php7 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0084-1 Rating: important References: #1206958 Cross-References: CVE-2022-31631 CVSS scores: CVE-2022-31631 (SUSE): 6.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for php7 fixes the following issues: - CVE-2022-31631: Fixed an issue where PDO::quote would return an unquoted string (bsc#1206958). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-84=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-84=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-84=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-84=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-84=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): php7-wddx-7.2.34-150000.4.106.1 php7-wddx-debuginfo-7.2.34-150000.4.106.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): apache2-mod_php7-7.2.34-150000.4.106.1 apache2-mod_php7-debuginfo-7.2.34-150000.4.106.1 php7-7.2.34-150000.4.106.1 php7-bcmath-7.2.34-150000.4.106.1 php7-bcmath-debuginfo-7.2.34-150000.4.106.1 php7-bz2-7.2.34-150000.4.106.1 php7-bz2-debuginfo-7.2.34-150000.4.106.1 php7-calendar-7.2.34-150000.4.106.1 php7-calendar-debuginfo-7.2.34-150000.4.106.1 php7-ctype-7.2.34-150000.4.106.1 php7-ctype-debuginfo-7.2.34-150000.4.106.1 php7-curl-7.2.34-150000.4.106.1 php7-curl-debuginfo-7.2.34-150000.4.106.1 php7-dba-7.2.34-150000.4.106.1 php7-dba-debuginfo-7.2.34-150000.4.106.1 php7-debuginfo-7.2.34-150000.4.106.1 php7-debugsource-7.2.34-150000.4.106.1 php7-devel-7.2.34-150000.4.106.1 php7-dom-7.2.34-150000.4.106.1 php7-dom-debuginfo-7.2.34-150000.4.106.1 php7-enchant-7.2.34-150000.4.106.1 php7-enchant-debuginfo-7.2.34-150000.4.106.1 php7-exif-7.2.34-150000.4.106.1 php7-exif-debuginfo-7.2.34-150000.4.106.1 php7-fastcgi-7.2.34-150000.4.106.1 php7-fastcgi-debuginfo-7.2.34-150000.4.106.1 php7-fileinfo-7.2.34-150000.4.106.1 php7-fileinfo-debuginfo-7.2.34-150000.4.106.1 php7-fpm-7.2.34-150000.4.106.1 php7-fpm-debuginfo-7.2.34-150000.4.106.1 php7-ftp-7.2.34-150000.4.106.1 php7-ftp-debuginfo-7.2.34-150000.4.106.1 php7-gd-7.2.34-150000.4.106.1 php7-gd-debuginfo-7.2.34-150000.4.106.1 php7-gettext-7.2.34-150000.4.106.1 php7-gettext-debuginfo-7.2.34-150000.4.106.1 php7-gmp-7.2.34-150000.4.106.1 php7-gmp-debuginfo-7.2.34-150000.4.106.1 php7-iconv-7.2.34-150000.4.106.1 php7-iconv-debuginfo-7.2.34-150000.4.106.1 php7-intl-7.2.34-150000.4.106.1 php7-intl-debuginfo-7.2.34-150000.4.106.1 php7-json-7.2.34-150000.4.106.1 php7-json-debuginfo-7.2.34-150000.4.106.1 php7-ldap-7.2.34-150000.4.106.1 php7-ldap-debuginfo-7.2.34-150000.4.106.1 php7-mbstring-7.2.34-150000.4.106.1 php7-mbstring-debuginfo-7.2.34-150000.4.106.1 php7-mysql-7.2.34-150000.4.106.1 php7-mysql-debuginfo-7.2.34-150000.4.106.1 php7-odbc-7.2.34-150000.4.106.1 php7-odbc-debuginfo-7.2.34-150000.4.106.1 php7-opcache-7.2.34-150000.4.106.1 php7-opcache-debuginfo-7.2.34-150000.4.106.1 php7-openssl-7.2.34-150000.4.106.1 php7-openssl-debuginfo-7.2.34-150000.4.106.1 php7-pcntl-7.2.34-150000.4.106.1 php7-pcntl-debuginfo-7.2.34-150000.4.106.1 php7-pdo-7.2.34-150000.4.106.1 php7-pdo-debuginfo-7.2.34-150000.4.106.1 php7-pgsql-7.2.34-150000.4.106.1 php7-pgsql-debuginfo-7.2.34-150000.4.106.1 php7-phar-7.2.34-150000.4.106.1 php7-phar-debuginfo-7.2.34-150000.4.106.1 php7-posix-7.2.34-150000.4.106.1 php7-posix-debuginfo-7.2.34-150000.4.106.1 php7-readline-7.2.34-150000.4.106.1 php7-readline-debuginfo-7.2.34-150000.4.106.1 php7-shmop-7.2.34-150000.4.106.1 php7-shmop-debuginfo-7.2.34-150000.4.106.1 php7-snmp-7.2.34-150000.4.106.1 php7-snmp-debuginfo-7.2.34-150000.4.106.1 php7-soap-7.2.34-150000.4.106.1 php7-soap-debuginfo-7.2.34-150000.4.106.1 php7-sockets-7.2.34-150000.4.106.1 php7-sockets-debuginfo-7.2.34-150000.4.106.1 php7-sodium-7.2.34-150000.4.106.1 php7-sodium-debuginfo-7.2.34-150000.4.106.1 php7-sqlite-7.2.34-150000.4.106.1 php7-sqlite-debuginfo-7.2.34-150000.4.106.1 php7-sysvmsg-7.2.34-150000.4.106.1 php7-sysvmsg-debuginfo-7.2.34-150000.4.106.1 php7-sysvsem-7.2.34-150000.4.106.1 php7-sysvsem-debuginfo-7.2.34-150000.4.106.1 php7-sysvshm-7.2.34-150000.4.106.1 php7-sysvshm-debuginfo-7.2.34-150000.4.106.1 php7-tidy-7.2.34-150000.4.106.1 php7-tidy-debuginfo-7.2.34-150000.4.106.1 php7-tokenizer-7.2.34-150000.4.106.1 php7-tokenizer-debuginfo-7.2.34-150000.4.106.1 php7-wddx-7.2.34-150000.4.106.1 php7-wddx-debuginfo-7.2.34-150000.4.106.1 php7-xmlreader-7.2.34-150000.4.106.1 php7-xmlreader-debuginfo-7.2.34-150000.4.106.1 php7-xmlrpc-7.2.34-150000.4.106.1 php7-xmlrpc-debuginfo-7.2.34-150000.4.106.1 php7-xmlwriter-7.2.34-150000.4.106.1 php7-xmlwriter-debuginfo-7.2.34-150000.4.106.1 php7-xsl-7.2.34-150000.4.106.1 php7-xsl-debuginfo-7.2.34-150000.4.106.1 php7-zip-7.2.34-150000.4.106.1 php7-zip-debuginfo-7.2.34-150000.4.106.1 php7-zlib-7.2.34-150000.4.106.1 php7-zlib-debuginfo-7.2.34-150000.4.106.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): php7-pear-7.2.34-150000.4.106.1 php7-pear-Archive_Tar-7.2.34-150000.4.106.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): apache2-mod_php7-7.2.34-150000.4.106.1 apache2-mod_php7-debuginfo-7.2.34-150000.4.106.1 php7-7.2.34-150000.4.106.1 php7-bcmath-7.2.34-150000.4.106.1 php7-bcmath-debuginfo-7.2.34-150000.4.106.1 php7-bz2-7.2.34-150000.4.106.1 php7-bz2-debuginfo-7.2.34-150000.4.106.1 php7-calendar-7.2.34-150000.4.106.1 php7-calendar-debuginfo-7.2.34-150000.4.106.1 php7-ctype-7.2.34-150000.4.106.1 php7-ctype-debuginfo-7.2.34-150000.4.106.1 php7-curl-7.2.34-150000.4.106.1 php7-curl-debuginfo-7.2.34-150000.4.106.1 php7-dba-7.2.34-150000.4.106.1 php7-dba-debuginfo-7.2.34-150000.4.106.1 php7-debuginfo-7.2.34-150000.4.106.1 php7-debugsource-7.2.34-150000.4.106.1 php7-devel-7.2.34-150000.4.106.1 php7-dom-7.2.34-150000.4.106.1 php7-dom-debuginfo-7.2.34-150000.4.106.1 php7-enchant-7.2.34-150000.4.106.1 php7-enchant-debuginfo-7.2.34-150000.4.106.1 php7-exif-7.2.34-150000.4.106.1 php7-exif-debuginfo-7.2.34-150000.4.106.1 php7-fastcgi-7.2.34-150000.4.106.1 php7-fastcgi-debuginfo-7.2.34-150000.4.106.1 php7-fileinfo-7.2.34-150000.4.106.1 php7-fileinfo-debuginfo-7.2.34-150000.4.106.1 php7-fpm-7.2.34-150000.4.106.1 php7-fpm-debuginfo-7.2.34-150000.4.106.1 php7-ftp-7.2.34-150000.4.106.1 php7-ftp-debuginfo-7.2.34-150000.4.106.1 php7-gd-7.2.34-150000.4.106.1 php7-gd-debuginfo-7.2.34-150000.4.106.1 php7-gettext-7.2.34-150000.4.106.1 php7-gettext-debuginfo-7.2.34-150000.4.106.1 php7-gmp-7.2.34-150000.4.106.1 php7-gmp-debuginfo-7.2.34-150000.4.106.1 php7-iconv-7.2.34-150000.4.106.1 php7-iconv-debuginfo-7.2.34-150000.4.106.1 php7-intl-7.2.34-150000.4.106.1 php7-intl-debuginfo-7.2.34-150000.4.106.1 php7-json-7.2.34-150000.4.106.1 php7-json-debuginfo-7.2.34-150000.4.106.1 php7-ldap-7.2.34-150000.4.106.1 php7-ldap-debuginfo-7.2.34-150000.4.106.1 php7-mbstring-7.2.34-150000.4.106.1 php7-mbstring-debuginfo-7.2.34-150000.4.106.1 php7-mysql-7.2.34-150000.4.106.1 php7-mysql-debuginfo-7.2.34-150000.4.106.1 php7-odbc-7.2.34-150000.4.106.1 php7-odbc-debuginfo-7.2.34-150000.4.106.1 php7-opcache-7.2.34-150000.4.106.1 php7-opcache-debuginfo-7.2.34-150000.4.106.1 php7-openssl-7.2.34-150000.4.106.1 php7-openssl-debuginfo-7.2.34-150000.4.106.1 php7-pcntl-7.2.34-150000.4.106.1 php7-pcntl-debuginfo-7.2.34-150000.4.106.1 php7-pdo-7.2.34-150000.4.106.1 php7-pdo-debuginfo-7.2.34-150000.4.106.1 php7-pgsql-7.2.34-150000.4.106.1 php7-pgsql-debuginfo-7.2.34-150000.4.106.1 php7-phar-7.2.34-150000.4.106.1 php7-phar-debuginfo-7.2.34-150000.4.106.1 php7-posix-7.2.34-150000.4.106.1 php7-posix-debuginfo-7.2.34-150000.4.106.1 php7-readline-7.2.34-150000.4.106.1 php7-readline-debuginfo-7.2.34-150000.4.106.1 php7-shmop-7.2.34-150000.4.106.1 php7-shmop-debuginfo-7.2.34-150000.4.106.1 php7-snmp-7.2.34-150000.4.106.1 php7-snmp-debuginfo-7.2.34-150000.4.106.1 php7-soap-7.2.34-150000.4.106.1 php7-soap-debuginfo-7.2.34-150000.4.106.1 php7-sockets-7.2.34-150000.4.106.1 php7-sockets-debuginfo-7.2.34-150000.4.106.1 php7-sodium-7.2.34-150000.4.106.1 php7-sodium-debuginfo-7.2.34-150000.4.106.1 php7-sqlite-7.2.34-150000.4.106.1 php7-sqlite-debuginfo-7.2.34-150000.4.106.1 php7-sysvmsg-7.2.34-150000.4.106.1 php7-sysvmsg-debuginfo-7.2.34-150000.4.106.1 php7-sysvsem-7.2.34-150000.4.106.1 php7-sysvsem-debuginfo-7.2.34-150000.4.106.1 php7-sysvshm-7.2.34-150000.4.106.1 php7-sysvshm-debuginfo-7.2.34-150000.4.106.1 php7-tidy-7.2.34-150000.4.106.1 php7-tidy-debuginfo-7.2.34-150000.4.106.1 php7-tokenizer-7.2.34-150000.4.106.1 php7-tokenizer-debuginfo-7.2.34-150000.4.106.1 php7-wddx-7.2.34-150000.4.106.1 php7-wddx-debuginfo-7.2.34-150000.4.106.1 php7-xmlreader-7.2.34-150000.4.106.1 php7-xmlreader-debuginfo-7.2.34-150000.4.106.1 php7-xmlrpc-7.2.34-150000.4.106.1 php7-xmlrpc-debuginfo-7.2.34-150000.4.106.1 php7-xmlwriter-7.2.34-150000.4.106.1 php7-xmlwriter-debuginfo-7.2.34-150000.4.106.1 php7-xsl-7.2.34-150000.4.106.1 php7-xsl-debuginfo-7.2.34-150000.4.106.1 php7-zip-7.2.34-150000.4.106.1 php7-zip-debuginfo-7.2.34-150000.4.106.1 php7-zlib-7.2.34-150000.4.106.1 php7-zlib-debuginfo-7.2.34-150000.4.106.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): php7-pear-7.2.34-150000.4.106.1 php7-pear-Archive_Tar-7.2.34-150000.4.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): apache2-mod_php7-7.2.34-150000.4.106.1 apache2-mod_php7-debuginfo-7.2.34-150000.4.106.1 php7-7.2.34-150000.4.106.1 php7-bcmath-7.2.34-150000.4.106.1 php7-bcmath-debuginfo-7.2.34-150000.4.106.1 php7-bz2-7.2.34-150000.4.106.1 php7-bz2-debuginfo-7.2.34-150000.4.106.1 php7-calendar-7.2.34-150000.4.106.1 php7-calendar-debuginfo-7.2.34-150000.4.106.1 php7-ctype-7.2.34-150000.4.106.1 php7-ctype-debuginfo-7.2.34-150000.4.106.1 php7-curl-7.2.34-150000.4.106.1 php7-curl-debuginfo-7.2.34-150000.4.106.1 php7-dba-7.2.34-150000.4.106.1 php7-dba-debuginfo-7.2.34-150000.4.106.1 php7-debuginfo-7.2.34-150000.4.106.1 php7-debugsource-7.2.34-150000.4.106.1 php7-devel-7.2.34-150000.4.106.1 php7-dom-7.2.34-150000.4.106.1 php7-dom-debuginfo-7.2.34-150000.4.106.1 php7-enchant-7.2.34-150000.4.106.1 php7-enchant-debuginfo-7.2.34-150000.4.106.1 php7-exif-7.2.34-150000.4.106.1 php7-exif-debuginfo-7.2.34-150000.4.106.1 php7-fastcgi-7.2.34-150000.4.106.1 php7-fastcgi-debuginfo-7.2.34-150000.4.106.1 php7-fileinfo-7.2.34-150000.4.106.1 php7-fileinfo-debuginfo-7.2.34-150000.4.106.1 php7-fpm-7.2.34-150000.4.106.1 php7-fpm-debuginfo-7.2.34-150000.4.106.1 php7-ftp-7.2.34-150000.4.106.1 php7-ftp-debuginfo-7.2.34-150000.4.106.1 php7-gd-7.2.34-150000.4.106.1 php7-gd-debuginfo-7.2.34-150000.4.106.1 php7-gettext-7.2.34-150000.4.106.1 php7-gettext-debuginfo-7.2.34-150000.4.106.1 php7-gmp-7.2.34-150000.4.106.1 php7-gmp-debuginfo-7.2.34-150000.4.106.1 php7-iconv-7.2.34-150000.4.106.1 php7-iconv-debuginfo-7.2.34-150000.4.106.1 php7-intl-7.2.34-150000.4.106.1 php7-intl-debuginfo-7.2.34-150000.4.106.1 php7-json-7.2.34-150000.4.106.1 php7-json-debuginfo-7.2.34-150000.4.106.1 php7-ldap-7.2.34-150000.4.106.1 php7-ldap-debuginfo-7.2.34-150000.4.106.1 php7-mbstring-7.2.34-150000.4.106.1 php7-mbstring-debuginfo-7.2.34-150000.4.106.1 php7-mysql-7.2.34-150000.4.106.1 php7-mysql-debuginfo-7.2.34-150000.4.106.1 php7-odbc-7.2.34-150000.4.106.1 php7-odbc-debuginfo-7.2.34-150000.4.106.1 php7-opcache-7.2.34-150000.4.106.1 php7-opcache-debuginfo-7.2.34-150000.4.106.1 php7-openssl-7.2.34-150000.4.106.1 php7-openssl-debuginfo-7.2.34-150000.4.106.1 php7-pcntl-7.2.34-150000.4.106.1 php7-pcntl-debuginfo-7.2.34-150000.4.106.1 php7-pdo-7.2.34-150000.4.106.1 php7-pdo-debuginfo-7.2.34-150000.4.106.1 php7-pgsql-7.2.34-150000.4.106.1 php7-pgsql-debuginfo-7.2.34-150000.4.106.1 php7-phar-7.2.34-150000.4.106.1 php7-phar-debuginfo-7.2.34-150000.4.106.1 php7-posix-7.2.34-150000.4.106.1 php7-posix-debuginfo-7.2.34-150000.4.106.1 php7-readline-7.2.34-150000.4.106.1 php7-readline-debuginfo-7.2.34-150000.4.106.1 php7-shmop-7.2.34-150000.4.106.1 php7-shmop-debuginfo-7.2.34-150000.4.106.1 php7-snmp-7.2.34-150000.4.106.1 php7-snmp-debuginfo-7.2.34-150000.4.106.1 php7-soap-7.2.34-150000.4.106.1 php7-soap-debuginfo-7.2.34-150000.4.106.1 php7-sockets-7.2.34-150000.4.106.1 php7-sockets-debuginfo-7.2.34-150000.4.106.1 php7-sodium-7.2.34-150000.4.106.1 php7-sodium-debuginfo-7.2.34-150000.4.106.1 php7-sqlite-7.2.34-150000.4.106.1 php7-sqlite-debuginfo-7.2.34-150000.4.106.1 php7-sysvmsg-7.2.34-150000.4.106.1 php7-sysvmsg-debuginfo-7.2.34-150000.4.106.1 php7-sysvsem-7.2.34-150000.4.106.1 php7-sysvsem-debuginfo-7.2.34-150000.4.106.1 php7-sysvshm-7.2.34-150000.4.106.1 php7-sysvshm-debuginfo-7.2.34-150000.4.106.1 php7-tidy-7.2.34-150000.4.106.1 php7-tidy-debuginfo-7.2.34-150000.4.106.1 php7-tokenizer-7.2.34-150000.4.106.1 php7-tokenizer-debuginfo-7.2.34-150000.4.106.1 php7-wddx-7.2.34-150000.4.106.1 php7-wddx-debuginfo-7.2.34-150000.4.106.1 php7-xmlreader-7.2.34-150000.4.106.1 php7-xmlreader-debuginfo-7.2.34-150000.4.106.1 php7-xmlrpc-7.2.34-150000.4.106.1 php7-xmlrpc-debuginfo-7.2.34-150000.4.106.1 php7-xmlwriter-7.2.34-150000.4.106.1 php7-xmlwriter-debuginfo-7.2.34-150000.4.106.1 php7-xsl-7.2.34-150000.4.106.1 php7-xsl-debuginfo-7.2.34-150000.4.106.1 php7-zip-7.2.34-150000.4.106.1 php7-zip-debuginfo-7.2.34-150000.4.106.1 php7-zlib-7.2.34-150000.4.106.1 php7-zlib-debuginfo-7.2.34-150000.4.106.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): php7-pear-7.2.34-150000.4.106.1 php7-pear-Archive_Tar-7.2.34-150000.4.106.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): apache2-mod_php7-7.2.34-150000.4.106.1 apache2-mod_php7-debuginfo-7.2.34-150000.4.106.1 php7-7.2.34-150000.4.106.1 php7-bcmath-7.2.34-150000.4.106.1 php7-bcmath-debuginfo-7.2.34-150000.4.106.1 php7-bz2-7.2.34-150000.4.106.1 php7-bz2-debuginfo-7.2.34-150000.4.106.1 php7-calendar-7.2.34-150000.4.106.1 php7-calendar-debuginfo-7.2.34-150000.4.106.1 php7-ctype-7.2.34-150000.4.106.1 php7-ctype-debuginfo-7.2.34-150000.4.106.1 php7-curl-7.2.34-150000.4.106.1 php7-curl-debuginfo-7.2.34-150000.4.106.1 php7-dba-7.2.34-150000.4.106.1 php7-dba-debuginfo-7.2.34-150000.4.106.1 php7-debuginfo-7.2.34-150000.4.106.1 php7-debugsource-7.2.34-150000.4.106.1 php7-devel-7.2.34-150000.4.106.1 php7-dom-7.2.34-150000.4.106.1 php7-dom-debuginfo-7.2.34-150000.4.106.1 php7-enchant-7.2.34-150000.4.106.1 php7-enchant-debuginfo-7.2.34-150000.4.106.1 php7-exif-7.2.34-150000.4.106.1 php7-exif-debuginfo-7.2.34-150000.4.106.1 php7-fastcgi-7.2.34-150000.4.106.1 php7-fastcgi-debuginfo-7.2.34-150000.4.106.1 php7-fileinfo-7.2.34-150000.4.106.1 php7-fileinfo-debuginfo-7.2.34-150000.4.106.1 php7-fpm-7.2.34-150000.4.106.1 php7-fpm-debuginfo-7.2.34-150000.4.106.1 php7-ftp-7.2.34-150000.4.106.1 php7-ftp-debuginfo-7.2.34-150000.4.106.1 php7-gd-7.2.34-150000.4.106.1 php7-gd-debuginfo-7.2.34-150000.4.106.1 php7-gettext-7.2.34-150000.4.106.1 php7-gettext-debuginfo-7.2.34-150000.4.106.1 php7-gmp-7.2.34-150000.4.106.1 php7-gmp-debuginfo-7.2.34-150000.4.106.1 php7-iconv-7.2.34-150000.4.106.1 php7-iconv-debuginfo-7.2.34-150000.4.106.1 php7-intl-7.2.34-150000.4.106.1 php7-intl-debuginfo-7.2.34-150000.4.106.1 php7-json-7.2.34-150000.4.106.1 php7-json-debuginfo-7.2.34-150000.4.106.1 php7-ldap-7.2.34-150000.4.106.1 php7-ldap-debuginfo-7.2.34-150000.4.106.1 php7-mbstring-7.2.34-150000.4.106.1 php7-mbstring-debuginfo-7.2.34-150000.4.106.1 php7-mysql-7.2.34-150000.4.106.1 php7-mysql-debuginfo-7.2.34-150000.4.106.1 php7-odbc-7.2.34-150000.4.106.1 php7-odbc-debuginfo-7.2.34-150000.4.106.1 php7-opcache-7.2.34-150000.4.106.1 php7-opcache-debuginfo-7.2.34-150000.4.106.1 php7-openssl-7.2.34-150000.4.106.1 php7-openssl-debuginfo-7.2.34-150000.4.106.1 php7-pcntl-7.2.34-150000.4.106.1 php7-pcntl-debuginfo-7.2.34-150000.4.106.1 php7-pdo-7.2.34-150000.4.106.1 php7-pdo-debuginfo-7.2.34-150000.4.106.1 php7-pgsql-7.2.34-150000.4.106.1 php7-pgsql-debuginfo-7.2.34-150000.4.106.1 php7-phar-7.2.34-150000.4.106.1 php7-phar-debuginfo-7.2.34-150000.4.106.1 php7-posix-7.2.34-150000.4.106.1 php7-posix-debuginfo-7.2.34-150000.4.106.1 php7-readline-7.2.34-150000.4.106.1 php7-readline-debuginfo-7.2.34-150000.4.106.1 php7-shmop-7.2.34-150000.4.106.1 php7-shmop-debuginfo-7.2.34-150000.4.106.1 php7-snmp-7.2.34-150000.4.106.1 php7-snmp-debuginfo-7.2.34-150000.4.106.1 php7-soap-7.2.34-150000.4.106.1 php7-soap-debuginfo-7.2.34-150000.4.106.1 php7-sockets-7.2.34-150000.4.106.1 php7-sockets-debuginfo-7.2.34-150000.4.106.1 php7-sodium-7.2.34-150000.4.106.1 php7-sodium-debuginfo-7.2.34-150000.4.106.1 php7-sqlite-7.2.34-150000.4.106.1 php7-sqlite-debuginfo-7.2.34-150000.4.106.1 php7-sysvmsg-7.2.34-150000.4.106.1 php7-sysvmsg-debuginfo-7.2.34-150000.4.106.1 php7-sysvsem-7.2.34-150000.4.106.1 php7-sysvsem-debuginfo-7.2.34-150000.4.106.1 php7-sysvshm-7.2.34-150000.4.106.1 php7-sysvshm-debuginfo-7.2.34-150000.4.106.1 php7-tidy-7.2.34-150000.4.106.1 php7-tidy-debuginfo-7.2.34-150000.4.106.1 php7-tokenizer-7.2.34-150000.4.106.1 php7-tokenizer-debuginfo-7.2.34-150000.4.106.1 php7-wddx-7.2.34-150000.4.106.1 php7-wddx-debuginfo-7.2.34-150000.4.106.1 php7-xmlreader-7.2.34-150000.4.106.1 php7-xmlreader-debuginfo-7.2.34-150000.4.106.1 php7-xmlrpc-7.2.34-150000.4.106.1 php7-xmlrpc-debuginfo-7.2.34-150000.4.106.1 php7-xmlwriter-7.2.34-150000.4.106.1 php7-xmlwriter-debuginfo-7.2.34-150000.4.106.1 php7-xsl-7.2.34-150000.4.106.1 php7-xsl-debuginfo-7.2.34-150000.4.106.1 php7-zip-7.2.34-150000.4.106.1 php7-zip-debuginfo-7.2.34-150000.4.106.1 php7-zlib-7.2.34-150000.4.106.1 php7-zlib-debuginfo-7.2.34-150000.4.106.1 - SUSE Enterprise Storage 6 (noarch): php7-pear-7.2.34-150000.4.106.1 php7-pear-Archive_Tar-7.2.34-150000.4.106.1 - SUSE CaaS Platform 4.0 (x86_64): apache2-mod_php7-7.2.34-150000.4.106.1 apache2-mod_php7-debuginfo-7.2.34-150000.4.106.1 php7-7.2.34-150000.4.106.1 php7-bcmath-7.2.34-150000.4.106.1 php7-bcmath-debuginfo-7.2.34-150000.4.106.1 php7-bz2-7.2.34-150000.4.106.1 php7-bz2-debuginfo-7.2.34-150000.4.106.1 php7-calendar-7.2.34-150000.4.106.1 php7-calendar-debuginfo-7.2.34-150000.4.106.1 php7-ctype-7.2.34-150000.4.106.1 php7-ctype-debuginfo-7.2.34-150000.4.106.1 php7-curl-7.2.34-150000.4.106.1 php7-curl-debuginfo-7.2.34-150000.4.106.1 php7-dba-7.2.34-150000.4.106.1 php7-dba-debuginfo-7.2.34-150000.4.106.1 php7-debuginfo-7.2.34-150000.4.106.1 php7-debugsource-7.2.34-150000.4.106.1 php7-devel-7.2.34-150000.4.106.1 php7-dom-7.2.34-150000.4.106.1 php7-dom-debuginfo-7.2.34-150000.4.106.1 php7-enchant-7.2.34-150000.4.106.1 php7-enchant-debuginfo-7.2.34-150000.4.106.1 php7-exif-7.2.34-150000.4.106.1 php7-exif-debuginfo-7.2.34-150000.4.106.1 php7-fastcgi-7.2.34-150000.4.106.1 php7-fastcgi-debuginfo-7.2.34-150000.4.106.1 php7-fileinfo-7.2.34-150000.4.106.1 php7-fileinfo-debuginfo-7.2.34-150000.4.106.1 php7-fpm-7.2.34-150000.4.106.1 php7-fpm-debuginfo-7.2.34-150000.4.106.1 php7-ftp-7.2.34-150000.4.106.1 php7-ftp-debuginfo-7.2.34-150000.4.106.1 php7-gd-7.2.34-150000.4.106.1 php7-gd-debuginfo-7.2.34-150000.4.106.1 php7-gettext-7.2.34-150000.4.106.1 php7-gettext-debuginfo-7.2.34-150000.4.106.1 php7-gmp-7.2.34-150000.4.106.1 php7-gmp-debuginfo-7.2.34-150000.4.106.1 php7-iconv-7.2.34-150000.4.106.1 php7-iconv-debuginfo-7.2.34-150000.4.106.1 php7-intl-7.2.34-150000.4.106.1 php7-intl-debuginfo-7.2.34-150000.4.106.1 php7-json-7.2.34-150000.4.106.1 php7-json-debuginfo-7.2.34-150000.4.106.1 php7-ldap-7.2.34-150000.4.106.1 php7-ldap-debuginfo-7.2.34-150000.4.106.1 php7-mbstring-7.2.34-150000.4.106.1 php7-mbstring-debuginfo-7.2.34-150000.4.106.1 php7-mysql-7.2.34-150000.4.106.1 php7-mysql-debuginfo-7.2.34-150000.4.106.1 php7-odbc-7.2.34-150000.4.106.1 php7-odbc-debuginfo-7.2.34-150000.4.106.1 php7-opcache-7.2.34-150000.4.106.1 php7-opcache-debuginfo-7.2.34-150000.4.106.1 php7-openssl-7.2.34-150000.4.106.1 php7-openssl-debuginfo-7.2.34-150000.4.106.1 php7-pcntl-7.2.34-150000.4.106.1 php7-pcntl-debuginfo-7.2.34-150000.4.106.1 php7-pdo-7.2.34-150000.4.106.1 php7-pdo-debuginfo-7.2.34-150000.4.106.1 php7-pgsql-7.2.34-150000.4.106.1 php7-pgsql-debuginfo-7.2.34-150000.4.106.1 php7-phar-7.2.34-150000.4.106.1 php7-phar-debuginfo-7.2.34-150000.4.106.1 php7-posix-7.2.34-150000.4.106.1 php7-posix-debuginfo-7.2.34-150000.4.106.1 php7-readline-7.2.34-150000.4.106.1 php7-readline-debuginfo-7.2.34-150000.4.106.1 php7-shmop-7.2.34-150000.4.106.1 php7-shmop-debuginfo-7.2.34-150000.4.106.1 php7-snmp-7.2.34-150000.4.106.1 php7-snmp-debuginfo-7.2.34-150000.4.106.1 php7-soap-7.2.34-150000.4.106.1 php7-soap-debuginfo-7.2.34-150000.4.106.1 php7-sockets-7.2.34-150000.4.106.1 php7-sockets-debuginfo-7.2.34-150000.4.106.1 php7-sodium-7.2.34-150000.4.106.1 php7-sodium-debuginfo-7.2.34-150000.4.106.1 php7-sqlite-7.2.34-150000.4.106.1 php7-sqlite-debuginfo-7.2.34-150000.4.106.1 php7-sysvmsg-7.2.34-150000.4.106.1 php7-sysvmsg-debuginfo-7.2.34-150000.4.106.1 php7-sysvsem-7.2.34-150000.4.106.1 php7-sysvsem-debuginfo-7.2.34-150000.4.106.1 php7-sysvshm-7.2.34-150000.4.106.1 php7-sysvshm-debuginfo-7.2.34-150000.4.106.1 php7-tidy-7.2.34-150000.4.106.1 php7-tidy-debuginfo-7.2.34-150000.4.106.1 php7-tokenizer-7.2.34-150000.4.106.1 php7-tokenizer-debuginfo-7.2.34-150000.4.106.1 php7-wddx-7.2.34-150000.4.106.1 php7-wddx-debuginfo-7.2.34-150000.4.106.1 php7-xmlreader-7.2.34-150000.4.106.1 php7-xmlreader-debuginfo-7.2.34-150000.4.106.1 php7-xmlrpc-7.2.34-150000.4.106.1 php7-xmlrpc-debuginfo-7.2.34-150000.4.106.1 php7-xmlwriter-7.2.34-150000.4.106.1 php7-xmlwriter-debuginfo-7.2.34-150000.4.106.1 php7-xsl-7.2.34-150000.4.106.1 php7-xsl-debuginfo-7.2.34-150000.4.106.1 php7-zip-7.2.34-150000.4.106.1 php7-zip-debuginfo-7.2.34-150000.4.106.1 php7-zlib-7.2.34-150000.4.106.1 php7-zlib-debuginfo-7.2.34-150000.4.106.1 - SUSE CaaS Platform 4.0 (noarch): php7-pear-7.2.34-150000.4.106.1 php7-pear-Archive_Tar-7.2.34-150000.4.106.1 References: https://www.suse.com/security/cve/CVE-2022-31631.html https://bugzilla.suse.com/1206958 From sle-security-updates at lists.suse.com Mon Jan 16 14:17:58 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 16 Jan 2023 15:17:58 +0100 (CET) Subject: SUSE-SU-2023:0088-1: moderate: Security update for python-wheel Message-ID: <20230116141758.DA56AFD97@maintenance.suse.de> SUSE Security Update: Security update for python-wheel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0088-1 Rating: moderate References: #1206670 Cross-References: CVE-2022-40898 CVSS scores: CVE-2022-40898 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40898 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 6 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-wheel fixes the following issues: - CVE-2022-40898: Fixed an excessive use of CPU that could be triggered via a crafted regular expression (bsc#1206670). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-88=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-88=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2023-88=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-88=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-88=1 Package List: - openSUSE Leap 15.4 (noarch): python3-wheel-0.32.3-150100.6.5.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): python3-wheel-0.32.3-150100.6.5.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python3-wheel-0.32.3-150100.6.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): python2-wheel-0.32.3-150100.6.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-wheel-0.32.3-150100.6.5.1 References: https://www.suse.com/security/cve/CVE-2022-40898.html https://bugzilla.suse.com/1206670 From sle-security-updates at lists.suse.com Mon Jan 16 14:19:24 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 16 Jan 2023 15:19:24 +0100 (CET) Subject: SUSE-SU-2023:0091-1: moderate: Security update for python310-setuptools Message-ID: <20230116141924.C7915FD96@maintenance.suse.de> SUSE Security Update: Security update for python310-setuptools ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0091-1 Rating: moderate References: #1206667 Cross-References: CVE-2022-40897 CVSS scores: CVE-2022-40897 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40897 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Python3 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python310-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-91=1 - SUSE Linux Enterprise Module for Python3 15-SP4: zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2023-91=1 Package List: - openSUSE Leap 15.4 (noarch): python310-setuptools-57.4.0-150400.4.3.1 - SUSE Linux Enterprise Module for Python3 15-SP4 (noarch): python310-setuptools-57.4.0-150400.4.3.1 References: https://www.suse.com/security/cve/CVE-2022-40897.html https://bugzilla.suse.com/1206667 From sle-security-updates at lists.suse.com Mon Jan 16 14:20:43 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 16 Jan 2023 15:20:43 +0100 (CET) Subject: SUSE-SU-2023:0089-1: moderate: Security update for python-wheel Message-ID: <20230116142043.8D391FD96@maintenance.suse.de> SUSE Security Update: Security update for python-wheel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0089-1 Rating: moderate References: #1206670 Cross-References: CVE-2022-40898 CVSS scores: CVE-2022-40898 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40898 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-wheel fixes the following issues: - CVE-2022-40898: Fixed an excessive use of CPU that could be triggered via a crafted regular expression (bsc#1206670). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-89=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-wheel-0.30.0-2.7.1 python3-wheel-0.30.0-2.7.1 References: https://www.suse.com/security/cve/CVE-2022-40898.html https://bugzilla.suse.com/1206670 From sle-security-updates at lists.suse.com Tue Jan 17 08:02:47 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 17 Jan 2023 09:02:47 +0100 (CET) Subject: SUSE-IU-2023:5-1: Security update of sles-15-sp4-chost-byos-v20230111-arm64 Message-ID: <20230117080247.2D44EFD96@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp4-chost-byos-v20230111-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:5-1 Image Tags : sles-15-sp4-chost-byos-v20230111-arm64:20230111 Image Release : Severity : important Type : security References : 1065729 1144337 1156395 1164051 1175622 1177460 1179584 1184350 1188882 1189297 1190256 1191410 1193629 1194869 1195391 1196205 1199467 1200107 1200581 1200723 1202341 1203092 1203183 1203274 1203391 1203511 1203960 1204000 1204228 1204405 1204414 1204423 1204585 1204631 1204636 1204693 1204743 1204779 1204780 1204810 1204850 1204867 1205000 1205007 1205100 1205111 1205113 1205128 1205130 1205149 1205153 1205220 1205264 1205266 1205272 1205282 1205284 1205331 1205332 1205377 1205427 1205428 1205473 1205502 1205507 1205514 1205521 1205567 1205616 1205617 1205653 1205671 1205679 1205683 1205700 1205705 1205709 1205711 1205744 1205764 1205796 1205797 1205882 1205993 1206028 1206035 1206036 1206037 1206045 1206046 1206047 1206048 1206049 1206050 1206051 1206056 1206057 1206071 1206072 1206075 1206077 1206113 1206114 1206147 1206149 1206207 1206212 1206308 1206309 1206337 1206579 1206622 944832 CVE-2022-2602 CVE-2022-3176 CVE-2022-3491 CVE-2022-3520 CVE-2022-3566 CVE-2022-3567 CVE-2022-3591 CVE-2022-3635 CVE-2022-3643 CVE-2022-3705 CVE-2022-3707 CVE-2022-3903 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-4141 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-4292 CVE-2022-4293 CVE-2022-43551 CVE-2022-43552 CVE-2022-4378 CVE-2022-43945 CVE-2022-4415 CVE-2022-45869 CVE-2022-45888 CVE-2022-45934 CVE-2022-46908 CVE-2022-47629 ----------------------------------------------------------------- The container sles-15-sp4-chost-byos-v20230111-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4585-1 Released: Tue Dec 20 12:52:24 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1156395,1164051,1184350,1189297,1190256,1193629,1194869,1202341,1203183,1203391,1203511,1203960,1204228,1204405,1204414,1204631,1204636,1204693,1204780,1204810,1204850,1205007,1205100,1205111,1205113,1205128,1205130,1205149,1205153,1205220,1205264,1205282,1205331,1205332,1205427,1205428,1205473,1205507,1205514,1205521,1205567,1205616,1205617,1205653,1205671,1205679,1205683,1205700,1205705,1205709,1205711,1205744,1205764,1205796,1205882,1205993,1206035,1206036,1206037,1206045,1206046,1206047,1206048,1206049,1206050,1206051,1206056,1206057,1206113,1206114,1206147,1206149,1206207,CVE-2022-2602,CVE-2022-3176,CVE-2022-3566,CVE-2022-3567,CVE-2022-3635,CVE-2022-3643,CVE-2022-3707,CVE-2022-3903,CVE-2022-4095,CVE-2022-4129,CVE-2022-4139,CVE-2022-41850,CVE-2022-41858,CVE-2022-42328,CVE-2022-42329,CVE-2022-42895,CVE-2022-42896,CVE-2022-4378,CVE-2022-43945,CVE-2022-45869,CVE-2022-45888,CVE-2022-45934 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882). - CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt. The manipulation leads to a race condition (bsc#1204405). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes). - ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes). - ACPI: HMAT: remove unnecessary variable initialization (git-fixes). - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes). - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes). - ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes). - ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100). - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111). - ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111). - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes). - ARM: at91: rm9200: fix usb device clock id (git-fixes). - ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes). - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes). - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes). - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes). - ARM: dts: imx7: Fix NAND controller size-cells (git-fixes). - ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes). - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes). - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes). - ASoC: fsl_sai: use local device pointer (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes). - ASoC: ops: Fix bounds check for _sx controls (git-fixes). - ASoC: rt1019: Fix the TDM settings (git-fixes). - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes). - ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes). - ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes). - Bluetooth: Fix not cleanup led when bt_init fails (git-fixes). - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629). - Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes). - Drivers: hv: Fix syntax errors in comments (git-fixes). - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes). - Drivers: hv: fix repeated words in comments (git-fixes). - Drivers: hv: remove duplicate word in a comment (git-fixes). - Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes). - Drivers: hv: vmbus: Fix kernel-doc (git-fixes). - Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes). - Drivers: hv: vmbus: Release cpu lock in error case (git-fixes). - Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: fix typo in comment (git-fixes). - Fix formatting of client smbdirect RDMA logging (bsc#1193629). - HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes). - HID: hid-lg4ff: Add check for empty lbuf (git-fixes). - HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes). - HID: playstation: add initial DualSense Edge controller support (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Handle variable number of SGEs in client smbdirect send (bsc#1193629). - IB/hfi1: Correctly move list in sc_disable() (git-fixes) - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes) - Input: goodix - try resetting the controller when no config is set (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes). - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes). - Input: soc_button_array - add use_low_level_irq module parameter (git-fixes). - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes). - KVM: Move wiping of the kvm->vcpus array to common code (git-fixes). - KVM: SEV: Mark nested locking of vcpu->lock (git-fixes). - KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes). - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes). - KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes). - KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes). - KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes). - KVM: SVM: retrieve VMCB from assembly (git-fixes). - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes). - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes). - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes). - KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007). - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes). - KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes). - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes). - KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes). - KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes). - KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes). - KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes). - KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes). - KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes). - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes). - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes). - KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes). - KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes). - KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744). - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes). - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes). - KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes). - KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes). - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). - KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). - KVM: x86: emulator: update the emulation mode after rsm (git-fixes). - KVM: x86: use a separate asm-offsets.c file (git-fixes). - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes). - NFC: nci: Bounds check struct nfc_target arrays (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes) - RDMA/cma: Use output interface for net_dev check (git-fixes) - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes) - RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) - RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes) - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes) - RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes) - RDMA/hns: Disable local invalidate operation (git-fixes) - RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes) - RDMA/hns: Fix supported page size (git-fixes) - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes) - RDMA/hns: Remove magic number (git-fixes) - RDMA/hns: Remove the num_cqc_timer variable (git-fixes) - RDMA/hns: Remove the num_qpc_timer variable (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/hns: Replace tab with space in the right-side comments (git-fixes) - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes) - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes) - RDMA/irdma: Use s/g array in post send only when its valid (git-fixes) - RDMA/mlx5: Set local port to one when accessing counters (git-fixes) - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes) - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes) - RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes) - RDMA/rxe: Limit the number of calls to each tasklet (git-fixes) - RDMA/rxe: Remove useless pkt parameters (git-fixes) - Reduce client smbdirect max receive segment size (bsc#1193629). - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629). - USB: bcma: Make GPIO explicitly optional (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - arcnet: fix potential memory leak in com20020_probe() (git-fixes). - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes). - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes) - arm64: dts: imx8: correct clock order (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes). - arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes). - arm64: dts: juno: Add thermal critical trip points (git-fixes). - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes). - arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes). - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (git-fixes). - arm64: efi: Fix handling of misaligned runtime regions and drop warning (git-fixes). - arm64: entry: avoid kprobe recursion (git-fixes). - arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes). Enable CONFIG_ARM64_ERRATUM_2441007, too - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default - arm64: fix rodata=full again (git-fixes) - ata: libata-core: do not issue non-internal commands once EH is pending (git-fixes). - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes). - ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes). - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-mq: fix io hung due to missing commit_rqs (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes). - block: add bio_start_io_acct_time() to control start_time (git-fixes). - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes). - block: drop unused includes in <linux/genhd.h> (git-fixes). - bridge: switchdev: Fix memory leaks when changing VLAN protocol (git-fixes). - btrfs: check if root is readonly while setting security xattr (bsc#1206147). - btrfs: do not allow compression on nodatacow files (bsc#1206149). - btrfs: export a helper for compression hard check (bsc#1206149). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057). - btrfs: prevent subvol with swapfile from being deleted (bsc#1206035). - btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1206036). - btrfs: send: fix failures when processing inodes with no links (bsc#1206036). - btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1206036). - btrfs: send: fix sending link commands for existing file paths (bsc#1206036). - btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1206036). - btrfs: send: refactor arguments of get_inode_info() (bsc#1206036). - btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1206036). - btrfs: send: remove unused type parameter to iterate_inode_ref_t (bsc#1206036). - btrfs: send: use boolean types for current inode status (bsc#1206036). - bus: sunxi-rsb: Remove the shutdown callback (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - ca8210: Fix crash by zero initializing data (git-fixes). - can: af_can: fix NULL pointer dereference in can_rx_register() (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (git-fixes). - can: j1939: j1939_send_one(): fix missing CAN header initialization (git-fixes). - can: m_can: Add check for devm_clk_get (git-fixes). - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1206051). - ceph: do not update snapshot context when there is no new snapshot (bsc#1206047). - ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048). - ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1206049). - ceph: properly handle statfs on multifs setups (bsc#1206045). - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (bsc#1206046). - char: tpm: Protect tpm_pm_suspend with locks (git-fixes). - cifs: Add constructor/destructors for tcon->cfid (bsc#1193629). - cifs: Add helper function to check smb1+ server (bsc#1193629). - cifs: Do not access tcon->cfids->cfid directly from is_path_accessible (bsc#1193629). - cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1193629). - cifs: Fix connections leak when tlink setup failed (git-fixes). - cifs: Fix memory leak on the deferred close (bsc#1193629). - cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1193629). - cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1193629). - cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1193629). - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1193629). - cifs: Fix wrong return value checking when GETFLAGS (git-fixes). - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629). - cifs: Fix xid leak in cifs_create() (bsc#1193629). - cifs: Fix xid leak in cifs_flock() (bsc#1193629). - cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629). - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629). - cifs: Make tcon contain a wrapper structure cached_fids instead of cached_fid (bsc#1193629). - cifs: Move cached-dir functions into a separate file (bsc#1193629). - cifs: Replace a couple of one-element arrays with flexible-array members (bsc#1193629). - cifs: Use after free in debug code (git-fixes). - cifs: Use help macro to get the header preamble size (bsc#1193629). - cifs: Use help macro to get the mid header size (bsc#1193629). - cifs: add check for returning value of SMB2_close_init (git-fixes). - cifs: add check for returning value of SMB2_set_info_init (git-fixes). - cifs: add missing spinlock around tcon refcount (bsc#1193629). - cifs: alloc_mid function should be marked as static (bsc#1193629). - cifs: always initialize struct msghdr smb_msg completely (bsc#1193629). - cifs: always iterate smb sessions using primary channel (bsc#1193629). - cifs: avoid deadlocks while updating iface (bsc#1193629). - cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629). - cifs: avoid use of global locks for high contention data (bsc#1193629). - cifs: cache the dirents for entries in a cached directory (bsc#1193629). - cifs: change iface_list from array to sorted linked list (bsc#1193629). - cifs: destage dirty pages before re-reading them for cache=none (bsc#1193629). - cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1193629). - cifs: drop the lease for cached directories on rmdir or rename (bsc#1193629). - cifs: during reconnect, update interface if necessary (bsc#1193629). - cifs: enable caching of directories for which a lease is held (bsc#1193629). - cifs: find and use the dentry for cached non-root directories also (bsc#1193629). - cifs: fix double-fault crash during ntlmssp (bsc#1193629). - cifs: fix lock length calculation (bsc#1193629). - cifs: fix memory leaks in session setup (bsc#1193629). - cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes). - cifs: fix race condition with delayed threads (bsc#1193629). - cifs: fix skipping to incorrect offset in emit_cached_dirents (bsc#1193629). - cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629). - cifs: fix static checker warning (bsc#1193629). - cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629). - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1193629). - cifs: fix use-after-free on the link name (bsc#1193629). - cifs: fix wrong unlock before return from cifs_tree_connect() (bsc#1193629). - cifs: improve handlecaching (bsc#1193629). - cifs: improve symlink handling for smb2+ (bsc#1193629). - cifs: lease key is uninitialized in smb1 paths (bsc#1193629). - cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1193629). - cifs: list_for_each() -> list_for_each_entry() (bsc#1193629). - cifs: misc: fix spelling typo in comment (bsc#1193629). - cifs: move from strlcpy with unused retval to strscpy (bsc#1193629). - cifs: periodically query network interfaces from server (bsc#1193629). - cifs: populate empty hostnames for extra channels (bsc#1193629). - cifs: prevent copying past input buffer boundaries (bsc#1193629). - cifs: remove 'cifs_' prefix from init/destroy mids functions (bsc#1193629). - cifs: remove initialization value (bsc#1193629). - cifs: remove minor build warning (bsc#1193629). - cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1193629). - cifs: remove remaining build warnings (bsc#1193629). - cifs: remove some camelCase and also some static build warnings (bsc#1193629). - cifs: remove unnecessary (void*) conversions (bsc#1193629). - cifs: remove unnecessary locking of chan_lock while freeing session (bsc#1193629). - cifs: remove unnecessary type castings (bsc#1193629). - cifs: remove unused server parameter from calc_smb_size() (bsc#1193629). - cifs: remove useless DeleteMidQEntry() (bsc#1193629). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1193629). - cifs: replace kfree() with kfree_sensitive() for sensitive data (bsc#1193629). - cifs: return correct error in ->calc_signature() (bsc#1193629). - cifs: return errors during session setup during reconnects (bsc#1193629). - cifs: revalidate mapping when doing direct writes (bsc#1193629). - cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629). - cifs: set rc to -ENOENT if we can not get a dentry for the cached dir (bsc#1193629). - cifs: skip extra NULL byte in filenames (bsc#1193629). - cifs: store a pointer to a fid in the cfid structure instead of the struct (bsc#1193629). - cifs: truncate the inode and mapping when we simulate fcollapse (bsc#1193629). - cifs: update cifs_ses::ip_addr after failover (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use ALIGN() and round_up() macros (bsc#1193629). - cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629). - cifs: when a channel is not found for server, log its connection id (bsc#1193629). - cifs: when insecure legacy is disabled shrink amount of SMB1 code (bsc#1193629). - clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes). - cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849). - cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849). - cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm: fix double accounting of flush with data (git-fixes). - dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes). - dm: properly fix redundant bio-based IO accounting (git-fixes). - dm: remove unnecessary assignment statement in alloc_dev() (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dm: revert partial fix for redundant bio-based IO accounting (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes). - dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes). - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (git-fixes). - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (git-fixes). - dmaengine: at_hdmac: Free the memset buf without holding the chan lock (git-fixes). - dmaengine: at_hdmac: Protect atchan->status with the channel lock (git-fixes). - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (git-fixes). - docs, kprobes: Fix the wrong location of Kprobes (git-fixes). - docs/core-api: expand Fedora instructions for GCC plugins (git-fixes). - drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes). - drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes). - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (git-fixes). - drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes). - drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes). - drm/amdkfd: handle CPU fault on COW mapping (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/hyperv: Add ratelimit on error message (git-fixes). - drm/hyperv: Do not overwrite dirt_needed value set by host (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/hdmi: fix IRQ lifetime (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - dt-bindings: power: gpcv2: add power-domains property (git-fixes). - e1000e: Fix TX dispatch condition (git-fixes). - e100: Fix possible use after free in e100_xmit_prepare (git-fixes). - efi/tpm: Pass correct address to memblock_reserve (git-fixes). - efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes). - efi: random: reduce seed size to 32 bytes (git-fixes). - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - firmware: coreboot: Register bus in module init (git-fixes). - fm10k: Fix error handling in fm10k_init_module() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205332). - fuse: fix readdir cache race (bsc#1205331). - gpio: amd8111: Fix PCI device reference count leak (git-fixes). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_sock: Add validation for untrusted Hyper-V values (git-fixes). - hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes). - hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes). - hwmon: (ltc2947) fix temperature scaling (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes). - i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes). - i2c: piix4: Fix adapter not be removed in piix4_remove() (git-fixes). - i2c: tegra: Allocate DMA memory for DMA engine (git-fixes). - i2c: xiic: Add platform module alias (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - ieee802154: cc2520: Fix error return code in cc2520_hw_init() (git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: adc: mp2629: fix potential array out of bound access (git-fixes). - iio: adc: mp2629: fix wrong comparison of channel (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: ms5611: Simplify IO callback parameters (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: pressure: ms5611: fixed value compensation bug (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes). - intel_idle: Add AlderLake support (jsc#PED-824). - intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936). - intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936). - intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936). - io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113). - io-wq: do not retry task_work creation failure on fatal conditions (bnc#1205113). - io-wq: ensure we exit if thread group is exiting (git-fixes). - io-wq: exclusively gate signal based exit on get_signal() return (git-fixes). - io-wq: fix cancellation on create-worker failure (bnc#1205113). - io-wq: fix silly logic error in io_task_work_match() (bnc#1205113). - io_uring: correct __must_hold annotation (git-fixes). - io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes). - io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL (git-fixes). - io_uring: fix io_timeout_remove locking (git-fixes). - io_uring: fix missing mb() before waitqueue_active (git-fixes). - io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes). - io_uring: fix possible poll event lost in multi shot mode (git-fixes). - io_uring: pin SQPOLL data before unlocking ring lock (git-fixes). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - kABI: Fix kABI after 'KVM: x86/pmu: Use different raw event masks for AMD and Intel' (git-fixes). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mac80211: radiotap: Use BIT() instead of shifts (git-fixes). - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes). - macsec: Fix invalid error code set (git-fixes). - macsec: add missing attribute validation for offload (git-fixes). - macsec: clear encryption keys from the stack after setting up offload (git-fixes). - macsec: delete new rxsc when offload fails (git-fixes). - macsec: fix detection of RXSCs when toggling offloading (git-fixes). - macsec: fix secy->n_rx_sc accounting (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (git-fixes). - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051). - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: rkisp1: Do not pass the quantization to rkisp1_csm_config() (git-fixes). - media: rkisp1: Initialize color space on resizer sink and source pads (git-fixes). - media: rkisp1: Use correct macro for gradient registers (git-fixes). - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (git-fixes). - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: v4l: subdev: Fail graciously when getting try data for NULL state (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: mmc_test: Fix removal of debugfs file (git-fixes). - mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes). - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-brcmstb: Re-organize flags (git-fixes). - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes). - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - mmc: sdhci-sprd: Fix no reset data and command after voltage switch (git-fixes). - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes). - mtd: parsers: bcm47xxpart: print correct offset on read error (git-fixes). - mtd: spi-nor: intel-spi: Disable write protection only if asked (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - net/smc: Avoid overwriting the copies of clcsock callback functions (git-fixes). - net/smc: Fix an error code in smc_lgr_create() (git-fixes). - net/smc: Fix possible access to freed memory in link clear (git-fixes). - net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes). - net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes). - net/smc: Fix sock leak when release after smc_shutdown() (git-fixes). - net/smc: Forward wakeup to smc socket waitqueue after fallback (git-fixes). - net/smc: Only save the original clcsock callback functions (git-fixes). - net/smc: Send directly when TCP_CORK is cleared (git-fixes). - net/smc: kABI workarounds for struct smc_link (git-fixes). - net/smc: kABI workarounds for struct smc_sock (git-fixes). - net/smc: send directly on setting TCP_NODELAY (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: mdio: fix unbalanced fwnode reference count in mdio_device_release() (git-fixes). - net: mdiobus: fix unbalanced node reference count (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: phy: marvell: add sleep time after enabling the loopback bit (git-fixes). - net: phy: mscc: macsec: clear encryption keys when freeing a flow (git-fixes). - net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes). - net: stmmac: work around sporadic tx issue on link-up (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: thunderbolt: fix memory leak in tbnet_open() (git-fixes). - net: thunderx: Fix the ACPI memory leak (git-fixes). - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (git-fixes). - net: wwan: iosm: fix kernel test robot reported error (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (git-fixes). - nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes). - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (git-fixes). - nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (git-fixes). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - pinctrl: intel: Save and restore pins in 'direct IRQ' mode (git-fixes). - pinctrl: rockchip: list all pins in a possible mux route for PX30 (git-fixes). - pinctrl: single: Fix potential division by zero (git-fixes). - platform/surface: aggregator: Do not check for repeated unsequenced packets (git-fixes). - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684 bsc#1205683). - platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes). - platform/x86/intel: pmc: Do not unconditionally attach Intel PMC when virtualized (git-fixes). - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (git-fixes). - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (git-fixes). - platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (git-fixes). - powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S (bsc#1194869). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static (bsc#1194869). - proc: avoid integer type confusion in get_proc_long (git-fixes). - proc: proc_skip_spaces() shouldn't think it is working on C strings (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205427 LTC#200502). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390: fix nospec table alignments (git-fixes). - sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)). - sched: Disable sched domain debugfs creation on ppc64 unless sched_verbose is specified (bnc#1205653). - scripts/faddr2line: Fix regression in name resolution on ppc64le (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qedf: Populate sysfs attributes for vport (git-fixes). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix typo in comment (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: remove an extraneous 'to' in a comment (git-fixes). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes). - selftests: mptcp: fix mibit vs mbit mix up (git-fixes). - selftests: mptcp: make sendfile selftest work (git-fixes). - selftests: mptcp: more stable simult_flows tests (git-fixes). - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (git-fixes). - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: Flush DMA Rx on RLSI (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - smb2: small refactor in smb2_check_message() (bsc#1193629). - smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1193629). - smb3: add dynamic trace points for tree disconnect (bsc#1193629). - smb3: add trace point for SMB2_set_eof (bsc#1193629). - smb3: allow deferred close timeout to be configurable (bsc#1193629). - smb3: check xattr value length earlier (bsc#1193629). - smb3: clarify multichannel warning (bsc#1193629). - smb3: do not log confusing message when server returns no network interfaces (bsc#1193629). - smb3: fix empty netname context on secondary channels (bsc#1193629). - smb3: fix oops in calculating shash_setkey (bsc#1193629). - smb3: fix temporary data corruption in collapse range (bsc#1193629). - smb3: fix temporary data corruption in insert range (bsc#1193629). - smb3: improve SMB3 change notification support (bsc#1193629). - smb3: interface count displayed incorrectly (bsc#1193629). - smb3: missing inode locks in punch hole (bsc#1193629). - smb3: missing inode locks in zero range (bsc#1193629). - smb3: must initialize two ACL struct fields to zero (bsc#1193629). - smb3: remove unneeded null check in cifs_readdir (bsc#1193629). - smb3: rename encryption/decryption TFMs (bsc#1193629). - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1193629). - smb3: use netname when available on secondary channels (bsc#1193629). - smb3: workaround negprot bug in some Samba servers (bsc#1193629). - soc: imx8m: Enable OCOTP clock before reading the register (git-fixes). - soundwire: intel: Initialize clock stop timeout (bsc#1205507). - soundwire: qcom: check for outanding writes before doing a read (git-fixes). - soundwire: qcom: reinit broadcast completion (git-fixes). - speakup: fix a segfault caused by switching consoles (git-fixes). - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (git-fixes). - spi: tegra210-quad: Fix duplicate resource error (git-fixes). - thunderbolt: Add DP OUT resource when DP tunnel is discovered (git-fixes). - tools: hv: Remove an extraneous 'the' (git-fixes). - tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes). - tools: iio: iio_generic_buffer: Fix read size (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (git-fixes). - tracing: Fix memory leak in tracing_read_pipe() (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (git-fixes). - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (git-fixes). - tty: serial: fsl_lpuart: do not break the on-going transfer when global reset (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: cdns3: host: fix endless superspeed hub port reset (git-fixes). - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes). - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes). - usb: dwc3: gadget: conditionally remove requests (git-fixes). - usb: smsc: use eth_hw_addr_set() (git-fixes). - usb: typec: mux: Enter safe mode only when pins need to be reconfigured (git-fixes). - usb: xhci-mtk: check boundary before check tt (git-fixes). - usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes). - usbnet: smsc95xx: Do not reset PHY behind PHY driver's back (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - vmxnet3: correctly report encapsulated LRO packet (git-fixes). - vmxnet3: use correct intrConf reference when using extended queues (git-fixes). - wifi: airo: do not assign -1 to unsigned char (git-fixes). - wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes). - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (git-fixes). - wifi: cfg80211: do not allow multi-BSSID in S1G (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac80211: Fix ack frame idr leak when mesh has no route (git-fixes). - wifi: mac80211: fix memory free error when registering wiphy fail (git-fixes). - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - wifi: wext: use flex array destination for memcpy() (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes). - wifi: wilc1000: validate number of channels (git-fixes). - wifi: wilc1000: validate pairwise and authentication suite offsets (git-fixes). - x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/entry: Work around Clang __bdos() bug (git-fixes). - x86/extable: Extend extable functionality (git-fixes). - x86/fpu: Drop fpregs lock before inheriting FPU permissions (bnc#1205282). - x86/futex: Remove .fixup usage (git-fixes). - x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes). - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes). - xen/gntdev: Accommodate VMA splitting (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes). - xfs: fix perag reference leak on iteration race with growfs (git-fixes). - xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes). - xfs: reserve quota for dir expansion when linking/unlinking files (bsc#1205616). - xfs: reserve quota for target dir expansion when renaming files (bsc#1205679). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4601-1 Released: Wed Dec 21 12:23:59 2022 Summary: Feature update for GNOME 41 Type: feature Severity: moderate References: 1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832 This update for GNOME 41 fixes the following issues: atkmm1_6: - Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022 eog: - Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images evince: - Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer evolution: - Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235) evolution-data-center: - Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated folks: - Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests gcr: - Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes geocode-glib: - Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x gjs: - Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks - Require xorg-x11-Xvfb for proper package build (bsc#1203274) glib2: - Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2 gnome-control-center: - Fix the size of logo icon in About system (bsc#1200581) - Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing 'Device Name' by pressing 'Enter' * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks gnome-desktop: - Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes gnome-music: - Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL gnome-remote-desktop: - Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation gnome-session: - Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867) - Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882) gnome-shell: - Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard gnome-software: - Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line gnome-terminal: - Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu gnome-user-docs: - Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic gspell: - Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements gtkmm3: - Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command() gtk-vnc: - Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors gupnp-av: - Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream - Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library - Conflict with the wrongly provided libgupnp-av-1_0-2 gvfs: - Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login libgsf: - Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available libmediaart: - Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library libnma: - Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status - New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel - Split out documentation files in own docs sub-package libnotify: - Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings libpeas: - Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed - Stop packaging the demo files/sub-package librsvg: - Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths libsecret: - Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice mutter: - Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes nautilus: - Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes orca: - Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x python-cairo: - Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584) - Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module trackers-python: - Allow system calls used by gstreamer (bsc#1196205) - Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls vala: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for 'copy_/free_function' metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our 'trap' jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy 'fields' * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning xdg-desktop-portal-gnome: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4618-1 Released: Fri Dec 23 13:02:31 2022 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: This update for catatonit fixes the following issues: Update to catatonit v0.1.7: - This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). Update to catatonit v0.1.6: - which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4631-1 Released: Wed Dec 28 09:29:15 2022 Summary: Security update for vim Type: security Severity: important References: 1204779,1205797,1206028,1206071,1206072,1206075,1206077,CVE-2022-3491,CVE-2022-3520,CVE-2022-3591,CVE-2022-3705,CVE-2022-4141,CVE-2022-4292,CVE-2022-4293 This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028). - CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071). - CVE-2022-3591: vim: Use After Free (bsc#1206072). - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075). - CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077). - CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797). - CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:41-1 Released: Mon Jan 9 10:23:07 2023 Summary: Recommended update for kdump Type: recommended Severity: important References: 1144337,1191410,1204000,1204743 This update for kdump fixes the following issues: - Make the kdump-save.service reboot after kdump-save is finished (bsc#1204000) - Fix renaming of qeth interfaces (bsc#1204743, bsc#1144337) - Rebuild initrd image after migration on ppc64 architecture (bsc#1191410) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:51-1 Released: Mon Jan 9 10:42:58 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1195391,1200107,1203092,1204423 This update for suse-module-tools fixes the following issues: - 80-hotplug-cpu-mem.rules: Restrict udev rule for Hotplug physical CPU to x86_64 architecture (bsc#1204423) - driver-check.sh, unblacklist: Convert `egrep` to `grep -E` (bsc#1203092) - driver-check.sh: Avoid false positive error messages (bsc#1200107) - kernel-scriptlets: Don't pass flags to weak-modules2 (bsc#1195391) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:52-1 Released: Mon Jan 9 10:43:57 2023 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1205266,1205272,1205284,1205377 This update for xfsprogs fixes the following issues: - mkfs: don't trample the gid set in the protofile (bsc#1205266) - mkfs: prevent corruption of passed-in suboption string values (bsc#1205377) - mkfs: terminate getsubopt arrays properly (bsc#1205284) - xfs_repair: ignore empty xattr leaf blocks (bsc#1205272) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). The following package changes have been done: - ca-certificates-mozilla-2.60-150200.27.1 updated - catatonit-0.1.7-150300.10.3.1 updated - curl-7.79.1-150400.5.12.1 updated - kdump-1.0.2+git18.g615d6ab-150400.3.8.1 updated - kernel-default-5.14.21-150400.24.38.1 updated - libcurl4-7.79.1-150400.5.12.1 updated - libglib-2_0-0-2.70.5-150400.3.3.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-249.12-150400.8.16.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-249.12-150400.8.16.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - login_defs-4.8.1-150400.10.3.1 updated - shadow-4.8.1-150400.10.3.1 updated - suse-module-tools-15.4.15-150400.3.5.1 updated - systemd-sysvinit-249.12-150400.8.16.1 updated - systemd-249.12-150400.8.16.1 updated - timezone-2022g-150000.75.18.1 updated - udev-249.12-150400.8.16.1 updated - vim-data-common-9.0.1040-150000.5.31.1 updated - vim-9.0.1040-150000.5.31.1 updated - xfsprogs-5.13.0-150400.3.3.1 updated From sle-security-updates at lists.suse.com Tue Jan 17 08:46:27 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 17 Jan 2023 09:46:27 +0100 (CET) Subject: SUSE-CU-2023:158-1: Security update of suse/389-ds Message-ID: <20230117084627.E07D4FD96@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:158-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-19.4 , suse/389-ds:latest Container Release : 19.4 Severity : moderate Type : security References : 1206670 CVE-2022-40898 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:88-1 Released: Mon Jan 16 10:30:50 2023 Summary: Security update for python-wheel Type: security Severity: moderate References: 1206670,CVE-2022-40898 This update for python-wheel fixes the following issues: - CVE-2022-40898: Fixed an excessive use of CPU that could be triggered via a crafted regular expression (bsc#1206670). The following package changes have been done: - python3-wheel-0.32.3-150100.6.5.1 updated From sle-security-updates at lists.suse.com Tue Jan 17 09:16:55 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 17 Jan 2023 10:16:55 +0100 (CET) Subject: SUSE-CU-2023:169-1: Security update of bci/python Message-ID: <20230117091655.3C61CFD96@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:169-1 Container Tags : bci/python:3 , bci/python:3-11.4 , bci/python:3.10 , bci/python:3.10-11.4 , bci/python:latest Container Release : 11.4 Severity : moderate Type : security References : 1206667 CVE-2022-40897 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:91-1 Released: Mon Jan 16 11:14:14 2023 Summary: Security update for python310-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python310-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). The following package changes have been done: - python310-setuptools-57.4.0-150400.4.3.1 updated From sle-security-updates at lists.suse.com Tue Jan 17 09:19:17 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 17 Jan 2023 10:19:17 +0100 (CET) Subject: SUSE-CU-2023:170-1: Security update of bci/python Message-ID: <20230117091917.1EFF5FD96@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:170-1 Container Tags : bci/python:3 , bci/python:3-34.4 , bci/python:3.6 , bci/python:3.6-34.4 Container Release : 34.4 Severity : moderate Type : security References : 1206670 CVE-2022-40898 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:88-1 Released: Mon Jan 16 10:30:50 2023 Summary: Security update for python-wheel Type: security Severity: moderate References: 1206670,CVE-2022-40898 This update for python-wheel fixes the following issues: - CVE-2022-40898: Fixed an excessive use of CPU that could be triggered via a crafted regular expression (bsc#1206670). The following package changes have been done: - python3-wheel-0.32.3-150100.6.5.1 updated From sle-security-updates at lists.suse.com Tue Jan 17 14:18:58 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 17 Jan 2023 15:18:58 +0100 (CET) Subject: SUSE-SU-2023:0093-1: moderate: Security update for python-setuptools Message-ID: <20230117141858.EADECFDD0@maintenance.suse.de> SUSE Security Update: Security update for python-setuptools ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0093-1 Rating: moderate References: #1206667 Cross-References: CVE-2022-40897 CVSS scores: CVE-2022-40897 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40897 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Containers 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-93=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-93=1 - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2023-93=1 - SUSE Linux Enterprise Module for Containers 12: zypper in -t patch SUSE-SLE-Module-Containers-12-2023-93=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): python3-setuptools-40.6.2-4.21.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-setuptools-40.6.2-4.21.1 python3-setuptools-40.6.2-4.21.1 - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-setuptools-40.6.2-4.21.1 python3-setuptools-40.6.2-4.21.1 - SUSE Linux Enterprise Module for Containers 12 (noarch): python-setuptools-40.6.2-4.21.1 References: https://www.suse.com/security/cve/CVE-2022-40897.html https://bugzilla.suse.com/1206667 From sle-security-updates at lists.suse.com Tue Jan 17 14:19:45 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 17 Jan 2023 15:19:45 +0100 (CET) Subject: SUSE-SU-2023:0094-1: moderate: Security update for python36-setuptools Message-ID: <20230117141945.3D68EFDD0@maintenance.suse.de> SUSE Security Update: Security update for python36-setuptools ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0094-1 Rating: moderate References: #1206667 Cross-References: CVE-2022-40897 CVSS scores: CVE-2022-40897 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40897 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python36-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-94=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): python36-setuptools-44.1.1-8.6.1 References: https://www.suse.com/security/cve/CVE-2022-40897.html https://bugzilla.suse.com/1206667 From sle-security-updates at lists.suse.com Tue Jan 17 17:17:54 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 17 Jan 2023 18:17:54 +0100 (CET) Subject: SUSE-SU-2023:0095-1: important: Security update for libzypp-plugin-appdata Message-ID: <20230117171754.0485FFDD0@maintenance.suse.de> SUSE Security Update: Security update for libzypp-plugin-appdata ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0095-1 Rating: important References: #1206836 Cross-References: CVE-2023-22643 Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libzypp-plugin-appdata fixes the following issues: - CVE-2023-22643: Fixed potential shell injection related to malicious repo names (bsc#1206836). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-95=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-95=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-95=1 Package List: - openSUSE Leap 15.4 (noarch): libzypp-plugin-appdata-1.0.1+git.20180426-150400.18.3.1 openSUSE-appdata-extra-1.0.1+git.20180426-150400.18.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): openSUSE-appdata-extra-1.0.1+git.20180426-150400.18.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (noarch): libzypp-plugin-appdata-1.0.1+git.20180426-150400.18.3.1 References: https://www.suse.com/security/cve/CVE-2023-22643.html https://bugzilla.suse.com/1206836 From sle-security-updates at lists.suse.com Thu Jan 19 14:18:10 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 19 Jan 2023 15:18:10 +0100 (CET) Subject: SUSE-SU-2023:0101-1: important: Security update for sudo Message-ID: <20230119141810.150DFFD96@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0101-1 Rating: important References: #1207082 Cross-References: CVE-2023-22809 CVSS scores: CVE-2023-22809 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-101=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-101=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-101=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-101=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): sudo-1.8.20p2-3.36.1 sudo-debuginfo-1.8.20p2-3.36.1 sudo-debugsource-1.8.20p2-3.36.1 - SUSE OpenStack Cloud 9 (x86_64): sudo-1.8.20p2-3.36.1 sudo-debuginfo-1.8.20p2-3.36.1 sudo-debugsource-1.8.20p2-3.36.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): sudo-1.8.20p2-3.36.1 sudo-debuginfo-1.8.20p2-3.36.1 sudo-debugsource-1.8.20p2-3.36.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.20p2-3.36.1 sudo-debuginfo-1.8.20p2-3.36.1 sudo-debugsource-1.8.20p2-3.36.1 References: https://www.suse.com/security/cve/CVE-2023-22809.html https://bugzilla.suse.com/1207082 From sle-security-updates at lists.suse.com Thu Jan 19 14:18:52 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 19 Jan 2023 15:18:52 +0100 (CET) Subject: SUSE-SU-2023:0100-1: important: Security update for sudo Message-ID: <20230119141852.6D0A5FD96@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0100-1 Rating: important References: #1207082 Cross-References: CVE-2023-22809 CVSS scores: CVE-2023-22809 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-100=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): sudo-1.8.10p3-10.44.1 sudo-debuginfo-1.8.10p3-10.44.1 sudo-debugsource-1.8.10p3-10.44.1 References: https://www.suse.com/security/cve/CVE-2023-22809.html https://bugzilla.suse.com/1207082 From sle-security-updates at lists.suse.com Thu Jan 19 17:15:57 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 19 Jan 2023 18:15:57 +0100 (CET) Subject: SUSE-SU-2023:0103-1: moderate: Security update for postgresql-jdbc Message-ID: <20230119171557.06AE9FDD0@maintenance.suse.de> SUSE Security Update: Security update for postgresql-jdbc ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0103-1 Rating: moderate References: #1206921 Cross-References: CVE-2022-41946 CVSS scores: CVE-2022-41946 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41946 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql-jdbc fixes the following issues: - CVE-2022-41946: Fixed a local information disclosure issue due to improper handling of temporary files (bsc#1206921). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-103=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-103=1 Package List: - openSUSE Leap 15.4 (noarch): postgresql-jdbc-42.2.25-150400.3.9.2 postgresql-jdbc-javadoc-42.2.25-150400.3.9.2 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): postgresql-jdbc-42.2.25-150400.3.9.2 References: https://www.suse.com/security/cve/CVE-2022-41946.html https://bugzilla.suse.com/1206921 From sle-security-updates at lists.suse.com Thu Jan 19 17:16:34 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 19 Jan 2023 18:16:34 +0100 (CET) Subject: SUSE-SU-2023:0104-1: moderate: Security update for postgresql-jdbc Message-ID: <20230119171634.7E359FDD0@maintenance.suse.de> SUSE Security Update: Security update for postgresql-jdbc ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0104-1 Rating: moderate References: #1206921 Cross-References: CVE-2022-41946 CVSS scores: CVE-2022-41946 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-41946 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for postgresql-jdbc fixes the following issues: - CVE-2022-41946: Fixed a local information disclosure issue due to improper handling of temporary files (bsc#1206921). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-104=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (noarch): postgresql-jdbc-9.4-3.9.1 References: https://www.suse.com/security/cve/CVE-2022-41946.html https://bugzilla.suse.com/1206921 From sle-security-updates at lists.suse.com Fri Jan 20 14:19:21 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 20 Jan 2023 15:19:21 +0100 (CET) Subject: SUSE-SU-2023:0119-1: important: Security update for mozilla-nss Message-ID: <20230120141921.51A30FD96@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0119-1 Rating: important References: #1204272 #1207038 Cross-References: CVE-2022-23491 CVE-2022-3479 CVSS scores: CVE-2022-23491 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-23491 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3479 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3479 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-119=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-119=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-119=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-119=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libfreebl3-3.79.3-150400.3.23.1 libfreebl3-debuginfo-3.79.3-150400.3.23.1 libfreebl3-hmac-3.79.3-150400.3.23.1 libsoftokn3-3.79.3-150400.3.23.1 libsoftokn3-debuginfo-3.79.3-150400.3.23.1 libsoftokn3-hmac-3.79.3-150400.3.23.1 mozilla-nss-3.79.3-150400.3.23.1 mozilla-nss-certs-3.79.3-150400.3.23.1 mozilla-nss-certs-debuginfo-3.79.3-150400.3.23.1 mozilla-nss-debuginfo-3.79.3-150400.3.23.1 mozilla-nss-debugsource-3.79.3-150400.3.23.1 mozilla-nss-tools-3.79.3-150400.3.23.1 mozilla-nss-tools-debuginfo-3.79.3-150400.3.23.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.3-150400.3.23.1 libfreebl3-debuginfo-3.79.3-150400.3.23.1 libfreebl3-hmac-3.79.3-150400.3.23.1 libsoftokn3-3.79.3-150400.3.23.1 libsoftokn3-debuginfo-3.79.3-150400.3.23.1 libsoftokn3-hmac-3.79.3-150400.3.23.1 mozilla-nss-3.79.3-150400.3.23.1 mozilla-nss-certs-3.79.3-150400.3.23.1 mozilla-nss-certs-debuginfo-3.79.3-150400.3.23.1 mozilla-nss-debuginfo-3.79.3-150400.3.23.1 mozilla-nss-debugsource-3.79.3-150400.3.23.1 mozilla-nss-devel-3.79.3-150400.3.23.1 mozilla-nss-sysinit-3.79.3-150400.3.23.1 mozilla-nss-sysinit-debuginfo-3.79.3-150400.3.23.1 mozilla-nss-tools-3.79.3-150400.3.23.1 mozilla-nss-tools-debuginfo-3.79.3-150400.3.23.1 - openSUSE Leap 15.4 (x86_64): libfreebl3-32bit-3.79.3-150400.3.23.1 libfreebl3-32bit-debuginfo-3.79.3-150400.3.23.1 libfreebl3-hmac-32bit-3.79.3-150400.3.23.1 libsoftokn3-32bit-3.79.3-150400.3.23.1 libsoftokn3-32bit-debuginfo-3.79.3-150400.3.23.1 libsoftokn3-hmac-32bit-3.79.3-150400.3.23.1 mozilla-nss-32bit-3.79.3-150400.3.23.1 mozilla-nss-32bit-debuginfo-3.79.3-150400.3.23.1 mozilla-nss-certs-32bit-3.79.3-150400.3.23.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150400.3.23.1 mozilla-nss-sysinit-32bit-3.79.3-150400.3.23.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.3-150400.3.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.3-150400.3.23.1 libfreebl3-debuginfo-3.79.3-150400.3.23.1 libfreebl3-hmac-3.79.3-150400.3.23.1 libsoftokn3-3.79.3-150400.3.23.1 libsoftokn3-debuginfo-3.79.3-150400.3.23.1 libsoftokn3-hmac-3.79.3-150400.3.23.1 mozilla-nss-3.79.3-150400.3.23.1 mozilla-nss-certs-3.79.3-150400.3.23.1 mozilla-nss-certs-debuginfo-3.79.3-150400.3.23.1 mozilla-nss-debuginfo-3.79.3-150400.3.23.1 mozilla-nss-debugsource-3.79.3-150400.3.23.1 mozilla-nss-devel-3.79.3-150400.3.23.1 mozilla-nss-sysinit-3.79.3-150400.3.23.1 mozilla-nss-sysinit-debuginfo-3.79.3-150400.3.23.1 mozilla-nss-tools-3.79.3-150400.3.23.1 mozilla-nss-tools-debuginfo-3.79.3-150400.3.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libfreebl3-32bit-3.79.3-150400.3.23.1 libfreebl3-32bit-debuginfo-3.79.3-150400.3.23.1 libfreebl3-hmac-32bit-3.79.3-150400.3.23.1 libsoftokn3-32bit-3.79.3-150400.3.23.1 libsoftokn3-32bit-debuginfo-3.79.3-150400.3.23.1 libsoftokn3-hmac-32bit-3.79.3-150400.3.23.1 mozilla-nss-32bit-3.79.3-150400.3.23.1 mozilla-nss-32bit-debuginfo-3.79.3-150400.3.23.1 mozilla-nss-certs-32bit-3.79.3-150400.3.23.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150400.3.23.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libfreebl3-3.79.3-150400.3.23.1 libfreebl3-debuginfo-3.79.3-150400.3.23.1 libfreebl3-hmac-3.79.3-150400.3.23.1 libsoftokn3-3.79.3-150400.3.23.1 libsoftokn3-debuginfo-3.79.3-150400.3.23.1 libsoftokn3-hmac-3.79.3-150400.3.23.1 mozilla-nss-3.79.3-150400.3.23.1 mozilla-nss-certs-3.79.3-150400.3.23.1 mozilla-nss-certs-debuginfo-3.79.3-150400.3.23.1 mozilla-nss-debuginfo-3.79.3-150400.3.23.1 mozilla-nss-debugsource-3.79.3-150400.3.23.1 mozilla-nss-tools-3.79.3-150400.3.23.1 mozilla-nss-tools-debuginfo-3.79.3-150400.3.23.1 References: https://www.suse.com/security/cve/CVE-2022-23491.html https://www.suse.com/security/cve/CVE-2022-3479.html https://bugzilla.suse.com/1204272 https://bugzilla.suse.com/1207038 From sle-security-updates at lists.suse.com Fri Jan 20 14:20:35 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 20 Jan 2023 15:20:35 +0100 (CET) Subject: SUSE-SU-2023:0113-1: important: Security update for MozillaFirefox Message-ID: <20230120142035.C5819FD96@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0113-1 Rating: important References: #1207119 Cross-References: CVE-2022-46871 CVE-2022-46877 CVE-2023-23598 CVE-2023-23601 CVE-2023-23602 CVE-2023-23603 CVE-2023-23605 CVSS scores: CVE-2022-46871 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-46877 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Updated to version 102.7.0 ESR (bsc#1207119): - CVE-2022-46871: Updated an out of date library (libusrsctp) which contained several vulnerabilities. - CVE-2023-23598: Fixed an arbitrary file read from GTK drag and drop on Linux. - CVE-2023-23601: Fixed a potential spoofing attack when dragging a URL from a cross-origin iframe into the same tab. - CVE-2023-23602: Fixed a mishandled security check, which caused the Content Security Policy header to be ignored for WebSockets in WebWorkers. - CVE-2022-46877: Fixed a fullscreen notification bypass which could be leveraged in spoofing attacks. - CVE-2023-23603: Fixed a Content Security Policy bypass via format directives. - CVE-2023-23605: Fixed several memory safety bugs. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-113=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-113=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-113=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-113=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-113=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-113=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-113=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-113=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-113=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-113=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-113=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-113=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.7.0-150200.152.73.1 MozillaFirefox-branding-upstream-102.7.0-150200.152.73.1 MozillaFirefox-debuginfo-102.7.0-150200.152.73.1 MozillaFirefox-debugsource-102.7.0-150200.152.73.1 MozillaFirefox-devel-102.7.0-150200.152.73.1 MozillaFirefox-translations-common-102.7.0-150200.152.73.1 MozillaFirefox-translations-other-102.7.0-150200.152.73.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): MozillaFirefox-102.7.0-150200.152.73.1 MozillaFirefox-debuginfo-102.7.0-150200.152.73.1 MozillaFirefox-debugsource-102.7.0-150200.152.73.1 MozillaFirefox-devel-102.7.0-150200.152.73.1 MozillaFirefox-translations-common-102.7.0-150200.152.73.1 MozillaFirefox-translations-other-102.7.0-150200.152.73.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): MozillaFirefox-102.7.0-150200.152.73.1 MozillaFirefox-debuginfo-102.7.0-150200.152.73.1 MozillaFirefox-debugsource-102.7.0-150200.152.73.1 MozillaFirefox-devel-102.7.0-150200.152.73.1 MozillaFirefox-translations-common-102.7.0-150200.152.73.1 MozillaFirefox-translations-other-102.7.0-150200.152.73.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.7.0-150200.152.73.1 MozillaFirefox-debuginfo-102.7.0-150200.152.73.1 MozillaFirefox-debugsource-102.7.0-150200.152.73.1 MozillaFirefox-translations-common-102.7.0-150200.152.73.1 MozillaFirefox-translations-other-102.7.0-150200.152.73.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le x86_64): MozillaFirefox-devel-102.7.0-150200.152.73.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.7.0-150200.152.73.1 MozillaFirefox-debuginfo-102.7.0-150200.152.73.1 MozillaFirefox-debugsource-102.7.0-150200.152.73.1 MozillaFirefox-devel-102.7.0-150200.152.73.1 MozillaFirefox-translations-common-102.7.0-150200.152.73.1 MozillaFirefox-translations-other-102.7.0-150200.152.73.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): MozillaFirefox-102.7.0-150200.152.73.1 MozillaFirefox-debuginfo-102.7.0-150200.152.73.1 MozillaFirefox-debugsource-102.7.0-150200.152.73.1 MozillaFirefox-devel-102.7.0-150200.152.73.1 MozillaFirefox-translations-common-102.7.0-150200.152.73.1 MozillaFirefox-translations-other-102.7.0-150200.152.73.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.7.0-150200.152.73.1 MozillaFirefox-debuginfo-102.7.0-150200.152.73.1 MozillaFirefox-debugsource-102.7.0-150200.152.73.1 MozillaFirefox-translations-common-102.7.0-150200.152.73.1 MozillaFirefox-translations-other-102.7.0-150200.152.73.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64): MozillaFirefox-devel-102.7.0-150200.152.73.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): MozillaFirefox-102.7.0-150200.152.73.1 MozillaFirefox-debuginfo-102.7.0-150200.152.73.1 MozillaFirefox-debugsource-102.7.0-150200.152.73.1 MozillaFirefox-devel-102.7.0-150200.152.73.1 MozillaFirefox-translations-common-102.7.0-150200.152.73.1 MozillaFirefox-translations-other-102.7.0-150200.152.73.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): MozillaFirefox-102.7.0-150200.152.73.1 MozillaFirefox-debuginfo-102.7.0-150200.152.73.1 MozillaFirefox-debugsource-102.7.0-150200.152.73.1 MozillaFirefox-devel-102.7.0-150200.152.73.1 MozillaFirefox-translations-common-102.7.0-150200.152.73.1 MozillaFirefox-translations-other-102.7.0-150200.152.73.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): MozillaFirefox-102.7.0-150200.152.73.1 MozillaFirefox-debuginfo-102.7.0-150200.152.73.1 MozillaFirefox-debugsource-102.7.0-150200.152.73.1 MozillaFirefox-devel-102.7.0-150200.152.73.1 MozillaFirefox-translations-common-102.7.0-150200.152.73.1 MozillaFirefox-translations-other-102.7.0-150200.152.73.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): MozillaFirefox-102.7.0-150200.152.73.1 MozillaFirefox-debuginfo-102.7.0-150200.152.73.1 MozillaFirefox-debugsource-102.7.0-150200.152.73.1 MozillaFirefox-devel-102.7.0-150200.152.73.1 MozillaFirefox-translations-common-102.7.0-150200.152.73.1 MozillaFirefox-translations-other-102.7.0-150200.152.73.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): MozillaFirefox-102.7.0-150200.152.73.1 MozillaFirefox-debuginfo-102.7.0-150200.152.73.1 MozillaFirefox-debugsource-102.7.0-150200.152.73.1 MozillaFirefox-devel-102.7.0-150200.152.73.1 MozillaFirefox-translations-common-102.7.0-150200.152.73.1 MozillaFirefox-translations-other-102.7.0-150200.152.73.1 References: https://www.suse.com/security/cve/CVE-2022-46871.html https://www.suse.com/security/cve/CVE-2022-46877.html https://www.suse.com/security/cve/CVE-2023-23598.html https://www.suse.com/security/cve/CVE-2023-23601.html https://www.suse.com/security/cve/CVE-2023-23602.html https://www.suse.com/security/cve/CVE-2023-23603.html https://www.suse.com/security/cve/CVE-2023-23605.html https://bugzilla.suse.com/1207119 From sle-security-updates at lists.suse.com Fri Jan 20 14:21:54 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 20 Jan 2023 15:21:54 +0100 (CET) Subject: SUSE-SU-2023:0115-1: important: Security update for sudo Message-ID: <20230120142154.F21AAFD96@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0115-1 Rating: important References: #1207082 Cross-References: CVE-2023-22809 CVSS scores: CVE-2023-22809 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-115=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-115=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-115=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-115=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-115=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-115=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-115=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-115=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-115=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-115=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-115=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-115=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): sudo-1.9.5p2-150300.3.19.1 sudo-debuginfo-1.9.5p2-150300.3.19.1 sudo-debugsource-1.9.5p2-150300.3.19.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): sudo-1.9.5p2-150300.3.19.1 sudo-debuginfo-1.9.5p2-150300.3.19.1 sudo-debugsource-1.9.5p2-150300.3.19.1 sudo-devel-1.9.5p2-150300.3.19.1 sudo-plugin-python-1.9.5p2-150300.3.19.1 sudo-plugin-python-debuginfo-1.9.5p2-150300.3.19.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): sudo-1.9.5p2-150300.3.19.1 sudo-debuginfo-1.9.5p2-150300.3.19.1 sudo-debugsource-1.9.5p2-150300.3.19.1 sudo-devel-1.9.5p2-150300.3.19.1 sudo-plugin-python-1.9.5p2-150300.3.19.1 sudo-plugin-python-debuginfo-1.9.5p2-150300.3.19.1 - SUSE Manager Proxy 4.2 (x86_64): sudo-1.9.5p2-150300.3.19.1 sudo-debuginfo-1.9.5p2-150300.3.19.1 sudo-debugsource-1.9.5p2-150300.3.19.1 sudo-devel-1.9.5p2-150300.3.19.1 sudo-plugin-python-1.9.5p2-150300.3.19.1 sudo-plugin-python-debuginfo-1.9.5p2-150300.3.19.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): sudo-1.9.5p2-150300.3.19.1 sudo-debuginfo-1.9.5p2-150300.3.19.1 sudo-debugsource-1.9.5p2-150300.3.19.1 sudo-devel-1.9.5p2-150300.3.19.1 sudo-plugin-python-1.9.5p2-150300.3.19.1 sudo-plugin-python-debuginfo-1.9.5p2-150300.3.19.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.9.5p2-150300.3.19.1 sudo-debuginfo-1.9.5p2-150300.3.19.1 sudo-debugsource-1.9.5p2-150300.3.19.1 sudo-devel-1.9.5p2-150300.3.19.1 sudo-plugin-python-1.9.5p2-150300.3.19.1 sudo-plugin-python-debuginfo-1.9.5p2-150300.3.19.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): sudo-1.9.5p2-150300.3.19.1 sudo-debuginfo-1.9.5p2-150300.3.19.1 sudo-debugsource-1.9.5p2-150300.3.19.1 sudo-devel-1.9.5p2-150300.3.19.1 sudo-plugin-python-1.9.5p2-150300.3.19.1 sudo-plugin-python-debuginfo-1.9.5p2-150300.3.19.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): sudo-1.9.5p2-150300.3.19.1 sudo-debuginfo-1.9.5p2-150300.3.19.1 sudo-debugsource-1.9.5p2-150300.3.19.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): sudo-1.9.5p2-150300.3.19.1 sudo-debuginfo-1.9.5p2-150300.3.19.1 sudo-debugsource-1.9.5p2-150300.3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): sudo-1.9.5p2-150300.3.19.1 sudo-debuginfo-1.9.5p2-150300.3.19.1 sudo-debugsource-1.9.5p2-150300.3.19.1 sudo-devel-1.9.5p2-150300.3.19.1 sudo-plugin-python-1.9.5p2-150300.3.19.1 sudo-plugin-python-debuginfo-1.9.5p2-150300.3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): sudo-1.9.5p2-150300.3.19.1 sudo-debuginfo-1.9.5p2-150300.3.19.1 sudo-debugsource-1.9.5p2-150300.3.19.1 sudo-devel-1.9.5p2-150300.3.19.1 sudo-plugin-python-1.9.5p2-150300.3.19.1 sudo-plugin-python-debuginfo-1.9.5p2-150300.3.19.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): sudo-1.9.5p2-150300.3.19.1 sudo-debuginfo-1.9.5p2-150300.3.19.1 sudo-debugsource-1.9.5p2-150300.3.19.1 sudo-devel-1.9.5p2-150300.3.19.1 sudo-plugin-python-1.9.5p2-150300.3.19.1 sudo-plugin-python-debuginfo-1.9.5p2-150300.3.19.1 References: https://www.suse.com/security/cve/CVE-2023-22809.html https://bugzilla.suse.com/1207082 From sle-security-updates at lists.suse.com Fri Jan 20 14:22:56 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 20 Jan 2023 15:22:56 +0100 (CET) Subject: SUSE-SU-2023:0117-1: important: Security update for sudo Message-ID: <20230120142256.1577EFD96@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0117-1 Rating: important References: #1206170 #1207082 Cross-References: CVE-2023-22809 CVSS scores: CVE-2023-22809 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). Other fixes: - Fixed a potential crash while using the sssd plugin (bsc#1206170). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-117=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-117=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): sudo-debuginfo-1.8.27-4.33.1 sudo-debugsource-1.8.27-4.33.1 sudo-devel-1.8.27-4.33.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): sudo-1.8.27-4.33.1 sudo-debuginfo-1.8.27-4.33.1 sudo-debugsource-1.8.27-4.33.1 References: https://www.suse.com/security/cve/CVE-2023-22809.html https://bugzilla.suse.com/1206170 https://bugzilla.suse.com/1207082 From sle-security-updates at lists.suse.com Fri Jan 20 14:23:55 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 20 Jan 2023 15:23:55 +0100 (CET) Subject: SUSE-SU-2023:0118-1: important: Security update for mozilla-nss Message-ID: <20230120142355.EA5FEFD96@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0118-1 Rating: important References: #1204272 #1207038 Cross-References: CVE-2022-23491 CVE-2022-3479 CVSS scores: CVE-2022-23491 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-23491 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3479 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3479 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-118=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-118=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-118=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-118=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-118=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-118=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-118=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libfreebl3-3.79.3-58.91.1 libfreebl3-32bit-3.79.3-58.91.1 libfreebl3-debuginfo-3.79.3-58.91.1 libfreebl3-debuginfo-32bit-3.79.3-58.91.1 libfreebl3-hmac-3.79.3-58.91.1 libfreebl3-hmac-32bit-3.79.3-58.91.1 libsoftokn3-3.79.3-58.91.1 libsoftokn3-32bit-3.79.3-58.91.1 libsoftokn3-debuginfo-3.79.3-58.91.1 libsoftokn3-debuginfo-32bit-3.79.3-58.91.1 libsoftokn3-hmac-3.79.3-58.91.1 libsoftokn3-hmac-32bit-3.79.3-58.91.1 mozilla-nss-3.79.3-58.91.1 mozilla-nss-32bit-3.79.3-58.91.1 mozilla-nss-certs-3.79.3-58.91.1 mozilla-nss-certs-32bit-3.79.3-58.91.1 mozilla-nss-certs-debuginfo-3.79.3-58.91.1 mozilla-nss-certs-debuginfo-32bit-3.79.3-58.91.1 mozilla-nss-debuginfo-3.79.3-58.91.1 mozilla-nss-debuginfo-32bit-3.79.3-58.91.1 mozilla-nss-debugsource-3.79.3-58.91.1 mozilla-nss-devel-3.79.3-58.91.1 mozilla-nss-sysinit-3.79.3-58.91.1 mozilla-nss-sysinit-32bit-3.79.3-58.91.1 mozilla-nss-sysinit-debuginfo-3.79.3-58.91.1 mozilla-nss-sysinit-debuginfo-32bit-3.79.3-58.91.1 mozilla-nss-tools-3.79.3-58.91.1 mozilla-nss-tools-debuginfo-3.79.3-58.91.1 - SUSE OpenStack Cloud 9 (x86_64): libfreebl3-3.79.3-58.91.1 libfreebl3-32bit-3.79.3-58.91.1 libfreebl3-debuginfo-3.79.3-58.91.1 libfreebl3-debuginfo-32bit-3.79.3-58.91.1 libfreebl3-hmac-3.79.3-58.91.1 libfreebl3-hmac-32bit-3.79.3-58.91.1 libsoftokn3-3.79.3-58.91.1 libsoftokn3-32bit-3.79.3-58.91.1 libsoftokn3-debuginfo-3.79.3-58.91.1 libsoftokn3-debuginfo-32bit-3.79.3-58.91.1 libsoftokn3-hmac-3.79.3-58.91.1 libsoftokn3-hmac-32bit-3.79.3-58.91.1 mozilla-nss-3.79.3-58.91.1 mozilla-nss-32bit-3.79.3-58.91.1 mozilla-nss-certs-3.79.3-58.91.1 mozilla-nss-certs-32bit-3.79.3-58.91.1 mozilla-nss-certs-debuginfo-3.79.3-58.91.1 mozilla-nss-certs-debuginfo-32bit-3.79.3-58.91.1 mozilla-nss-debuginfo-3.79.3-58.91.1 mozilla-nss-debuginfo-32bit-3.79.3-58.91.1 mozilla-nss-debugsource-3.79.3-58.91.1 mozilla-nss-devel-3.79.3-58.91.1 mozilla-nss-sysinit-3.79.3-58.91.1 mozilla-nss-sysinit-32bit-3.79.3-58.91.1 mozilla-nss-sysinit-debuginfo-3.79.3-58.91.1 mozilla-nss-sysinit-debuginfo-32bit-3.79.3-58.91.1 mozilla-nss-tools-3.79.3-58.91.1 mozilla-nss-tools-debuginfo-3.79.3-58.91.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): mozilla-nss-debuginfo-3.79.3-58.91.1 mozilla-nss-debugsource-3.79.3-58.91.1 mozilla-nss-devel-3.79.3-58.91.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libfreebl3-3.79.3-58.91.1 libfreebl3-debuginfo-3.79.3-58.91.1 libfreebl3-hmac-3.79.3-58.91.1 libsoftokn3-3.79.3-58.91.1 libsoftokn3-debuginfo-3.79.3-58.91.1 libsoftokn3-hmac-3.79.3-58.91.1 mozilla-nss-3.79.3-58.91.1 mozilla-nss-certs-3.79.3-58.91.1 mozilla-nss-certs-debuginfo-3.79.3-58.91.1 mozilla-nss-debuginfo-3.79.3-58.91.1 mozilla-nss-debugsource-3.79.3-58.91.1 mozilla-nss-devel-3.79.3-58.91.1 mozilla-nss-sysinit-3.79.3-58.91.1 mozilla-nss-sysinit-debuginfo-3.79.3-58.91.1 mozilla-nss-tools-3.79.3-58.91.1 mozilla-nss-tools-debuginfo-3.79.3-58.91.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libfreebl3-32bit-3.79.3-58.91.1 libfreebl3-debuginfo-32bit-3.79.3-58.91.1 libfreebl3-hmac-32bit-3.79.3-58.91.1 libsoftokn3-32bit-3.79.3-58.91.1 libsoftokn3-debuginfo-32bit-3.79.3-58.91.1 libsoftokn3-hmac-32bit-3.79.3-58.91.1 mozilla-nss-32bit-3.79.3-58.91.1 mozilla-nss-certs-32bit-3.79.3-58.91.1 mozilla-nss-certs-debuginfo-32bit-3.79.3-58.91.1 mozilla-nss-debuginfo-32bit-3.79.3-58.91.1 mozilla-nss-sysinit-32bit-3.79.3-58.91.1 mozilla-nss-sysinit-debuginfo-32bit-3.79.3-58.91.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.3-58.91.1 libfreebl3-debuginfo-3.79.3-58.91.1 libfreebl3-hmac-3.79.3-58.91.1 libsoftokn3-3.79.3-58.91.1 libsoftokn3-debuginfo-3.79.3-58.91.1 libsoftokn3-hmac-3.79.3-58.91.1 mozilla-nss-3.79.3-58.91.1 mozilla-nss-certs-3.79.3-58.91.1 mozilla-nss-certs-debuginfo-3.79.3-58.91.1 mozilla-nss-debuginfo-3.79.3-58.91.1 mozilla-nss-debugsource-3.79.3-58.91.1 mozilla-nss-devel-3.79.3-58.91.1 mozilla-nss-sysinit-3.79.3-58.91.1 mozilla-nss-sysinit-debuginfo-3.79.3-58.91.1 mozilla-nss-tools-3.79.3-58.91.1 mozilla-nss-tools-debuginfo-3.79.3-58.91.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libfreebl3-32bit-3.79.3-58.91.1 libfreebl3-debuginfo-32bit-3.79.3-58.91.1 libfreebl3-hmac-32bit-3.79.3-58.91.1 libsoftokn3-32bit-3.79.3-58.91.1 libsoftokn3-debuginfo-32bit-3.79.3-58.91.1 libsoftokn3-hmac-32bit-3.79.3-58.91.1 mozilla-nss-32bit-3.79.3-58.91.1 mozilla-nss-certs-32bit-3.79.3-58.91.1 mozilla-nss-certs-debuginfo-32bit-3.79.3-58.91.1 mozilla-nss-debuginfo-32bit-3.79.3-58.91.1 mozilla-nss-sysinit-32bit-3.79.3-58.91.1 mozilla-nss-sysinit-debuginfo-32bit-3.79.3-58.91.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.3-58.91.1 libfreebl3-debuginfo-3.79.3-58.91.1 libfreebl3-hmac-3.79.3-58.91.1 libsoftokn3-3.79.3-58.91.1 libsoftokn3-debuginfo-3.79.3-58.91.1 libsoftokn3-hmac-3.79.3-58.91.1 mozilla-nss-3.79.3-58.91.1 mozilla-nss-certs-3.79.3-58.91.1 mozilla-nss-certs-debuginfo-3.79.3-58.91.1 mozilla-nss-debuginfo-3.79.3-58.91.1 mozilla-nss-debugsource-3.79.3-58.91.1 mozilla-nss-devel-3.79.3-58.91.1 mozilla-nss-sysinit-3.79.3-58.91.1 mozilla-nss-sysinit-debuginfo-3.79.3-58.91.1 mozilla-nss-tools-3.79.3-58.91.1 mozilla-nss-tools-debuginfo-3.79.3-58.91.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libfreebl3-32bit-3.79.3-58.91.1 libfreebl3-debuginfo-32bit-3.79.3-58.91.1 libfreebl3-hmac-32bit-3.79.3-58.91.1 libsoftokn3-32bit-3.79.3-58.91.1 libsoftokn3-debuginfo-32bit-3.79.3-58.91.1 libsoftokn3-hmac-32bit-3.79.3-58.91.1 mozilla-nss-32bit-3.79.3-58.91.1 mozilla-nss-certs-32bit-3.79.3-58.91.1 mozilla-nss-certs-debuginfo-32bit-3.79.3-58.91.1 mozilla-nss-debuginfo-32bit-3.79.3-58.91.1 mozilla-nss-sysinit-32bit-3.79.3-58.91.1 mozilla-nss-sysinit-debuginfo-32bit-3.79.3-58.91.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libfreebl3-3.79.3-58.91.1 libfreebl3-32bit-3.79.3-58.91.1 libfreebl3-debuginfo-3.79.3-58.91.1 libfreebl3-debuginfo-32bit-3.79.3-58.91.1 libfreebl3-hmac-3.79.3-58.91.1 libfreebl3-hmac-32bit-3.79.3-58.91.1 libsoftokn3-3.79.3-58.91.1 libsoftokn3-32bit-3.79.3-58.91.1 libsoftokn3-debuginfo-3.79.3-58.91.1 libsoftokn3-debuginfo-32bit-3.79.3-58.91.1 libsoftokn3-hmac-3.79.3-58.91.1 libsoftokn3-hmac-32bit-3.79.3-58.91.1 mozilla-nss-3.79.3-58.91.1 mozilla-nss-32bit-3.79.3-58.91.1 mozilla-nss-certs-3.79.3-58.91.1 mozilla-nss-certs-32bit-3.79.3-58.91.1 mozilla-nss-certs-debuginfo-3.79.3-58.91.1 mozilla-nss-certs-debuginfo-32bit-3.79.3-58.91.1 mozilla-nss-debuginfo-3.79.3-58.91.1 mozilla-nss-debuginfo-32bit-3.79.3-58.91.1 mozilla-nss-debugsource-3.79.3-58.91.1 mozilla-nss-sysinit-3.79.3-58.91.1 mozilla-nss-sysinit-32bit-3.79.3-58.91.1 mozilla-nss-sysinit-debuginfo-3.79.3-58.91.1 mozilla-nss-sysinit-debuginfo-32bit-3.79.3-58.91.1 mozilla-nss-tools-3.79.3-58.91.1 mozilla-nss-tools-debuginfo-3.79.3-58.91.1 References: https://www.suse.com/security/cve/CVE-2022-23491.html https://www.suse.com/security/cve/CVE-2022-3479.html https://bugzilla.suse.com/1204272 https://bugzilla.suse.com/1207038 From sle-security-updates at lists.suse.com Fri Jan 20 14:25:16 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 20 Jan 2023 15:25:16 +0100 (CET) Subject: SUSE-SU-2023:0110-1: important: Security update for git Message-ID: <20230120142516.13CF3FD96@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0110-1 Rating: important References: #1207032 #1207033 Cross-References: CVE-2022-23521 CVE-2022-41903 CVSS scores: CVE-2022-23521 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-41903 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the "git archive" and "git log --format" commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-110=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-110=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-110=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-110=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-110=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-110=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-110=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-110=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-110=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-110=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-110=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-110=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.21.1 git-arch-2.35.3-150300.10.21.1 git-core-2.35.3-150300.10.21.1 git-core-debuginfo-2.35.3-150300.10.21.1 git-credential-gnome-keyring-2.35.3-150300.10.21.1 git-credential-gnome-keyring-debuginfo-2.35.3-150300.10.21.1 git-credential-libsecret-2.35.3-150300.10.21.1 git-credential-libsecret-debuginfo-2.35.3-150300.10.21.1 git-cvs-2.35.3-150300.10.21.1 git-daemon-2.35.3-150300.10.21.1 git-daemon-debuginfo-2.35.3-150300.10.21.1 git-debuginfo-2.35.3-150300.10.21.1 git-debugsource-2.35.3-150300.10.21.1 git-email-2.35.3-150300.10.21.1 git-gui-2.35.3-150300.10.21.1 git-p4-2.35.3-150300.10.21.1 git-svn-2.35.3-150300.10.21.1 git-web-2.35.3-150300.10.21.1 gitk-2.35.3-150300.10.21.1 perl-Git-2.35.3-150300.10.21.1 - openSUSE Leap 15.4 (noarch): git-doc-2.35.3-150300.10.21.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): git-core-2.35.3-150300.10.21.1 git-core-debuginfo-2.35.3-150300.10.21.1 git-debuginfo-2.35.3-150300.10.21.1 git-debugsource-2.35.3-150300.10.21.1 perl-Git-2.35.3-150300.10.21.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): git-core-2.35.3-150300.10.21.1 git-core-debuginfo-2.35.3-150300.10.21.1 git-debuginfo-2.35.3-150300.10.21.1 git-debugsource-2.35.3-150300.10.21.1 perl-Git-2.35.3-150300.10.21.1 - SUSE Manager Proxy 4.2 (x86_64): git-core-2.35.3-150300.10.21.1 git-core-debuginfo-2.35.3-150300.10.21.1 git-debuginfo-2.35.3-150300.10.21.1 git-debugsource-2.35.3-150300.10.21.1 perl-Git-2.35.3-150300.10.21.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): git-2.35.3-150300.10.21.1 git-arch-2.35.3-150300.10.21.1 git-core-2.35.3-150300.10.21.1 git-core-debuginfo-2.35.3-150300.10.21.1 git-cvs-2.35.3-150300.10.21.1 git-daemon-2.35.3-150300.10.21.1 git-daemon-debuginfo-2.35.3-150300.10.21.1 git-debuginfo-2.35.3-150300.10.21.1 git-debugsource-2.35.3-150300.10.21.1 git-email-2.35.3-150300.10.21.1 git-gui-2.35.3-150300.10.21.1 git-svn-2.35.3-150300.10.21.1 git-web-2.35.3-150300.10.21.1 gitk-2.35.3-150300.10.21.1 perl-Git-2.35.3-150300.10.21.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): git-doc-2.35.3-150300.10.21.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.21.1 git-arch-2.35.3-150300.10.21.1 git-core-2.35.3-150300.10.21.1 git-core-debuginfo-2.35.3-150300.10.21.1 git-cvs-2.35.3-150300.10.21.1 git-daemon-2.35.3-150300.10.21.1 git-daemon-debuginfo-2.35.3-150300.10.21.1 git-debuginfo-2.35.3-150300.10.21.1 git-debugsource-2.35.3-150300.10.21.1 git-email-2.35.3-150300.10.21.1 git-gui-2.35.3-150300.10.21.1 git-svn-2.35.3-150300.10.21.1 git-web-2.35.3-150300.10.21.1 gitk-2.35.3-150300.10.21.1 perl-Git-2.35.3-150300.10.21.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): git-doc-2.35.3-150300.10.21.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): git-doc-2.35.3-150300.10.21.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): git-2.35.3-150300.10.21.1 git-arch-2.35.3-150300.10.21.1 git-core-2.35.3-150300.10.21.1 git-core-debuginfo-2.35.3-150300.10.21.1 git-cvs-2.35.3-150300.10.21.1 git-daemon-2.35.3-150300.10.21.1 git-daemon-debuginfo-2.35.3-150300.10.21.1 git-debuginfo-2.35.3-150300.10.21.1 git-debugsource-2.35.3-150300.10.21.1 git-email-2.35.3-150300.10.21.1 git-gui-2.35.3-150300.10.21.1 git-svn-2.35.3-150300.10.21.1 git-web-2.35.3-150300.10.21.1 gitk-2.35.3-150300.10.21.1 perl-Git-2.35.3-150300.10.21.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): git-2.35.3-150300.10.21.1 git-arch-2.35.3-150300.10.21.1 git-cvs-2.35.3-150300.10.21.1 git-daemon-2.35.3-150300.10.21.1 git-daemon-debuginfo-2.35.3-150300.10.21.1 git-debuginfo-2.35.3-150300.10.21.1 git-debugsource-2.35.3-150300.10.21.1 git-email-2.35.3-150300.10.21.1 git-gui-2.35.3-150300.10.21.1 git-svn-2.35.3-150300.10.21.1 git-web-2.35.3-150300.10.21.1 gitk-2.35.3-150300.10.21.1 perl-Git-2.35.3-150300.10.21.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): git-doc-2.35.3-150300.10.21.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): git-core-2.35.3-150300.10.21.1 git-core-debuginfo-2.35.3-150300.10.21.1 git-debuginfo-2.35.3-150300.10.21.1 git-debugsource-2.35.3-150300.10.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): git-2.35.3-150300.10.21.1 git-arch-2.35.3-150300.10.21.1 git-core-2.35.3-150300.10.21.1 git-core-debuginfo-2.35.3-150300.10.21.1 git-cvs-2.35.3-150300.10.21.1 git-daemon-2.35.3-150300.10.21.1 git-daemon-debuginfo-2.35.3-150300.10.21.1 git-debuginfo-2.35.3-150300.10.21.1 git-debugsource-2.35.3-150300.10.21.1 git-email-2.35.3-150300.10.21.1 git-gui-2.35.3-150300.10.21.1 git-svn-2.35.3-150300.10.21.1 git-web-2.35.3-150300.10.21.1 gitk-2.35.3-150300.10.21.1 perl-Git-2.35.3-150300.10.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): git-doc-2.35.3-150300.10.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): git-2.35.3-150300.10.21.1 git-arch-2.35.3-150300.10.21.1 git-core-2.35.3-150300.10.21.1 git-core-debuginfo-2.35.3-150300.10.21.1 git-cvs-2.35.3-150300.10.21.1 git-daemon-2.35.3-150300.10.21.1 git-daemon-debuginfo-2.35.3-150300.10.21.1 git-debuginfo-2.35.3-150300.10.21.1 git-debugsource-2.35.3-150300.10.21.1 git-email-2.35.3-150300.10.21.1 git-gui-2.35.3-150300.10.21.1 git-svn-2.35.3-150300.10.21.1 git-web-2.35.3-150300.10.21.1 gitk-2.35.3-150300.10.21.1 perl-Git-2.35.3-150300.10.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): git-doc-2.35.3-150300.10.21.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): git-2.35.3-150300.10.21.1 git-arch-2.35.3-150300.10.21.1 git-core-2.35.3-150300.10.21.1 git-core-debuginfo-2.35.3-150300.10.21.1 git-cvs-2.35.3-150300.10.21.1 git-daemon-2.35.3-150300.10.21.1 git-daemon-debuginfo-2.35.3-150300.10.21.1 git-debuginfo-2.35.3-150300.10.21.1 git-debugsource-2.35.3-150300.10.21.1 git-email-2.35.3-150300.10.21.1 git-gui-2.35.3-150300.10.21.1 git-svn-2.35.3-150300.10.21.1 git-web-2.35.3-150300.10.21.1 gitk-2.35.3-150300.10.21.1 perl-Git-2.35.3-150300.10.21.1 - SUSE Enterprise Storage 7.1 (noarch): git-doc-2.35.3-150300.10.21.1 References: https://www.suse.com/security/cve/CVE-2022-23521.html https://www.suse.com/security/cve/CVE-2022-41903.html https://bugzilla.suse.com/1207032 https://bugzilla.suse.com/1207033 From sle-security-updates at lists.suse.com Fri Jan 20 14:26:34 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 20 Jan 2023 15:26:34 +0100 (CET) Subject: SUSE-SU-2023:0109-1: important: Security update for git Message-ID: <20230120142634.0DD89FD96@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0109-1 Rating: important References: #1207032 #1207033 Cross-References: CVE-2022-23521 CVE-2022-41903 CVSS scores: CVE-2022-23521 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-41903 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the "git archive" and "git log --format" commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-109=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-109=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2023-109=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-109=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-109=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-109=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-109=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-109=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2023-109=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): git-2.26.2-27.63.2 git-core-2.26.2-27.63.2 git-core-debuginfo-2.26.2-27.63.2 git-cvs-2.26.2-27.63.2 git-daemon-2.26.2-27.63.2 git-daemon-debuginfo-2.26.2-27.63.2 git-debugsource-2.26.2-27.63.2 git-email-2.26.2-27.63.2 git-gui-2.26.2-27.63.2 git-svn-2.26.2-27.63.2 git-web-2.26.2-27.63.2 gitk-2.26.2-27.63.2 - SUSE OpenStack Cloud 9 (x86_64): git-2.26.2-27.63.2 git-core-2.26.2-27.63.2 git-core-debuginfo-2.26.2-27.63.2 git-cvs-2.26.2-27.63.2 git-daemon-2.26.2-27.63.2 git-daemon-debuginfo-2.26.2-27.63.2 git-debugsource-2.26.2-27.63.2 git-email-2.26.2-27.63.2 git-gui-2.26.2-27.63.2 git-svn-2.26.2-27.63.2 git-web-2.26.2-27.63.2 gitk-2.26.2-27.63.2 - SUSE OpenStack Cloud 8 (x86_64): git-2.26.2-27.63.2 git-debugsource-2.26.2-27.63.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): git-2.26.2-27.63.2 git-arch-2.26.2-27.63.2 git-core-2.26.2-27.63.2 git-core-debuginfo-2.26.2-27.63.2 git-cvs-2.26.2-27.63.2 git-daemon-2.26.2-27.63.2 git-daemon-debuginfo-2.26.2-27.63.2 git-debugsource-2.26.2-27.63.2 git-email-2.26.2-27.63.2 git-gui-2.26.2-27.63.2 git-svn-2.26.2-27.63.2 git-svn-debuginfo-2.26.2-27.63.2 git-web-2.26.2-27.63.2 gitk-2.26.2-27.63.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): git-doc-2.26.2-27.63.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): git-2.26.2-27.63.2 git-core-2.26.2-27.63.2 git-core-debuginfo-2.26.2-27.63.2 git-cvs-2.26.2-27.63.2 git-daemon-2.26.2-27.63.2 git-daemon-debuginfo-2.26.2-27.63.2 git-debugsource-2.26.2-27.63.2 git-email-2.26.2-27.63.2 git-gui-2.26.2-27.63.2 git-svn-2.26.2-27.63.2 git-web-2.26.2-27.63.2 gitk-2.26.2-27.63.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): git-2.26.2-27.63.2 git-core-2.26.2-27.63.2 git-core-debuginfo-2.26.2-27.63.2 git-cvs-2.26.2-27.63.2 git-daemon-2.26.2-27.63.2 git-daemon-debuginfo-2.26.2-27.63.2 git-debugsource-2.26.2-27.63.2 git-email-2.26.2-27.63.2 git-gui-2.26.2-27.63.2 git-svn-2.26.2-27.63.2 git-web-2.26.2-27.63.2 gitk-2.26.2-27.63.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): git-2.26.2-27.63.2 git-core-2.26.2-27.63.2 git-core-debuginfo-2.26.2-27.63.2 git-cvs-2.26.2-27.63.2 git-daemon-2.26.2-27.63.2 git-daemon-debuginfo-2.26.2-27.63.2 git-debugsource-2.26.2-27.63.2 git-email-2.26.2-27.63.2 git-gui-2.26.2-27.63.2 git-svn-2.26.2-27.63.2 git-web-2.26.2-27.63.2 gitk-2.26.2-27.63.2 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): git-doc-2.26.2-27.63.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): git-2.26.2-27.63.2 git-core-2.26.2-27.63.2 git-core-debuginfo-2.26.2-27.63.2 git-cvs-2.26.2-27.63.2 git-daemon-2.26.2-27.63.2 git-daemon-debuginfo-2.26.2-27.63.2 git-debugsource-2.26.2-27.63.2 git-email-2.26.2-27.63.2 git-gui-2.26.2-27.63.2 git-svn-2.26.2-27.63.2 git-web-2.26.2-27.63.2 gitk-2.26.2-27.63.2 - HPE Helion Openstack 8 (x86_64): git-2.26.2-27.63.2 git-debugsource-2.26.2-27.63.2 References: https://www.suse.com/security/cve/CVE-2022-23521.html https://www.suse.com/security/cve/CVE-2022-41903.html https://bugzilla.suse.com/1207032 https://bugzilla.suse.com/1207033 From sle-security-updates at lists.suse.com Fri Jan 20 14:27:42 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 20 Jan 2023 15:27:42 +0100 (CET) Subject: SUSE-SU-2023:0112-1: important: Security update for MozillaFirefox Message-ID: <20230120142742.3DC64FD96@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0112-1 Rating: important References: #1207119 Cross-References: CVE-2022-46871 CVE-2022-46877 CVE-2023-23598 CVE-2023-23601 CVE-2023-23602 CVE-2023-23603 CVE-2023-23605 CVSS scores: CVE-2022-46871 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-46877 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Updated to version 102.7.0 ESR (bsc#1207119): - CVE-2022-46871: Updated an out of date library (libusrsctp) which contained several vulnerabilities. - CVE-2023-23598: Fixed an arbitrary file read from GTK drag and drop on Linux. - CVE-2023-23601: Fixed a potential spoofing attack when dragging a URL from a cross-origin iframe into the same tab. - CVE-2023-23602: Fixed a mishandled security check, which caused the Content Security Policy header to be ignored for WebSockets in WebWorkers. - CVE-2022-46877: Fixed a fullscreen notification bypass which could be leveraged in spoofing attacks. - CVE-2023-23603: Fixed a Content Security Policy bypass via format directives. - CVE-2023-23605: Fixed several memory safety bugs. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-112=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-112=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-112=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-112=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-102.7.0-150000.150.71.1 MozillaFirefox-debuginfo-102.7.0-150000.150.71.1 MozillaFirefox-debugsource-102.7.0-150000.150.71.1 MozillaFirefox-devel-102.7.0-150000.150.71.1 MozillaFirefox-translations-common-102.7.0-150000.150.71.1 MozillaFirefox-translations-other-102.7.0-150000.150.71.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.7.0-150000.150.71.1 MozillaFirefox-debuginfo-102.7.0-150000.150.71.1 MozillaFirefox-debugsource-102.7.0-150000.150.71.1 MozillaFirefox-devel-102.7.0-150000.150.71.1 MozillaFirefox-translations-common-102.7.0-150000.150.71.1 MozillaFirefox-translations-other-102.7.0-150000.150.71.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-102.7.0-150000.150.71.1 MozillaFirefox-debuginfo-102.7.0-150000.150.71.1 MozillaFirefox-debugsource-102.7.0-150000.150.71.1 MozillaFirefox-devel-102.7.0-150000.150.71.1 MozillaFirefox-translations-common-102.7.0-150000.150.71.1 MozillaFirefox-translations-other-102.7.0-150000.150.71.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-102.7.0-150000.150.71.1 MozillaFirefox-debuginfo-102.7.0-150000.150.71.1 MozillaFirefox-debugsource-102.7.0-150000.150.71.1 MozillaFirefox-devel-102.7.0-150000.150.71.1 MozillaFirefox-translations-common-102.7.0-150000.150.71.1 MozillaFirefox-translations-other-102.7.0-150000.150.71.1 - SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-102.7.0-150000.150.71.1 MozillaFirefox-debuginfo-102.7.0-150000.150.71.1 MozillaFirefox-debugsource-102.7.0-150000.150.71.1 MozillaFirefox-devel-102.7.0-150000.150.71.1 MozillaFirefox-translations-common-102.7.0-150000.150.71.1 MozillaFirefox-translations-other-102.7.0-150000.150.71.1 References: https://www.suse.com/security/cve/CVE-2022-46871.html https://www.suse.com/security/cve/CVE-2022-46877.html https://www.suse.com/security/cve/CVE-2023-23598.html https://www.suse.com/security/cve/CVE-2023-23601.html https://www.suse.com/security/cve/CVE-2023-23602.html https://www.suse.com/security/cve/CVE-2023-23603.html https://www.suse.com/security/cve/CVE-2023-23605.html https://bugzilla.suse.com/1207119 From sle-security-updates at lists.suse.com Fri Jan 20 14:28:48 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 20 Jan 2023 15:28:48 +0100 (CET) Subject: SUSE-SU-2023:0108-1: important: Security update for git Message-ID: <20230120142848.8B604FD96@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0108-1 Rating: important References: #1207032 #1207033 Cross-References: CVE-2022-23521 CVE-2022-41903 CVSS scores: CVE-2022-23521 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-41903 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the "git archive" and "git log --format" commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-108=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-108=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-108=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-108=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-108=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-108=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-108=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-108=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-108=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): git-svn-debuginfo-2.26.2-150000.44.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): git-2.26.2-150000.44.1 git-arch-2.26.2-150000.44.1 git-core-2.26.2-150000.44.1 git-core-debuginfo-2.26.2-150000.44.1 git-cvs-2.26.2-150000.44.1 git-daemon-2.26.2-150000.44.1 git-daemon-debuginfo-2.26.2-150000.44.1 git-debuginfo-2.26.2-150000.44.1 git-debugsource-2.26.2-150000.44.1 git-email-2.26.2-150000.44.1 git-gui-2.26.2-150000.44.1 git-svn-2.26.2-150000.44.1 git-svn-debuginfo-2.26.2-150000.44.1 git-web-2.26.2-150000.44.1 gitk-2.26.2-150000.44.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): git-doc-2.26.2-150000.44.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): git-2.26.2-150000.44.1 git-arch-2.26.2-150000.44.1 git-core-2.26.2-150000.44.1 git-core-debuginfo-2.26.2-150000.44.1 git-cvs-2.26.2-150000.44.1 git-daemon-2.26.2-150000.44.1 git-daemon-debuginfo-2.26.2-150000.44.1 git-debuginfo-2.26.2-150000.44.1 git-debugsource-2.26.2-150000.44.1 git-email-2.26.2-150000.44.1 git-gui-2.26.2-150000.44.1 git-svn-2.26.2-150000.44.1 git-svn-debuginfo-2.26.2-150000.44.1 git-web-2.26.2-150000.44.1 gitk-2.26.2-150000.44.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): git-doc-2.26.2-150000.44.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): git-2.26.2-150000.44.1 git-arch-2.26.2-150000.44.1 git-core-2.26.2-150000.44.1 git-core-debuginfo-2.26.2-150000.44.1 git-cvs-2.26.2-150000.44.1 git-daemon-2.26.2-150000.44.1 git-daemon-debuginfo-2.26.2-150000.44.1 git-debuginfo-2.26.2-150000.44.1 git-debugsource-2.26.2-150000.44.1 git-email-2.26.2-150000.44.1 git-gui-2.26.2-150000.44.1 git-svn-2.26.2-150000.44.1 git-svn-debuginfo-2.26.2-150000.44.1 git-web-2.26.2-150000.44.1 gitk-2.26.2-150000.44.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): git-doc-2.26.2-150000.44.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): git-2.26.2-150000.44.1 git-arch-2.26.2-150000.44.1 git-core-2.26.2-150000.44.1 git-core-debuginfo-2.26.2-150000.44.1 git-cvs-2.26.2-150000.44.1 git-daemon-2.26.2-150000.44.1 git-daemon-debuginfo-2.26.2-150000.44.1 git-debuginfo-2.26.2-150000.44.1 git-debugsource-2.26.2-150000.44.1 git-email-2.26.2-150000.44.1 git-gui-2.26.2-150000.44.1 git-svn-2.26.2-150000.44.1 git-svn-debuginfo-2.26.2-150000.44.1 git-web-2.26.2-150000.44.1 gitk-2.26.2-150000.44.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): git-doc-2.26.2-150000.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): git-2.26.2-150000.44.1 git-arch-2.26.2-150000.44.1 git-core-2.26.2-150000.44.1 git-core-debuginfo-2.26.2-150000.44.1 git-cvs-2.26.2-150000.44.1 git-daemon-2.26.2-150000.44.1 git-daemon-debuginfo-2.26.2-150000.44.1 git-debuginfo-2.26.2-150000.44.1 git-debugsource-2.26.2-150000.44.1 git-email-2.26.2-150000.44.1 git-gui-2.26.2-150000.44.1 git-svn-2.26.2-150000.44.1 git-svn-debuginfo-2.26.2-150000.44.1 git-web-2.26.2-150000.44.1 gitk-2.26.2-150000.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): git-doc-2.26.2-150000.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): git-2.26.2-150000.44.1 git-arch-2.26.2-150000.44.1 git-core-2.26.2-150000.44.1 git-core-debuginfo-2.26.2-150000.44.1 git-cvs-2.26.2-150000.44.1 git-daemon-2.26.2-150000.44.1 git-daemon-debuginfo-2.26.2-150000.44.1 git-debuginfo-2.26.2-150000.44.1 git-debugsource-2.26.2-150000.44.1 git-email-2.26.2-150000.44.1 git-gui-2.26.2-150000.44.1 git-svn-2.26.2-150000.44.1 git-svn-debuginfo-2.26.2-150000.44.1 git-web-2.26.2-150000.44.1 gitk-2.26.2-150000.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): git-doc-2.26.2-150000.44.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): git-2.26.2-150000.44.1 git-arch-2.26.2-150000.44.1 git-core-2.26.2-150000.44.1 git-core-debuginfo-2.26.2-150000.44.1 git-cvs-2.26.2-150000.44.1 git-daemon-2.26.2-150000.44.1 git-daemon-debuginfo-2.26.2-150000.44.1 git-debuginfo-2.26.2-150000.44.1 git-debugsource-2.26.2-150000.44.1 git-email-2.26.2-150000.44.1 git-gui-2.26.2-150000.44.1 git-svn-2.26.2-150000.44.1 git-svn-debuginfo-2.26.2-150000.44.1 git-web-2.26.2-150000.44.1 gitk-2.26.2-150000.44.1 - SUSE Enterprise Storage 7 (noarch): git-doc-2.26.2-150000.44.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): git-2.26.2-150000.44.1 git-arch-2.26.2-150000.44.1 git-core-2.26.2-150000.44.1 git-core-debuginfo-2.26.2-150000.44.1 git-cvs-2.26.2-150000.44.1 git-daemon-2.26.2-150000.44.1 git-daemon-debuginfo-2.26.2-150000.44.1 git-debuginfo-2.26.2-150000.44.1 git-debugsource-2.26.2-150000.44.1 git-email-2.26.2-150000.44.1 git-gui-2.26.2-150000.44.1 git-svn-2.26.2-150000.44.1 git-svn-debuginfo-2.26.2-150000.44.1 git-web-2.26.2-150000.44.1 gitk-2.26.2-150000.44.1 - SUSE Enterprise Storage 6 (noarch): git-doc-2.26.2-150000.44.1 - SUSE CaaS Platform 4.0 (noarch): git-doc-2.26.2-150000.44.1 - SUSE CaaS Platform 4.0 (x86_64): git-2.26.2-150000.44.1 git-arch-2.26.2-150000.44.1 git-core-2.26.2-150000.44.1 git-core-debuginfo-2.26.2-150000.44.1 git-cvs-2.26.2-150000.44.1 git-daemon-2.26.2-150000.44.1 git-daemon-debuginfo-2.26.2-150000.44.1 git-debuginfo-2.26.2-150000.44.1 git-debugsource-2.26.2-150000.44.1 git-email-2.26.2-150000.44.1 git-gui-2.26.2-150000.44.1 git-svn-2.26.2-150000.44.1 git-svn-debuginfo-2.26.2-150000.44.1 git-web-2.26.2-150000.44.1 gitk-2.26.2-150000.44.1 References: https://www.suse.com/security/cve/CVE-2022-23521.html https://www.suse.com/security/cve/CVE-2022-41903.html https://bugzilla.suse.com/1207032 https://bugzilla.suse.com/1207033 From sle-security-updates at lists.suse.com Fri Jan 20 14:30:05 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 20 Jan 2023 15:30:05 +0100 (CET) Subject: SUSE-SU-2023:0116-1: important: Security update for sudo Message-ID: <20230120143005.0DF0AFD96@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0116-1 Rating: important References: #1206170 #1207082 Cross-References: CVE-2023-22809 CVSS scores: CVE-2023-22809 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). Other fixes: - Fixed a potential crash while using the sssd plugin (bsc#1206170). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-116=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-116=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-116=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-116=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-116=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-116=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-116=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-116=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): sudo-1.8.27-150000.4.38.1 sudo-debuginfo-1.8.27-150000.4.38.1 sudo-debugsource-1.8.27-150000.4.38.1 sudo-devel-1.8.27-150000.4.38.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): sudo-1.8.27-150000.4.38.1 sudo-debuginfo-1.8.27-150000.4.38.1 sudo-debugsource-1.8.27-150000.4.38.1 sudo-devel-1.8.27-150000.4.38.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.27-150000.4.38.1 sudo-debuginfo-1.8.27-150000.4.38.1 sudo-debugsource-1.8.27-150000.4.38.1 sudo-devel-1.8.27-150000.4.38.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): sudo-1.8.27-150000.4.38.1 sudo-debuginfo-1.8.27-150000.4.38.1 sudo-debugsource-1.8.27-150000.4.38.1 sudo-devel-1.8.27-150000.4.38.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): sudo-1.8.27-150000.4.38.1 sudo-debuginfo-1.8.27-150000.4.38.1 sudo-debugsource-1.8.27-150000.4.38.1 sudo-devel-1.8.27-150000.4.38.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): sudo-1.8.27-150000.4.38.1 sudo-debuginfo-1.8.27-150000.4.38.1 sudo-debugsource-1.8.27-150000.4.38.1 sudo-devel-1.8.27-150000.4.38.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): sudo-1.8.27-150000.4.38.1 sudo-debuginfo-1.8.27-150000.4.38.1 sudo-debugsource-1.8.27-150000.4.38.1 sudo-devel-1.8.27-150000.4.38.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): sudo-1.8.27-150000.4.38.1 sudo-debuginfo-1.8.27-150000.4.38.1 sudo-debugsource-1.8.27-150000.4.38.1 sudo-devel-1.8.27-150000.4.38.1 - SUSE CaaS Platform 4.0 (x86_64): sudo-1.8.27-150000.4.38.1 sudo-debuginfo-1.8.27-150000.4.38.1 sudo-debugsource-1.8.27-150000.4.38.1 sudo-devel-1.8.27-150000.4.38.1 References: https://www.suse.com/security/cve/CVE-2023-22809.html https://bugzilla.suse.com/1206170 https://bugzilla.suse.com/1207082 From sle-security-updates at lists.suse.com Fri Jan 20 14:31:11 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 20 Jan 2023 15:31:11 +0100 (CET) Subject: SUSE-SU-2023:0114-1: important: Security update for sudo Message-ID: <20230120143111.0D604FD96@maintenance.suse.de> SUSE Security Update: Security update for sudo ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0114-1 Rating: important References: #1207082 Cross-References: CVE-2023-22809 CVSS scores: CVE-2023-22809 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-114=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-114=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-114=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-114=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): sudo-1.9.9-150400.4.12.1 sudo-debuginfo-1.9.9-150400.4.12.1 sudo-debugsource-1.9.9-150400.4.12.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): sudo-1.9.9-150400.4.12.1 sudo-debuginfo-1.9.9-150400.4.12.1 sudo-debugsource-1.9.9-150400.4.12.1 sudo-devel-1.9.9-150400.4.12.1 sudo-plugin-python-1.9.9-150400.4.12.1 sudo-plugin-python-debuginfo-1.9.9-150400.4.12.1 sudo-test-1.9.9-150400.4.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): sudo-1.9.9-150400.4.12.1 sudo-debuginfo-1.9.9-150400.4.12.1 sudo-debugsource-1.9.9-150400.4.12.1 sudo-devel-1.9.9-150400.4.12.1 sudo-plugin-python-1.9.9-150400.4.12.1 sudo-plugin-python-debuginfo-1.9.9-150400.4.12.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): sudo-1.9.9-150400.4.12.1 sudo-debuginfo-1.9.9-150400.4.12.1 sudo-debugsource-1.9.9-150400.4.12.1 References: https://www.suse.com/security/cve/CVE-2023-22809.html https://bugzilla.suse.com/1207082 From sle-security-updates at lists.suse.com Fri Jan 20 14:32:12 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 20 Jan 2023 15:32:12 +0100 (CET) Subject: SUSE-SU-2023:0111-1: important: Security update for MozillaFirefox Message-ID: <20230120143212.42FE7FD96@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0111-1 Rating: important References: #1207119 Cross-References: CVE-2022-46871 CVE-2022-46877 CVE-2023-23598 CVE-2023-23601 CVE-2023-23602 CVE-2023-23603 CVE-2023-23605 CVSS scores: CVE-2022-46871 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-46877 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: - Updated to version 102.7.0 ESR (bsc#1207119): - CVE-2022-46871: Updated an out of date library (libusrsctp) which contained several vulnerabilities. - CVE-2023-23598: Fixed an arbitrary file read from GTK drag and drop on Linux. - CVE-2023-23601: Fixed a potential spoofing attack when dragging a URL from a cross-origin iframe into the same tab. - CVE-2023-23602: Fixed a mishandled security check, which caused the Content Security Policy header to be ignored for WebSockets in WebWorkers. - CVE-2022-46877: Fixed a fullscreen notification bypass which could be leveraged in spoofing attacks. - CVE-2023-23603: Fixed a Content Security Policy bypass via format directives. - CVE-2023-23605: Fixed several memory safety bugs. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-111=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-111=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-111=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-111=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-111=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-111=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-111=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-102.7.0-112.145.1 MozillaFirefox-debuginfo-102.7.0-112.145.1 MozillaFirefox-debugsource-102.7.0-112.145.1 MozillaFirefox-devel-102.7.0-112.145.1 MozillaFirefox-translations-common-102.7.0-112.145.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-102.7.0-112.145.1 MozillaFirefox-debuginfo-102.7.0-112.145.1 MozillaFirefox-debugsource-102.7.0-112.145.1 MozillaFirefox-devel-102.7.0-112.145.1 MozillaFirefox-translations-common-102.7.0-112.145.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-102.7.0-112.145.1 MozillaFirefox-debugsource-102.7.0-112.145.1 MozillaFirefox-devel-102.7.0-112.145.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-102.7.0-112.145.1 MozillaFirefox-debuginfo-102.7.0-112.145.1 MozillaFirefox-debugsource-102.7.0-112.145.1 MozillaFirefox-devel-102.7.0-112.145.1 MozillaFirefox-translations-common-102.7.0-112.145.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.7.0-112.145.1 MozillaFirefox-debuginfo-102.7.0-112.145.1 MozillaFirefox-debugsource-102.7.0-112.145.1 MozillaFirefox-devel-102.7.0-112.145.1 MozillaFirefox-translations-common-102.7.0-112.145.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-102.7.0-112.145.1 MozillaFirefox-debuginfo-102.7.0-112.145.1 MozillaFirefox-debugsource-102.7.0-112.145.1 MozillaFirefox-devel-102.7.0-112.145.1 MozillaFirefox-translations-common-102.7.0-112.145.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-102.7.0-112.145.1 MozillaFirefox-debuginfo-102.7.0-112.145.1 MozillaFirefox-debugsource-102.7.0-112.145.1 MozillaFirefox-devel-102.7.0-112.145.1 MozillaFirefox-translations-common-102.7.0-112.145.1 References: https://www.suse.com/security/cve/CVE-2022-46871.html https://www.suse.com/security/cve/CVE-2022-46877.html https://www.suse.com/security/cve/CVE-2023-23598.html https://www.suse.com/security/cve/CVE-2023-23601.html https://www.suse.com/security/cve/CVE-2023-23602.html https://www.suse.com/security/cve/CVE-2023-23603.html https://www.suse.com/security/cve/CVE-2023-23605.html https://bugzilla.suse.com/1207119 From sle-security-updates at lists.suse.com Sat Jan 21 08:42:18 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 21 Jan 2023 09:42:18 +0100 (CET) Subject: SUSE-CU-2023:178-1: Security update of suse/389-ds Message-ID: <20230121084218.B478EFD89@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:178-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-19.5 , suse/389-ds:latest Container Release : 19.5 Severity : important Type : security References : 1204272 1207038 CVE-2022-23491 CVE-2022-3479 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:119-1 Released: Fri Jan 20 10:28:07 2023 Summary: Security update for mozilla-nss Type: security Severity: important References: 1204272,1207038,CVE-2022-23491,CVE-2022-3479 This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor. The following package changes have been done: - libfreebl3-3.79.3-150400.3.23.1 updated - libfreebl3-hmac-3.79.3-150400.3.23.1 updated - mozilla-nss-certs-3.79.3-150400.3.23.1 updated - libsoftokn3-3.79.3-150400.3.23.1 updated - mozilla-nss-3.79.3-150400.3.23.1 updated - mozilla-nss-tools-3.79.3-150400.3.23.1 updated - libsoftokn3-hmac-3.79.3-150400.3.23.1 updated From sle-security-updates at lists.suse.com Sat Jan 21 08:45:23 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 21 Jan 2023 09:45:23 +0100 (CET) Subject: SUSE-CU-2023:179-1: Security update of bci/golang Message-ID: <20230121084523.90747FD89@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:179-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-19.18 Container Release : 19.18 Severity : important Type : security References : 1207032 1207033 CVE-2022-23521 CVE-2022-41903 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:110-1 Released: Fri Jan 20 10:18:16 2023 Summary: Security update for git Type: security Severity: important References: 1207032,1207033,CVE-2022-23521,CVE-2022-41903 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the 'git archive' and 'git log --format' commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). The following package changes have been done: - git-core-2.35.3-150300.10.21.1 updated From sle-security-updates at lists.suse.com Sat Jan 21 08:47:37 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 21 Jan 2023 09:47:37 +0100 (CET) Subject: SUSE-CU-2023:180-1: Security update of bci/golang Message-ID: <20230121084737.1963FFD89@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:180-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-20.4 , bci/golang:latest Container Release : 20.4 Severity : important Type : security References : 1207032 1207033 CVE-2022-23521 CVE-2022-41903 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:110-1 Released: Fri Jan 20 10:18:16 2023 Summary: Security update for git Type: security Severity: important References: 1207032,1207033,CVE-2022-23521,CVE-2022-41903 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the 'git archive' and 'git log --format' commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). The following package changes have been done: - git-core-2.35.3-150300.10.21.1 updated From sle-security-updates at lists.suse.com Sat Jan 21 08:49:39 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 21 Jan 2023 09:49:39 +0100 (CET) Subject: SUSE-CU-2023:181-1: Security update of bci/nodejs Message-ID: <20230121084939.BC9EDFD89@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:181-1 Container Tags : bci/node:14 , bci/node:14-36.19 , bci/nodejs:14 , bci/nodejs:14-36.19 Container Release : 36.19 Severity : important Type : security References : 1207032 1207033 CVE-2022-23521 CVE-2022-41903 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:110-1 Released: Fri Jan 20 10:18:16 2023 Summary: Security update for git Type: security Severity: important References: 1207032,1207033,CVE-2022-23521,CVE-2022-41903 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the 'git archive' and 'git log --format' commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). The following package changes have been done: - git-core-2.35.3-150300.10.21.1 updated From sle-security-updates at lists.suse.com Sat Jan 21 08:51:13 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 21 Jan 2023 09:51:13 +0100 (CET) Subject: SUSE-CU-2023:182-1: Security update of bci/nodejs Message-ID: <20230121085113.AFCF7FD89@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:182-1 Container Tags : bci/node:16 , bci/node:16-13.2 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-13.2 , bci/nodejs:latest Container Release : 13.2 Severity : important Type : security References : 1207032 1207033 CVE-2022-23521 CVE-2022-41903 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:110-1 Released: Fri Jan 20 10:18:16 2023 Summary: Security update for git Type: security Severity: important References: 1207032,1207033,CVE-2022-23521,CVE-2022-41903 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the 'git archive' and 'git log --format' commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). The following package changes have been done: - git-core-2.35.3-150300.10.21.1 updated From sle-security-updates at lists.suse.com Sat Jan 21 08:55:05 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 21 Jan 2023 09:55:05 +0100 (CET) Subject: SUSE-CU-2023:183-1: Security update of bci/openjdk-devel Message-ID: <20230121085505.C64A4FD89@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:183-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-38.41 Container Release : 38.41 Severity : important Type : security References : 1204272 1207032 1207033 1207038 CVE-2022-23491 CVE-2022-23521 CVE-2022-3479 CVE-2022-41903 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:110-1 Released: Fri Jan 20 10:18:16 2023 Summary: Security update for git Type: security Severity: important References: 1207032,1207033,CVE-2022-23521,CVE-2022-41903 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the 'git archive' and 'git log --format' commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:119-1 Released: Fri Jan 20 10:28:07 2023 Summary: Security update for mozilla-nss Type: security Severity: important References: 1204272,1207038,CVE-2022-23491,CVE-2022-3479 This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor. The following package changes have been done: - libfreebl3-3.79.3-150400.3.23.1 updated - libfreebl3-hmac-3.79.3-150400.3.23.1 updated - mozilla-nss-certs-3.79.3-150400.3.23.1 updated - libsoftokn3-3.79.3-150400.3.23.1 updated - mozilla-nss-3.79.3-150400.3.23.1 updated - libsoftokn3-hmac-3.79.3-150400.3.23.1 updated - git-core-2.35.3-150300.10.21.1 updated - container:bci-openjdk-11-15.4.11-34.20 updated From sle-security-updates at lists.suse.com Sat Jan 21 08:58:13 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 21 Jan 2023 09:58:13 +0100 (CET) Subject: SUSE-CU-2023:184-1: Security update of bci/openjdk Message-ID: <20230121085813.2BB84FD89@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:184-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-34.20 Container Release : 34.20 Severity : important Type : security References : 1204272 1207038 CVE-2022-23491 CVE-2022-3479 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:119-1 Released: Fri Jan 20 10:28:07 2023 Summary: Security update for mozilla-nss Type: security Severity: important References: 1204272,1207038,CVE-2022-23491,CVE-2022-3479 This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor. The following package changes have been done: - libfreebl3-3.79.3-150400.3.23.1 updated - libfreebl3-hmac-3.79.3-150400.3.23.1 updated - mozilla-nss-certs-3.79.3-150400.3.23.1 updated - libsoftokn3-3.79.3-150400.3.23.1 updated - mozilla-nss-3.79.3-150400.3.23.1 updated - libsoftokn3-hmac-3.79.3-150400.3.23.1 updated From sle-security-updates at lists.suse.com Sat Jan 21 08:59:02 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 21 Jan 2023 09:59:02 +0100 (CET) Subject: SUSE-CU-2023:185-1: Security update of bci/openjdk-devel Message-ID: <20230121085902.6FD94FD89@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:185-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-13.3 , bci/openjdk-devel:latest Container Release : 13.3 Severity : important Type : security References : 1204272 1207032 1207033 1207038 CVE-2022-23491 CVE-2022-23521 CVE-2022-3479 CVE-2022-41903 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:110-1 Released: Fri Jan 20 10:18:16 2023 Summary: Security update for git Type: security Severity: important References: 1207032,1207033,CVE-2022-23521,CVE-2022-41903 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the 'git archive' and 'git log --format' commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:119-1 Released: Fri Jan 20 10:28:07 2023 Summary: Security update for mozilla-nss Type: security Severity: important References: 1204272,1207038,CVE-2022-23491,CVE-2022-3479 This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor. The following package changes have been done: - libfreebl3-3.79.3-150400.3.23.1 updated - libfreebl3-hmac-3.79.3-150400.3.23.1 updated - mozilla-nss-certs-3.79.3-150400.3.23.1 updated - libsoftokn3-3.79.3-150400.3.23.1 updated - mozilla-nss-3.79.3-150400.3.23.1 updated - libsoftokn3-hmac-3.79.3-150400.3.23.1 updated - git-core-2.35.3-150300.10.21.1 updated - container:bci-openjdk-17-15.4.17-12.4 updated From sle-security-updates at lists.suse.com Sat Jan 21 08:59:42 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 21 Jan 2023 09:59:42 +0100 (CET) Subject: SUSE-CU-2023:186-1: Security update of bci/openjdk Message-ID: <20230121085942.3E71DFD89@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:186-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.4 , bci/openjdk:latest Container Release : 12.4 Severity : important Type : security References : 1204272 1207038 CVE-2022-23491 CVE-2022-3479 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:119-1 Released: Fri Jan 20 10:28:07 2023 Summary: Security update for mozilla-nss Type: security Severity: important References: 1204272,1207038,CVE-2022-23491,CVE-2022-3479 This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor. The following package changes have been done: - libfreebl3-3.79.3-150400.3.23.1 updated - libfreebl3-hmac-3.79.3-150400.3.23.1 updated - mozilla-nss-certs-3.79.3-150400.3.23.1 updated - libsoftokn3-3.79.3-150400.3.23.1 updated - mozilla-nss-3.79.3-150400.3.23.1 updated - libsoftokn3-hmac-3.79.3-150400.3.23.1 updated From sle-security-updates at lists.suse.com Sat Jan 21 09:03:04 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 21 Jan 2023 10:03:04 +0100 (CET) Subject: SUSE-CU-2023:187-1: Security update of suse/pcp Message-ID: <20230121090304.172D4FD89@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:187-1 Container Tags : suse/pcp:5 , suse/pcp:5-12.6 , suse/pcp:5.2 , suse/pcp:5.2-12.6 , suse/pcp:5.2.2 , suse/pcp:5.2.2-12.6 , suse/pcp:latest Container Release : 12.6 Severity : important Type : security References : 1204272 1207038 CVE-2022-23491 CVE-2022-3479 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:119-1 Released: Fri Jan 20 10:28:07 2023 Summary: Security update for mozilla-nss Type: security Severity: important References: 1204272,1207038,CVE-2022-23491,CVE-2022-3479 This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor. The following package changes have been done: - libfreebl3-3.79.3-150400.3.23.1 updated - libfreebl3-hmac-3.79.3-150400.3.23.1 updated - mozilla-nss-certs-3.79.3-150400.3.23.1 updated - libsoftokn3-3.79.3-150400.3.23.1 updated - mozilla-nss-3.79.3-150400.3.23.1 updated - libsoftokn3-hmac-3.79.3-150400.3.23.1 updated From sle-security-updates at lists.suse.com Sat Jan 21 09:04:57 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 21 Jan 2023 10:04:57 +0100 (CET) Subject: SUSE-CU-2023:188-1: Security update of bci/python Message-ID: <20230121090457.4FA80FD89@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:188-1 Container Tags : bci/python:3 , bci/python:3-11.5 , bci/python:3.10 , bci/python:3.10-11.5 , bci/python:latest Container Release : 11.5 Severity : important Type : security References : 1207032 1207033 CVE-2022-23521 CVE-2022-41903 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:110-1 Released: Fri Jan 20 10:18:16 2023 Summary: Security update for git Type: security Severity: important References: 1207032,1207033,CVE-2022-23521,CVE-2022-41903 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the 'git archive' and 'git log --format' commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). The following package changes have been done: - git-core-2.35.3-150300.10.21.1 updated From sle-security-updates at lists.suse.com Sat Jan 21 09:07:04 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 21 Jan 2023 10:07:04 +0100 (CET) Subject: SUSE-CU-2023:189-1: Security update of bci/python Message-ID: <20230121090704.82B39FD89@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:189-1 Container Tags : bci/python:3 , bci/python:3-34.5 , bci/python:3.6 , bci/python:3.6-34.5 Container Release : 34.5 Severity : important Type : security References : 1207032 1207033 CVE-2022-23521 CVE-2022-41903 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:110-1 Released: Fri Jan 20 10:18:16 2023 Summary: Security update for git Type: security Severity: important References: 1207032,1207033,CVE-2022-23521,CVE-2022-41903 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the 'git archive' and 'git log --format' commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). The following package changes have been done: - git-core-2.35.3-150300.10.21.1 updated From sle-security-updates at lists.suse.com Sat Jan 21 09:10:39 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 21 Jan 2023 10:10:39 +0100 (CET) Subject: SUSE-CU-2023:190-1: Security update of bci/ruby Message-ID: <20230121091039.7A0D5FD89@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:190-1 Container Tags : bci/ruby:2 , bci/ruby:2-33.4 , bci/ruby:2.5 , bci/ruby:2.5-33.4 , bci/ruby:latest Container Release : 33.4 Severity : important Type : security References : 1207032 1207033 CVE-2022-23521 CVE-2022-41903 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:110-1 Released: Fri Jan 20 10:18:16 2023 Summary: Security update for git Type: security Severity: important References: 1207032,1207033,CVE-2022-23521,CVE-2022-41903 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the 'git archive' and 'git log --format' commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). The following package changes have been done: - git-core-2.35.3-150300.10.21.1 updated From sle-security-updates at lists.suse.com Sat Jan 21 09:12:37 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 21 Jan 2023 10:12:37 +0100 (CET) Subject: SUSE-CU-2023:191-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230121091237.82886FD89@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:191-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.341 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.341 Severity : important Type : security References : 1207082 CVE-2023-22809 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:115-1 Released: Fri Jan 20 10:23:51 2023 Summary: Security update for sudo Type: security Severity: important References: 1207082,CVE-2023-22809 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). The following package changes have been done: - sudo-1.9.5p2-150300.3.19.1 updated From sle-security-updates at lists.suse.com Sat Jan 21 09:21:49 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 21 Jan 2023 10:21:49 +0100 (CET) Subject: SUSE-CU-2023:193-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230121092149.A2B8DFD89@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:193-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.162 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.162 Severity : important Type : security References : 1207082 CVE-2023-22809 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:115-1 Released: Fri Jan 20 10:23:51 2023 Summary: Security update for sudo Type: security Severity: important References: 1207082,CVE-2023-22809 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). The following package changes have been done: - sudo-1.9.5p2-150300.3.19.1 updated From sle-security-updates at lists.suse.com Mon Jan 23 08:24:02 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 23 Jan 2023 09:24:02 +0100 (CET) Subject: SUSE-CU-2023:194-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230123082402.291E0FD89@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:194-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-3.2.38 , suse/sle-micro/5.4/toolbox:latest Container Release : 3.2.38 Severity : important Type : security References : 1207082 CVE-2023-22809 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:114-1 Released: Fri Jan 20 10:22:57 2023 Summary: Security update for sudo Type: security Severity: important References: 1207082,CVE-2023-22809 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). The following package changes have been done: - sudo-1.9.9-150400.4.12.1 updated From sle-security-updates at lists.suse.com Mon Jan 23 14:15:36 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 23 Jan 2023 15:15:36 +0100 (CET) Subject: SUSE-SU-2023:0122-1: important: Security update for samba Message-ID: <20230123141536.D7F86FD96@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0122-1 Rating: important References: #1173994 #1201496 #1205385 #1206504 #1206546 Cross-References: CVE-2020-14323 CVE-2021-20251 CVE-2022-32742 CVE-2022-37966 CVE-2022-38023 CVSS scores: CVE-2020-14323 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2020-14323 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H CVE-2021-20251 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-32742 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-32742 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-37966 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37966 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-38023 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-38023 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504). - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). - CVE-2020-14323: Fixed a denial of service in winbindd (bsc#1173994). - CVE-2022-32742: Fixed incorrect length check in SMB1write, SMB1write_and_close, SMB1write_and_unlock (bsc#1201496). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-122=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): samba-doc-4.4.2-38.55.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libdcerpc-binding0-32bit-4.4.2-38.55.1 libdcerpc-binding0-4.4.2-38.55.1 libdcerpc-binding0-debuginfo-32bit-4.4.2-38.55.1 libdcerpc-binding0-debuginfo-4.4.2-38.55.1 libdcerpc0-32bit-4.4.2-38.55.1 libdcerpc0-4.4.2-38.55.1 libdcerpc0-debuginfo-32bit-4.4.2-38.55.1 libdcerpc0-debuginfo-4.4.2-38.55.1 libndr-krb5pac0-32bit-4.4.2-38.55.1 libndr-krb5pac0-4.4.2-38.55.1 libndr-krb5pac0-debuginfo-32bit-4.4.2-38.55.1 libndr-krb5pac0-debuginfo-4.4.2-38.55.1 libndr-nbt0-32bit-4.4.2-38.55.1 libndr-nbt0-4.4.2-38.55.1 libndr-nbt0-debuginfo-32bit-4.4.2-38.55.1 libndr-nbt0-debuginfo-4.4.2-38.55.1 libndr-standard0-32bit-4.4.2-38.55.1 libndr-standard0-4.4.2-38.55.1 libndr-standard0-debuginfo-32bit-4.4.2-38.55.1 libndr-standard0-debuginfo-4.4.2-38.55.1 libndr0-32bit-4.4.2-38.55.1 libndr0-4.4.2-38.55.1 libndr0-debuginfo-32bit-4.4.2-38.55.1 libndr0-debuginfo-4.4.2-38.55.1 libnetapi0-32bit-4.4.2-38.55.1 libnetapi0-4.4.2-38.55.1 libnetapi0-debuginfo-32bit-4.4.2-38.55.1 libnetapi0-debuginfo-4.4.2-38.55.1 libsamba-credentials0-32bit-4.4.2-38.55.1 libsamba-credentials0-4.4.2-38.55.1 libsamba-credentials0-debuginfo-32bit-4.4.2-38.55.1 libsamba-credentials0-debuginfo-4.4.2-38.55.1 libsamba-errors0-32bit-4.4.2-38.55.1 libsamba-errors0-4.4.2-38.55.1 libsamba-errors0-debuginfo-32bit-4.4.2-38.55.1 libsamba-errors0-debuginfo-4.4.2-38.55.1 libsamba-hostconfig0-32bit-4.4.2-38.55.1 libsamba-hostconfig0-4.4.2-38.55.1 libsamba-hostconfig0-debuginfo-32bit-4.4.2-38.55.1 libsamba-hostconfig0-debuginfo-4.4.2-38.55.1 libsamba-passdb0-32bit-4.4.2-38.55.1 libsamba-passdb0-4.4.2-38.55.1 libsamba-passdb0-debuginfo-32bit-4.4.2-38.55.1 libsamba-passdb0-debuginfo-4.4.2-38.55.1 libsamba-util0-32bit-4.4.2-38.55.1 libsamba-util0-4.4.2-38.55.1 libsamba-util0-debuginfo-32bit-4.4.2-38.55.1 libsamba-util0-debuginfo-4.4.2-38.55.1 libsamdb0-32bit-4.4.2-38.55.1 libsamdb0-4.4.2-38.55.1 libsamdb0-debuginfo-32bit-4.4.2-38.55.1 libsamdb0-debuginfo-4.4.2-38.55.1 libsmbclient0-32bit-4.4.2-38.55.1 libsmbclient0-4.4.2-38.55.1 libsmbclient0-debuginfo-32bit-4.4.2-38.55.1 libsmbclient0-debuginfo-4.4.2-38.55.1 libsmbconf0-32bit-4.4.2-38.55.1 libsmbconf0-4.4.2-38.55.1 libsmbconf0-debuginfo-32bit-4.4.2-38.55.1 libsmbconf0-debuginfo-4.4.2-38.55.1 libsmbldap0-32bit-4.4.2-38.55.1 libsmbldap0-4.4.2-38.55.1 libsmbldap0-debuginfo-32bit-4.4.2-38.55.1 libsmbldap0-debuginfo-4.4.2-38.55.1 libtevent-util0-32bit-4.4.2-38.55.1 libtevent-util0-4.4.2-38.55.1 libtevent-util0-debuginfo-32bit-4.4.2-38.55.1 libtevent-util0-debuginfo-4.4.2-38.55.1 libwbclient0-32bit-4.4.2-38.55.1 libwbclient0-4.4.2-38.55.1 libwbclient0-debuginfo-32bit-4.4.2-38.55.1 libwbclient0-debuginfo-4.4.2-38.55.1 samba-4.4.2-38.55.1 samba-client-32bit-4.4.2-38.55.1 samba-client-4.4.2-38.55.1 samba-client-debuginfo-32bit-4.4.2-38.55.1 samba-client-debuginfo-4.4.2-38.55.1 samba-debuginfo-4.4.2-38.55.1 samba-debugsource-4.4.2-38.55.1 samba-libs-32bit-4.4.2-38.55.1 samba-libs-4.4.2-38.55.1 samba-libs-debuginfo-32bit-4.4.2-38.55.1 samba-libs-debuginfo-4.4.2-38.55.1 samba-winbind-32bit-4.4.2-38.55.1 samba-winbind-4.4.2-38.55.1 samba-winbind-debuginfo-32bit-4.4.2-38.55.1 samba-winbind-debuginfo-4.4.2-38.55.1 References: https://www.suse.com/security/cve/CVE-2020-14323.html https://www.suse.com/security/cve/CVE-2021-20251.html https://www.suse.com/security/cve/CVE-2022-32742.html https://www.suse.com/security/cve/CVE-2022-37966.html https://www.suse.com/security/cve/CVE-2022-38023.html https://bugzilla.suse.com/1173994 https://bugzilla.suse.com/1201496 https://bugzilla.suse.com/1205385 https://bugzilla.suse.com/1206504 https://bugzilla.suse.com/1206546 From sle-security-updates at lists.suse.com Mon Jan 23 17:16:08 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 23 Jan 2023 18:16:08 +0100 (CET) Subject: SUSE-SU-2023:0124-1: important: Security update for freeradius-server Message-ID: <20230123171608.DA687FDD0@maintenance.suse.de> SUSE Security Update: Security update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0124-1 Rating: important References: #1206204 #1206205 #1206206 Cross-References: CVE-2022-41859 CVE-2022-41860 CVE-2022-41861 CVSS scores: CVE-2022-41859 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-41860 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41861 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixed an issue in EAP-PWD that could leak information about the password, which could facilitate dictionary attacks (bsc#1206204). - CVE-2022-41860: Fixed a crash in servers with EAP_SIM manually configured, which could be triggered via a malformed SIM option (bsc#1206205). - CVE-2022-41861: Fixed a server crash that could be triggered by sending malformed data from a system in the RADIUS circle of trust (bsc#1206206). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-124=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-124=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-124=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-124=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): freeradius-server-3.0.15-2.23.1 freeradius-server-debuginfo-3.0.15-2.23.1 freeradius-server-debugsource-3.0.15-2.23.1 freeradius-server-doc-3.0.15-2.23.1 freeradius-server-krb5-3.0.15-2.23.1 freeradius-server-krb5-debuginfo-3.0.15-2.23.1 freeradius-server-ldap-3.0.15-2.23.1 freeradius-server-ldap-debuginfo-3.0.15-2.23.1 freeradius-server-libs-3.0.15-2.23.1 freeradius-server-libs-debuginfo-3.0.15-2.23.1 freeradius-server-mysql-3.0.15-2.23.1 freeradius-server-mysql-debuginfo-3.0.15-2.23.1 freeradius-server-perl-3.0.15-2.23.1 freeradius-server-perl-debuginfo-3.0.15-2.23.1 freeradius-server-postgresql-3.0.15-2.23.1 freeradius-server-postgresql-debuginfo-3.0.15-2.23.1 freeradius-server-python-3.0.15-2.23.1 freeradius-server-python-debuginfo-3.0.15-2.23.1 freeradius-server-sqlite-3.0.15-2.23.1 freeradius-server-sqlite-debuginfo-3.0.15-2.23.1 freeradius-server-utils-3.0.15-2.23.1 freeradius-server-utils-debuginfo-3.0.15-2.23.1 - SUSE OpenStack Cloud 9 (x86_64): freeradius-server-3.0.15-2.23.1 freeradius-server-debuginfo-3.0.15-2.23.1 freeradius-server-debugsource-3.0.15-2.23.1 freeradius-server-doc-3.0.15-2.23.1 freeradius-server-krb5-3.0.15-2.23.1 freeradius-server-krb5-debuginfo-3.0.15-2.23.1 freeradius-server-ldap-3.0.15-2.23.1 freeradius-server-ldap-debuginfo-3.0.15-2.23.1 freeradius-server-libs-3.0.15-2.23.1 freeradius-server-libs-debuginfo-3.0.15-2.23.1 freeradius-server-mysql-3.0.15-2.23.1 freeradius-server-mysql-debuginfo-3.0.15-2.23.1 freeradius-server-perl-3.0.15-2.23.1 freeradius-server-perl-debuginfo-3.0.15-2.23.1 freeradius-server-postgresql-3.0.15-2.23.1 freeradius-server-postgresql-debuginfo-3.0.15-2.23.1 freeradius-server-python-3.0.15-2.23.1 freeradius-server-python-debuginfo-3.0.15-2.23.1 freeradius-server-sqlite-3.0.15-2.23.1 freeradius-server-sqlite-debuginfo-3.0.15-2.23.1 freeradius-server-utils-3.0.15-2.23.1 freeradius-server-utils-debuginfo-3.0.15-2.23.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): freeradius-server-3.0.15-2.23.1 freeradius-server-debuginfo-3.0.15-2.23.1 freeradius-server-debugsource-3.0.15-2.23.1 freeradius-server-doc-3.0.15-2.23.1 freeradius-server-krb5-3.0.15-2.23.1 freeradius-server-krb5-debuginfo-3.0.15-2.23.1 freeradius-server-ldap-3.0.15-2.23.1 freeradius-server-ldap-debuginfo-3.0.15-2.23.1 freeradius-server-libs-3.0.15-2.23.1 freeradius-server-libs-debuginfo-3.0.15-2.23.1 freeradius-server-mysql-3.0.15-2.23.1 freeradius-server-mysql-debuginfo-3.0.15-2.23.1 freeradius-server-perl-3.0.15-2.23.1 freeradius-server-perl-debuginfo-3.0.15-2.23.1 freeradius-server-postgresql-3.0.15-2.23.1 freeradius-server-postgresql-debuginfo-3.0.15-2.23.1 freeradius-server-python-3.0.15-2.23.1 freeradius-server-python-debuginfo-3.0.15-2.23.1 freeradius-server-sqlite-3.0.15-2.23.1 freeradius-server-sqlite-debuginfo-3.0.15-2.23.1 freeradius-server-utils-3.0.15-2.23.1 freeradius-server-utils-debuginfo-3.0.15-2.23.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): freeradius-server-3.0.15-2.23.1 freeradius-server-debuginfo-3.0.15-2.23.1 freeradius-server-debugsource-3.0.15-2.23.1 freeradius-server-doc-3.0.15-2.23.1 freeradius-server-krb5-3.0.15-2.23.1 freeradius-server-krb5-debuginfo-3.0.15-2.23.1 freeradius-server-ldap-3.0.15-2.23.1 freeradius-server-ldap-debuginfo-3.0.15-2.23.1 freeradius-server-libs-3.0.15-2.23.1 freeradius-server-libs-debuginfo-3.0.15-2.23.1 freeradius-server-mysql-3.0.15-2.23.1 freeradius-server-mysql-debuginfo-3.0.15-2.23.1 freeradius-server-perl-3.0.15-2.23.1 freeradius-server-perl-debuginfo-3.0.15-2.23.1 freeradius-server-postgresql-3.0.15-2.23.1 freeradius-server-postgresql-debuginfo-3.0.15-2.23.1 freeradius-server-python-3.0.15-2.23.1 freeradius-server-python-debuginfo-3.0.15-2.23.1 freeradius-server-sqlite-3.0.15-2.23.1 freeradius-server-sqlite-debuginfo-3.0.15-2.23.1 freeradius-server-utils-3.0.15-2.23.1 freeradius-server-utils-debuginfo-3.0.15-2.23.1 References: https://www.suse.com/security/cve/CVE-2022-41859.html https://www.suse.com/security/cve/CVE-2022-41860.html https://www.suse.com/security/cve/CVE-2022-41861.html https://bugzilla.suse.com/1206204 https://bugzilla.suse.com/1206205 https://bugzilla.suse.com/1206206 From sle-security-updates at lists.suse.com Tue Jan 24 08:02:38 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 24 Jan 2023 09:02:38 +0100 (CET) Subject: SUSE-IU-2023:8-1: Security update of suse-sles-15-sp4-chost-byos-v20230111-x86_64-gen2 Message-ID: <20230124080238.7B1B7FD89@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230111-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:8-1 Image Tags : suse-sles-15-sp4-chost-byos-v20230111-x86_64-gen2:20230111 Image Release : Severity : important Type : security References : 1065729 1144337 1156395 1164051 1175622 1177460 1179584 1184350 1188882 1189297 1190256 1191410 1193629 1194869 1195391 1196205 1199467 1200107 1200581 1200723 1202341 1203092 1203183 1203274 1203391 1203511 1203960 1204000 1204228 1204405 1204414 1204423 1204585 1204631 1204636 1204693 1204743 1204779 1204780 1204810 1204850 1204867 1205000 1205007 1205100 1205111 1205113 1205128 1205130 1205149 1205153 1205220 1205264 1205266 1205272 1205282 1205284 1205331 1205332 1205377 1205427 1205428 1205473 1205502 1205507 1205514 1205521 1205567 1205616 1205617 1205653 1205671 1205679 1205683 1205700 1205705 1205709 1205711 1205744 1205764 1205796 1205797 1205882 1205993 1206028 1206035 1206036 1206037 1206045 1206046 1206047 1206048 1206049 1206050 1206051 1206056 1206057 1206071 1206072 1206075 1206077 1206113 1206114 1206147 1206149 1206207 1206212 1206308 1206309 1206337 1206579 1206622 944832 CVE-2022-2602 CVE-2022-3176 CVE-2022-3491 CVE-2022-3520 CVE-2022-3566 CVE-2022-3567 CVE-2022-3591 CVE-2022-3635 CVE-2022-3643 CVE-2022-3705 CVE-2022-3707 CVE-2022-3903 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-4141 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-4292 CVE-2022-4293 CVE-2022-43551 CVE-2022-43552 CVE-2022-4378 CVE-2022-43945 CVE-2022-4415 CVE-2022-45869 CVE-2022-45888 CVE-2022-45934 CVE-2022-46908 CVE-2022-47629 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20230111-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4585-1 Released: Tue Dec 20 12:52:24 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1156395,1164051,1184350,1189297,1190256,1193629,1194869,1202341,1203183,1203391,1203511,1203960,1204228,1204405,1204414,1204631,1204636,1204693,1204780,1204810,1204850,1205007,1205100,1205111,1205113,1205128,1205130,1205149,1205153,1205220,1205264,1205282,1205331,1205332,1205427,1205428,1205473,1205507,1205514,1205521,1205567,1205616,1205617,1205653,1205671,1205679,1205683,1205700,1205705,1205709,1205711,1205744,1205764,1205796,1205882,1205993,1206035,1206036,1206037,1206045,1206046,1206047,1206048,1206049,1206050,1206051,1206056,1206057,1206113,1206114,1206147,1206149,1206207,CVE-2022-2602,CVE-2022-3176,CVE-2022-3566,CVE-2022-3567,CVE-2022-3635,CVE-2022-3643,CVE-2022-3707,CVE-2022-3903,CVE-2022-4095,CVE-2022-4129,CVE-2022-4139,CVE-2022-41850,CVE-2022-41858,CVE-2022-42328,CVE-2022-42329,CVE-2022-42895,CVE-2022-42896,CVE-2022-4378,CVE-2022-43945,CVE-2022-45869,CVE-2022-45888,CVE-2022-45934 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882). - CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt. The manipulation leads to a race condition (bsc#1204405). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes). - ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes). - ACPI: HMAT: remove unnecessary variable initialization (git-fixes). - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes). - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes). - ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes). - ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100). - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111). - ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111). - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes). - ARM: at91: rm9200: fix usb device clock id (git-fixes). - ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes). - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes). - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes). - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes). - ARM: dts: imx7: Fix NAND controller size-cells (git-fixes). - ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes). - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes). - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes). - ASoC: fsl_sai: use local device pointer (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes). - ASoC: ops: Fix bounds check for _sx controls (git-fixes). - ASoC: rt1019: Fix the TDM settings (git-fixes). - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes). - ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes). - ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes). - Bluetooth: Fix not cleanup led when bt_init fails (git-fixes). - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629). - Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes). - Drivers: hv: Fix syntax errors in comments (git-fixes). - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes). - Drivers: hv: fix repeated words in comments (git-fixes). - Drivers: hv: remove duplicate word in a comment (git-fixes). - Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes). - Drivers: hv: vmbus: Fix kernel-doc (git-fixes). - Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes). - Drivers: hv: vmbus: Release cpu lock in error case (git-fixes). - Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: fix typo in comment (git-fixes). - Fix formatting of client smbdirect RDMA logging (bsc#1193629). - HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes). - HID: hid-lg4ff: Add check for empty lbuf (git-fixes). - HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes). - HID: playstation: add initial DualSense Edge controller support (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Handle variable number of SGEs in client smbdirect send (bsc#1193629). - IB/hfi1: Correctly move list in sc_disable() (git-fixes) - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes) - Input: goodix - try resetting the controller when no config is set (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes). - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes). - Input: soc_button_array - add use_low_level_irq module parameter (git-fixes). - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes). - KVM: Move wiping of the kvm->vcpus array to common code (git-fixes). - KVM: SEV: Mark nested locking of vcpu->lock (git-fixes). - KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes). - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes). - KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes). - KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes). - KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes). - KVM: SVM: retrieve VMCB from assembly (git-fixes). - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes). - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes). - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes). - KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007). - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes). - KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes). - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes). - KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes). - KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes). - KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes). - KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes). - KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes). - KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes). - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes). - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes). - KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes). - KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes). - KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744). - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes). - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes). - KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes). - KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes). - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). - KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). - KVM: x86: emulator: update the emulation mode after rsm (git-fixes). - KVM: x86: use a separate asm-offsets.c file (git-fixes). - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes). - NFC: nci: Bounds check struct nfc_target arrays (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes) - RDMA/cma: Use output interface for net_dev check (git-fixes) - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes) - RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) - RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes) - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes) - RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes) - RDMA/hns: Disable local invalidate operation (git-fixes) - RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes) - RDMA/hns: Fix supported page size (git-fixes) - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes) - RDMA/hns: Remove magic number (git-fixes) - RDMA/hns: Remove the num_cqc_timer variable (git-fixes) - RDMA/hns: Remove the num_qpc_timer variable (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/hns: Replace tab with space in the right-side comments (git-fixes) - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes) - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes) - RDMA/irdma: Use s/g array in post send only when its valid (git-fixes) - RDMA/mlx5: Set local port to one when accessing counters (git-fixes) - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes) - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes) - RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes) - RDMA/rxe: Limit the number of calls to each tasklet (git-fixes) - RDMA/rxe: Remove useless pkt parameters (git-fixes) - Reduce client smbdirect max receive segment size (bsc#1193629). - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629). - USB: bcma: Make GPIO explicitly optional (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - arcnet: fix potential memory leak in com20020_probe() (git-fixes). - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes). - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes) - arm64: dts: imx8: correct clock order (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes). - arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes). - arm64: dts: juno: Add thermal critical trip points (git-fixes). - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes). - arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes). - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (git-fixes). - arm64: efi: Fix handling of misaligned runtime regions and drop warning (git-fixes). - arm64: entry: avoid kprobe recursion (git-fixes). - arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes). Enable CONFIG_ARM64_ERRATUM_2441007, too - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default - arm64: fix rodata=full again (git-fixes) - ata: libata-core: do not issue non-internal commands once EH is pending (git-fixes). - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes). - ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes). - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-mq: fix io hung due to missing commit_rqs (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes). - block: add bio_start_io_acct_time() to control start_time (git-fixes). - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes). - block: drop unused includes in <linux/genhd.h> (git-fixes). - bridge: switchdev: Fix memory leaks when changing VLAN protocol (git-fixes). - btrfs: check if root is readonly while setting security xattr (bsc#1206147). - btrfs: do not allow compression on nodatacow files (bsc#1206149). - btrfs: export a helper for compression hard check (bsc#1206149). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057). - btrfs: prevent subvol with swapfile from being deleted (bsc#1206035). - btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1206036). - btrfs: send: fix failures when processing inodes with no links (bsc#1206036). - btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1206036). - btrfs: send: fix sending link commands for existing file paths (bsc#1206036). - btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1206036). - btrfs: send: refactor arguments of get_inode_info() (bsc#1206036). - btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1206036). - btrfs: send: remove unused type parameter to iterate_inode_ref_t (bsc#1206036). - btrfs: send: use boolean types for current inode status (bsc#1206036). - bus: sunxi-rsb: Remove the shutdown callback (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - ca8210: Fix crash by zero initializing data (git-fixes). - can: af_can: fix NULL pointer dereference in can_rx_register() (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (git-fixes). - can: j1939: j1939_send_one(): fix missing CAN header initialization (git-fixes). - can: m_can: Add check for devm_clk_get (git-fixes). - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1206051). - ceph: do not update snapshot context when there is no new snapshot (bsc#1206047). - ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048). - ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1206049). - ceph: properly handle statfs on multifs setups (bsc#1206045). - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (bsc#1206046). - char: tpm: Protect tpm_pm_suspend with locks (git-fixes). - cifs: Add constructor/destructors for tcon->cfid (bsc#1193629). - cifs: Add helper function to check smb1+ server (bsc#1193629). - cifs: Do not access tcon->cfids->cfid directly from is_path_accessible (bsc#1193629). - cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1193629). - cifs: Fix connections leak when tlink setup failed (git-fixes). - cifs: Fix memory leak on the deferred close (bsc#1193629). - cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1193629). - cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1193629). - cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1193629). - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1193629). - cifs: Fix wrong return value checking when GETFLAGS (git-fixes). - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629). - cifs: Fix xid leak in cifs_create() (bsc#1193629). - cifs: Fix xid leak in cifs_flock() (bsc#1193629). - cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629). - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629). - cifs: Make tcon contain a wrapper structure cached_fids instead of cached_fid (bsc#1193629). - cifs: Move cached-dir functions into a separate file (bsc#1193629). - cifs: Replace a couple of one-element arrays with flexible-array members (bsc#1193629). - cifs: Use after free in debug code (git-fixes). - cifs: Use help macro to get the header preamble size (bsc#1193629). - cifs: Use help macro to get the mid header size (bsc#1193629). - cifs: add check for returning value of SMB2_close_init (git-fixes). - cifs: add check for returning value of SMB2_set_info_init (git-fixes). - cifs: add missing spinlock around tcon refcount (bsc#1193629). - cifs: alloc_mid function should be marked as static (bsc#1193629). - cifs: always initialize struct msghdr smb_msg completely (bsc#1193629). - cifs: always iterate smb sessions using primary channel (bsc#1193629). - cifs: avoid deadlocks while updating iface (bsc#1193629). - cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629). - cifs: avoid use of global locks for high contention data (bsc#1193629). - cifs: cache the dirents for entries in a cached directory (bsc#1193629). - cifs: change iface_list from array to sorted linked list (bsc#1193629). - cifs: destage dirty pages before re-reading them for cache=none (bsc#1193629). - cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1193629). - cifs: drop the lease for cached directories on rmdir or rename (bsc#1193629). - cifs: during reconnect, update interface if necessary (bsc#1193629). - cifs: enable caching of directories for which a lease is held (bsc#1193629). - cifs: find and use the dentry for cached non-root directories also (bsc#1193629). - cifs: fix double-fault crash during ntlmssp (bsc#1193629). - cifs: fix lock length calculation (bsc#1193629). - cifs: fix memory leaks in session setup (bsc#1193629). - cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes). - cifs: fix race condition with delayed threads (bsc#1193629). - cifs: fix skipping to incorrect offset in emit_cached_dirents (bsc#1193629). - cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629). - cifs: fix static checker warning (bsc#1193629). - cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629). - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1193629). - cifs: fix use-after-free on the link name (bsc#1193629). - cifs: fix wrong unlock before return from cifs_tree_connect() (bsc#1193629). - cifs: improve handlecaching (bsc#1193629). - cifs: improve symlink handling for smb2+ (bsc#1193629). - cifs: lease key is uninitialized in smb1 paths (bsc#1193629). - cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1193629). - cifs: list_for_each() -> list_for_each_entry() (bsc#1193629). - cifs: misc: fix spelling typo in comment (bsc#1193629). - cifs: move from strlcpy with unused retval to strscpy (bsc#1193629). - cifs: periodically query network interfaces from server (bsc#1193629). - cifs: populate empty hostnames for extra channels (bsc#1193629). - cifs: prevent copying past input buffer boundaries (bsc#1193629). - cifs: remove 'cifs_' prefix from init/destroy mids functions (bsc#1193629). - cifs: remove initialization value (bsc#1193629). - cifs: remove minor build warning (bsc#1193629). - cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1193629). - cifs: remove remaining build warnings (bsc#1193629). - cifs: remove some camelCase and also some static build warnings (bsc#1193629). - cifs: remove unnecessary (void*) conversions (bsc#1193629). - cifs: remove unnecessary locking of chan_lock while freeing session (bsc#1193629). - cifs: remove unnecessary type castings (bsc#1193629). - cifs: remove unused server parameter from calc_smb_size() (bsc#1193629). - cifs: remove useless DeleteMidQEntry() (bsc#1193629). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1193629). - cifs: replace kfree() with kfree_sensitive() for sensitive data (bsc#1193629). - cifs: return correct error in ->calc_signature() (bsc#1193629). - cifs: return errors during session setup during reconnects (bsc#1193629). - cifs: revalidate mapping when doing direct writes (bsc#1193629). - cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629). - cifs: set rc to -ENOENT if we can not get a dentry for the cached dir (bsc#1193629). - cifs: skip extra NULL byte in filenames (bsc#1193629). - cifs: store a pointer to a fid in the cfid structure instead of the struct (bsc#1193629). - cifs: truncate the inode and mapping when we simulate fcollapse (bsc#1193629). - cifs: update cifs_ses::ip_addr after failover (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use ALIGN() and round_up() macros (bsc#1193629). - cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629). - cifs: when a channel is not found for server, log its connection id (bsc#1193629). - cifs: when insecure legacy is disabled shrink amount of SMB1 code (bsc#1193629). - clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes). - cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849). - cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849). - cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm: fix double accounting of flush with data (git-fixes). - dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes). - dm: properly fix redundant bio-based IO accounting (git-fixes). - dm: remove unnecessary assignment statement in alloc_dev() (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dm: revert partial fix for redundant bio-based IO accounting (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes). - dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes). - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (git-fixes). - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (git-fixes). - dmaengine: at_hdmac: Free the memset buf without holding the chan lock (git-fixes). - dmaengine: at_hdmac: Protect atchan->status with the channel lock (git-fixes). - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (git-fixes). - docs, kprobes: Fix the wrong location of Kprobes (git-fixes). - docs/core-api: expand Fedora instructions for GCC plugins (git-fixes). - drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes). - drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes). - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (git-fixes). - drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes). - drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes). - drm/amdkfd: handle CPU fault on COW mapping (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/hyperv: Add ratelimit on error message (git-fixes). - drm/hyperv: Do not overwrite dirt_needed value set by host (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/hdmi: fix IRQ lifetime (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - dt-bindings: power: gpcv2: add power-domains property (git-fixes). - e1000e: Fix TX dispatch condition (git-fixes). - e100: Fix possible use after free in e100_xmit_prepare (git-fixes). - efi/tpm: Pass correct address to memblock_reserve (git-fixes). - efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes). - efi: random: reduce seed size to 32 bytes (git-fixes). - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - firmware: coreboot: Register bus in module init (git-fixes). - fm10k: Fix error handling in fm10k_init_module() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205332). - fuse: fix readdir cache race (bsc#1205331). - gpio: amd8111: Fix PCI device reference count leak (git-fixes). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_sock: Add validation for untrusted Hyper-V values (git-fixes). - hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes). - hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes). - hwmon: (ltc2947) fix temperature scaling (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes). - i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes). - i2c: piix4: Fix adapter not be removed in piix4_remove() (git-fixes). - i2c: tegra: Allocate DMA memory for DMA engine (git-fixes). - i2c: xiic: Add platform module alias (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - ieee802154: cc2520: Fix error return code in cc2520_hw_init() (git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: adc: mp2629: fix potential array out of bound access (git-fixes). - iio: adc: mp2629: fix wrong comparison of channel (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: ms5611: Simplify IO callback parameters (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: pressure: ms5611: fixed value compensation bug (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes). - intel_idle: Add AlderLake support (jsc#PED-824). - intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936). - intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936). - intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936). - io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113). - io-wq: do not retry task_work creation failure on fatal conditions (bnc#1205113). - io-wq: ensure we exit if thread group is exiting (git-fixes). - io-wq: exclusively gate signal based exit on get_signal() return (git-fixes). - io-wq: fix cancellation on create-worker failure (bnc#1205113). - io-wq: fix silly logic error in io_task_work_match() (bnc#1205113). - io_uring: correct __must_hold annotation (git-fixes). - io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes). - io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL (git-fixes). - io_uring: fix io_timeout_remove locking (git-fixes). - io_uring: fix missing mb() before waitqueue_active (git-fixes). - io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes). - io_uring: fix possible poll event lost in multi shot mode (git-fixes). - io_uring: pin SQPOLL data before unlocking ring lock (git-fixes). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - kABI: Fix kABI after 'KVM: x86/pmu: Use different raw event masks for AMD and Intel' (git-fixes). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mac80211: radiotap: Use BIT() instead of shifts (git-fixes). - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes). - macsec: Fix invalid error code set (git-fixes). - macsec: add missing attribute validation for offload (git-fixes). - macsec: clear encryption keys from the stack after setting up offload (git-fixes). - macsec: delete new rxsc when offload fails (git-fixes). - macsec: fix detection of RXSCs when toggling offloading (git-fixes). - macsec: fix secy->n_rx_sc accounting (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (git-fixes). - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051). - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: rkisp1: Do not pass the quantization to rkisp1_csm_config() (git-fixes). - media: rkisp1: Initialize color space on resizer sink and source pads (git-fixes). - media: rkisp1: Use correct macro for gradient registers (git-fixes). - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (git-fixes). - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: v4l: subdev: Fail graciously when getting try data for NULL state (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: mmc_test: Fix removal of debugfs file (git-fixes). - mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes). - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-brcmstb: Re-organize flags (git-fixes). - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes). - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - mmc: sdhci-sprd: Fix no reset data and command after voltage switch (git-fixes). - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes). - mtd: parsers: bcm47xxpart: print correct offset on read error (git-fixes). - mtd: spi-nor: intel-spi: Disable write protection only if asked (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - net/smc: Avoid overwriting the copies of clcsock callback functions (git-fixes). - net/smc: Fix an error code in smc_lgr_create() (git-fixes). - net/smc: Fix possible access to freed memory in link clear (git-fixes). - net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes). - net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes). - net/smc: Fix sock leak when release after smc_shutdown() (git-fixes). - net/smc: Forward wakeup to smc socket waitqueue after fallback (git-fixes). - net/smc: Only save the original clcsock callback functions (git-fixes). - net/smc: Send directly when TCP_CORK is cleared (git-fixes). - net/smc: kABI workarounds for struct smc_link (git-fixes). - net/smc: kABI workarounds for struct smc_sock (git-fixes). - net/smc: send directly on setting TCP_NODELAY (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: mdio: fix unbalanced fwnode reference count in mdio_device_release() (git-fixes). - net: mdiobus: fix unbalanced node reference count (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: phy: marvell: add sleep time after enabling the loopback bit (git-fixes). - net: phy: mscc: macsec: clear encryption keys when freeing a flow (git-fixes). - net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes). - net: stmmac: work around sporadic tx issue on link-up (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: thunderbolt: fix memory leak in tbnet_open() (git-fixes). - net: thunderx: Fix the ACPI memory leak (git-fixes). - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (git-fixes). - net: wwan: iosm: fix kernel test robot reported error (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (git-fixes). - nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes). - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (git-fixes). - nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (git-fixes). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - pinctrl: intel: Save and restore pins in 'direct IRQ' mode (git-fixes). - pinctrl: rockchip: list all pins in a possible mux route for PX30 (git-fixes). - pinctrl: single: Fix potential division by zero (git-fixes). - platform/surface: aggregator: Do not check for repeated unsequenced packets (git-fixes). - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684 bsc#1205683). - platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes). - platform/x86/intel: pmc: Do not unconditionally attach Intel PMC when virtualized (git-fixes). - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (git-fixes). - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (git-fixes). - platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (git-fixes). - powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S (bsc#1194869). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static (bsc#1194869). - proc: avoid integer type confusion in get_proc_long (git-fixes). - proc: proc_skip_spaces() shouldn't think it is working on C strings (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205427 LTC#200502). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390: fix nospec table alignments (git-fixes). - sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)). - sched: Disable sched domain debugfs creation on ppc64 unless sched_verbose is specified (bnc#1205653). - scripts/faddr2line: Fix regression in name resolution on ppc64le (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qedf: Populate sysfs attributes for vport (git-fixes). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix typo in comment (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: remove an extraneous 'to' in a comment (git-fixes). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes). - selftests: mptcp: fix mibit vs mbit mix up (git-fixes). - selftests: mptcp: make sendfile selftest work (git-fixes). - selftests: mptcp: more stable simult_flows tests (git-fixes). - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (git-fixes). - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: Flush DMA Rx on RLSI (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - smb2: small refactor in smb2_check_message() (bsc#1193629). - smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1193629). - smb3: add dynamic trace points for tree disconnect (bsc#1193629). - smb3: add trace point for SMB2_set_eof (bsc#1193629). - smb3: allow deferred close timeout to be configurable (bsc#1193629). - smb3: check xattr value length earlier (bsc#1193629). - smb3: clarify multichannel warning (bsc#1193629). - smb3: do not log confusing message when server returns no network interfaces (bsc#1193629). - smb3: fix empty netname context on secondary channels (bsc#1193629). - smb3: fix oops in calculating shash_setkey (bsc#1193629). - smb3: fix temporary data corruption in collapse range (bsc#1193629). - smb3: fix temporary data corruption in insert range (bsc#1193629). - smb3: improve SMB3 change notification support (bsc#1193629). - smb3: interface count displayed incorrectly (bsc#1193629). - smb3: missing inode locks in punch hole (bsc#1193629). - smb3: missing inode locks in zero range (bsc#1193629). - smb3: must initialize two ACL struct fields to zero (bsc#1193629). - smb3: remove unneeded null check in cifs_readdir (bsc#1193629). - smb3: rename encryption/decryption TFMs (bsc#1193629). - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1193629). - smb3: use netname when available on secondary channels (bsc#1193629). - smb3: workaround negprot bug in some Samba servers (bsc#1193629). - soc: imx8m: Enable OCOTP clock before reading the register (git-fixes). - soundwire: intel: Initialize clock stop timeout (bsc#1205507). - soundwire: qcom: check for outanding writes before doing a read (git-fixes). - soundwire: qcom: reinit broadcast completion (git-fixes). - speakup: fix a segfault caused by switching consoles (git-fixes). - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (git-fixes). - spi: tegra210-quad: Fix duplicate resource error (git-fixes). - thunderbolt: Add DP OUT resource when DP tunnel is discovered (git-fixes). - tools: hv: Remove an extraneous 'the' (git-fixes). - tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes). - tools: iio: iio_generic_buffer: Fix read size (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (git-fixes). - tracing: Fix memory leak in tracing_read_pipe() (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (git-fixes). - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (git-fixes). - tty: serial: fsl_lpuart: do not break the on-going transfer when global reset (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: cdns3: host: fix endless superspeed hub port reset (git-fixes). - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes). - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes). - usb: dwc3: gadget: conditionally remove requests (git-fixes). - usb: smsc: use eth_hw_addr_set() (git-fixes). - usb: typec: mux: Enter safe mode only when pins need to be reconfigured (git-fixes). - usb: xhci-mtk: check boundary before check tt (git-fixes). - usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes). - usbnet: smsc95xx: Do not reset PHY behind PHY driver's back (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - vmxnet3: correctly report encapsulated LRO packet (git-fixes). - vmxnet3: use correct intrConf reference when using extended queues (git-fixes). - wifi: airo: do not assign -1 to unsigned char (git-fixes). - wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes). - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (git-fixes). - wifi: cfg80211: do not allow multi-BSSID in S1G (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac80211: Fix ack frame idr leak when mesh has no route (git-fixes). - wifi: mac80211: fix memory free error when registering wiphy fail (git-fixes). - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - wifi: wext: use flex array destination for memcpy() (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes). - wifi: wilc1000: validate number of channels (git-fixes). - wifi: wilc1000: validate pairwise and authentication suite offsets (git-fixes). - x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/entry: Work around Clang __bdos() bug (git-fixes). - x86/extable: Extend extable functionality (git-fixes). - x86/fpu: Drop fpregs lock before inheriting FPU permissions (bnc#1205282). - x86/futex: Remove .fixup usage (git-fixes). - x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes). - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes). - xen/gntdev: Accommodate VMA splitting (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes). - xfs: fix perag reference leak on iteration race with growfs (git-fixes). - xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes). - xfs: reserve quota for dir expansion when linking/unlinking files (bsc#1205616). - xfs: reserve quota for target dir expansion when renaming files (bsc#1205679). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4601-1 Released: Wed Dec 21 12:23:59 2022 Summary: Feature update for GNOME 41 Type: feature Severity: moderate References: 1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832 This update for GNOME 41 fixes the following issues: atkmm1_6: - Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022 eog: - Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images evince: - Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer evolution: - Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235) evolution-data-center: - Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated folks: - Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests gcr: - Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes geocode-glib: - Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x gjs: - Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks - Require xorg-x11-Xvfb for proper package build (bsc#1203274) glib2: - Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2 gnome-control-center: - Fix the size of logo icon in About system (bsc#1200581) - Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing 'Device Name' by pressing 'Enter' * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks gnome-desktop: - Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes gnome-music: - Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL gnome-remote-desktop: - Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation gnome-session: - Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867) - Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882) gnome-shell: - Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard gnome-software: - Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line gnome-terminal: - Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu gnome-user-docs: - Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic gspell: - Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements gtkmm3: - Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command() gtk-vnc: - Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors gupnp-av: - Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream - Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library - Conflict with the wrongly provided libgupnp-av-1_0-2 gvfs: - Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login libgsf: - Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available libmediaart: - Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library libnma: - Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status - New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel - Split out documentation files in own docs sub-package libnotify: - Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings libpeas: - Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed - Stop packaging the demo files/sub-package librsvg: - Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths libsecret: - Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice mutter: - Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes nautilus: - Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes orca: - Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x python-cairo: - Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584) - Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module trackers-python: - Allow system calls used by gstreamer (bsc#1196205) - Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls vala: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for 'copy_/free_function' metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our 'trap' jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy 'fields' * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning xdg-desktop-portal-gnome: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4618-1 Released: Fri Dec 23 13:02:31 2022 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: This update for catatonit fixes the following issues: Update to catatonit v0.1.7: - This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). Update to catatonit v0.1.6: - which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4631-1 Released: Wed Dec 28 09:29:15 2022 Summary: Security update for vim Type: security Severity: important References: 1204779,1205797,1206028,1206071,1206072,1206075,1206077,CVE-2022-3491,CVE-2022-3520,CVE-2022-3591,CVE-2022-3705,CVE-2022-4141,CVE-2022-4292,CVE-2022-4293 This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028). - CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071). - CVE-2022-3591: vim: Use After Free (bsc#1206072). - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075). - CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077). - CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797). - CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:41-1 Released: Mon Jan 9 10:23:07 2023 Summary: Recommended update for kdump Type: recommended Severity: important References: 1144337,1191410,1204000,1204743 This update for kdump fixes the following issues: - Make the kdump-save.service reboot after kdump-save is finished (bsc#1204000) - Fix renaming of qeth interfaces (bsc#1204743, bsc#1144337) - Rebuild initrd image after migration on ppc64 architecture (bsc#1191410) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:51-1 Released: Mon Jan 9 10:42:58 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1195391,1200107,1203092,1204423 This update for suse-module-tools fixes the following issues: - 80-hotplug-cpu-mem.rules: Restrict udev rule for Hotplug physical CPU to x86_64 architecture (bsc#1204423) - driver-check.sh, unblacklist: Convert `egrep` to `grep -E` (bsc#1203092) - driver-check.sh: Avoid false positive error messages (bsc#1200107) - kernel-scriptlets: Don't pass flags to weak-modules2 (bsc#1195391) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:52-1 Released: Mon Jan 9 10:43:57 2023 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1205266,1205272,1205284,1205377 This update for xfsprogs fixes the following issues: - mkfs: don't trample the gid set in the protofile (bsc#1205266) - mkfs: prevent corruption of passed-in suboption string values (bsc#1205377) - mkfs: terminate getsubopt arrays properly (bsc#1205284) - xfs_repair: ignore empty xattr leaf blocks (bsc#1205272) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). The following package changes have been done: - ca-certificates-mozilla-2.60-150200.27.1 updated - catatonit-0.1.7-150300.10.3.1 updated - curl-7.79.1-150400.5.12.1 updated - kdump-1.0.2+git18.g615d6ab-150400.3.8.1 updated - kernel-default-5.14.21-150400.24.38.1 updated - libcurl4-7.79.1-150400.5.12.1 updated - libglib-2_0-0-2.70.5-150400.3.3.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-249.12-150400.8.16.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-249.12-150400.8.16.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - login_defs-4.8.1-150400.10.3.1 updated - shadow-4.8.1-150400.10.3.1 updated - suse-module-tools-15.4.15-150400.3.5.1 updated - systemd-sysvinit-249.12-150400.8.16.1 updated - systemd-249.12-150400.8.16.1 updated - timezone-2022g-150000.75.18.1 updated - udev-249.12-150400.8.16.1 updated - vim-data-common-9.0.1040-150000.5.31.1 updated - vim-9.0.1040-150000.5.31.1 updated - xfsprogs-5.13.0-150400.3.3.1 updated From sle-security-updates at lists.suse.com Tue Jan 24 08:03:42 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 24 Jan 2023 09:03:42 +0100 (CET) Subject: SUSE-IU-2023:9-1: Security update of suse-sles-15-sp4-chost-byos-v20230111-hvm-ssd-x86_64 Message-ID: <20230124080342.BCB0CFD89@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp4-chost-byos-v20230111-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2023:9-1 Image Tags : suse-sles-15-sp4-chost-byos-v20230111-hvm-ssd-x86_64:20230111 Image Release : Severity : important Type : security References : 1065729 1144337 1156395 1164051 1175622 1177460 1179584 1184350 1188882 1189297 1190256 1191410 1193629 1194869 1195391 1196205 1199467 1200107 1200581 1200723 1202341 1203092 1203183 1203274 1203391 1203511 1203960 1204000 1204228 1204405 1204414 1204423 1204585 1204631 1204636 1204693 1204743 1204779 1204780 1204810 1204850 1204867 1205000 1205007 1205100 1205111 1205113 1205128 1205130 1205149 1205153 1205220 1205264 1205266 1205272 1205282 1205284 1205331 1205332 1205377 1205427 1205428 1205473 1205502 1205507 1205514 1205521 1205567 1205616 1205617 1205653 1205671 1205679 1205683 1205700 1205705 1205709 1205711 1205744 1205764 1205796 1205797 1205882 1205993 1206028 1206035 1206036 1206037 1206045 1206046 1206047 1206048 1206049 1206050 1206051 1206056 1206057 1206071 1206072 1206075 1206077 1206113 1206114 1206147 1206149 1206207 1206212 1206308 1206309 1206337 1206579 1206622 944832 CVE-2022-2602 CVE-2022-3176 CVE-2022-3491 CVE-2022-3520 CVE-2022-3566 CVE-2022-3567 CVE-2022-3591 CVE-2022-3635 CVE-2022-3643 CVE-2022-3705 CVE-2022-3707 CVE-2022-3903 CVE-2022-4095 CVE-2022-4129 CVE-2022-4139 CVE-2022-4141 CVE-2022-41850 CVE-2022-41858 CVE-2022-42328 CVE-2022-42329 CVE-2022-42895 CVE-2022-42896 CVE-2022-4292 CVE-2022-4293 CVE-2022-43551 CVE-2022-43552 CVE-2022-4378 CVE-2022-43945 CVE-2022-4415 CVE-2022-45869 CVE-2022-45888 CVE-2022-45934 CVE-2022-46908 CVE-2022-47629 ----------------------------------------------------------------- The container suse-sles-15-sp4-chost-byos-v20230111-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4585-1 Released: Tue Dec 20 12:52:24 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1156395,1164051,1184350,1189297,1190256,1193629,1194869,1202341,1203183,1203391,1203511,1203960,1204228,1204405,1204414,1204631,1204636,1204693,1204780,1204810,1204850,1205007,1205100,1205111,1205113,1205128,1205130,1205149,1205153,1205220,1205264,1205282,1205331,1205332,1205427,1205428,1205473,1205507,1205514,1205521,1205567,1205616,1205617,1205653,1205671,1205679,1205683,1205700,1205705,1205709,1205711,1205744,1205764,1205796,1205882,1205993,1206035,1206036,1206037,1206045,1206046,1206047,1206048,1206049,1206050,1206051,1206056,1206057,1206113,1206114,1206147,1206149,1206207,CVE-2022-2602,CVE-2022-3176,CVE-2022-3566,CVE-2022-3567,CVE-2022-3635,CVE-2022-3643,CVE-2022-3707,CVE-2022-3903,CVE-2022-4095,CVE-2022-4129,CVE-2022-4139,CVE-2022-41850,CVE-2022-41858,CVE-2022-42328,CVE-2022-42329,CVE-2022-42895,CVE-2022-42896,CVE-2022-4378,CVE-2022-43945,CVE-2022-45869,CVE-2022-45888,CVE-2022-45934 The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4378: Fixed stack overflow in __do_proc_dointvec (bsc#1206207). - CVE-2022-42328: Guests could trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Guests could trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Guests could trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3635: Fixed a use-after-free in the tst_timer() of the file drivers/atm/idt77252.c (bsc#1204631). - CVE-2022-41850: Fixed a race condition in roccat_report_event() in drivers/hid/hid-roccat.c (bsc#1203960). - CVE-2022-45934: Fixed a integer wraparound via L2CAP_CONF_REQ packets in l2cap_config_req in net/bluetooth/l2cap_core.c (bsc#1205796). - CVE-2022-3567: Fixed a to race condition in inet6_stream_ops()/inet6_dgram_ops() (bsc#1204414). - CVE-2022-41858: Fixed a denial of service in sl_tx_timeout() in drivers/net/slip (bsc#1205671). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2022-4095: Fixed a use-after-free in rtl8712 driver (bsc#1205514). - CVE-2022-3903: Fixed a denial of service with the Infrared Transceiver USB driver (bsc#1205220). - CVE-2022-45869: Fixed a race condition in the x86 KVM subsystem which could cause a denial of service (bsc#1205882). - CVE-2022-45888: Fixed a use-after-free during physical removal of a USB devices when using drivers/char/xillybus/xillyusb.c (bsc#1205764). - CVE-2022-4139: Fixed an issue with the i915 driver that allowed the GPU to access any physical memory (bsc#1205700). - CVE-2022-4129: Fixed a denial of service with the Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. (bsc#1205711) - CVE-2022-42896: Fixed a use-after-free vulnerability in the net/bluetooth/l2cap_core.c's l2cap_connect() and l2cap_le_connect_req() which may have allowed code execution and leaking kernel memory (respectively) remotely via Bluetooth (bsc#1205709). - CVE-2022-42895: Fixed an information leak in the net/bluetooth/l2cap_core.c's l2cap_parse_conf_req() which can be used to leak kernel pointers remotely (bsc#1205705). - CVE-2022-3566: Fixed a race condition in the functions tcp_getsockopt/tcp_setsockopt. The manipulation leads to a race condition (bsc#1204405). - CVE-2022-2602: Fixed a local privilege escalation vulnerability involving Unix socket Garbage Collection and io_uring (bsc#1204228). - CVE-2022-3176: Fixed a use-after-free in io_uring related to signalfd_poll() and binder_poll() (bsc#1203391). - CVE-2022-3707: Fixed a double free in the Intel GVT-g graphics driver (bsc#1204780). The following non-security bugs were fixed: - ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() (git-fixes). - ACPI: HMAT: Fix initiator registration for single-initiator systems (git-fixes). - ACPI: HMAT: remove unnecessary variable initialization (git-fixes). - ACPI: scan: Add LATT2021 to acpi_ignore_dep_ids[] (git-fixes). - ACPI: x86: Add another system to quirk list for forcing StorageD3Enable (git-fixes). - ALSA: dice: fix regression for Lexicon I-ONIX FW810S (git-fixes). - ALSA: hda/ca0132: add quirk for EVGA Z390 DARK (git-fixes). - ALSA: hda/hdmi - enable runtime pm for more AMD display audio (git-fixes). - ALSA: hda/realtek: Add Positivo C6300 model quirk (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS Zenbook using CS35L41 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book Pro 360 (bsc#1205100). - ALSA: hda/realtek: fix speakers for Samsung Galaxy Book Pro (bsc#1205100). - ALSA: hda: fix potential memleak in 'add_widget_node' (git-fixes). - ALSA: usb-audio: Add DSD support for Accuphase DAC-60 (git-fixes). - ALSA: usb-audio: Add quirk entry for M-Audio Micro (git-fixes). - ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() (git-fixes). - ALSA: usb-audio: Remove redundant workaround for Roland quirk (bsc#1205111). - ALSA: usb-audio: Yet more regression for for the delayed card registration (bsc#1205111). - ALSA: usb-audio: add quirk to fix Hamedal C20 disconnect issue (git-fixes). - ARM: at91: rm9200: fix usb device clock id (git-fixes). - ARM: dts: am335x-pcm-953: Define fixed regulators in root node (git-fixes). - ARM: dts: at91: sam9g20ek: enable udc vbus gpio pinctrl (git-fixes). - ARM: dts: imx6q-prti6q: Fix ref/tcxo-clock-frequency properties (git-fixes). - ARM: dts: imx6qdl-gw59{10,13}: fix user pushbutton GPIO offset (git-fixes). - ARM: dts: imx7: Fix NAND controller size-cells (git-fixes). - ARM: mxs: fix memory leak in mxs_machine_init() (git-fixes). - ASoC: Intel: bytcht_es8316: Add quirk for the Nanote UMPC-01 (git-fixes). - ASoC: Intel: sof_sdw: add quirk variant for LAPBC710 NUC15 (git-fixes). - ASoC: codecs: jz4725b: Fix spelling mistake 'Sourc' -> 'Source', 'Routee' -> 'Route' (git-fixes). - ASoC: codecs: jz4725b: add missed Line In power control bit (git-fixes). - ASoC: codecs: jz4725b: fix capture selector naming (git-fixes). - ASoC: codecs: jz4725b: fix reported volume for Master ctl (git-fixes). - ASoC: codecs: jz4725b: use right control for Capture Volume (git-fixes). - ASoC: core: Fix use-after-free in snd_soc_exit() (git-fixes). - ASoC: fsl_asrc fsl_esai fsl_sai: allow CONFIG_PM=N (git-fixes). - ASoC: fsl_sai: use local device pointer (git-fixes). - ASoC: max98373: Add checks for devm_kcalloc (git-fixes). - ASoC: mt6660: Keep the pm_runtime enables before component stuff in mt6660_i2c_probe (git-fixes). - ASoC: ops: Fix bounds check for _sx controls (git-fixes). - ASoC: rt1019: Fix the TDM settings (git-fixes). - ASoC: sgtl5000: Reset the CHIP_CLK_CTRL reg on remove (git-fixes). - ASoC: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes). - ASoC: soc-utils: Remove __exit for snd_soc_util_exit() (git-fixes). - ASoC: stm32: dfsdm: manage cb buffers cleanup (git-fixes). - ASoC: tas2764: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: tas2770: Fix set_tdm_slot in case of single slot (git-fixes). - ASoC: wm8962: Add an event handler for TEMP_HP and TEMP_SPK (git-fixes). - Bluetooth: 6LoWPAN: add missing hci_dev_put() in get_l2cap_conn() (git-fixes). - Bluetooth: Fix not cleanup led when bt_init fails (git-fixes). - Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM (git-fixes). - Bluetooth: L2CAP: Fix attempting to access uninitialized memory (git-fixes). - Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm (git-fixes). - Decrease the number of SMB3 smbdirect client SGEs (bsc#1193629). - Drivers: hv: Always reserve framebuffer region for Gen1 VMs (git-fixes). - Drivers: hv: Fix syntax errors in comments (git-fixes). - Drivers: hv: Never allocate anything besides framebuffer from framebuffer memory region (git-fixes). - Drivers: hv: fix repeated words in comments (git-fixes). - Drivers: hv: remove duplicate word in a comment (git-fixes). - Drivers: hv: vmbus: Accept hv_sock offers in isolated guests (git-fixes). - Drivers: hv: vmbus: Add VMbus IMC device to unsupported list (git-fixes). - Drivers: hv: vmbus: Do not wait for the ACPI device upon initialization (git-fixes). - Drivers: hv: vmbus: Fix kernel-doc (git-fixes). - Drivers: hv: vmbus: Optimize vmbus_on_event (git-fixes). - Drivers: hv: vmbus: Release cpu lock in error case (git-fixes). - Drivers: hv: vmbus: Use PCI_VENDOR_ID_MICROSOFT for better discoverability (git-fixes). - Drivers: hv: vmbus: fix double free in the error path of vmbus_add_channel_work() (git-fixes). - Drivers: hv: vmbus: fix possible memory leak in vmbus_device_register() (git-fixes). - Drivers: hv: vmbus: fix typo in comment (git-fixes). - Fix formatting of client smbdirect RDMA logging (bsc#1193629). - HID: core: fix shift-out-of-bounds in hid_report_raw_event (git-fixes). - HID: hid-lg4ff: Add check for empty lbuf (git-fixes). - HID: hyperv: fix possible memory leak in mousevsc_probe() (git-fixes). - HID: playstation: add initial DualSense Edge controller support (git-fixes). - HID: saitek: add madcatz variant of MMO7 mouse device ID (git-fixes). - Handle variable number of SGEs in client smbdirect send (bsc#1193629). - IB/hfi1: Correctly move list in sc_disable() (git-fixes) - IB: Set IOVA/LENGTH on IB_MR in core/uverbs layers (git-fixes) - Input: goodix - try resetting the controller when no config is set (git-fixes). - Input: i8042 - fix leaking of platform device on module removal (git-fixes). - Input: iforce - invert valid length check when fetching device IDs (git-fixes). - Input: raydium_ts_i2c - fix memory leak in raydium_i2c_send() (git-fixes). - Input: soc_button_array - add Acer Switch V 10 to dmi_use_low_level_irq[] (git-fixes). - Input: soc_button_array - add use_low_level_irq module parameter (git-fixes). - Input: synaptics - switch touchpad on HP Laptop 15-da3001TU to RMI mode (git-fixes). - KVM: Move wiping of the kvm->vcpus array to common code (git-fixes). - KVM: SEV: Mark nested locking of vcpu->lock (git-fixes). - KVM: SVM: Disable SEV-ES support if MMIO caching is disable (git-fixes). - KVM: SVM: Stuff next_rip on emulated INT3 injection if NRIPS is supported (git-fixes). - KVM: SVM: adjust register allocation for __svm_vcpu_run() (git-fixes). - KVM: SVM: move guest vmsave/vmload back to assembly (git-fixes). - KVM: SVM: replace regs argument of __svm_vcpu_run() with vcpu_svm (git-fixes). - KVM: SVM: retrieve VMCB from assembly (git-fixes). - KVM: VMX: Add helper to check if the guest PMU has PERF_GLOBAL_CTRL (git-fixes). - KVM: VMX: Drop bits 31:16 when shoving exception error code into VMCS (git-fixes). - KVM: VMX: Mark all PERF_GLOBAL_(OVF)_CTRL bits reserved if there's no vPMU (git-fixes). - KVM: VMX: clear vmx_x86_ops.sync_pir_to_irr if APICv is disabled (bsc#1205007). - KVM: VMX: fully disable SGX if SECONDARY_EXEC_ENCLS_EXITING unavailable (git-fixes). - KVM: nVMX: Always enable TSC scaling for L2 when it was enabled for L1 (git-fixes). - KVM: nVMX: Attempt to load PERF_GLOBAL_CTRL on nVMX xfer iff it exists (git-fixes). - KVM: nVMX: Rename handle_vm{on,off}() to handle_vmx{on,off}() (git-fixes). - KVM: s390: Add a routine for setting userspace CPU state (git-fixes jsc#PED-611). - KVM: s390: Simplify SIGP Set Arch handling (git-fixes jsc#PED-611). - KVM: s390: pv: do not allow userspace to set the clock under PV (git-fixes). - KVM: s390: pv: leak the topmost page table when destroy fails (git-fixes). - KVM: x86/mmu: Fix wrong/misleading comments in TDP MMU fast zap (git-fixes). - KVM: x86/mmu: WARN if old _or_ new SPTE is REMOVED in non-atomic path (git-fixes). - KVM: x86/mmu: fix memoryleak in kvm_mmu_vendor_module_init() (git-fixes). - KVM: x86/pmu: Fix and isolate TSX-specific performance event logic (git-fixes). - KVM: x86/pmu: Update AMD PMC sample period to fix guest NMI-watchdog (git-fixes). - KVM: x86/pmu: Use different raw event masks for AMD and Intel (git-fixes). - KVM: x86/svm: Account for family 17h event renumberings in amd_pmc_perf_hw_id (git-fixes). - KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op() (git-fixes). - KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000001H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000006H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.80000008H (git-fixes). - KVM: x86: Mask off reserved bits in CPUID.8000001AH (git-fixes). - KVM: x86: Report error when setting CPUID if Hyper-V allocation fails (git-fixes). - KVM: x86: Retry page fault if MMU reload is pending and root has no sp (bsc#1205744). - KVM: x86: Signal #GP, not -EPERM, on bad WRMSR(MCi_CTL/STATUS) (git-fixes). - KVM: x86: Treat #DBs from the emulator as fault-like (code and DR7.GD=1) (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to emulate atomic accesses (git-fixes). - KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits (git-fixes). - KVM: x86: avoid loading a vCPU after .vm_destroy was called (git-fixes). - KVM: x86: emulator: em_sysexit should update ctxt->mode (git-fixes). - KVM: x86: emulator: introduce emulator_recalc_and_set_mode (git-fixes). - KVM: x86: emulator: update the emulation mode after CR0 write (git-fixes). - KVM: x86: emulator: update the emulation mode after rsm (git-fixes). - KVM: x86: use a separate asm-offsets.c file (git-fixes). - MIPS: Loongson: Use hwmon_device_register_with_groups() to register hwmon (git-fixes). - NFC: nci: Bounds check struct nfc_target arrays (git-fixes). - NFC: nci: fix memory leak in nci_rx_data_packet() (git-fixes). - PCI: Move PCI_VENDOR_ID_MICROSOFT/PCI_DEVICE_ID_HYPERV_VIDEO definitions to pci_ids.h (git-fixes). - PCI: hv: Add validation for untrusted Hyper-V values (git-fixes). - PCI: hv: Fix the definition of vector in hv_compose_msi_msg() (git-fixes). - RDMA/cm: Fix memory leak in ib_cm_insert_listen (git-fixes) - RDMA/cm: Use SLID in the work completion as the DLID in responder side (git-fixes) - RDMA/cma: Use output interface for net_dev check (git-fixes) - RDMA/core: Fix null-ptr-deref in ib_core_cleanup() (git-fixes) - RDMA/hfi1: Prevent panic when SDMA is disabled (git-fixes) - RDMA/hfi1: Prevent use of lock before it is initialized (git-fixes) - RDMA/hfi1: fix potential memory leak in setup_base_ctxt() (git-fixes) - RDMA/hns: Correct the type of variables participating in the shift operation (git-fixes) - RDMA/hns: Disable local invalidate operation (git-fixes) - RDMA/hns: Fix incorrect clearing of interrupt status register (git-fixes) - RDMA/hns: Fix supported page size (git-fixes) - RDMA/hns: Fix wrong fixed value of qp->rq.wqe_shift (git-fixes) - RDMA/hns: Remove magic number (git-fixes) - RDMA/hns: Remove the num_cqc_timer variable (git-fixes) - RDMA/hns: Remove the num_qpc_timer variable (git-fixes) - RDMA/hns: Remove unnecessary check for the sgid_attr when modifying QP (git-fixes) - RDMA/hns: Replace tab with space in the right-side comments (git-fixes) - RDMA/hns: Use hr_reg_xxx() instead of remaining roce_set_xxx() (git-fixes) - RDMA/irdma: Fix deadlock in irdma_cleanup_cm_core() (git-fixes) - RDMA/irdma: Use s/g array in post send only when its valid (git-fixes) - RDMA/mlx5: Set local port to one when accessing counters (git-fixes) - RDMA/qedr: clean up work queue on failure in qedr_alloc_resources() (git-fixes) - RDMA/rtrs-clt: Use the right sg_cnt after ib_dma_map_sg (git-fixes) - RDMA/rtrs-srv: Fix modinfo output for stringify (git-fixes) - RDMA/rxe: Limit the number of calls to each tasklet (git-fixes) - RDMA/rxe: Remove useless pkt parameters (git-fixes) - Reduce client smbdirect max receive segment size (bsc#1193629). - SCSI: scsi_probe_lun: retry INQUIRY after timeout (bsc#1189297). - SMB3: fix lease break timeout when multiple deferred close handles for the same file (bsc#1193629). - USB: bcma: Make GPIO explicitly optional (git-fixes). - USB: serial: option: add Fibocom FM160 0x0111 composition (git-fixes). - USB: serial: option: add Sierra Wireless EM9191 (git-fixes). - USB: serial: option: add u-blox LARA-L6 modem (git-fixes). - USB: serial: option: add u-blox LARA-R6 00B modem (git-fixes). - USB: serial: option: remove old LARA-R6 PID (git-fixes). - arcnet: fix potential memory leak in com20020_probe() (git-fixes). - arm64/syscall: Include asm/ptrace.h in syscall_wrapper header (git-fixes). - arm64: Add AMPERE1 to the Spectre-BHB affected list (git-fixes). - arm64: Fix bit-shifting UB in the MIDR_CPU_MODEL() macro (git-fixes) - arm64: dts: imx8: correct clock order (git-fixes). - arm64: dts: imx8mm: Fix NAND controller size-cells (git-fixes). - arm64: dts: imx8mn: Fix NAND controller size-cells (git-fixes). - arm64: dts: juno: Add thermal critical trip points (git-fixes). - arm64: dts: ls1088a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: ls208xa: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: lx2160a: specify clock frequencies for the MDIO controllers (git-fixes). - arm64: dts: qcom: sa8155p-adp: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8150-xperia-kumano: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8250-xperia-edo: Specify which LDO modes are allowed (git-fixes). - arm64: dts: qcom: sm8350-hdk: Specify which LDO modes are allowed (git-fixes). - arm64: dts: rockchip: add enable-strobe-pulldown to emmc phy on nanopi4 (git-fixes). - arm64: dts: rockchip: lower rk3399-puma-haikou SD controller clock frequency (git-fixes). - arm64: efi: Fix handling of misaligned runtime regions and drop warning (git-fixes). - arm64: entry: avoid kprobe recursion (git-fixes). - arm64: errata: Add Cortex-A55 to the repeat tlbi list (git-fixes). Enable CONFIG_ARM64_ERRATUM_2441007, too - arm64: errata: Remove AES hwcap for COMPAT tasks (git-fixes) Enable CONFIG_ARM64_ERRATUM_1742098 in arm64/default - arm64: fix rodata=full again (git-fixes) - ata: libata-core: do not issue non-internal commands once EH is pending (git-fixes). - ata: libata-scsi: fix SYNCHRONIZE CACHE (16) command failure (git-fixes). - ata: libata-scsi: simplify __ata_scsi_queuecmd() (git-fixes). - ata: libata-transport: fix double ata_host_put() in ata_tport_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tdev_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tlink_add() (git-fixes). - ata: libata-transport: fix error handling in ata_tport_add() (git-fixes). - audit: fix undefined behavior in bit shift for AUDIT_BIT (git-fixes). - blk-cgroup: fix missing put device in error path from blkg_conf_pref() (git-fixes). - blk-mq: Properly init requests from blk_mq_alloc_request_hctx() (git-fixes). - blk-mq: do not create hctx debugfs dir until q->debugfs_dir is created (git-fixes). - blk-mq: fix io hung due to missing commit_rqs (git-fixes). - blk-wbt: call rq_qos_add() after wb_normal is initialized (git-fixes). - blktrace: Trace remapped requests correctly (git-fixes). - block/rnbd-srv: Set keep_id to true after mutex_trylock (git-fixes). - block: add bio_start_io_acct_time() to control start_time (git-fixes). - block: blk_queue_enter() / __bio_queue_enter() must return -EAGAIN for nowait (git-fixes). - block: drop unused includes in <linux/genhd.h> (git-fixes). - bridge: switchdev: Fix memory leaks when changing VLAN protocol (git-fixes). - btrfs: check if root is readonly while setting security xattr (bsc#1206147). - btrfs: do not allow compression on nodatacow files (bsc#1206149). - btrfs: export a helper for compression hard check (bsc#1206149). - btrfs: fix processing of delayed data refs during backref walking (bsc#1206056). - btrfs: fix processing of delayed tree block refs during backref walking (bsc#1206057). - btrfs: prevent subvol with swapfile from being deleted (bsc#1206035). - btrfs: send: always use the rbtree based inode ref management infrastructure (bsc#1206036). - btrfs: send: fix failures when processing inodes with no links (bsc#1206036). - btrfs: send: fix send failure of a subcase of orphan inodes (bsc#1206036). - btrfs: send: fix sending link commands for existing file paths (bsc#1206036). - btrfs: send: introduce recorded_ref_alloc and recorded_ref_free (bsc#1206036). - btrfs: send: refactor arguments of get_inode_info() (bsc#1206036). - btrfs: send: remove unused found_type parameter to lookup_dir_item_inode() (bsc#1206036). - btrfs: send: remove unused type parameter to iterate_inode_ref_t (bsc#1206036). - btrfs: send: use boolean types for current inode status (bsc#1206036). - bus: sunxi-rsb: Remove the shutdown callback (git-fixes). - bus: sunxi-rsb: Support atomic transfers (git-fixes). - ca8210: Fix crash by zero initializing data (git-fixes). - can: af_can: fix NULL pointer dereference in can_rx_register() (git-fixes). - can: cc770: cc770_isa_probe(): add missing free_cc770dev() (git-fixes). - can: etas_es58x: es58x_init_netdev(): free netdev when register_candev() (git-fixes). - can: j1939: j1939_send_one(): fix missing CAN header initialization (git-fixes). - can: m_can: Add check for devm_clk_get (git-fixes). - can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (git-fixes). - can: sja1000_isa: sja1000_isa_probe(): add missing free_sja1000dev() (git-fixes). - capabilities: fix potential memleak on error path from vfs_getxattr_alloc() (git-fixes). - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK (git-fixes). - ceph: allow ceph.dir.rctime xattr to be updatable (bsc#1206050). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1206051). - ceph: do not update snapshot context when there is no new snapshot (bsc#1206047). - ceph: fix inode reference leakage in ceph_get_snapdir() (bsc#1206048). - ceph: fix memory leak in ceph_readdir when note_last_dentry returns error (bsc#1206049). - ceph: properly handle statfs on multifs setups (bsc#1206045). - ceph: switch netfs read ops to use rreq->inode instead of rreq->mapping->host (bsc#1206046). - char: tpm: Protect tpm_pm_suspend with locks (git-fixes). - cifs: Add constructor/destructors for tcon->cfid (bsc#1193629). - cifs: Add helper function to check smb1+ server (bsc#1193629). - cifs: Do not access tcon->cfids->cfid directly from is_path_accessible (bsc#1193629). - cifs: Do not use tcon->cfid directly, use the cfid we get from open_cached_dir (bsc#1193629). - cifs: Fix connections leak when tlink setup failed (git-fixes). - cifs: Fix memory leak on the deferred close (bsc#1193629). - cifs: Fix memory leak when build ntlmssp negotiate blob failed (bsc#1193629). - cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (bsc#1193629). - cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (bsc#1193629). - cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message (bsc#1193629). - cifs: Fix wrong return value checking when GETFLAGS (git-fixes). - cifs: Fix xid leak in cifs_copy_file_range() (bsc#1193629). - cifs: Fix xid leak in cifs_create() (bsc#1193629). - cifs: Fix xid leak in cifs_flock() (bsc#1193629). - cifs: Fix xid leak in cifs_get_file_info_unix() (bsc#1193629). - cifs: Fix xid leak in cifs_ses_add_channel() (bsc#1193629). - cifs: Make tcon contain a wrapper structure cached_fids instead of cached_fid (bsc#1193629). - cifs: Move cached-dir functions into a separate file (bsc#1193629). - cifs: Replace a couple of one-element arrays with flexible-array members (bsc#1193629). - cifs: Use after free in debug code (git-fixes). - cifs: Use help macro to get the header preamble size (bsc#1193629). - cifs: Use help macro to get the mid header size (bsc#1193629). - cifs: add check for returning value of SMB2_close_init (git-fixes). - cifs: add check for returning value of SMB2_set_info_init (git-fixes). - cifs: add missing spinlock around tcon refcount (bsc#1193629). - cifs: alloc_mid function should be marked as static (bsc#1193629). - cifs: always initialize struct msghdr smb_msg completely (bsc#1193629). - cifs: always iterate smb sessions using primary channel (bsc#1193629). - cifs: avoid deadlocks while updating iface (bsc#1193629). - cifs: avoid unnecessary iteration of tcp sessions (bsc#1193629). - cifs: avoid use of global locks for high contention data (bsc#1193629). - cifs: cache the dirents for entries in a cached directory (bsc#1193629). - cifs: change iface_list from array to sorted linked list (bsc#1193629). - cifs: destage dirty pages before re-reading them for cache=none (bsc#1193629). - cifs: do not send down the destination address to sendmsg for a SOCK_STREAM (bsc#1193629). - cifs: drop the lease for cached directories on rmdir or rename (bsc#1193629). - cifs: during reconnect, update interface if necessary (bsc#1193629). - cifs: enable caching of directories for which a lease is held (bsc#1193629). - cifs: find and use the dentry for cached non-root directories also (bsc#1193629). - cifs: fix double-fault crash during ntlmssp (bsc#1193629). - cifs: fix lock length calculation (bsc#1193629). - cifs: fix memory leaks in session setup (bsc#1193629). - cifs: fix missing unlock in cifs_file_copychunk_range() (git-fixes). - cifs: fix race condition with delayed threads (bsc#1193629). - cifs: fix skipping to incorrect offset in emit_cached_dirents (bsc#1193629). - cifs: fix small mempool leak in SMB2_negotiate() (bsc#1193629). - cifs: fix static checker warning (bsc#1193629). - cifs: fix uninitialised var in smb2_compound_op() (bsc#1193629). - cifs: fix use-after-free caused by invalid pointer `hostname` (bsc#1193629). - cifs: fix use-after-free on the link name (bsc#1193629). - cifs: fix wrong unlock before return from cifs_tree_connect() (bsc#1193629). - cifs: improve handlecaching (bsc#1193629). - cifs: improve symlink handling for smb2+ (bsc#1193629). - cifs: lease key is uninitialized in smb1 paths (bsc#1193629). - cifs: lease key is uninitialized in two additional functions when smb1 (bsc#1193629). - cifs: list_for_each() -> list_for_each_entry() (bsc#1193629). - cifs: misc: fix spelling typo in comment (bsc#1193629). - cifs: move from strlcpy with unused retval to strscpy (bsc#1193629). - cifs: periodically query network interfaces from server (bsc#1193629). - cifs: populate empty hostnames for extra channels (bsc#1193629). - cifs: prevent copying past input buffer boundaries (bsc#1193629). - cifs: remove 'cifs_' prefix from init/destroy mids functions (bsc#1193629). - cifs: remove initialization value (bsc#1193629). - cifs: remove minor build warning (bsc#1193629). - cifs: remove redundant initialization to variable mnt_sign_enabled (bsc#1193629). - cifs: remove remaining build warnings (bsc#1193629). - cifs: remove some camelCase and also some static build warnings (bsc#1193629). - cifs: remove unnecessary (void*) conversions (bsc#1193629). - cifs: remove unnecessary locking of chan_lock while freeing session (bsc#1193629). - cifs: remove unnecessary type castings (bsc#1193629). - cifs: remove unused server parameter from calc_smb_size() (bsc#1193629). - cifs: remove useless DeleteMidQEntry() (bsc#1193629). - cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (bsc#1193629). - cifs: replace kfree() with kfree_sensitive() for sensitive data (bsc#1193629). - cifs: return correct error in ->calc_signature() (bsc#1193629). - cifs: return errors during session setup during reconnects (bsc#1193629). - cifs: revalidate mapping when doing direct writes (bsc#1193629). - cifs: secmech: use shash_desc directly, remove sdesc (bsc#1193629). - cifs: set rc to -ENOENT if we can not get a dentry for the cached dir (bsc#1193629). - cifs: skip extra NULL byte in filenames (bsc#1193629). - cifs: store a pointer to a fid in the cfid structure instead of the struct (bsc#1193629). - cifs: truncate the inode and mapping when we simulate fcollapse (bsc#1193629). - cifs: update cifs_ses::ip_addr after failover (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use ALIGN() and round_up() macros (bsc#1193629). - cifs: use LIST_HEAD() and list_move() to simplify code (bsc#1193629). - cifs: when a channel is not found for server, log its connection id (bsc#1193629). - cifs: when insecure legacy is disabled shrink amount of SMB1 code (bsc#1193629). - clocksource/drivers/hyperv: add data structure for reference TSC MSR (git-fixes). - cpufreq: intel_pstate: Handle no_turbo in frequency invariance (jsc#PED-849). - cpufreq: intel_pstate: Support Sapphire Rapids OOB mode (jsc#PED-849). - cpuidle: intel_idle: Drop redundant backslash at line end (jsc#PED-1936). - dm btree remove: fix use after free in rebalance_children() (git-fixes). - dm crypt: make printing of the key constant-time (git-fixes). - dm era: commit metadata in postsuspend after worker stops (git-fixes). - dm integrity: fix memory corruption when tag_size is less than digest size (git-fixes). - dm mirror log: clear log bits up to BITS_PER_LONG boundary (git-fixes). - dm raid: fix accesses beyond end of raid member array (git-fixes). - dm stats: add cond_resched when looping over entries (git-fixes). - dm thin: fix use-after-free crash in dm_sm_register_threshold_callback (git-fixes). - dm: fix double accounting of flush with data (git-fixes). - dm: interlock pending dm_io and dm_wait_for_bios_completion (git-fixes). - dm: properly fix redundant bio-based IO accounting (git-fixes). - dm: remove unnecessary assignment statement in alloc_dev() (git-fixes). - dm: return early from dm_pr_call() if DM device is suspended (git-fixes). - dm: revert partial fix for redundant bio-based IO accounting (git-fixes). - dma-buf: fix racing conflict of dma_heap_add() (git-fixes). - dmaengine: at_hdmac: Check return code of dma_async_device_register (git-fixes). - dmaengine: at_hdmac: Do not allow CPU to reorder channel enable (git-fixes). - dmaengine: at_hdmac: Do not call the complete callback on device_terminate_all (git-fixes). - dmaengine: at_hdmac: Do not start transactions at tx_submit level (git-fixes). - dmaengine: at_hdmac: Fix at_lli struct definition (git-fixes). - dmaengine: at_hdmac: Fix completion of unissued descriptor in case of errors (git-fixes). - dmaengine: at_hdmac: Fix concurrency over descriptor (git-fixes). - dmaengine: at_hdmac: Fix concurrency over the active list (git-fixes). - dmaengine: at_hdmac: Fix concurrency problems by removing atc_complete_all() (git-fixes). - dmaengine: at_hdmac: Fix descriptor handling when issuing it to hardware (git-fixes). - dmaengine: at_hdmac: Fix impossible condition (git-fixes). - dmaengine: at_hdmac: Fix premature completion of desc in issue_pending (git-fixes). - dmaengine: at_hdmac: Free the memset buf without holding the chan lock (git-fixes). - dmaengine: at_hdmac: Protect atchan->status with the channel lock (git-fixes). - dmaengine: at_hdmac: Start transfer for cyclic channels in issue_pending (git-fixes). - dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() (git-fixes). - dmaengine: pxa_dma: use platform_get_irq_optional (git-fixes). - dmaengine: ti: k3-udma-glue: fix memory leak when register device fail (git-fixes). - docs, kprobes: Fix the wrong location of Kprobes (git-fixes). - docs/core-api: expand Fedora instructions for GCC plugins (git-fixes). - drm/amd/display: Add HUBP surface flip interrupt handler (git-fixes). - drm/amdgpu: disable BACO on special BEIGE_GOBY card (git-fixes). - drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() (git-fixes). - drm/amdkfd: Migrate in CPU page fault use current mm (git-fixes). - drm/amdkfd: avoid recursive lock in migrations back to RAM (git-fixes). - drm/amdkfd: handle CPU fault on COW mapping (git-fixes). - drm/drv: Fix potential memory leak in drm_dev_init() (git-fixes). - drm/hyperv: Add ratelimit on error message (git-fixes). - drm/hyperv: Do not overwrite dirt_needed value set by host (git-fixes). - drm/i915/dmabuf: fix sg_table handling in map_dma_buf (git-fixes). - drm/i915/sdvo: Filter out invalid outputs more sensibly (git-fixes). - drm/i915/sdvo: Setup DDC fully before output init (git-fixes). - drm/imx: imx-tve: Fix return type of imx_tve_connector_mode_valid (git-fixes). - drm/msm/hdmi: Remove spurious IRQF_ONESHOT flag (git-fixes). - drm/msm/hdmi: fix IRQ lifetime (git-fixes). - drm/panel: simple: set bpc field for logic technologies displays (git-fixes). - drm/rockchip: dsi: Force synchronous probe (git-fixes). - drm/vc4: Fix missing platform_unregister_drivers() call in vc4_drm_register() (git-fixes). - drm/vc4: kms: Fix IS_ERR() vs NULL check for vc4_kms (git-fixes). - drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() (git-fixes). - dt-bindings: power: gpcv2: add power-domains property (git-fixes). - e1000e: Fix TX dispatch condition (git-fixes). - e100: Fix possible use after free in e100_xmit_prepare (git-fixes). - efi/tpm: Pass correct address to memblock_reserve (git-fixes). - efi: random: Use 'ACPI reclaim' memory for random seed (git-fixes). - efi: random: reduce seed size to 32 bytes (git-fixes). - firmware: arm_scmi: Make Rx chan_setup fail on memory errors (git-fixes). - firmware: arm_scmi: Suppress the driver's bind attributes (git-fixes). - firmware: coreboot: Register bus in module init (git-fixes). - fm10k: Fix error handling in fm10k_init_module() (git-fixes). - ftrace: Fix null pointer dereference in ftrace_add_mod() (git-fixes). - ftrace: Fix the possible incorrect kernel message (git-fixes). - ftrace: Fix use-after-free for dynamic ftrace_ops (git-fixes). - ftrace: Optimize the allocation for mcount entries (git-fixes). - fuse: add file_modified() to fallocate (bsc#1205332). - fuse: fix readdir cache race (bsc#1205331). - gpio: amd8111: Fix PCI device reference count leak (git-fixes). - hamradio: fix issue of dev reference count leakage in bpq_device_event() (git-fixes). - hv_netvsc: Fix potential dereference of NULL pointer (git-fixes). - hv_netvsc: Fix race between VF offering and VF association message from host (bsc#1204850). - hv_netvsc: Print value of invalid ID in netvsc_send_{completion,tx_complete}() (git-fixes). - hv_sock: Add validation for untrusted Hyper-V values (git-fixes). - hv_sock: Check hv_pkt_iter_first_raw()'s return value (git-fixes). - hv_sock: Copy packets sent by Hyper-V out of the ring buffer (git-fixes). - hwmon: (coretemp) Check for null before removing sysfs attrs (git-fixes). - hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (git-fixes). - hwmon: (i5500_temp) fix missing pci_disable_device() (git-fixes). - hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails (git-fixes). - hwmon: (ina3221) Fix shunt sum critical calculation (git-fixes). - hwmon: (ltc2947) fix temperature scaling (git-fixes). - i2c: i801: add lis3lv02d's I2C address for Vostro 5568 (git-fixes). - i2c: imx: Only DMA messages with I2C_M_DMA_SAFE flag set (git-fixes). - i2c: npcm7xx: Fix error handling in npcm_i2c_init() (git-fixes). - i2c: piix4: Fix adapter not be removed in piix4_remove() (git-fixes). - i2c: tegra: Allocate DMA memory for DMA engine (git-fixes). - i2c: xiic: Add platform module alias (git-fixes). - ibmvnic: Free rwi on reset success (bsc#1184350 ltc#191533 git-fixes). - ieee802154: cc2520: Fix error return code in cc2520_hw_init() (git-fixes). - iio: adc: at91_adc: fix possible memory leak in at91_adc_allocate_trigger() (git-fixes). - iio: adc: mp2629: fix potential array out of bound access (git-fixes). - iio: adc: mp2629: fix wrong comparison of channel (git-fixes). - iio: core: Fix entry not deleted when iio_register_sw_trigger_type() fails (git-fixes). - iio: health: afe4403: Fix oob read in afe4403_read_raw (git-fixes). - iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw (git-fixes). - iio: light: apds9960: fix wrong register for gesture gain (git-fixes). - iio: light: rpr0521: add missing Kconfig dependencies (git-fixes). - iio: ms5611: Simplify IO callback parameters (git-fixes). - iio: pressure: ms5611: changed hardcoded SPI speed to value limited (git-fixes). - iio: pressure: ms5611: fixed value compensation bug (git-fixes). - iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() (git-fixes). - init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash (git-fixes). - intel_idle: Add AlderLake support (jsc#PED-824). - intel_idle: Fix SPR C6 optimization (jsc#PED-824 jsc#PED-1936). - intel_idle: Fix the 'preferred_cstates' module parameter (jsc#PED-824 jsc#PED-1936). - intel_idle: make SPR C1 and C1E be independent (jsc#PED-1936). - io-wq: Remove duplicate code in io_workqueue_create() (bnc#1205113). - io-wq: do not retry task_work creation failure on fatal conditions (bnc#1205113). - io-wq: ensure we exit if thread group is exiting (git-fixes). - io-wq: exclusively gate signal based exit on get_signal() return (git-fixes). - io-wq: fix cancellation on create-worker failure (bnc#1205113). - io-wq: fix silly logic error in io_task_work_match() (bnc#1205113). - io_uring: correct __must_hold annotation (git-fixes). - io_uring: drop ctx->uring_lock before acquiring sqd->lock (git-fixes). - io_uring: ensure IORING_REGISTER_IOWQ_MAX_WORKERS works with SQPOLL (git-fixes). - io_uring: fix io_timeout_remove locking (git-fixes). - io_uring: fix missing mb() before waitqueue_active (git-fixes). - io_uring: fix missing sigmask restore in io_cqring_wait() (git-fixes). - io_uring: fix possible poll event lost in multi shot mode (git-fixes). - io_uring: pin SQPOLL data before unlocking ring lock (git-fixes). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - kABI: Fix kABI after 'KVM: x86/pmu: Use different raw event masks for AMD and Intel' (git-fixes). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - kexec: turn all kexec_mutex acquisitions into trylocks (git-fixes). - mISDN: fix misuse of put_device() in mISDN_register_device() (git-fixes). - mISDN: fix possible memory leak in mISDN_dsp_element_register() (git-fixes). - mac80211: radiotap: Use BIT() instead of shifts (git-fixes). - mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() (git-fixes). - macsec: Fix invalid error code set (git-fixes). - macsec: add missing attribute validation for offload (git-fixes). - macsec: clear encryption keys from the stack after setting up offload (git-fixes). - macsec: delete new rxsc when offload fails (git-fixes). - macsec: fix detection of RXSCs when toggling offloading (git-fixes). - macsec: fix secy->n_rx_sc accounting (git-fixes). - md/raid5: Ensure stripe_fill happens on non-read IO with journal (git-fixes). - md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() (git-fixes). - md: Replace snprintf with scnprintf (git-fixes, bsc#1164051). - media: cros-ec-cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: dvb-frontends/drxk: initialize err to 0 (git-fixes). - media: meson: vdec: fix possible refcount leak in vdec_probe() (git-fixes). - media: rkisp1: Do not pass the quantization to rkisp1_csm_config() (git-fixes). - media: rkisp1: Initialize color space on resizer sink and source pads (git-fixes). - media: rkisp1: Use correct macro for gradient registers (git-fixes). - media: rkisp1: Zero v4l2_subdev_format fields in when validating links (git-fixes). - media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE (git-fixes). - media: v4l: subdev: Fail graciously when getting try data for NULL state (git-fixes). - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (git-fixes). - mmc: core: Fix ambiguous TRIM and DISCARD arg (git-fixes). - mmc: core: properly select voltage range without power cycle (git-fixes). - mmc: cqhci: Provide helper for resetting both SDHCI and CQHCI (git-fixes). - mmc: mmc_test: Fix removal of debugfs file (git-fixes). - mmc: sdhci-brcmstb: Enable Clock Gating to save power (git-fixes). - mmc: sdhci-brcmstb: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-brcmstb: Re-organize flags (git-fixes). - mmc: sdhci-esdhc-imx: correct CQHCI exit halt state check (git-fixes). - mmc: sdhci-esdhc-imx: use the correct host caps for MMC_CAP_8_BIT_DATA (git-fixes). - mmc: sdhci-of-arasan: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci-pci-o2micro: fix card detect fail issue caused by CD# debounce timeout (git-fixes). - mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() (git-fixes). - mmc: sdhci-sprd: Fix no reset data and command after voltage switch (git-fixes). - mmc: sdhci-tegra: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mmc: sdhci_am654: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mms: sdhci-esdhc-imx: Fix SDHCI_RESET_ALL for CQHCI (git-fixes). - mtd: parsers: bcm47xxpart: Fix halfblock reads (git-fixes). - mtd: parsers: bcm47xxpart: print correct offset on read error (git-fixes). - mtd: spi-nor: intel-spi: Disable write protection only if asked (git-fixes). - nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes). - net/smc: Avoid overwriting the copies of clcsock callback functions (git-fixes). - net/smc: Fix an error code in smc_lgr_create() (git-fixes). - net/smc: Fix possible access to freed memory in link clear (git-fixes). - net/smc: Fix possible leaked pernet namespace in smc_init() (git-fixes). - net/smc: Fix slab-out-of-bounds issue in fallback (git-fixes). - net/smc: Fix sock leak when release after smc_shutdown() (git-fixes). - net/smc: Forward wakeup to smc socket waitqueue after fallback (git-fixes). - net/smc: Only save the original clcsock callback functions (git-fixes). - net/smc: Send directly when TCP_CORK is cleared (git-fixes). - net/smc: kABI workarounds for struct smc_link (git-fixes). - net/smc: kABI workarounds for struct smc_sock (git-fixes). - net/smc: send directly on setting TCP_NODELAY (git-fixes). - net/x25: Fix skb leak in x25_lapb_receive_frame() (git-fixes). - net: ethernet: nixge: fix NULL dereference (git-fixes). - net: ethernet: renesas: ravb: Fix promiscuous mode after system resumed (git-fixes). - net: ethernet: ti: am65-cpsw: fix error handling in am65_cpsw_nuss_probe() (git-fixes). - net: hyperv: remove use of bpf_op_t (git-fixes). - net: mdio: fix unbalanced fwnode reference count in mdio_device_release() (git-fixes). - net: mdiobus: fix unbalanced node reference count (git-fixes). - net: phy: fix null-ptr-deref while probe() failed (git-fixes). - net: phy: marvell: add sleep time after enabling the loopback bit (git-fixes). - net: phy: mscc: macsec: clear encryption keys when freeing a flow (git-fixes). - net: smsc95xx: add support for Microchip EVB-LAN8670-USB (git-fixes). - net: stmmac: work around sporadic tx issue on link-up (git-fixes). - net: thunderbolt: Fix error handling in tbnet_init() (git-fixes). - net: thunderbolt: fix memory leak in tbnet_open() (git-fixes). - net: thunderx: Fix the ACPI memory leak (git-fixes). - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). - net: wwan: iosm: fix dma_alloc_coherent incompatible pointer type (git-fixes). - net: wwan: iosm: fix kernel test robot reported error (git-fixes). - nfc/nci: fix race with opening and closing (git-fixes). - nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() (git-fixes). - nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() (git-fixes). - nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() (git-fixes). - nfc: st-nci: fix incorrect sizing calculations in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix incorrect validating logic in EVT_TRANSACTION (git-fixes). - nfc: st-nci: fix memory leaks in EVT_TRANSACTION (git-fixes). - nilfs2: fix NULL pointer dereference in nilfs_palloc_commit_free_entry() (git-fixes). - nilfs2: fix deadlock in nilfs_count_free_blocks() (git-fixes). - nilfs2: fix nilfs_sufile_mark_dirty() not set segment usage as dirty (git-fixes). - nilfs2: fix use-after-free bug of ns_writer on remount (git-fixes). - nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure (git-fixes). - panic, kexec: make __crash_kexec() NMI safe (git-fixes). - parport_pc: Avoid FIFO port location truncation (git-fixes). - phy: ralink: mt7621-pci: add sentinel to quirks table (git-fixes). - phy: stm32: fix an error code in probe (git-fixes). - pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map (git-fixes). - pinctrl: intel: Save and restore pins in 'direct IRQ' mode (git-fixes). - pinctrl: rockchip: list all pins in a possible mux route for PX30 (git-fixes). - pinctrl: single: Fix potential division by zero (git-fixes). - platform/surface: aggregator: Do not check for repeated unsequenced packets (git-fixes). - platform/x86/intel/pmt: Sapphire Rapids PMT errata fix (jsc#PED-2684 bsc#1205683). - platform/x86/intel: hid: add quirk to support Surface Go 3 (git-fixes). - platform/x86/intel: pmc: Do not unconditionally attach Intel PMC when virtualized (git-fixes). - platform/x86: acer-wmi: Enable SW_TABLET_MODE on Switch V 10 (SW5-017) (git-fixes). - platform/x86: asus-wmi: add missing pci_dev_put() in asus_wmi_set_xusb2pr() (git-fixes). - platform/x86: hp-wmi: Ignore Smart Experience App event (git-fixes). - platform/x86: hp_wmi: Fix rfkill causing soft blocked wifi (git-fixes). - platform/x86: ideapad-laptop: Disable touchpad_switch (git-fixes). - platform/x86: touchscreen_dmi: Add info for the RCA Cambio W101 v2 2-in-1 (git-fixes). - powerpc/64: Fix build failure with allyesconfig in book3s_64_entry.S (bsc#1194869). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1156395). - powerpc/kvm: Fix kvm_use_magic_page (bsc#1156395). - powerpc/pseries/vas: Declare pseries_vas_fault_thread_fn() as static (bsc#1194869). - proc: avoid integer type confusion in get_proc_long (git-fixes). - proc: proc_skip_spaces() shouldn't think it is working on C strings (git-fixes). - rbd: fix possible memory leak in rbd_sysfs_init() (git-fixes). - regulator: core: fix UAF in destroy_regulator() (git-fixes). - regulator: core: fix kobject release warning and memory leak in regulator_register() (git-fixes). - regulator: twl6030: re-add TWL6032_SUBCLASS (git-fixes). - ring-buffer: Include dropped pages in counting dirty patches (git-fixes). - ring_buffer: Do not deactivate non-existant pages (git-fixes). - s390/futex: add missing EX_TABLE entry to __futex_atomic_op() (bsc#1205427 LTC#200502). - s390/pci: add missing EX_TABLE entries to __pcistg_mio_inuser()/__pcilg_mio_inuser() (bsc#1205427 LTC#200502). - s390/uaccess: add missing EX_TABLE entries to __clear_user(), copy_in_user_mvcos(), copy_in_user_mvc(), clear_user_xc() and __strnlen_user() (bsc#1205428 LTC#200501). - s390: fix nospec table alignments (git-fixes). - sched: Clear ttwu_pending after enqueue_task() (git fixes (sched/core)). - sched: Disable sched domain debugfs creation on ppc64 unless sched_verbose is specified (bnc#1205653). - scripts/faddr2line: Fix regression in name resolution on ppc64le (git-fixes). - scsi: ibmvfc: Avoid path failures during live migration (bsc#1065729). - scsi: ibmvscsis: Increase INITIAL_SRP_LIMIT to 1024 (bsc#1156395). - scsi: megaraid_sas: Correct value passed to scsi_device_lookup() (git-fixes). - scsi: mpt3sas: Fix return value check of dma_get_required_mask() (git-fixes). - scsi: qedf: Populate sysfs attributes for vport (git-fixes). - scsi: scsi_transport_sas: Fix error handling in sas_phy_add() (git-fixes). - scsi: storvsc: Drop DID_TARGET_FAILURE use (git-fixes). - scsi: storvsc: Fix handling of srb_status and capacity change events (git-fixes). - scsi: storvsc: Fix typo in comment (git-fixes). - scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq (git-fixes). - scsi: storvsc: remove an extraneous 'to' in a comment (git-fixes). - scsi: zfcp: Fix double free of FSF request when qdio send fails (git-fixes). - selftests/intel_pstate: fix build for ARCH=x86_64 (git-fixes). - selftests: mptcp: fix mibit vs mbit mix up (git-fixes). - selftests: mptcp: make sendfile selftest work (git-fixes). - selftests: mptcp: more stable simult_flows tests (git-fixes). - selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload (git-fixes). - serial: 8250: 8250_omap: Avoid RS485 RTS glitch on ->set_termios() (git-fixes). - serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs (git-fixes). - serial: 8250: Flush DMA Rx on RLSI (git-fixes). - serial: 8250: omap: Fix unpaired pm_runtime_put_sync() in omap8250_remove() (git-fixes). - serial: 8250: omap: Flush PM QOS work on remove (git-fixes). - serial: 8250_lpss: Configure DMA also w/o DMA filter (git-fixes). - serial: 8250_omap: remove wait loop from Errata i202 workaround (git-fixes). - serial: imx: Add missing .thaw_noirq hook (git-fixes). - siox: fix possible memory leak in siox_device_add() (git-fixes). - slimbus: stream: correct presence rate frequencies (git-fixes). - smb2: small refactor in smb2_check_message() (bsc#1193629). - smb3: Move the flush out of smb2_copychunk_range() into its callers (bsc#1193629). - smb3: add dynamic trace points for tree disconnect (bsc#1193629). - smb3: add trace point for SMB2_set_eof (bsc#1193629). - smb3: allow deferred close timeout to be configurable (bsc#1193629). - smb3: check xattr value length earlier (bsc#1193629). - smb3: clarify multichannel warning (bsc#1193629). - smb3: do not log confusing message when server returns no network interfaces (bsc#1193629). - smb3: fix empty netname context on secondary channels (bsc#1193629). - smb3: fix oops in calculating shash_setkey (bsc#1193629). - smb3: fix temporary data corruption in collapse range (bsc#1193629). - smb3: fix temporary data corruption in insert range (bsc#1193629). - smb3: improve SMB3 change notification support (bsc#1193629). - smb3: interface count displayed incorrectly (bsc#1193629). - smb3: missing inode locks in punch hole (bsc#1193629). - smb3: missing inode locks in zero range (bsc#1193629). - smb3: must initialize two ACL struct fields to zero (bsc#1193629). - smb3: remove unneeded null check in cifs_readdir (bsc#1193629). - smb3: rename encryption/decryption TFMs (bsc#1193629). - smb3: use filemap_write_and_wait_range instead of filemap_write_and_wait (bsc#1193629). - smb3: use netname when available on secondary channels (bsc#1193629). - smb3: workaround negprot bug in some Samba servers (bsc#1193629). - soc: imx8m: Enable OCOTP clock before reading the register (git-fixes). - soundwire: intel: Initialize clock stop timeout (bsc#1205507). - soundwire: qcom: check for outanding writes before doing a read (git-fixes). - soundwire: qcom: reinit broadcast completion (git-fixes). - speakup: fix a segfault caused by switching consoles (git-fixes). - spi: dw-dma: decrease reference count in dw_spi_dma_init_mfld() (git-fixes). - spi: spi-imx: Fix spi_bus_clk if requested clock is higher than input clock (git-fixes). - spi: stm32: Print summary 'callbacks suppressed' message (git-fixes). - spi: stm32: fix stm32_spi_prepare_mbr() that halves spi clk for every run (git-fixes). - spi: tegra210-quad: Fix duplicate resource error (git-fixes). - thunderbolt: Add DP OUT resource when DP tunnel is discovered (git-fixes). - tools: hv: Remove an extraneous 'the' (git-fixes). - tools: hv: kvp: remove unnecessary (void*) conversions (git-fixes). - tools: iio: iio_generic_buffer: Fix read size (git-fixes). - tracing/ring-buffer: Have polling block on watermark (git-fixes). - tracing: Fix memory leak in test_gen_synth_cmd() and test_empty_synth_event() (git-fixes). - tracing: Fix memory leak in tracing_read_pipe() (git-fixes). - tracing: Fix wild-memory-access in register_synth_event() (git-fixes). - tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_array in kprobe_event_gen_test_exit() (git-fixes). - tracing: kprobe: Fix potential null-ptr-deref on trace_event_file in kprobe_event_gen_test_exit() (git-fixes). - tty: n_gsm: fix sleep-in-atomic-context bug in gsm_control_send (git-fixes). - tty: serial: fsl_lpuart: do not break the on-going transfer when global reset (git-fixes). - usb: add NO_LPM quirk for Realforce 87U Keyboard (git-fixes). - usb: cdns3: host: fix endless superspeed hub port reset (git-fixes). - usb: cdnsp: Fix issue with Clear Feature Halt Endpoint (git-fixes). - usb: cdnsp: fix issue with ZLP - added TD_SIZE = 1 (git-fixes). - usb: chipidea: fix deadlock in ci_otg_del_timer (git-fixes). - usb: dwc3: exynos: Fix remove() function (git-fixes). - usb: dwc3: gadget: Clear ep descriptor last (git-fixes). - usb: dwc3: gadget: Return -ESHUTDOWN on ep disable (git-fixes). - usb: dwc3: gadget: conditionally remove requests (git-fixes). - usb: smsc: use eth_hw_addr_set() (git-fixes). - usb: typec: mux: Enter safe mode only when pins need to be reconfigured (git-fixes). - usb: xhci-mtk: check boundary before check tt (git-fixes). - usb: xhci-mtk: update fs bus bandwidth by bw_budget_table (git-fixes). - usbnet: smsc95xx: Do not reset PHY behind PHY driver's back (git-fixes). - v3 of 'PCI: hv: Only reuse existing IRTE allocation for Multi-MSI' - video/fbdev/stifb: Implement the stifb_fillrect() function (git-fixes). - virtio-blk: Use blk_validate_block_size() to validate block size (git-fixes). - vmxnet3: correctly report encapsulated LRO packet (git-fixes). - vmxnet3: use correct intrConf reference when using extended queues (git-fixes). - wifi: airo: do not assign -1 to unsigned char (git-fixes). - wifi: ath11k: Fix QCN9074 firmware boot on x86 (git-fixes). - wifi: ath11k: avoid deadlock during regulatory update in ath11k_regd_update() (git-fixes). - wifi: cfg80211: do not allow multi-BSSID in S1G (git-fixes). - wifi: cfg80211: fix buffer overflow in elem comparison (git-fixes). - wifi: cfg80211: fix memory leak in query_regdb_file() (git-fixes). - wifi: cfg80211: silence a sparse RCU warning (git-fixes). - wifi: mac80211: Fix ack frame idr leak when mesh has no route (git-fixes). - wifi: mac80211: fix memory free error when registering wiphy fail (git-fixes). - wifi: mac80211_hwsim: fix debugfs attribute ps with rc table support (git-fixes). - wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration (git-fixes). - wifi: wext: use flex array destination for memcpy() (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute (git-fixes). - wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute (git-fixes). - wifi: wilc1000: validate number of channels (git-fixes). - wifi: wilc1000: validate pairwise and authentication suite offsets (git-fixes). - x86/Xen: streamline (and fix) PV CPU enumeration (git-fixes). - x86/bugs: Make sure MSR_SPEC_CTRL is updated properly upon resume from S3 (bsc#1206037). - x86/cpu: Restore AMD's DE_CFG MSR after resume (bsc#1205473). - x86/entry: Work around Clang __bdos() bug (git-fixes). - x86/extable: Extend extable functionality (git-fixes). - x86/fpu: Drop fpregs lock before inheriting FPU permissions (bnc#1205282). - x86/futex: Remove .fixup usage (git-fixes). - x86/hyperv: Disable hardlockup detector by default in Hyper-V guests (git-fixes). - x86/hyperv: Fix 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: Update 'struct hv_enlightened_vmcs' definition (git-fixes). - x86/hyperv: fix invalid writes to MSRs during root partition kexec (git-fixes). - x86/kexec: Fix double-free of elf header buffer (bsc#1205567). - x86/microcode/AMD: Apply the patch early on every logical thread (bsc#1205264). - x86/uaccess: Implement macros for CMPXCHG on user addresses (git-fixes). - xen/gntdev: Accommodate VMA splitting (git-fixes). - xen/pcpu: fix possible memory leak in register_pcpu() (git-fixes). - xen: delay xen_hvm_init_time_ops() if kdump is boot on vcpu>=32 (git-fixes). - xfs: convert XLOG_FORCED_SHUTDOWN() to xlog_is_shutdown() (git-fixes). - xfs: fix perag reference leak on iteration race with growfs (git-fixes). - xfs: fix xfs_ifree() error handling to not leak perag ref (git-fixes). - xfs: reserve quota for dir expansion when linking/unlinking files (bsc#1205616). - xfs: reserve quota for target dir expansion when renaming files (bsc#1205679). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4597-1 Released: Wed Dec 21 10:13:11 2022 Summary: Security update for curl Type: security Severity: important References: 1206308,1206309,CVE-2022-43551,CVE-2022-43552 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308). ----------------------------------------------------------------- Advisory ID: SUSE-feature-2022:4601-1 Released: Wed Dec 21 12:23:59 2022 Summary: Feature update for GNOME 41 Type: feature Severity: moderate References: 1175622,1179584,1188882,1196205,1200581,1203274,1204867,944832 This update for GNOME 41 fixes the following issues: atkmm1_6: - Version update from 2.28.1 to 2.28.3 (jsc#PED-2235): * Meson build: Avoid unnecessary configuration warnings * Meson build: Perl is not required by new versions of mm-common * Meson build: Require meson >= 0.55.0 * Meson build: Specify 'check' option in run_command(). Will be necessary with future versions of Meson. * Require atk >= 2.12.0 Not a new requirement, but previously it was not specified in configure.ac and meson.build * Support building with Visual Studio 2022 eog: - Version update from 41.1 to 41.2 (jsc#PED-2235): * eog-window: use correct type for display_profile * Fix discovery of Evince for multi-page images evince: - Version update 41.3 to 41.4 (jsc#PED-2235): * shell: Fix failures when thumbnail extraction takes too long * Fix build with meson 0.60.0 and newer evolution: - Ensure evolution-devel is forward compatible with evolution-data-server-devel in a same major version (jsc#PED-2235) evolution-data-center: - Version update from 3.42.4 to 3.42.5 (jsc#PED-2235): * Google OAuth out-of-band (oob) flow will be deprecated folks: - Version update 0.15.3 to 0.15.5 (jsc#PED-2235): * vapi: Add missing generic type argument * Fix docs build against newer eds version * Fix build against newer eds version * Remove volatile keyword from tests gcr: - Version update 3.41.0 to 3.41.1 (jsc#PED-2235): * Add G_SPAWN_CLOEXEC_PIPES flag to all the g_spawn commands * Add gi-docgen dependency which is needed by the docs * Fix build with meson 0.60.0 and newer * Fix build without systemd * Several CI fixes geocode-glib: - Version update from 3.26.2 to 3.26.4 (jsc#PED-2235): * Fix to a test data file not being installed, and a bug fix for a bug in the libsoup3 port * Add support for libsoup 3.x gjs: - Version update from 1.70.1 to 1.70.2 (jsc#PED-2235): * Build and compatibility fixes backported from the development branch * Reverse order of running-from-source checks - Require xorg-x11-Xvfb for proper package build (bsc#1203274) glib2: - Version update from 2.70.4 to 2.70.5 (jsc#PED-2235): * Bugs fixed: glgo#GNOME/GLib#2620, glgo#GNOME/GLib!2537, glgo#GNOME/GLib!2555 * Split gtk-docs from -devel package, these are not needed during building projects using glib2 gnome-control-center: - Fix the size of logo icon in About system (bsc#1200581) - Version update from 41.4 to 41.7 (jsc#PED-2235): * Cellular: Remove duplicate line from .desktop * Info: Allow changing 'Device Name' by pressing 'Enter' * Info: Remove trailing space after CPU name * Keyboard: Fix crash resetting all keyboard shortcuts * Keyboard: Fix leaks * Network: Fix saving passwords for non-wifi connections * Network: Fix critical when opening VPN details page * Wacom: Fix leaks gnome-desktop: - Version update from 41.2 to 41.8 (jsc#PED-2235): * Version increase but no actual changes gnome-music: - Version update from 41.0 to 41.1 (jsc#PED-2235): * Ensure the correct album is played * Fix build with meson 0.61.0 and newer * Fix crash on empty selection * Fix incorrect playlist import * Fix time displayed in RTL languages * Improve async queue work * Make random shuffle actually random * Make shuffle random * Speed increase on first startup on larger collections * Time is reversed in RTL gnome-remote-desktop: - Version update from 41.2 to 41.3 (jsc#PED-2235): * Add Icelandic translation gnome-session: - Clear error messages that can be ignored because expected to happen for GDM sessions (bsc#1204867) - Add fix for gnome-session to exit immediately when lost name on bus (bsc#1175622, bsc#1188882) gnome-shell: - Disable offline update suggestion before shutdown/reboot in SLE and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.9 (jsc#PED-2235): * Allow extension updates with only Extension Manager installed * Allow more intermediate icon sizes in app grid * Disable workspace switching while in search. * Do not create systemd scope for D-Bus activated apps * Fix calendar to correctly align world clocks header in RTL * Fix drag placeholder position in dash in RTL locales * Fix edge case where windows stay dimmed after a modal is closed * Fix feedback when turning on a11y features by keyboard * Fix focus tracking in magnifier on wayland * Fix fractional timezone offsets in world clock * Fix glitches in overview transition * Fix logging in with realmd * Fix memory leak * Fix opening device settings for enterprise WPA networks * Fix programatically set scrollview fade * Fix regression in ibus support * Fix unresponsive top bar in overview when in fullscreen * Handle monitor changes during startup animation * Hide overview after 'Show Details' from app context menu * Improve Belgian on-screen keyboard layout * Improve CSS shadow appearance * Make sure startup animation completes * Misc. bug fixes and cleanups * Only close messages via delete key if they can be closed * Respect IM hint for candidates list in on-screen keyboard gnome-software: - Disable offline update feature in SUSE Linux Enterprise and openSUSE Leap (bsc#944832) - Version update from 41.4 to 41.5 (jsc#PED-2235): * Added several appstream-related fixed * Disable scroll-by-mouse-wheel on featured carousel * Ensure details page shows app provided on command line gnome-terminal: - Version update from 3.42.2 to 3.42.3 (jsc#PED-2235): * Fix build with meson 0.61.0 and newer * window: Use a normal menu for the popup menu gnome-user-docs: - Version update from 41.1 to 41.5 (jsc#PED-2235): * Added missing icon for network-wired-symbolic gspell: - Version update from 1.8.4 to 1.10.0 (jsc#PED-2235): * Build: distribute more files in tarballs * Documentation improvements gtkmm3: - Version update from 3.24.5 to 3.24.6 (jsc#PED-2235): * Build with Meson: MSVC build: Support Visual Studio 2022 * Check if Perl is required for building documentation * Don't use deprecated python3.path() and execute (..., gui_app...) * GTK: TreeValueProxy: Declare copy constructor = default, avoiding warnings from the claing++ compiler * Object::_release_c_instance(): Unref orphan managed widgets * SizeGroup demo: Set active items in the combo boxs, so something is shown * Specify 'check' option in run_command() gtk-vnc: - Version update from 1.3.0 to 1.3.1 (jsc#PED-2235): * Add 'check' arg to meson run_command() * Fix invalid use of subprojects with meson * Support ZRLE encoding for zero size alpha cursors gupnp-av: - Version update from 0.12.11 to 0.14.1 (jsc#PED-2235): * Add utility function to format GDateTime to the iso variant DIDL expects * Allow to be used as a subproject * Drop autotools * Fix stripping @refID * Fix unsetting subtitleFileType * Make Feature derivable again * Obsolete code removal. * Port to modern GObject * Remove hand-written ref-counting, use RcBox/AtomicRcBox instead. * Switch to meson build system, following upstream - Rename libgupnp-av-1_0-2 subpackage to libgupnp-av-1_0-3, correcting the package name to match the provided library - Conflict with the wrongly provided libgupnp-av-1_0-2 gvfs: - Version update from 1.48.1 to 1.48.2 (jsc#PED-2235): * sftp: Adapt on new OpenSSH password prompts * smb: Rework anonymous handling to avoid EINVAL * smb: Ignore EINVAL for kerberos/ccache login libgsf: - Version update from 1.14.48 to 1.14.50 (jsc#PED-2235): * Fix error handling problem when writing ole files * Fix problems with non-western text in OLE properties * Use g_date_time_new_from_iso8601 and g_date_time_format_iso8601 when available libmediaart: - Version update from 1.9.5 to 1.9.6 (jsc#PED-2235): * build: Add introspection/vapi/tests options * build: Use library() to optionally build a static library libnma: - Version update from 1.8.32 to 1.8.40 (jsc#PED-2235): * Ad-Hoc networks now default to using WPA2 instead of WEP * Add possibility of building libnma-gtk4 library with Gtk4 support * Do not allow setting empty 802.1x domain for EAP TLS * Fixed keyboard accelerator for certificate chooser * Fixed libnma-gtk4 version of mobile-wizard * Include OWE wireless security option * The GtkBuilder files for Gtk4 are now included in the release tarball * WEP is no longer provided as an option for connecting to hidden networks due to its deprecated status - New sub-packages libnma-gtk4-0, typelib-1_0-NMA4-1_0 and libnma-gtk4-devel - Split out documentation files in own docs sub-package libnotify: - Version update from 0.7.10 to 0.7.12 (jsc#PED-2235): * Delete unused notifynotification.xml * Fix potential build errors with old glib version we require * docs/notify-send: Add --transient option to manpage * notification: Bookend calling NotifyActionCallback with temporary reference * notification: Include sender-pid hint by default if not provided * notify-send: Add debug message about server not supporting persistence * notify-send: Add explicit option to create transient notifications * notify-send: Add support for boolean hints * notify-send: Move server capabilities check to a separate function * notify-send: Support passing any hint value, by parsing variant strings libpeas: - Version update from 1.30.0 to 1.32.0 (jsc#PED-2235): * Icon licenses have been corrected * Parallel build system operation fixes * Use gi-docgen for documentation * Various build warnings squashed * Various GIR data that should not have been exported was removed - Stop packaging the demo files/sub-package librsvg: - Version update from 2.52.6 to 2.52.9 (jsc#PED-2235): * Catch circular references when rendering patterns * Fix regressions when computing element geometries * Fix regression outputting all text as paths libsecret: - Version update from 0.20.4 to 0.20.5 (jsc#PED-2235): * Add bash-completion for secret-tool * Add locking capabilities to secret tool * Add support for TPM2 based secret storage * Create default collection after DBus.Error.UnknownObject * Detect local storage in snaps in the same way as flatpaks * Drop autotools-based build * GI annotation and documentation fixes * Port documentation to gi-docgen * Use G_GNUC_NULL_TERMINATED where appropriate collection, methods, prompt: Port to GTask * secret-file-backend: Avoid closing the same file descriptor twice mutter: - Version update from 41.5 to 41.9 (jsc#PED-2235): * Fix '--replace option' * Fix missing root window properties after XWayland start * Fix night light without GAMMA_LUT property * KMS: Survive missing GAMMA_LUT property * wayland: Fix rotation transform * Misc. bug fixes nautilus: - Version update from 41.2 to 41.5(jsc#PED-2235): * Drag-and-drop bugfixes * HighContrast style fixes orca: - Version update from 41.1 to 41.3 (jsc#PED-2235): * Add more event-flood detection and handling for improved performance * Fix bug causing accessing preferences to fail for Esperanto * Web: Fix bug causing widgets descending from off-screen label elements to be skipped over * Web: Fix presentation of the FluentUI react dialog (and any other dialog which has an ARIA document-role descendant) * WebKitGtk: Fail gracefully when structural navigation commands are used in WebKitGtk 2.36.x python-cairo: - Add python3-cairo to SUSE Linux Enterprise Micro 5.3 as it is now required by python3-gobject-cairo python-gobject: - Add dependency on python-cairo to python-gobject-cairo: The introspection wrapper needs pycairo (bsc#1179584) - Version update from 3.42.0 to 3.42.2 (jsc#PED-2235): * Add a workaround for a PyPy 3.9+ bug when threads are used * Do not error out for unknown scopes * Prompt an error instead of crashing when marshaling unsupported fundamental types in some cases * Fix a crash/refcounting error in case marshaling a hash table fails * Fix crashes when marshaling zero terminated arrays for certain item types * Implement DynamicImporter.find_spec() to silence deprecation warning * Make the test suite pass again with PyPy * Some test/CI fixes * gtk overrides: Do not override Treeview.enable_model_drag_xx for GTK4 * gtk overrides: restore Gtk.ListStore.insert_with_valuesv with newer GTK4 * interface: Fix leak when overriding GInterfaceInfo * setup.py: look up pycairo headers without importing the module trackers-python: - Allow system calls used by gstreamer (bsc#1196205) - Version update from 3.2.2 to 3.2.1 (jsc#PED-2235): * Backport seccomp rules for rseq and mbind syscalls vala: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Add missing TraverseVisitor.visit_data_type() * Add support for 'copy_/free_function' metadata for compact classes * Catch and throw possible inner error of lock statements * Clear SemanticAnalyzer.current_{symbol,source_file} when not needed anymore * Don't count instance-parameter when checking for backwards closure reference * Fix a few binding errors * Free empty stack list for code contexts * Handle duplicated and unnamed symbols. * Improve UI parsing and handling of nested objects and properties * Make sure to drop our 'trap' jump target in case of an error * Move dynamic property errors to semantic analyzer pass * Require lvalue access of delegate target/destroy 'fields' * Show source location when reporting deprecations * Transform assignment of an array element as needed * manual: Update from wiki.gnome.org * parser: Improve handling of nullable VarType in with-statement * parser: Reduce the source reference of main block method to its beginning xdg-desktop-portal-gnome: - Version update from 0.54.6 to 0.54.8 (jsc#PED-2235): * Properly bind property in Lockdown portal ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4618-1 Released: Fri Dec 23 13:02:31 2022 Summary: Recommended update for catatonit Type: recommended Severity: moderate References: This update for catatonit fixes the following issues: Update to catatonit v0.1.7: - This release adds the ability for catatonit to be used as the only process in a pause container, by passing the -P flag (in this mode no subprocess is spawned and thus no signal forwarding is done). Update to catatonit v0.1.6: - which fixes a few bugs -- mainly ones related to socket activation or features somewhat adjacent to socket activation (such as passing file descriptors). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4628-1 Released: Wed Dec 28 09:23:13 2022 Summary: Security update for sqlite3 Type: security Severity: moderate References: 1206337,CVE-2022-46908 This update for sqlite3 fixes the following issues: - CVE-2022-46908: Properly implement the azProhibitedFunctions protection mechanism, when relying on --safe for execution of an untrusted CLI script (bsc#1206337). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4629-1 Released: Wed Dec 28 09:24:07 2022 Summary: Security update for systemd Type: security Severity: important References: 1200723,1205000,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:4631-1 Released: Wed Dec 28 09:29:15 2022 Summary: Security update for vim Type: security Severity: important References: 1204779,1205797,1206028,1206071,1206072,1206075,1206077,CVE-2022-3491,CVE-2022-3520,CVE-2022-3591,CVE-2022-3705,CVE-2022-4141,CVE-2022-4292,CVE-2022-4293 This update for vim fixes the following issues: Updated to version 9.0.1040: - CVE-2022-3491: vim: Heap-based Buffer Overflow prior to 9.0.0742 (bsc#1206028). - CVE-2022-3520: vim: Heap-based Buffer Overflow (bsc#1206071). - CVE-2022-3591: vim: Use After Free (bsc#1206072). - CVE-2022-4292: vim: Use After Free in GitHub repository vim/vim prior to 9.0.0882 (bsc#1206075). - CVE-2022-4293: vim: Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804 (bsc#1206077). - CVE-2022-4141: vim: heap-buffer-overflow in alloc.c 246:11 (bsc#1205797). - CVE-2022-3705: vim: use after free in function qf_update_buffer of the file quickfix.c (bsc#1204779). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:25-1 Released: Thu Jan 5 09:51:41 2023 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: Version update from 2022f to 2022g (bsc#1177460): - In the Mexican state of Chihuahua: * The border strip near the US will change to agree with nearby US locations on 2022-11-30. * The strip's western part, represented by Ciudad Juarez, switches from -06 all year to -07/-06 with US DST rules, like El Paso, TX. * The eastern part, represented by Ojinaga, will observe US DST next year, like Presidio, TX. * A new Zone America/Ciudad_Juarez splits from America/Ojinaga. - Much of Greenland, represented by America/Nuuk, stops observing winter time after March 2023, so its daylight saving time becomes standard time. - Changes for pre-1996 northern Canada - Update to past DST transition in Colombia (1993), Singapore (1981) - 'timegm' is now supported by default ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:37-1 Released: Fri Jan 6 15:35:49 2023 Summary: Security update for ca-certificates-mozilla Type: security Severity: important References: 1206212,1206622 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:41-1 Released: Mon Jan 9 10:23:07 2023 Summary: Recommended update for kdump Type: recommended Severity: important References: 1144337,1191410,1204000,1204743 This update for kdump fixes the following issues: - Make the kdump-save.service reboot after kdump-save is finished (bsc#1204000) - Fix renaming of qeth interfaces (bsc#1204743, bsc#1144337) - Rebuild initrd image after migration on ppc64 architecture (bsc#1191410) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:45-1 Released: Mon Jan 9 10:32:26 2023 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1204585 This update for libxml2 fixes the following issues: - Add W3C conformance tests to the testsuite (bsc#1204585): * Added file xmlts20080827.tar.gz ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:48-1 Released: Mon Jan 9 10:37:54 2023 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1199467 This update for libtirpc fixes the following issues: - Consider /proc/sys/net/ipv4/ip_local_reserved_ports, before binding to a random port (bsc#1199467) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:50-1 Released: Mon Jan 9 10:42:21 2023 Summary: Recommended update for shadow Type: recommended Severity: moderate References: 1205502 This update for shadow fixes the following issues: - Fix issue with user id field that cannot be interpreted (bsc#1205502) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:51-1 Released: Mon Jan 9 10:42:58 2023 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1195391,1200107,1203092,1204423 This update for suse-module-tools fixes the following issues: - 80-hotplug-cpu-mem.rules: Restrict udev rule for Hotplug physical CPU to x86_64 architecture (bsc#1204423) - driver-check.sh, unblacklist: Convert `egrep` to `grep -E` (bsc#1203092) - driver-check.sh: Avoid false positive error messages (bsc#1200107) - kernel-scriptlets: Don't pass flags to weak-modules2 (bsc#1195391) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:52-1 Released: Mon Jan 9 10:43:57 2023 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1205266,1205272,1205284,1205377 This update for xfsprogs fixes the following issues: - mkfs: don't trample the gid set in the protofile (bsc#1205266) - mkfs: prevent corruption of passed-in suboption string values (bsc#1205377) - mkfs: terminate getsubopt arrays properly (bsc#1205284) - xfs_repair: ignore empty xattr leaf blocks (bsc#1205272) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:56-1 Released: Mon Jan 9 11:13:43 2023 Summary: Security update for libksba Type: security Severity: moderate References: 1206579,CVE-2022-47629 This update for libksba fixes the following issues: - CVE-2022-47629: Fixed an integer overflow vulnerability in the CRL signature parser (bsc#1206579). The following package changes have been done: - ca-certificates-mozilla-2.60-150200.27.1 updated - catatonit-0.1.7-150300.10.3.1 updated - curl-7.79.1-150400.5.12.1 updated - kdump-1.0.2+git18.g615d6ab-150400.3.8.1 updated - kernel-default-5.14.21-150400.24.38.1 updated - libcurl4-7.79.1-150400.5.12.1 updated - libglib-2_0-0-2.70.5-150400.3.3.1 updated - libksba8-1.3.5-150000.4.6.1 updated - libsqlite3-0-3.39.3-150000.3.20.1 updated - libsystemd0-249.12-150400.8.16.1 updated - libtirpc-netconfig-1.2.6-150300.3.17.1 updated - libtirpc3-1.2.6-150300.3.17.1 updated - libudev1-249.12-150400.8.16.1 updated - libxml2-2-2.9.14-150400.5.13.1 updated - login_defs-4.8.1-150400.10.3.1 updated - shadow-4.8.1-150400.10.3.1 updated - suse-module-tools-15.4.15-150400.3.5.1 updated - systemd-sysvinit-249.12-150400.8.16.1 updated - systemd-249.12-150400.8.16.1 updated - timezone-2022g-150000.75.18.1 updated - udev-249.12-150400.8.16.1 updated - vim-data-common-9.0.1040-150000.5.31.1 updated - vim-9.0.1040-150000.5.31.1 updated - xfsprogs-5.13.0-150400.3.3.1 updated From sle-security-updates at lists.suse.com Tue Jan 24 08:29:20 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 24 Jan 2023 09:29:20 +0100 (CET) Subject: SUSE-CU-2023:195-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230124082920.B11B5FD89@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:195-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.68 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.68 Severity : important Type : security References : 1207082 CVE-2023-22809 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:114-1 Released: Fri Jan 20 10:22:57 2023 Summary: Security update for sudo Type: security Severity: important References: 1207082,CVE-2023-22809 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions (bsc#1207082). The following package changes have been done: - sudo-1.9.9-150400.4.12.1 updated From sle-security-updates at lists.suse.com Tue Jan 24 17:18:51 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 24 Jan 2023 18:18:51 +0100 (CET) Subject: SUSE-SU-2023:0126-1: important: Security update for samba Message-ID: <20230124171851.9F17FFDD0@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0126-1 Rating: important References: #1205385 #1206504 #1206546 Cross-References: CVE-2021-20251 CVE-2022-37966 CVE-2022-38023 CVSS scores: CVE-2021-20251 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37966 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37966 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-38023 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-38023 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504). - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-126=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-126=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-126=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-126=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2023-126=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): samba-doc-4.6.16+git.384.9fec958bed-3.76.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc-binding0-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc-binding0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc0-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libndr-krb5pac0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-krb5pac0-4.6.16+git.384.9fec958bed-3.76.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-krb5pac0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libndr-nbt0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-nbt0-4.6.16+git.384.9fec958bed-3.76.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-nbt0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libndr-standard0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-standard0-4.6.16+git.384.9fec958bed-3.76.1 libndr-standard0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-standard0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libndr0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr0-4.6.16+git.384.9fec958bed-3.76.1 libndr0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libnetapi0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libnetapi0-4.6.16+git.384.9fec958bed-3.76.1 libnetapi0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libnetapi0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-credentials0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-credentials0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-credentials0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-errors0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-errors0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-errors0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-hostconfig0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-hostconfig0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-hostconfig0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-passdb0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-passdb0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-passdb0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-util0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-util0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-util0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-util0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamdb0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamdb0-4.6.16+git.384.9fec958bed-3.76.1 libsamdb0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamdb0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsmbclient0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbclient0-4.6.16+git.384.9fec958bed-3.76.1 libsmbclient0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbclient0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsmbconf0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbconf0-4.6.16+git.384.9fec958bed-3.76.1 libsmbconf0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbconf0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsmbldap0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbldap0-4.6.16+git.384.9fec958bed-3.76.1 libsmbldap0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbldap0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libtevent-util0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libtevent-util0-4.6.16+git.384.9fec958bed-3.76.1 libtevent-util0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libtevent-util0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libwbclient0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libwbclient0-4.6.16+git.384.9fec958bed-3.76.1 libwbclient0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libwbclient0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 samba-4.6.16+git.384.9fec958bed-3.76.1 samba-client-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-client-4.6.16+git.384.9fec958bed-3.76.1 samba-client-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-client-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 samba-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 samba-debugsource-4.6.16+git.384.9fec958bed-3.76.1 samba-libs-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-libs-4.6.16+git.384.9fec958bed-3.76.1 samba-libs-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-libs-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 samba-winbind-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-winbind-4.6.16+git.384.9fec958bed-3.76.1 samba-winbind-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-winbind-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 - SUSE OpenStack Cloud 9 (noarch): samba-doc-4.6.16+git.384.9fec958bed-3.76.1 - SUSE OpenStack Cloud 9 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc-binding0-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc-binding0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc0-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libndr-krb5pac0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-krb5pac0-4.6.16+git.384.9fec958bed-3.76.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-krb5pac0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libndr-nbt0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-nbt0-4.6.16+git.384.9fec958bed-3.76.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-nbt0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libndr-standard0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-standard0-4.6.16+git.384.9fec958bed-3.76.1 libndr-standard0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-standard0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libndr0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr0-4.6.16+git.384.9fec958bed-3.76.1 libndr0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libnetapi0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libnetapi0-4.6.16+git.384.9fec958bed-3.76.1 libnetapi0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libnetapi0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-credentials0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-credentials0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-credentials0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-errors0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-errors0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-errors0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-hostconfig0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-hostconfig0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-hostconfig0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-passdb0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-passdb0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-passdb0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-util0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-util0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-util0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-util0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamdb0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamdb0-4.6.16+git.384.9fec958bed-3.76.1 libsamdb0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamdb0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsmbclient0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbclient0-4.6.16+git.384.9fec958bed-3.76.1 libsmbclient0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbclient0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsmbconf0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbconf0-4.6.16+git.384.9fec958bed-3.76.1 libsmbconf0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbconf0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsmbldap0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbldap0-4.6.16+git.384.9fec958bed-3.76.1 libsmbldap0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbldap0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libtevent-util0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libtevent-util0-4.6.16+git.384.9fec958bed-3.76.1 libtevent-util0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libtevent-util0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libwbclient0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libwbclient0-4.6.16+git.384.9fec958bed-3.76.1 libwbclient0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libwbclient0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 samba-4.6.16+git.384.9fec958bed-3.76.1 samba-client-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-client-4.6.16+git.384.9fec958bed-3.76.1 samba-client-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-client-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 samba-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 samba-debugsource-4.6.16+git.384.9fec958bed-3.76.1 samba-libs-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-libs-4.6.16+git.384.9fec958bed-3.76.1 samba-libs-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-libs-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 samba-winbind-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-winbind-4.6.16+git.384.9fec958bed-3.76.1 samba-winbind-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-winbind-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libdcerpc-binding0-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc-binding0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc0-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libndr-krb5pac0-4.6.16+git.384.9fec958bed-3.76.1 libndr-krb5pac0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libndr-nbt0-4.6.16+git.384.9fec958bed-3.76.1 libndr-nbt0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libndr-standard0-4.6.16+git.384.9fec958bed-3.76.1 libndr-standard0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libndr0-4.6.16+git.384.9fec958bed-3.76.1 libndr0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libnetapi0-4.6.16+git.384.9fec958bed-3.76.1 libnetapi0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-credentials0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-credentials0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-errors0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-errors0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-hostconfig0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-hostconfig0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-passdb0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-passdb0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-util0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-util0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamdb0-4.6.16+git.384.9fec958bed-3.76.1 libsamdb0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsmbclient0-4.6.16+git.384.9fec958bed-3.76.1 libsmbclient0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsmbconf0-4.6.16+git.384.9fec958bed-3.76.1 libsmbconf0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsmbldap0-4.6.16+git.384.9fec958bed-3.76.1 libsmbldap0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libtevent-util0-4.6.16+git.384.9fec958bed-3.76.1 libtevent-util0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libwbclient0-4.6.16+git.384.9fec958bed-3.76.1 libwbclient0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 samba-4.6.16+git.384.9fec958bed-3.76.1 samba-client-4.6.16+git.384.9fec958bed-3.76.1 samba-client-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 samba-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 samba-debugsource-4.6.16+git.384.9fec958bed-3.76.1 samba-libs-4.6.16+git.384.9fec958bed-3.76.1 samba-libs-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 samba-winbind-4.6.16+git.384.9fec958bed-3.76.1 samba-winbind-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): samba-doc-4.6.16+git.384.9fec958bed-3.76.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libdcerpc-binding0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-krb5pac0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-nbt0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-standard0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-standard0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libnetapi0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libnetapi0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-credentials0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-errors0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-hostconfig0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-passdb0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-util0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-util0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamdb0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamdb0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbclient0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbclient0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbconf0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbconf0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbldap0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbldap0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libtevent-util0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libtevent-util0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libwbclient0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libwbclient0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-client-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-client-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-libs-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-libs-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-winbind-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-winbind-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc-binding0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc0-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libndr-krb5pac0-4.6.16+git.384.9fec958bed-3.76.1 libndr-krb5pac0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libndr-nbt0-4.6.16+git.384.9fec958bed-3.76.1 libndr-nbt0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libndr-standard0-4.6.16+git.384.9fec958bed-3.76.1 libndr-standard0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libndr0-4.6.16+git.384.9fec958bed-3.76.1 libndr0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libnetapi0-4.6.16+git.384.9fec958bed-3.76.1 libnetapi0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-credentials0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-credentials0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-errors0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-errors0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-hostconfig0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-hostconfig0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-passdb0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-passdb0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamba-util0-4.6.16+git.384.9fec958bed-3.76.1 libsamba-util0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsamdb0-4.6.16+git.384.9fec958bed-3.76.1 libsamdb0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsmbclient0-4.6.16+git.384.9fec958bed-3.76.1 libsmbclient0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsmbconf0-4.6.16+git.384.9fec958bed-3.76.1 libsmbconf0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libsmbldap0-4.6.16+git.384.9fec958bed-3.76.1 libsmbldap0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libtevent-util0-4.6.16+git.384.9fec958bed-3.76.1 libtevent-util0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 libwbclient0-4.6.16+git.384.9fec958bed-3.76.1 libwbclient0-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 samba-4.6.16+git.384.9fec958bed-3.76.1 samba-client-4.6.16+git.384.9fec958bed-3.76.1 samba-client-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 samba-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 samba-debugsource-4.6.16+git.384.9fec958bed-3.76.1 samba-libs-4.6.16+git.384.9fec958bed-3.76.1 samba-libs-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 samba-winbind-4.6.16+git.384.9fec958bed-3.76.1 samba-winbind-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libdcerpc-binding0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc-binding0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libdcerpc0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-krb5pac0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-krb5pac0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-nbt0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-nbt0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-standard0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr-standard0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libndr0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libnetapi0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libnetapi0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-credentials0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-credentials0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-errors0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-errors0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-hostconfig0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-hostconfig0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-passdb0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-passdb0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-util0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamba-util0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamdb0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsamdb0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbclient0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbclient0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbconf0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbconf0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbldap0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libsmbldap0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libtevent-util0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libtevent-util0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 libwbclient0-32bit-4.6.16+git.384.9fec958bed-3.76.1 libwbclient0-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-client-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-client-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-libs-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-libs-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-winbind-32bit-4.6.16+git.384.9fec958bed-3.76.1 samba-winbind-debuginfo-32bit-4.6.16+git.384.9fec958bed-3.76.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): samba-doc-4.6.16+git.384.9fec958bed-3.76.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ctdb-4.6.16+git.384.9fec958bed-3.76.1 ctdb-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 samba-debuginfo-4.6.16+git.384.9fec958bed-3.76.1 samba-debugsource-4.6.16+git.384.9fec958bed-3.76.1 References: https://www.suse.com/security/cve/CVE-2021-20251.html https://www.suse.com/security/cve/CVE-2022-37966.html https://www.suse.com/security/cve/CVE-2022-38023.html https://bugzilla.suse.com/1205385 https://bugzilla.suse.com/1206504 https://bugzilla.suse.com/1206546 From sle-security-updates at lists.suse.com Tue Jan 24 17:19:58 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 24 Jan 2023 18:19:58 +0100 (CET) Subject: SUSE-SU-2023:0127-1: moderate: Security update for rubygem-websocket-extensions Message-ID: <20230124171958.2F204FDD0@maintenance.suse.de> SUSE Security Update: Security update for rubygem-websocket-extensions ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0127-1 Rating: moderate References: #1172445 Cross-References: CVE-2020-7663 CVSS scores: CVE-2020-7663 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-7663 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rubygem-websocket-extensions fixes the following issues: - CVE-2020-7663: Fixed an excessive resource consumption when parsing crafted message headers sent by an attacker (bsc#1172445). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-127=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-127=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-127=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-127=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2023-127=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-websocket-extensions-0.1.3-150000.3.4.1 ruby2.5-rubygem-websocket-extensions-doc-0.1.3-150000.3.4.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-websocket-extensions-0.1.3-150000.3.4.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-websocket-extensions-0.1.3-150000.3.4.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-websocket-extensions-0.1.3-150000.3.4.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ruby2.5-rubygem-websocket-extensions-0.1.3-150000.3.4.1 References: https://www.suse.com/security/cve/CVE-2020-7663.html https://bugzilla.suse.com/1172445 From sle-security-updates at lists.suse.com Tue Jan 24 20:17:17 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 24 Jan 2023 21:17:17 +0100 (CET) Subject: SUSE-SU-2023:0132-1: important: Security update for rust1.66 Message-ID: <20230124201717.650FAFD2D@maintenance.suse.de> SUSE Security Update: Security update for rust1.66 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0132-1 Rating: important References: #1206930 Cross-References: CVE-2022-46176 CVSS scores: CVE-2022-46176 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-46176 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rust1.66 fixes the following issues: - CVE-2022-46176: Fixed missing SSH host key verification in cargo when cloning indexes and dependencies via SSH(bsc#1206930). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-132=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-132=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cargo1.66-1.66.0-150400.9.9.1 cargo1.66-debuginfo-1.66.0-150400.9.9.1 rust1.66-1.66.0-150400.9.9.1 rust1.66-debuginfo-1.66.0-150400.9.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): cargo1.66-1.66.0-150400.9.9.1 cargo1.66-debuginfo-1.66.0-150400.9.9.1 rust1.66-1.66.0-150400.9.9.1 rust1.66-debuginfo-1.66.0-150400.9.9.1 References: https://www.suse.com/security/cve/CVE-2022-46176.html https://bugzilla.suse.com/1206930 From sle-security-updates at lists.suse.com Tue Jan 24 20:18:12 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 24 Jan 2023 21:18:12 +0100 (CET) Subject: SUSE-SU-2023:0133-1: important: Security update for rust1.65 Message-ID: <20230124201812.E6F8DFD2D@maintenance.suse.de> SUSE Security Update: Security update for rust1.65 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0133-1 Rating: important References: #1206930 Cross-References: CVE-2022-46176 CVSS scores: CVE-2022-46176 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-46176 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for rust1.65 fixes the following issues: - CVE-2022-46176: Fixed missing SSH host key verification in cargo when cloning indexes and dependencies via SSH (bsc#1206930). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-133=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-133=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-133=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-133=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-133=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-133=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-133=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-133=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cargo1.65-1.65.0-150300.7.9.1 cargo1.65-debuginfo-1.65.0-150300.7.9.1 rust1.65-1.65.0-150300.7.9.1 rust1.65-debuginfo-1.65.0-150300.7.9.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): cargo1.65-1.65.0-150300.7.9.1 cargo1.65-debuginfo-1.65.0-150300.7.9.1 rust1.65-1.65.0-150300.7.9.1 rust1.65-debuginfo-1.65.0-150300.7.9.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): cargo1.65-1.65.0-150300.7.9.1 cargo1.65-debuginfo-1.65.0-150300.7.9.1 rust1.65-1.65.0-150300.7.9.1 rust1.65-debuginfo-1.65.0-150300.7.9.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): cargo1.65-1.65.0-150300.7.9.1 cargo1.65-debuginfo-1.65.0-150300.7.9.1 rust1.65-1.65.0-150300.7.9.1 rust1.65-debuginfo-1.65.0-150300.7.9.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): cargo1.65-1.65.0-150300.7.9.1 cargo1.65-debuginfo-1.65.0-150300.7.9.1 rust1.65-1.65.0-150300.7.9.1 rust1.65-debuginfo-1.65.0-150300.7.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): cargo1.65-1.65.0-150300.7.9.1 cargo1.65-debuginfo-1.65.0-150300.7.9.1 rust1.65-1.65.0-150300.7.9.1 rust1.65-debuginfo-1.65.0-150300.7.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): cargo1.65-1.65.0-150300.7.9.1 cargo1.65-debuginfo-1.65.0-150300.7.9.1 rust1.65-1.65.0-150300.7.9.1 rust1.65-debuginfo-1.65.0-150300.7.9.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): cargo1.65-1.65.0-150300.7.9.1 cargo1.65-debuginfo-1.65.0-150300.7.9.1 rust1.65-1.65.0-150300.7.9.1 rust1.65-debuginfo-1.65.0-150300.7.9.1 References: https://www.suse.com/security/cve/CVE-2022-46176.html https://bugzilla.suse.com/1206930 From sle-security-updates at lists.suse.com Tue Jan 24 20:19:41 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 24 Jan 2023 21:19:41 +0100 (CET) Subject: SUSE-SU-2023:0130-1: important: Security update for mozilla-nss Message-ID: <20230124201941.18F41FD2D@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0130-1 Rating: important References: #1204272 #1207038 Cross-References: CVE-2022-23491 CVE-2022-3479 CVSS scores: CVE-2022-23491 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-23491 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-3479 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-3479 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for mozilla-nss fixes the following issues: - CVE-2022-3479: Fixed a potential crash that could be triggered when a server requested a client authentication certificate, but the client had no certificates stored (bsc#1204272). - Updated to version 3.79.3 (bsc#1207038): - CVE-2022-23491: Removed trust for 3 root certificates from TrustCor. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-130=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-130=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-130=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-130=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-130=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-130=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-130=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-130=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-130=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-130=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-130=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-130=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-130=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-130=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-130=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-130=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-130=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-130=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-130=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-130=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-devel-3.79.3-150000.3.90.1 mozilla-nss-sysinit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Manager Server 4.2 (x86_64): libfreebl3-32bit-3.79.3-150000.3.90.1 libfreebl3-32bit-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150000.3.90.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-32bit-3.79.3-150000.3.90.1 libfreebl3-32bit-debuginfo-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libfreebl3-hmac-32bit-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 libsoftokn3-hmac-32bit-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-devel-3.79.3-150000.3.90.1 mozilla-nss-sysinit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Manager Proxy 4.2 (x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-32bit-3.79.3-150000.3.90.1 libfreebl3-32bit-debuginfo-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libfreebl3-hmac-32bit-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 libsoftokn3-hmac-32bit-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-devel-3.79.3-150000.3.90.1 mozilla-nss-sysinit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-devel-3.79.3-150000.3.90.1 mozilla-nss-sysinit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): libfreebl3-32bit-3.79.3-150000.3.90.1 libfreebl3-32bit-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-sysinit-32bit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-devel-3.79.3-150000.3.90.1 mozilla-nss-sysinit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libfreebl3-32bit-3.79.3-150000.3.90.1 libfreebl3-32bit-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-devel-3.79.3-150000.3.90.1 mozilla-nss-sysinit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libfreebl3-32bit-3.79.3-150000.3.90.1 libfreebl3-32bit-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-devel-3.79.3-150000.3.90.1 mozilla-nss-sysinit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (x86_64): libfreebl3-32bit-3.79.3-150000.3.90.1 libfreebl3-32bit-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-sysinit-32bit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-devel-3.79.3-150000.3.90.1 mozilla-nss-sysinit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libfreebl3-32bit-3.79.3-150000.3.90.1 libfreebl3-32bit-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-devel-3.79.3-150000.3.90.1 mozilla-nss-sysinit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.79.3-150000.3.90.1 libfreebl3-32bit-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-32bit-3.79.3-150000.3.90.1 libfreebl3-32bit-debuginfo-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libfreebl3-hmac-32bit-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 libsoftokn3-hmac-32bit-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-devel-3.79.3-150000.3.90.1 mozilla-nss-sysinit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-devel-3.79.3-150000.3.90.1 mozilla-nss-sysinit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (x86_64): libfreebl3-32bit-3.79.3-150000.3.90.1 libfreebl3-32bit-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-sysinit-32bit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-devel-3.79.3-150000.3.90.1 mozilla-nss-sysinit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (x86_64): libfreebl3-32bit-3.79.3-150000.3.90.1 libfreebl3-32bit-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-sysinit-32bit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-devel-3.79.3-150000.3.90.1 mozilla-nss-sysinit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libfreebl3-32bit-3.79.3-150000.3.90.1 libfreebl3-32bit-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-devel-3.79.3-150000.3.90.1 mozilla-nss-sysinit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.79.3-150000.3.90.1 libfreebl3-32bit-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150000.3.90.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-devel-3.79.3-150000.3.90.1 mozilla-nss-sysinit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Enterprise Storage 7.1 (x86_64): libfreebl3-32bit-3.79.3-150000.3.90.1 libfreebl3-32bit-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-sysinit-32bit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-32bit-debuginfo-3.79.3-150000.3.90.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-devel-3.79.3-150000.3.90.1 mozilla-nss-sysinit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Enterprise Storage 7 (x86_64): libfreebl3-32bit-3.79.3-150000.3.90.1 libfreebl3-32bit-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150000.3.90.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-devel-3.79.3-150000.3.90.1 mozilla-nss-sysinit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 - SUSE Enterprise Storage 6 (x86_64): libfreebl3-32bit-3.79.3-150000.3.90.1 libfreebl3-32bit-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150000.3.90.1 - SUSE CaaS Platform 4.0 (x86_64): libfreebl3-3.79.3-150000.3.90.1 libfreebl3-32bit-3.79.3-150000.3.90.1 libfreebl3-32bit-debuginfo-3.79.3-150000.3.90.1 libfreebl3-debuginfo-3.79.3-150000.3.90.1 libfreebl3-hmac-3.79.3-150000.3.90.1 libfreebl3-hmac-32bit-3.79.3-150000.3.90.1 libsoftokn3-3.79.3-150000.3.90.1 libsoftokn3-32bit-3.79.3-150000.3.90.1 libsoftokn3-32bit-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-debuginfo-3.79.3-150000.3.90.1 libsoftokn3-hmac-3.79.3-150000.3.90.1 libsoftokn3-hmac-32bit-3.79.3-150000.3.90.1 mozilla-nss-3.79.3-150000.3.90.1 mozilla-nss-32bit-3.79.3-150000.3.90.1 mozilla-nss-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-3.79.3-150000.3.90.1 mozilla-nss-certs-32bit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-certs-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-debugsource-3.79.3-150000.3.90.1 mozilla-nss-devel-3.79.3-150000.3.90.1 mozilla-nss-sysinit-3.79.3-150000.3.90.1 mozilla-nss-sysinit-debuginfo-3.79.3-150000.3.90.1 mozilla-nss-tools-3.79.3-150000.3.90.1 mozilla-nss-tools-debuginfo-3.79.3-150000.3.90.1 References: https://www.suse.com/security/cve/CVE-2022-23491.html https://www.suse.com/security/cve/CVE-2022-3479.html https://bugzilla.suse.com/1204272 https://bugzilla.suse.com/1207038 From sle-security-updates at lists.suse.com Wed Jan 25 08:27:19 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 25 Jan 2023 09:27:19 +0100 (CET) Subject: SUSE-CU-2023:205-1: Security update of bci/rust Message-ID: <20230125082719.485B7FCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:205-1 Container Tags : bci/rust:1.65 , bci/rust:1.65-13.5 Container Release : 13.5 Severity : important Type : security References : 1206930 CVE-2022-46176 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:133-1 Released: Tue Jan 24 15:38:38 2023 Summary: Security update for rust1.65 Type: security Severity: important References: 1206930,CVE-2022-46176 This update for rust1.65 fixes the following issues: - CVE-2022-46176: Fixed missing SSH host key verification in cargo when cloning indexes and dependencies via SSH (bsc#1206930). The following package changes have been done: - rust1.65-1.65.0-150300.7.9.1 updated - cargo1.65-1.65.0-150300.7.9.1 updated From sle-security-updates at lists.suse.com Wed Jan 25 08:27:30 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 25 Jan 2023 09:27:30 +0100 (CET) Subject: SUSE-CU-2023:206-1: Security update of bci/rust Message-ID: <20230125082730.C35ECFCC9@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:206-1 Container Tags : bci/rust:1.66 , bci/rust:1.66-2.5 , bci/rust:latest Container Release : 2.5 Severity : important Type : security References : 1206930 CVE-2022-46176 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:132-1 Released: Tue Jan 24 15:37:46 2023 Summary: Security update for rust1.66 Type: security Severity: important References: 1206930,CVE-2022-46176 This update for rust1.66 fixes the following issues: - CVE-2022-46176: Fixed missing SSH host key verification in cargo when cloning indexes and dependencies via SSH(bsc#1206930). The following package changes have been done: - rust1.66-1.66.0-150400.9.9.1 updated - cargo1.66-1.66.0-150400.9.9.1 updated From sle-security-updates at lists.suse.com Wed Jan 25 14:17:54 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 25 Jan 2023 15:17:54 +0100 (CET) Subject: SUSE-SU-2023:0136-1: important: Security update for xen Message-ID: <20230125141754.08979FD89@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0136-1 Rating: important References: #1027519 #1205209 Cross-References: CVE-2022-23824 CVSS scores: CVE-2022-23824 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-23824 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-136=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-136=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-136=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-136=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xen-4.11.4_36-2.86.1 xen-debugsource-4.11.4_36-2.86.1 xen-doc-html-4.11.4_36-2.86.1 xen-libs-32bit-4.11.4_36-2.86.1 xen-libs-4.11.4_36-2.86.1 xen-libs-debuginfo-32bit-4.11.4_36-2.86.1 xen-libs-debuginfo-4.11.4_36-2.86.1 xen-tools-4.11.4_36-2.86.1 xen-tools-debuginfo-4.11.4_36-2.86.1 xen-tools-domU-4.11.4_36-2.86.1 xen-tools-domU-debuginfo-4.11.4_36-2.86.1 - SUSE OpenStack Cloud 9 (x86_64): xen-4.11.4_36-2.86.1 xen-debugsource-4.11.4_36-2.86.1 xen-doc-html-4.11.4_36-2.86.1 xen-libs-32bit-4.11.4_36-2.86.1 xen-libs-4.11.4_36-2.86.1 xen-libs-debuginfo-32bit-4.11.4_36-2.86.1 xen-libs-debuginfo-4.11.4_36-2.86.1 xen-tools-4.11.4_36-2.86.1 xen-tools-debuginfo-4.11.4_36-2.86.1 xen-tools-domU-4.11.4_36-2.86.1 xen-tools-domU-debuginfo-4.11.4_36-2.86.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): xen-4.11.4_36-2.86.1 xen-debugsource-4.11.4_36-2.86.1 xen-doc-html-4.11.4_36-2.86.1 xen-libs-32bit-4.11.4_36-2.86.1 xen-libs-4.11.4_36-2.86.1 xen-libs-debuginfo-32bit-4.11.4_36-2.86.1 xen-libs-debuginfo-4.11.4_36-2.86.1 xen-tools-4.11.4_36-2.86.1 xen-tools-debuginfo-4.11.4_36-2.86.1 xen-tools-domU-4.11.4_36-2.86.1 xen-tools-domU-debuginfo-4.11.4_36-2.86.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): xen-4.11.4_36-2.86.1 xen-debugsource-4.11.4_36-2.86.1 xen-doc-html-4.11.4_36-2.86.1 xen-libs-32bit-4.11.4_36-2.86.1 xen-libs-4.11.4_36-2.86.1 xen-libs-debuginfo-32bit-4.11.4_36-2.86.1 xen-libs-debuginfo-4.11.4_36-2.86.1 xen-tools-4.11.4_36-2.86.1 xen-tools-debuginfo-4.11.4_36-2.86.1 xen-tools-domU-4.11.4_36-2.86.1 xen-tools-domU-debuginfo-4.11.4_36-2.86.1 References: https://www.suse.com/security/cve/CVE-2022-23824.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1205209 From sle-security-updates at lists.suse.com Wed Jan 25 14:18:38 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 25 Jan 2023 15:18:38 +0100 (CET) Subject: SUSE-SU-2023:0135-1: important: Security update for freeradius-server Message-ID: <20230125141838.36C55FD89@maintenance.suse.de> SUSE Security Update: Security update for freeradius-server ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0135-1 Rating: important References: #1206204 #1206205 #1206206 Cross-References: CVE-2022-41859 CVE-2022-41860 CVE-2022-41861 CVSS scores: CVE-2022-41859 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-41859 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-41860 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41860 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-41861 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-41861 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for freeradius-server fixes the following issues: - CVE-2022-41859: Fixed an issue in EAP-PWD that could leak information about the password, which could facilitate dictionary attacks (bsc#1206204). - CVE-2022-41860: Fixed a crash in servers with EAP_SIM manually configured, which could be triggered via a malformed SIM option (bsc#1206205). - CVE-2022-41861: Fixed a server crash that could be triggered by sending malformed data from a system in the RADIUS circle of trust (bsc#1206206). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-135=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): freeradius-server-3.0.3-17.18.1 freeradius-server-debuginfo-3.0.3-17.18.1 freeradius-server-debugsource-3.0.3-17.18.1 freeradius-server-doc-3.0.3-17.18.1 freeradius-server-krb5-3.0.3-17.18.1 freeradius-server-krb5-debuginfo-3.0.3-17.18.1 freeradius-server-ldap-3.0.3-17.18.1 freeradius-server-ldap-debuginfo-3.0.3-17.18.1 freeradius-server-libs-3.0.3-17.18.1 freeradius-server-libs-debuginfo-3.0.3-17.18.1 freeradius-server-mysql-3.0.3-17.18.1 freeradius-server-mysql-debuginfo-3.0.3-17.18.1 freeradius-server-perl-3.0.3-17.18.1 freeradius-server-perl-debuginfo-3.0.3-17.18.1 freeradius-server-postgresql-3.0.3-17.18.1 freeradius-server-postgresql-debuginfo-3.0.3-17.18.1 freeradius-server-python-3.0.3-17.18.1 freeradius-server-python-debuginfo-3.0.3-17.18.1 freeradius-server-sqlite-3.0.3-17.18.1 freeradius-server-sqlite-debuginfo-3.0.3-17.18.1 freeradius-server-utils-3.0.3-17.18.1 freeradius-server-utils-debuginfo-3.0.3-17.18.1 References: https://www.suse.com/security/cve/CVE-2022-41859.html https://www.suse.com/security/cve/CVE-2022-41860.html https://www.suse.com/security/cve/CVE-2022-41861.html https://bugzilla.suse.com/1206204 https://bugzilla.suse.com/1206205 https://bugzilla.suse.com/1206206 From sle-security-updates at lists.suse.com Wed Jan 25 14:19:46 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 25 Jan 2023 15:19:46 +0100 (CET) Subject: SUSE-SU-2023:0134-1: important: Security update for the Linux Kernel Message-ID: <20230125141946.503BDFD2D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0134-1 Rating: important References: #1151927 #1157049 #1190969 #1203183 #1204171 #1204250 #1204693 #1205256 #1206113 #1206114 #1206174 #1206175 #1206176 #1206177 #1206178 #1206179 #1206389 #1206394 #1206395 #1206397 #1206398 #1206664 Cross-References: CVE-2019-19083 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3108 CVE-2022-3111 CVE-2022-3435 CVE-2022-3643 CVE-2022-42328 CVE-2022-42329 CVE-2022-4662 CVSS scores: CVE-2019-19083 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2019-19083 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3105 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3105 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3106 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3106 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3111 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3111 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3435 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-3435 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-42328 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4662 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4662 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Realtime 15-SP3 SUSE Linux Enterprise Real Time 15-SP3 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has 11 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-42328: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Fixed a bug which could allow guests to trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2019-19083: Fixed a memory leaks in clock_source_create that could allow attackers to cause a denial of service (bsc#1157049). The following non-security bugs were fixed: - afs: Fix some tracing details (git-fixes). - block: Do not reread partition table on exclusively open device (bsc#1190969). - cuse: prevent clone (bsc#1206177). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - fuse: do not check refcount after stealing page (bsc#1206174). - fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176). - fuse: fix use after free in fuse_read_interrupt() (bsc#1206178). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206179). - fuse: update attr_version counter on fuse_notify_inval_inode() (bsc#1206175). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: usb: cdc_ncm: do not spew notifications (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Delete all matched events (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - usb: host: xhci-hub: fix extra endianness conversion (git-fixes). - usbnet: move new members to end (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-134=1 - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2023-134=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-134=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-134=1 Package List: - openSUSE Leap Micro 5.2 (x86_64): kernel-rt-5.3.18-150300.115.1 kernel-rt-debuginfo-5.3.18-150300.115.1 kernel-rt-debugsource-5.3.18-150300.115.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch): kernel-devel-rt-5.3.18-150300.115.1 kernel-source-rt-5.3.18-150300.115.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64): cluster-md-kmp-rt-5.3.18-150300.115.1 cluster-md-kmp-rt-debuginfo-5.3.18-150300.115.1 dlm-kmp-rt-5.3.18-150300.115.1 dlm-kmp-rt-debuginfo-5.3.18-150300.115.1 gfs2-kmp-rt-5.3.18-150300.115.1 gfs2-kmp-rt-debuginfo-5.3.18-150300.115.1 kernel-rt-5.3.18-150300.115.1 kernel-rt-debuginfo-5.3.18-150300.115.1 kernel-rt-debugsource-5.3.18-150300.115.1 kernel-rt-devel-5.3.18-150300.115.1 kernel-rt-devel-debuginfo-5.3.18-150300.115.1 kernel-rt_debug-debuginfo-5.3.18-150300.115.1 kernel-rt_debug-debugsource-5.3.18-150300.115.1 kernel-rt_debug-devel-5.3.18-150300.115.1 kernel-rt_debug-devel-debuginfo-5.3.18-150300.115.1 kernel-syms-rt-5.3.18-150300.115.1 ocfs2-kmp-rt-5.3.18-150300.115.1 ocfs2-kmp-rt-debuginfo-5.3.18-150300.115.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): kernel-rt-5.3.18-150300.115.1 kernel-rt-debuginfo-5.3.18-150300.115.1 kernel-rt-debugsource-5.3.18-150300.115.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): kernel-rt-5.3.18-150300.115.1 kernel-rt-debuginfo-5.3.18-150300.115.1 kernel-rt-debugsource-5.3.18-150300.115.1 References: https://www.suse.com/security/cve/CVE-2019-19083.html https://www.suse.com/security/cve/CVE-2022-3105.html https://www.suse.com/security/cve/CVE-2022-3106.html https://www.suse.com/security/cve/CVE-2022-3107.html https://www.suse.com/security/cve/CVE-2022-3108.html https://www.suse.com/security/cve/CVE-2022-3111.html https://www.suse.com/security/cve/CVE-2022-3435.html https://www.suse.com/security/cve/CVE-2022-3643.html https://www.suse.com/security/cve/CVE-2022-42328.html https://www.suse.com/security/cve/CVE-2022-42329.html https://www.suse.com/security/cve/CVE-2022-4662.html https://bugzilla.suse.com/1151927 https://bugzilla.suse.com/1157049 https://bugzilla.suse.com/1190969 https://bugzilla.suse.com/1203183 https://bugzilla.suse.com/1204171 https://bugzilla.suse.com/1204250 https://bugzilla.suse.com/1204693 https://bugzilla.suse.com/1205256 https://bugzilla.suse.com/1206113 https://bugzilla.suse.com/1206114 https://bugzilla.suse.com/1206174 https://bugzilla.suse.com/1206175 https://bugzilla.suse.com/1206176 https://bugzilla.suse.com/1206177 https://bugzilla.suse.com/1206178 https://bugzilla.suse.com/1206179 https://bugzilla.suse.com/1206389 https://bugzilla.suse.com/1206394 https://bugzilla.suse.com/1206395 https://bugzilla.suse.com/1206397 https://bugzilla.suse.com/1206398 https://bugzilla.suse.com/1206664 From sle-security-updates at lists.suse.com Wed Jan 25 17:18:09 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 25 Jan 2023 18:18:09 +0100 (CET) Subject: SUSE-SU-2023:0140-1: important: Security update for libzypp-plugin-appdata Message-ID: <20230125171809.AAB04FD89@maintenance.suse.de> SUSE Security Update: Security update for libzypp-plugin-appdata ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0140-1 Rating: important References: #1181400 #1206836 Cross-References: CVE-2023-22643 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for libzypp-plugin-appdata fixes the following issues: - CVE-2023-22643: Fixed potential shell injection related to malicious repo names (bsc#1206836). - Added hardening to systemd service (bsc#1181400). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-140=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-140=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-140=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-140=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-140=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-140=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-140=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-140=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-140=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-140=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-140=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-140=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-140=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-140=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1 - SUSE Enterprise Storage 7.1 (noarch): libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1 - SUSE Enterprise Storage 7 (noarch): libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1 - SUSE Enterprise Storage 6 (noarch): libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1 - SUSE CaaS Platform 4.0 (noarch): libzypp-plugin-appdata-1.0.1+git.20180426-150100.8.3.1 References: https://www.suse.com/security/cve/CVE-2023-22643.html https://bugzilla.suse.com/1181400 https://bugzilla.suse.com/1206836 From sle-security-updates at lists.suse.com Wed Jan 25 17:21:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Wed, 25 Jan 2023 18:21:06 +0100 (CET) Subject: SUSE-SU-2023:0139-1: important: Security update for python-certifi Message-ID: <20230125172106.78274FD89@maintenance.suse.de> SUSE Security Update: Security update for python-certifi ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0139-1 Rating: important References: #1206212 Cross-References: CVE-2022-23491 CVSS scores: CVE-2022-23491 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-23491 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-certifi fixes the following issues: - remove all TrustCor CAs, as TrustCor issued multiple man-in-the-middle certs (bsc#1206212 CVE-2022-23491) - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 - Add removeTrustCor.patch Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-139=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-139=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-139=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-139=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-139=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-139=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-139=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-139=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-139=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-139=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-139=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-139=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-139=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-139=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-139=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-139=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-139=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-139=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-139=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-139=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-139=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-139=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-139=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-139=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap Micro 5.3 (noarch): python3-certifi-2018.1.18-150000.3.3.1 - openSUSE Leap Micro 5.2 (noarch): python3-certifi-2018.1.18-150000.3.3.1 - openSUSE Leap 15.4 (noarch): python3-certifi-2018.1.18-150000.3.3.1 - SUSE Manager Server 4.2 (noarch): python2-certifi-2018.1.18-150000.3.3.1 python3-certifi-2018.1.18-150000.3.3.1 - SUSE Manager Retail Branch Server 4.2 (noarch): python3-certifi-2018.1.18-150000.3.3.1 - SUSE Manager Proxy 4.2 (noarch): python3-certifi-2018.1.18-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): python3-certifi-2018.1.18-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): python2-certifi-2018.1.18-150000.3.3.1 python3-certifi-2018.1.18-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): python2-certifi-2018.1.18-150000.3.3.1 python3-certifi-2018.1.18-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): python3-certifi-2018.1.18-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): python2-certifi-2018.1.18-150000.3.3.1 python3-certifi-2018.1.18-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): python2-certifi-2018.1.18-150000.3.3.1 python3-certifi-2018.1.18-150000.3.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): python3-certifi-2018.1.18-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-certifi-2018.1.18-150000.3.3.1 - SUSE Linux Enterprise Micro 5.3 (noarch): python3-certifi-2018.1.18-150000.3.3.1 - SUSE Linux Enterprise Micro 5.2 (noarch): python3-certifi-2018.1.18-150000.3.3.1 - SUSE Linux Enterprise Micro 5.1 (noarch): python3-certifi-2018.1.18-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): python3-certifi-2018.1.18-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): python3-certifi-2018.1.18-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): python2-certifi-2018.1.18-150000.3.3.1 python3-certifi-2018.1.18-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): python2-certifi-2018.1.18-150000.3.3.1 python3-certifi-2018.1.18-150000.3.3.1 - SUSE Enterprise Storage 7.1 (noarch): python3-certifi-2018.1.18-150000.3.3.1 - SUSE Enterprise Storage 7 (noarch): python2-certifi-2018.1.18-150000.3.3.1 python3-certifi-2018.1.18-150000.3.3.1 - SUSE Enterprise Storage 6 (noarch): python2-certifi-2018.1.18-150000.3.3.1 python3-certifi-2018.1.18-150000.3.3.1 - SUSE CaaS Platform 4.0 (noarch): python2-certifi-2018.1.18-150000.3.3.1 python3-certifi-2018.1.18-150000.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-23491.html https://bugzilla.suse.com/1206212 From sle-security-updates at lists.suse.com Thu Jan 26 11:20:25 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 12:20:25 +0100 (CET) Subject: SUSE-SU-2023:0145-1: important: Security update for the Linux Kernel Message-ID: <20230126112025.45549FDD0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0145-1 Rating: important References: #1065729 #1203740 #1204250 #1205695 #1206073 #1206344 #1206389 #1206395 #1206664 #1207036 #1207168 #1207195 PED-568 Cross-References: CVE-2022-3107 CVE-2022-3108 CVE-2022-3564 CVE-2022-4662 CVE-2023-23454 CVSS scores: CVE-2022-3107 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3564 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3564 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4662 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4662 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-23454 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-23454 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that solves 5 vulnerabilities, contains one feature and has 7 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2023-23454: Fixed a type confusion bug in the CBQ network scheduler which could lead to a use-after-free (bsc#1207036) - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) The following non-security bugs were fixed: - arm64: alternative: Use true and false for boolean values (git-fixes) - arm64: cmpwait: Clear event register before arming exclusive monitor (git-fixes) - arm64: Fix minor issues with the dcache_by_line_op macro (git-fixes) - arm64: fix possible spectre-v1 in ptrace_hbp_get_event() (git-fixes) - arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() (git-fixes) - arm64: ftrace: do not adjust the LR value (git-fixes) - arm64: io: Ensure calls to delay routines are ordered against prior (git-fixes) - arm64: io: Ensure value passed to __iormb() is held in a 64-bit (git-fixes) - arm64: jump_label.h: use asm_volatile_goto macro instead of "asm (git-fixes) - arm64: make secondary_start_kernel() notrace (git-fixes) - arm64: makefile fix build of .i file in external module case (git-fixes) - arm64: ptrace: remove addr_limit manipulation (git-fixes) - arm64: rockchip: Force CONFIG_PM on Rockchip systems (git-fixes) - arm64: smp: Handle errors reported by the firmware (git-fixes) - arm64/kvm: consistently handle host HCR_EL2 flags (git-fixes) - Bluetooth: hci_qca: Fix the teardown problem for real (git-fixes). - CDC-NCM: remove "connected" log message (git-fixes). - ceph: remove bogus checks and WARN_ONs from ceph_set_page_dirty (bsc#1207195). - flexfiles: enforce per-mirror stateid only for v4 DSes (git-fixes). - flexfiles: use per-mirror specified stateid for IO (git-fixes). - fs: nfs: Fix possible null-pointer dereferences in encode_attrs() (git-fixes). - ibmveth: Always stop tx queues during close (bsc#1065729). - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - kABI: mitigate new ufs_stats field (git-fixes). - lockd: fix decoding of TEST results (git-fixes). - media: Do not let tvp5150_get_vbi() go out of vbi_ram_default array (git-fixes). - media: i2c: tvp5150: remove useless variable assignment in tvp5150_set_vbi() (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250). - module: set MODULE_STATE_GOING state when a module fails to load (git-fixes). - move new members of struct usbnet to end (git-fixes). - net :sunrpc :clnt :Fix xps refcount imbalance on the error path (git-fixes). - net: kalmia: clean up bind error path (git-fixes). - net: kalmia: fix memory leaks (git-fixes). - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes). - net: usb: asix: ax88772_bind return error when hw_reset fail (git-fixes). - net: usb: asix: init MAC address buffers (git-fixes). - net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes). - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). - net: usb: qmi_wwan: Add the BroadMobi BM818 card (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - net: usb: rtl8150: demote allmulti message to dev_dbg() (git-fixes). - net/usb/kalmia: use ARRAY_SIZE for various array sizing calculations (git-fixes). - NFS Handle missing attributes in OPEN reply (bsc#1203740). - NFS: Correct size calculation for create reply length (git-fixes). - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup (git-fixes). - NFS: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes). - NFS: Fix NULL pointer dereference of dev_name (git-fixes). - NFS: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes). - NFS: nfs_compare_mount_options always compare auth flavors (git-fixes). - NFS: nfs_find_open_context() may only select open files (git-fixes). - NFS: nfs4clinet: check the return value of kstrdup() (git-fixes). - NFS: swap IO handling is slightly different for O_DIRECT IO (git-fixes). - NFS: swap-out must always use STABLE writes (git-fixes). - NFS: we do not support removing system.nfs4_acl (git-fixes). - NFS4: Fix kmemleak when allocate slot failed (git-fixes). - NFSD: allow fh_want_write to be called twice (git-fixes). - NFSD: fix a warning in __cld_pipe_upcall() (git-fixes). - NFSD: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes). - NFSD: fix wrong check in write_v4_end_grace() (git-fixes). - NFSD: Keep existing listeners on portlist error (git-fixes). - NFSD: Return EPERM, not EACCES, in some SETATTR cases (git-fixes). - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - NFSD4: fix crash on writing v4_end_grace before nfsd startup (git-fixes). - NFSv2: Fix eof handling (git-fixes). - NFSv2: Fix write regression (git-fixes). - NFSv4 expose nfs_parse_server_name function (git-fixes). - NFSv4 only print the label when its queried (git-fixes). - NFSv4 remove zero number of fs_locations entries error check (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix open create exclusive when the server reboots (git-fixes). - NFSv4: Fix return value in nfs_finish_open() (git-fixes). - NFSv4: Fix return values for nfs4_file_open() (git-fixes). - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes). - NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes). - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - NFSv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - NFSv4.x: fix lock recovery during delegation recall (git-fixes). - NFSv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes). - pNFS/NFSv4: Try to return invalid layout in pnfs_layout_process() (git-fixes). - powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729). - powerpc: improve handling of unrecoverable system reset (bsc#1065729). - powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/64/module: REL32 relocation range check (bsc#1065729). - powerpc/64s/hash: Fix stab_rr off by one initialization (bsc#1065729). - powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729). - powerpc/boot: Disable vector instructions (bsc#1065729). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1065729). - powerpc/boot: Fix 64-bit boot wrapper build with non-biarch compiler (bsc#1065729). - powerpc/boot: Fix missing check of lseek() return value (bsc#1065729). - powerpc/boot: Fixup device-tree on little endian (bsc#1065729). - powerpc/crashkernel: Take "mem=" option into account (bsc#1065729). - powerpc/eeh: Fix possible null deref in eeh_dump_dev_log() (bsc#1065729). - powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field (bsc#1065729). - powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729). - powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function (bsc#1065729). - powerpc/iommu: Avoid derefence before pointer check (bsc#1065729). - powerpc/mm: Make NULL pointer deferences explicit on bad page faults (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/pci/of: Fix OF flags parsing for 64bit BARs (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/powernv: opal_put_chars partial write fix (bsc#1065729). - powerpc/powernv/eeh/npu: Fix uninitialized variables in opal_pci_eeh_freeze_status (bsc#1065729). - powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729). - powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729). - powerpc/pseries: add of_node_put() in dlpar_detach_node() (bsc#1065729). - powerpc/pseries: Fix node leak in update_lmb_associativity_index() (bsc#1065729). - powerpc/pseries: Mark accumulate_stolen_time() as notrace (bsc#1065729). - powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/pseries/hvconsole: Fix stack overread via udbg (bsc#1065729). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/smp: Set numa node before updating mask (bsc#1065729). - powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729). - powerpc/time: Fix clockevent_decrementer initalisation for PR KVM (bsc#1065729). - powerpc/time: Use clockevents_register_device(), fixing an issue with large decrementer (bsc#1065729). - powerpc/traps: Fix the message printed when stack overflows (bsc#1065729). - powerpc/xive: Add a check for memory allocation failure (git-fixes). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive: Move a dereference below a NULL test (bsc#1065729). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - powerpc/xmon: fix dump_segments() (bsc#1065729). - rndis_host: increase sleep time in the query-response loop (git-fixes). - rpc: fix gss_svc_init cleanup on failure (git-fixes). - rpc: fix NULL dereference on kmalloc failure (git-fixes). - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: 3ware: fix return 0 on the error path of probe (git-fixes). - scsi: 53c700: pass correct "dev" to dma_alloc_attrs() (git-fixes). - scsi: aacraid: Disabling TM path and only processing IOP reset (git-fixes). - scsi: aacraid: fix illegal IO beyond last LBA (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes). - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes). - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes). - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git-fixes). - scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes). - scsi: core: Do not start concurrent async scan on same host (git-fixes). - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes). - scsi: core: Reduce memory required for SCSI logging (git-fixes). - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c (git-fixes). - scsi: dc395x: fix DMA API usage in sg_update_list (git-fixes). - scsi: dc395x: fix dma API usage in srb_done (git-fixes). - scsi: fcoe: drop frames in ELS LOGO error path (git-fixes). - scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send (git-fixes). - scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE (git-fixes). - scsi: fnic: fix use after free (git-fixes). - scsi: hisi_sas: Check sas_port before using it (git-fixes). - scsi: hpsa: correct scsi command status issue after reset (git-fixes). - scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes). - scsi: ibmvscsis: Ensure partition name is properly NUL terminated (git-fixes). - scsi: ibmvscsis: Fix a stringop-overflow warning (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: ipr: Fix softlockup when rescanning devices in petitboot (git-fixes). - scsi: ips: fix missing break in switch (git-fixes). - scsi: isci: Change sci_controller_start_task's return type to sci_status (git-fixes). - scsi: isci: Use proper enumerated type in atapi_d2h_reg_frame_handler (git-fixes). - scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param (git-fixes). - scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes). - scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes). - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes). - scsi: iscsi: Do not send data to unbound connection (git-fixes). - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes). - scsi: iscsi: Fix shost->max_id use (git-fixes). - scsi: iscsi: flush running unbind operations when removing a session (git-fixes). - scsi: iscsi: Report unbind session event when the target has been removed (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route() (git-fixes). - scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy() (git-fixes). - scsi: libfc: Fix a format specifier (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes). - scsi: libiscsi: Fix NOP race condition (git-fixes). - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: libsas: Check SMP PHY control function result (git-fixes). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (git-fixes). - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes). - scsi: megaraid_sas: fix panic on loading firmware crashdump (git-fixes). - scsi: megaraid_sas: reduce module load time (git-fixes). - scsi: megaraid: disable device when probe failed after enabled device (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: mpt3sas: Fix clear pending bit in ioctl status (git-fixes). - scsi: mpt3sas: Fix double free warnings (git-fixes). - scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes). - scsi: NCR5380: Add disconnect_mask module parameter (git-fixes). - scsi: NCR5380: Check for bus reset (git-fixes). - scsi: NCR5380: Check for invalid reselection target (git-fixes). - scsi: NCR5380: Clear all unissued commands on host reset (git-fixes). - scsi: NCR5380: Do not call dsprintk() following reselection interrupt (git-fixes). - scsi: NCR5380: Do not clear busy flag when abort fails (git-fixes). - scsi: NCR5380: Handle BUS FREE during reselection (git-fixes). - scsi: NCR5380: Have NCR5380_select() return a bool (git-fixes). - scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data (git-fixes). - scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE (git-fixes). - scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm80xx: Corrected dma_unmap_sg() parameter (git-fixes). - scsi: pm80xx: Fix for SATA device discovery (git-fixes). - scsi: pm80xx: Fixed system hang issue during kexec boot (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Do not retry ELS request if qedf_alloc_cmd fails (git-fixes). - scsi: qedi: Abort ep termination if offload not scheduled (git-fixes). - scsi: qedi: Do not flush offload work if ARP not resolved (git-fixes). - scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes). - scsi: qedi: Fix null ref during abort handling (git-fixes). - scsi: qedi: Fix termination timeouts in session logout (git-fixes). - scsi: qedi: Protect active command list to avoid list corruption (git-fixes). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param (git-fixes). - scsi: qla4xxx: fix a potential NULL pointer dereference (git-fixes). - scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session" (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: num_tgts must be >= 0 (git-fixes). - scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG (git-fixes). - scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions (git-fixes). - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes). - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes). - scsi: scsi_transport_spi: Fix function pointer check (git-fixes). - scsi: scsi_transport_srp: Do not block target in failfast state (git-fixes). - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (git-fixes). - scsi: sd: do not crash the host on invalid commands (git-fixes). - scsi: sd: Free scsi_disk device via put_device() (git-fixes). - scsi: ses: Fix unsigned comparison with less than zero (git-fixes). - scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes). - scsi: sni_53c710: fix compilation error (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes). - scsi: sr: Return appropriate error code when disk is ejected (git-fixes). - scsi: sr: Return correct event when media event code is 3 (git-fixes). - scsi: st: Fix a use after free in st_open() (git-fixes). - scsi: target: iscsi: Wait for all commands to finish before freeing a session (git-fixes). - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes). - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes). - scsi: ufs: Avoid configuring regulator with undefined voltage range (git-fixes). - scsi: ufs: Clean up completed request without interrupt notification (git-fixes). - scsi: ufs: Complete pending requests in host reset and restore path (git-fixes). - scsi: ufs: delete redundant function ufshcd_def_desc_sizes() (git-fixes). - scsi: ufs: Fix error handing during hibern8 enter (git-fixes). - scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes). - scsi: ufs: fix potential bug which ends in system hang (git-fixes). - scsi: ufs: Fix regulator load and icc-level configuration (git-fixes). - scsi: ufs: Fix system suspend status (git-fixes). - scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes). - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes). - scsi: ufs: skip shutdown if hba is not powered (git-fixes). - scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes). - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" (git-fixes). - scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED (git-fixes). - scsi: vmw_pvscsi: Set correct residual data length (git-fixes). - scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes). - SUNRPC: Do not call __UDPX_INC_STATS() from a preemptible context (git-fixes). - SUNRPC: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - SUNRPC: do not mark uninitialised items as VALID (git-fixes). - SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer() (git-fixes). - SUNRPC: Fix a bogus get/put in generic_key_to_expire() (git-fixes). - SUNRPC: Fix a compile warning for cmpxchg64() (git-fixes). - SUNRPC: Fix a race with XPRT_CONNECTING (git-fixes). - SUNRPC: fix cache_head leak due to queued request (git-fixes). - SUNRPC: Fix connect metrics (git-fixes). - SUNRPC: fix crash when cache_head become valid before update (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - SUNRPC: Handle 0 length opaque XDR object data properly (git-fixes). - SUNRPC: Move simple_get_bytes and simple_get_netobj into private header (git-fixes). - SUNRPC: stop printk reading past end of string (git-fixes). - svcrdma: Ignore source port when computing DRC hash (git-fixes). - tracing: Fix code comments in trace.c (git-fixes). - usb: dwc3: gadget: Fix OTG events when gadget driver isn't loaded (git-fixes). - usb: dwc3: gadget: only unmap requests from DMA if mapped (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2023-145=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-145=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-145=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2023-145=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2023-145=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.147.1 kernel-default-debugsource-4.12.14-122.147.1 kernel-default-extra-4.12.14-122.147.1 kernel-default-extra-debuginfo-4.12.14-122.147.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.147.1 kernel-obs-build-debugsource-4.12.14-122.147.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.147.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.147.1 kernel-default-base-4.12.14-122.147.1 kernel-default-base-debuginfo-4.12.14-122.147.1 kernel-default-debuginfo-4.12.14-122.147.1 kernel-default-debugsource-4.12.14-122.147.1 kernel-default-devel-4.12.14-122.147.1 kernel-syms-4.12.14-122.147.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.147.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.147.1 kernel-macros-4.12.14-122.147.1 kernel-source-4.12.14-122.147.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.147.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.147.1 kernel-default-debugsource-4.12.14-122.147.1 kernel-default-kgraft-4.12.14-122.147.1 kernel-default-kgraft-devel-4.12.14-122.147.1 kgraft-patch-4_12_14-122_147-default-1-8.3.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.147.1 cluster-md-kmp-default-debuginfo-4.12.14-122.147.1 dlm-kmp-default-4.12.14-122.147.1 dlm-kmp-default-debuginfo-4.12.14-122.147.1 gfs2-kmp-default-4.12.14-122.147.1 gfs2-kmp-default-debuginfo-4.12.14-122.147.1 kernel-default-debuginfo-4.12.14-122.147.1 kernel-default-debugsource-4.12.14-122.147.1 ocfs2-kmp-default-4.12.14-122.147.1 ocfs2-kmp-default-debuginfo-4.12.14-122.147.1 References: https://www.suse.com/security/cve/CVE-2022-3107.html https://www.suse.com/security/cve/CVE-2022-3108.html https://www.suse.com/security/cve/CVE-2022-3564.html https://www.suse.com/security/cve/CVE-2022-4662.html https://www.suse.com/security/cve/CVE-2023-23454.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1203740 https://bugzilla.suse.com/1204250 https://bugzilla.suse.com/1205695 https://bugzilla.suse.com/1206073 https://bugzilla.suse.com/1206344 https://bugzilla.suse.com/1206389 https://bugzilla.suse.com/1206395 https://bugzilla.suse.com/1206664 https://bugzilla.suse.com/1207036 https://bugzilla.suse.com/1207168 https://bugzilla.suse.com/1207195 From sle-security-updates at lists.suse.com Thu Jan 26 11:22:45 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 12:22:45 +0100 (CET) Subject: SUSE-SU-2023:0146-1: important: Security update for the Linux Kernel Message-ID: <20230126112245.66C97FDD0@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0146-1 Rating: important References: #1065729 #1187428 #1188605 #1190969 #1191259 #1193629 #1199294 #1201068 #1203219 #1203740 #1203829 #1204614 #1204652 #1204760 #1204911 #1204989 #1205257 #1205263 #1205485 #1205496 #1205601 #1205695 #1206073 #1206098 #1206101 #1206188 #1206209 #1206344 #1206389 #1206390 #1206391 #1206393 #1206394 #1206395 #1206396 #1206397 #1206398 #1206399 #1206456 #1206468 #1206515 #1206536 #1206554 #1206602 #1206619 #1206664 #1206703 #1206794 #1206896 #1206912 #1207016 PED-1445 PED-568 Cross-References: CVE-2022-3104 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3108 CVE-2022-3111 CVE-2022-3112 CVE-2022-3113 CVE-2022-3114 CVE-2022-3115 CVE-2022-3344 CVE-2022-3564 CVE-2022-4379 CVE-2022-4662 CVE-2022-47520 CVSS scores: CVE-2022-3104 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3104 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3105 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3105 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3106 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3106 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3111 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3111 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3112 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3112 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3113 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3113 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3114 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3114 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3115 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3115 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3344 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3344 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-3564 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3564 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4379 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-4379 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-4662 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4662 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47520 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-47520 (SUSE): 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 15 vulnerabilities, contains two features and has 36 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3344: Fixed a flaw found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0). (bsc#1204652) - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by a missing check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open. (bsc#1206209) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2022-3104: Fixed a null pointer dereference caused by caused by a missing check of the return value of kzalloc() in bugs.c:lkdtm_ARRAY_BOUNDS. (bsc#1206396) - CVE-2022-3113: Fixed a null pointer dereference caused by a missing check of the return value of devm_kzalloc. (bsc#1206390) - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3114: Fixed a null pointer dereference caused by a missing check of the return value of kcalloc. (bsc#1206391) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - acct: fix potential integer overflow in encode_comp_t() (git-fixes). - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (git-fixes). - ACPICA: Fix error code path in acpi_ds_call_control_method() (git-fixes). - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (git-fixes). - ALSA: asihpi: fix missing pci_disable_device() (git-fixes). - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (git-fixes). - ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (git-fixes). - ALSA: line6: correct midi status byte when receiving data from podxt (git-fixes). - ALSA: line6: fix stack overflow in line6_midi_transmit (git-fixes). - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (git-fixes). - ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes). - ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (git-fixes). - ALSA: pcm: Set missing stop_operating flag at undoing trigger start (git-fixes). - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (git-fixes). - ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (git-fixes). - ALSA: usb-audio: add the quirk for KT0206 device (git-fixes). - amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (git-fixes). - apparmor: fix a memleak in multi_transaction_new() (git-fixes). - apparmor: Fix abi check to include v8 abi (git-fixes). - apparmor: fix lockdep warning when removing a namespace (git-fixes). - apparmor: Fix memleak in alloc_ns() (git-fixes). - apparmor: Use pointer to struct aa_label for lbs_cred (git-fixes). - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (git-fixes). - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (git-fixes). - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-39x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (git-fixes). - ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes). - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (git-fixes). - ARM: dts: rockchip: fix ir-receiver node names (git-fixes). - ARM: dts: rockchip: fix node name for hym8563 rtc (git-fixes). - ARM: dts: rockchip: remove clock-frequency from rtc (git-fixes). - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (git-fixes). - ARM: dts: spear600: Fix clcd interrupt (git-fixes). - ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (git-fixes). - ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (git-fixes). - ARM: dts: turris-omnia: Add ethernet aliases (git-fixes). - ARM: dts: turris-omnia: Add switch port 6 node (git-fixes). - ARM: mmp: fix timer_read delay (git-fixes). - ARM: ux500: do not directly dereference __iomem (git-fixes). - arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (performance bsc#1203219). - arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (git-fixes). - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (git-fixes). - arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (git-fixes). - arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (git-fixes). - arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (git-fixes). - arm64: dts: mt2712e: Fix unit address for pinctrl node (git-fixes). - arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (git-fixes). - arm64: dts: mt6779: Fix devicetree build warnings (git-fixes). - arm64: dts: mt7622: drop r_smpl property from mmc node (git-fixes). - arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes). - arm64: dts: mt8183: Fix Mali GPU clock (git-fixes). - arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes). - arm64: dts: qcom: msm8916: Drop MSS fallback compatible (git-fixes). - arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes). - arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes). - arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (git-fixes). - arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes). - arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (git-fixes). - arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (git-fixes). - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (git-fixes). - arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (git-fixes). - arm64: dts: qcom: sm8250: correct LPASS pin pull down (git-fixes). - arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes). - arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes). - arm64: dts: rockchip: fix ir-receiver node names (git-fixes). - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (git-fixes). - arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (git-fixes). - arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (git-fixes). - ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (git-fixes). - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (git-fixes). - ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes). - ASoC: dt-bindings: wcd9335: fix reset line polarity in example (git-fixes). - ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes). - ASoC: fsl_micfil: explicitly clear software reset bit (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (git-fixes). - ASoC: jz4740-i2s: Handle independent FIFO flush bits (git-fixes). - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (git-fixes). - ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (git-fixes). - ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes). - ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (git-fixes). - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Correct bounds check for second channel on SX controls (git-fixes). - ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (git-fixes). - ASoC: pxa: fix null-pointer dereference in filter() (git-fixes). - ASoC: qcom: Add checks for devm_kcalloc (git-fixes). - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (git-fixes). - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (git-fixes). - ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes). - ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions (git-fixes). - ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes). - ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register (git-fixes). - ASoC: wm8994: Fix potential deadlock (git-fixes). - ata: ahci: Fix PCS quirk application for suspend (git-fixes). - binfmt_elf: fix documented return value for load_elf_phdrs() (git-fixes). - binfmt_misc: fix shift-out-of-bounds in check_special_flags (git-fixes). - binfmt: Fix error return code in load_elf_fdpic_binary() (git-fixes). - block: Do not reread partition table on exclusively open device (bsc#1190969). - Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (git-fixes). - Bluetooth: btusb: Add debug message for CSR controllers (git-fixes). - Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_core: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (git-fixes). - Bluetooth: RFCOMM: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - brcmfmac: return error when getting invalid max_flowrings from dongle (git-fixes). - caif: fix memory leak in cfctrl_linkup_request() (git-fixes). - can: do not increase rx statistics when generating a CAN rx error message frame (git-fixes). - can: do not increase rx_bytes statistics for RTR frames (git-fixes). - can: kvaser_usb_leaf: Fix bogus restart events (git-fixes). - can: kvaser_usb_leaf: Fix wrong CAN state after stopping (git-fixes). - can: kvaser_usb_leaf: Set Warning state even without bus errors (git-fixes). - can: kvaser_usb: do not increase tx statistics when sending error message frames (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (git-fixes). - can: kvaser_usb: make use of units.h in assignment of frequency (git-fixes). - can: m_can: fix typo prescalar -> prescaler (git-fixes). - can: m_can: is_lec_err(): clean up LEC error handling (git-fixes). - can: mcba_usb: Fix termination command argument (git-fixes). - can: sja1000: fix size of OCR_MODE_MASK define (git-fixes). - can: tcan4x5x: Remove invalid write in clear_interrupts (git-fixes). - chardev: fix error handling in cdev_device_add() (git-fixes). - cifs: Add "extbuf" and "extbuflen" args to smb2_compound_op() (bsc#1193629). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1193629). - cifs: do not leak -ENOMEM in smb2_open_file() (bsc#1193629). - cifs: do not refresh cached referrals from unactive mounts (bsc#1193629). - cifs: fix confusing debug message (bsc#1193629). - cifs: Fix kmap_local_page() unmapping (git-fixes). - cifs: fix missing display of three mount options (bsc#1193629). - cifs: fix oops during encryption (bsc#1199294). - cifs: fix refresh of cached referrals (bsc#1193629). - cifs: fix source pathname comparison of dfs supers (bsc#1193629). - cifs: fix various whitespace errors in headers (bsc#1193629). - cifs: get rid of mount options string parsing (bsc#1193629). - cifs: minor cleanup of some headers (bsc#1193629). - cifs: optimize reconnect of nested links (bsc#1193629). - cifs: Parse owner/group for stat in smb311 posix extensions (bsc#1193629). - cifs: print warning when conflicting soft vs. hard mount options specified (bsc#1193629). - cifs: reduce roundtrips on create/qinfo requests (bsc#1193629). - cifs: refresh root referrals (bsc#1193629). - cifs: Remove duplicated include in cifsglob.h (bsc#1193629). - cifs: remove unused smb3_fs_context::mount_options (bsc#1193629). - cifs: set correct ipc status after initial tree connect (bsc#1193629). - cifs: set correct status of tcon ipc when reconnecting (bsc#1193629). - cifs: set correct tcon status after initial tree connect (bsc#1193629). - cifs: set resolved ip in sockaddr (bsc#1193629). - cifs: share dfs connections and supers (bsc#1193629). - cifs: skip alloc when request has no pages (bsc#1193629). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use fs_context for automounts (bsc#1193629). - cifs: use origin fullpath for automounts (bsc#1193629). - class: fix possible memory leak in __class_register() (git-fixes). - clk: Fix pointer casting to prevent oops in devm_clk_release() (git-fixes). - clk: generalize devm_clk_get() a bit (git-fixes). - clk: imx: imx8mp: add shared clk gate for usb suspend clk (git-fixes). - clk: imx: replace osc_hdmi with dummy (git-fixes). - clk: nomadik: correct struct name kernel-doc warning (git-fixes). - clk: Provide new devm_clk helpers for prepared and enabled clocks (git-fixes). - clk: qcom: clk-krait: fix wrong div2 functions (git-fixes). - clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (git-fixes). - clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes). - clk: renesas: r9a06g032: Repair grave increment error (git-fixes). - clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (git-fixes). - clk: samsung: Fix memory leak in _samsung_clk_register_pll() (git-fixes). - clk: socfpga: Fix memory leak in socfpga_gate_init() (git-fixes). - clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes). - clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h (git-fixes). - clocksource/drivers/sh_cmt: Access registers according to spec (git-fixes). - clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (git-fixes). - cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485). - cpufreq: ACPI: Only set boost MSRs on supported CPUs (bsc#1205485). - cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online' and 'ret' (bsc#1205485). - cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (bsc#1201068). - crypto: ccree - Make cc_debugfs_global_fini() available for module init function (git-fixes). - crypto: ccree - Remove debugfs when platform_driver_register failed (git-fixes). - crypto: cryptd - Use request context instead of stack for sub-request (git-fixes). - crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes). - crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (git-fixes). - crypto: n2 - add missing hash statesize (git-fixes). - crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (git-fixes). - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (git-fixes). - crypto: rockchip - add fallback for ahash (git-fixes). - crypto: rockchip - add fallback for cipher (git-fixes). - crypto: rockchip - better handle cipher key (git-fixes). - crypto: rockchip - do not do custom power management (git-fixes). - crypto: rockchip - do not store mode globally (git-fixes). - crypto: rockchip - remove non-aligned handling (git-fixes). - crypto: rockchip - rework by using crypto_engine (git-fixes). - crypto: sun8i-ss - use dma_addr instead u32 (git-fixes). - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (git-fixes). - device property: Fix documentation for fwnode_get_next_parent() (git-fixes). - dmaengine: idxd: Fix crc_val field for completion record (git-fixes). - docs/zh_CN: Fix '.. only::' directive's expression (git-fixes). - Documentation: bonding: update miimon default to 100 (git-fixes). - Documentation: devres: add missing devm_acpi_dma_controller_free() helper (git-fixes). - Documentation: devres: add missing MEM helper (git-fixes). - Documentation: devres: add missing PHY helpers (git-fixes). - Documentation: devres: add missing PWM helper (git-fixes). - Documentation/features-refresh.sh: Only sed the beginning "arch" of ARCH_DIR (git-fixes). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove call to memset before free device/resource/connection (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - driver core: Fix bus_type.match() error handling in __driver_attach() (git-fixes). - drivers: dio: fix possible memory leak in dio_init() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (git-fixes). - drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 (git-fixes). - drm/amd/display: fix array index out of bound error in bios parser (git-fixes). - drm/amd/display: Manually adjust strobe for DCN303 (git-fixes). - drm/amd/display: prevent memory leak (git-fixes). - drm/amd/display: Use the largest vready_offset in pipe group (git-fixes). - drm/amd/pm/smu11: BACO is supported when it's in BACO state (git-fixes). - drm/amdgpu: fix pci device refcount leak (git-fixes). - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (git-fixes). - drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (git-fixes). - drm/amdgpu: Fix type of second parameter in trans_msg() callback (git-fixes). - drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes). - drm/amdgpu: make display pinning more flexible (v2) (git-fixes). - drm/amdgpu/powerplay/psm: Fix memory leak in power state init (git-fixes). - drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend (git-fixes). - drm/amdkfd: Fix memory leakage (git-fixes). - drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (git-fixes). - drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read() (git-fixes). - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (git-fixes). - drm/connector: send hotplug uevent on connector cleanup (git-fixes). - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink (git-fixes). - drm/etnaviv: add missing quirks for GC300 (git-fixes). - drm/etnaviv: do not truncate physical page address (git-fixes). - drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes). - drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes). - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (git-fixes). - drm/i915: Fix documentation for intel_uncore_forcewake_put__locked (git-fixes). - drm/i915: remove circ_buf.h includes (git-fixes). - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (git-fixes). - drm/i915/display: Do not disable DDI/Transcoder when setting phy test pattern (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for dual link DSI (git-fixes). - drm/i915/gvt: fix gvt debugfs destroy (git-fixes). - drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes). - drm/i915/migrate: do not check the scratch page (git-fixes). - drm/i915/migrate: fix length calculation (git-fixes). - drm/i915/migrate: fix offset calculation (git-fixes). - drm/i915/ttm: never purge busy objects (git-fixes). - drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes). - drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (git-fixes). - drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (git-fixes). - drm/mediatek: Modify dpi power on/off sequence (git-fixes). - drm/meson: Reduce the FIFO lines held when AFBC is not used (git-fixes). - drm/msm: Use drm_mode_copy() (git-fixes). - drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (git-fixes). - drm/panfrost: Fix GEM handle creation ref-counting (git-fixes). - drm/radeon: Add the missed acpi_put_table() to fix memory leak (git-fixes). - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (git-fixes). - drm/rockchip: lvds: fix PM usage counter unbalance in poweron (git-fixes). - drm/rockchip: Use drm_mode_copy() (git-fixes). - drm/shmem-helper: Avoid vm_open error paths (git-fixes). - drm/shmem-helper: Remove errant put in error path (git-fixes). - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes). - drm/sti: Use drm_mode_copy() (git-fixes). - drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (git-fixes). - drm/vmwgfx: Do not use screen objects when SEV is active (git-fixes). - drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes). - drm/vmwgfx: Validate the box size for the snooped cursor (git-fixes). - Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259) - dt-bindings: clock: qcom,aoncc-sm8250: fix compatible (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - dt-bindings: display: sun6i-dsi: Fix clock conditional (git-fixes). - dt-bindings: gpio: gpio-davinci: Increase maxItems in gpio-line-names (git-fixes). - dt-bindings: net: sun8i-emac: Add phy-supply property (git-fixes). - EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1205263). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - extcon: usbc-tusb320: Add support for mode setting and reset (git-fixes). - extcon: usbc-tusb320: Add support for TUSB320L (git-fixes). - extcon: usbc-tusb320: Factor out extcon into dedicated functions (git-fixes). - fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes). - fbdev: fbcon: release buffer when fbcon_do_set_font() failed (git-fixes). - fbdev: geode: do not build on UML (git-fixes). - fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (git-fixes). - fbdev: pm2fb: fix missing pci_disable_device() (git-fixes). - fbdev: ssd1307fb: Drop optional dependency (git-fixes). - fbdev: uvesafb: do not build on UML (git-fixes). - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (git-fixes). - fbdev: vermilion: decrease reference count in error path (git-fixes). - fbdev: via: Fix error in via_core_init() (git-fixes). - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes). - floppy: Fix memory leak in do_floppy_init() (git-fixes). - gpio: sifive: Fix refcount leak in sifive_gpio_probe (git-fixes). - gpiolib: cdev: fix NULL-pointer dereferences (git-fixes). - gpiolib: check the 'ngpios' property in core gpiolib code (git-fixes). - gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes). - gpiolib: Get rid of redundant 'else' (git-fixes). - gpiolib: improve coding style for local variables (git-fixes). - gpiolib: make struct comments into real kernel docs (git-fixes). - hamradio: baycom_epp: Fix return type of baycom_send_packet() (git-fixes). - hamradio: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - HID: hid-sensor-custom: set fixed size for custom attributes (git-fixes). - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 (git-fixes). - HID: mcp2221: do not connect hidraw (git-fixes). - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (git-fixes). - HID: plantronics: Additional PIDs for double volume key presses quirk (git-fixes). - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes). - HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes). - HID: wacom: Ensure bootloader PID is usable in hidraw mode (git-fixes). - HSI: omap_ssi_core: Fix error handling in ssi_init() (git-fixes). - HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (git-fixes). - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (git-fixes). - hwmon: (jc42) Convert register access and caching to regmap/regcache (git-fixes). - hwmon: (jc42) Fix missing unlock on error in jc42_write() (git-fixes). - hwmon: (jc42) Restore the min/max/critical temperatures on resume (git-fixes). - hwrng: amd - Fix PCI device refcount leak (git-fixes). - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (git-fixes). - i2c: mux: reg: check return value after calling platform_get_resource() (git-fixes). - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (git-fixes). - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes) - ibmveth: Always stop tx queues during close (bsc#1065729). - iio: adc: ad_sigma_delta: do not use internal iio_dev lock (git-fixes). - iio: adc128s052: add proper .data members in adc128_of_match table (git-fixes). - iio: fix memory leak in iio_device_register_eventset() (git-fixes). - iio: temperature: ltc2983: make bulk write buffer DMA-safe (git-fixes). - ima: Fix a potential NULL pointer access in ima_restore_measurement_list (git-fixes). - Input: elants_i2c - properly handle the reset GPIO when power is off (git-fixes). - Input: joystick - fix Kconfig warning for JOYSTICK_ADC (git-fixes). - Input: wistron_btns - disable on UML (git-fixes). - integrity: Fix memory leakage in keyring allocation error path (git-fixes). - ipmi: fix long wait in unload when IPMI disconnect (git-fixes). - ipmi: fix memleak when unload ipmi driver (git-fixes). - ipmi: fix use after free in _ipmi_destroy_user() (git-fixes). - ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes). - ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (git-fixes). - kABI: reintroduce a non-inline usleep_range (git-fixes). - lib/debugobjects: fix stat count and optimize debug_objects_mem_init (git-fixes). - lib/fonts: fix undefined behavior in bit shift for get_default_font (git-fixes). - mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (git-fixes). - mailbox: mpfs: read the system controller's status (git-fixes). - mailbox: zynq-ipi: fix error handling while device_register() fails (git-fixes). - media: adv748x: afe: Select input port when initializing AFE (git-fixes). - media: camss: Clean up received buffers on failed start of streaming (git-fixes). - media: dvb-core: Fix double free in dvb_register_device() (git-fixes). - media: dvb-core: Fix ignored return value in dvb_register_frontend() (git-fixes). - media: dvb-frontends: fix leak of memory fw (git-fixes). - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (git-fixes). - media: i2c: ad5820: Fix error path (git-fixes). - media: imon: fix a race condition in send_packet() (git-fixes). - media: saa7164: fix missing pci_disable_device() (git-fixes). - media: si470x: Fix use-after-free in si470x_int_in_callback() (git-fixes). - media: solo6x10: fix possible memory leak in solo_sysfs_init() (git-fixes). - media: stv0288: use explicitly signed char (git-fixes). - media: v4l2-ctrls: Fix off-by-one error in integer menu control check (git-fixes). - media: v4l2-dv-timings.c: fix too strict blanking sanity checks (git-fixes). - media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes). - media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (git-fixes). - media: vimc: Fix wrong function called when vimc_init() fails (git-fixes). - media: vivid: fix compose size exceed boundary (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes). - mfd: mt6360: Add bounds checking in Regmap read/write call-backs (git-fixes). - mfd: pm8008: Fix return value check in pm8008_probe() (git-fixes). - mfd: pm8008: Remove driver data structure pm8008_data (git-fixes). - mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (git-fixes). - mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (git-fixes). - misc: ocxl: fix possible name leak in ocxl_file_register_afu() (git-fixes). - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (git-fixes). - mISDN: hfcmulti: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcpci: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcsusb: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1206468). - mmc: alcor: fix return value check of mmc_add_host() (git-fixes). - mmc: atmel-mci: fix return value check of mmc_add_host() (git-fixes). - mmc: core: Normalize the error handling branch in sd_read_ext_regs() (git-fixes). - mmc: f-sdh30: Add quirks for broken timeout clock capability (git-fixes). - mmc: meson-gx: fix return value check of mmc_add_host() (git-fixes). - mmc: mmci: fix return value check of mmc_add_host() (git-fixes). - mmc: moxart: fix return value check of mmc_add_host() (git-fixes). - mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (git-fixes). - mmc: mxcmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: omap_hsmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: pxamci: fix return value check of mmc_add_host() (git-fixes). - mmc: renesas_sdhi: alway populate SCC pointer (git-fixes). - mmc: renesas_sdhi: better reset from HS400 mode (git-fixes). - mmc: rtsx_pci: fix return value check of mmc_add_host() (git-fixes). - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (git-fixes). - mmc: toshsd: fix return value check of mmc_add_host() (git-fixes). - mmc: via-sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (git-fixes). - mmc: wbsd: fix return value check of mmc_add_host() (git-fixes). - mmc: wmt-sdmmc: fix return value check of mmc_add_host() (git-fixes). - module: change to print useful messages from elf_validity_check() (git-fixes). - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes). - mt76: stop the radar detector after leaving dfs channel (git-fixes). - mtd: Fix device name leak when register device failed in add_mtd_device() (git-fixes). - mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes). - mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes). - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (git-fixes). - mtd: spi-nor: Fix the number of bytes for the dummy cycles (git-fixes). - mtd: spi-nor: hide jedec_id sysfs attribute if not present (git-fixes). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428 bsc#1206619). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - net: usb: smsc95xx: fix external PHY reset (git-fixes). - net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1206536). - net/mlx5: Lag, filter non compatible devices (bsc#1206536). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - nfc: Fix potential resource leaks (git-fixes). - nfc: pn533: Clear nfc_target before being used (git-fixes). - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - nilfs2: fix shift-out-of-bounds due to too large exponent of block size (git-fixes). - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (git-fixes). - octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (jsc#SLE-24682). - octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (jsc#SLE-24682). - octeontx2-af: Do not reset previous pfc config (jsc#SLE-24682). - octeontx2-af: fix operand size in bitwise operation (jsc#SLE-24682). - octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (jsc#SLE-24682). - octeontx2-af: Limit link bringup time at firmware (jsc#SLE-24682). - octeontx2-af: return correct ptp timestamp for CN10K silicon (jsc#SLE-24682). - octeontx2-af: Set NIX link credits based on max LMAC (jsc#SLE-24682). - octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (jsc#SLE-24682). - octeontx2-pf: Add egress PFC support (jsc#SLE-24682). - octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (jsc#SLE-24682). - octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682). - octeontx2-pf: Fix pfc_alloc_status array overflow (jsc#SLE-24682). - octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682). - octeontx2-pf: Fix unused variable build error (jsc#SLE-24682). - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (jsc#SLE-24682). - octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682). - octeontx2: Modify mbox request and response structures (jsc#SLE-24682). - padata: Fix list iterator in padata_do_serial() (git-fixes). - PCI: Check for alloc failure in pci_request_irq() (git-fixes). - PCI: dwc: Fix n_fts[] array overrun (git-fixes). - PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes). - PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (git-fixes). - PCI: vmd: Disable MSI remapping after suspend (git-fixes). - PCI/sysfs: Fix double free in error path (git-fixes). - phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (git-fixes). - pinctrl: k210: call of_node_put() (git-fixes). - pinctrl: meditatek: Startup with the IRQs disabled (git-fixes). - pinctrl: pinconf-generic: add missing of_node_put() (git-fixes). - platform/chrome: cros_ec_typec: Cleanup switch handle return paths (git-fixes). - platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes). - platform/x86: huawei-wmi: fix return value calculation (git-fixes). - platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (git-fixes). - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (git-fixes). - PM: hibernate: Fix mistake in kerneldoc comment (git-fixes). - PM: runtime: Do not call __rpm_callback() from rpm_idle() (git-fixes). - PNP: fix name memory leak in pnp_alloc_dev() (git-fixes). - power: supply: ab8500: Fix error handling in ab8500_charger_init() (git-fixes). - power: supply: fix null pointer dereferencing in power_supply_get_battery_info (git-fixes). - power: supply: fix residue sysfs file in error handle route of __power_supply_register() (git-fixes). - power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (git-fixes). - powerpc: export the CPU node count (bsc#1207016 ltc#201108). - powerpc: Take in account addition CPU node when building kexec FDT (bsc#1207016 ltc#201108). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - proc: fixup uptime selftest (git-fixes). - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes). - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (git-fixes). - pstore: Properly assign mem_type property (git-fixes). - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (git-fixes). - pstore/ram: Fix error return code in ramoops_probe() (git-fixes). - pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes). - pwm: lpc18xx-sct: Fix a comment to match code (git-fixes). - pwm: mediatek: always use bus clock for PWM on MT7622 (git-fixes). - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (git-fixes). - pwm: tegra: Improve required rate calculation (git-fixes). - r6040: Fix kmemleak in probe and remove (git-fixes). - random: allow partial reads if later user copies fail (bsc#1204911). - random: check for signals every PAGE_SIZE chunk of /dev/random (bsc#1204911). - random: convert to using fops->read_iter() (bsc#1204911). - random: convert to using fops->write_iter() (bsc#1204911). - random: remove outdated INT_MAX >> 6 check in urandom_read() (bsc#1204911). - random: zero buffer after reading entropy from userspace (bsc#1204911). - RDMA: Disable IB HW for UML (git-fixes) - RDMA/core: Fix order of nldev_exit call (git-fixes) - RDMA/core: Make sure "ib_port" is valid when access sysfs node (git-fixes) - RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes) - RDMA/hfi: Decrease PCI device reference count in error path (git-fixes) - RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes) - RDMA/hns: Fix AH attr queried by query_qp (git-fixes) - RDMA/hns: Fix error code of CMD (git-fixes) - RDMA/hns: Fix ext_sge num error when post send (git-fixes) - RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes) - RDMA/hns: Fix page size cap from firmware (git-fixes) - RDMA/hns: Fix PBL page MTR find (git-fixes) - RDMA/hns: Fix XRC caps on HIP08 (git-fixes) - RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes) - RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes) - RDMA/irdma: Initialize net_type before checking it (git-fixes) - RDMA/irdma: Report the correct link speed (git-fixes) - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes) - RDMA/nldev: Fix failure to send large messages (git-fixes) - RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port (git-fixes) - RDMA/restrack: Release MR restrack when delete (git-fixes) - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes) - RDMA/siw: Fix immediate work request flush to completion queue (git-fixes) - RDMA/siw: Fix pointer cast warning (git-fixes) - RDMA/siw: Set defined status for work completion with undefined status (git-fixes) - RDMA/srp: Fix error return code in srp_parse_options() (git-fixes) - regulator: bd718x7: Drop unnecessary info print (git-fixes). - regulator: core: fix deadlock on regulator enable (git-fixes). - regulator: core: fix module refcount leak in set_supply() (git-fixes). - regulator: core: fix resource leak in regulator_register() (git-fixes). - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (git-fixes). - regulator: core: fix use_count leakage when handling boot-on (git-fixes). - regulator: core: use kfree_const() to free space conditionally (git-fixes). - regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (git-fixes). - regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes). - regulator: slg51000: Wait after asserting CS pin (git-fixes). - regulator: twl6030: fix get status of twl6032 regulators (git-fixes). - remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (git-fixes). - remoteproc: qcom_q6v5_pas: detach power domains on remove (git-fixes). - remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (git-fixes). - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (git-fixes). - remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (git-fixes). - remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (git-fixes). - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (git-fixes). - restore m_can_lec_type (git-fixes). - rtc: cmos: fix build on non-ACPI platforms (git-fixes). - rtc: cmos: Fix event handler registration ordering issue (git-fixes). - rtc: cmos: Fix wake alarm breakage (git-fixes). - rtc: ds1347: fix value written to century register (git-fixes). - rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes). - rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (git-fixes). - rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes). - rtc: snvs: Allow a time difference on clock register read (git-fixes). - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (git-fixes). - rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (bnc#1203829). - s390/boot: add secure boot trailer (bsc#1205257 LTC#200451). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/core: Fix comparison in sched_group_cookie_match() (git-fixes) - sched/core: Fix the bug that task won't enqueue into core (git-fixes) - sched/topology: Remove redundant variable and fix incorrect (git-fixes) - sched/uclamp: Fix relationship between uclamp and migration (git-fixes) - sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes) - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (git-fixes). - scsi: core: Fix scsi_mode_sense() buffer length handling (git-fixes). - scsi: core: Reallocate device's budget map on queue depth change (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes). - scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes). - scsi: hisi_sas: Use managed PCI functions (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add recv workqueue helpers (git-fixes). - scsi: iscsi: Fix harmless double shift bug (git-fixes). - scsi: iscsi: Fix possible memory leak when device_register() failed (git-fixes). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (git-fixes). - scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes). - scsi: iscsi: kabi: fix libiscsi new field (git-fixes). - scsi: iscsi: Merge suspend fields (git-fixes). - scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes). - scsi: iscsi: Run recv path from workqueue (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: mpi3mr: Fix memory leaks (git-fixes). - scsi: mpi3mr: Fix reporting of actual data transfer size (git-fixes). - scsi: mpi3mr: Fixes around reply request queues (git-fixes). - scsi: mpt3sas: Do not change DMA mask while reallocating pools (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Fail reset operation if config request timed out (git-fixes). - scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes). - scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Remove usage of dma_get_required_mask() API (bsc#1206912,bsc#1206098). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function (git-fixes). - scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes). - scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes). - scsi: pm8001: Fix tag leaks on error (git-fixes). - scsi: pm8001: Fix task leak in pm8001_send_abort_all() (git-fixes). - scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (git-fixes). - scsi: pm8001: Fix use-after-free for aborted TMF sas_task (git-fixes). - scsi: pm80xx: Fix double completion for SATA devices (git-fixes). - scsi: pm80xx: Fix memory leak during rmmod (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add stag_work to all the vports (git-fixes). - scsi: qedf: Change context reset messages to ratelimited (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() (git-fixes). - scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (git-fixes). - scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (git-fixes). - scsi: smartpqi: Fix kdump issue when controller is locked up (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition (git-fixes). - scsi: ufs: Fix a kernel crash during shutdown (git-fixes). - scsi: ufs: Treat link loss as fatal error (git-fixes). - scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() (git-fixes). - scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() (git-fixes). - scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - selftests: devlink: fix the fd redirect in dummy_reporter_test (git-fixes). - selftests: set the BUILD variable to absolute path (git-fixes). - selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes). - selftests/efivarfs: Add checking of the test return value (git-fixes). - selftests/ftrace: event_triggers: wait longer for test_event_enable (git-fixes). - selftests/powerpc: Fix resource leaks (git-fixes). - serial: 8250_bcm7271: Fix error handling in brcmuart_init() (git-fixes). - serial: amba-pl011: avoid SBSA UART accessing DMACR register (git-fixes). - serial: pch: Fix PCI device refcount leak in pch_request_dma() (git-fixes). - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (git-fixes). - serial: stm32: move dma_request_chan() before clk_prepare_enable() (git-fixes). - serial: sunsab: Fix error handling in sunsab_init() (git-fixes). - serial: tegra: Read DMA status before terminating (git-fixes). - soc: mediatek: pm-domains: Fix the power glitch issue (git-fixes). - soc: qcom: llcc: make irq truly optional (git-fixes). - soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes). - soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (git-fixes). - soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (git-fixes). - soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (git-fixes). - spi: spi-gpio: Do not set MOSI as an input if not 3WIRE mode (git-fixes). - spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes). - spi: Update reference to struct spi_controller (git-fixes). - staging: media: tegra-video: fix chan->mipi value on error (git-fixes). - staging: media: tegra-video: fix device_node use after free (git-fixes). - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (git-fixes). - staging: rtl8192u: Fix use after free in ieee80211_rx() (git-fixes). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - test_firmware: fix memory leak in test_firmware_init() (git-fixes). - thermal: core: fix some possible name leaks in error paths (git-fixes). - thermal: int340x: Add missing attribute for data rate base (git-fixes). - thermal/drivers/imx8mm_thermal: Validate temperature range (git-fixes). - thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (git-fixes). - timers: implement usleep_idle_range() (git-fixes). - tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (git-fixes). - tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing/doc: Fix typos on the timerlat tracer documentation (git-fixes). - tracing/osnoise: Fix duration type (git-fixes). - tty: serial: altera_uart_{r,t}x_chars() need only uart_port (git-fixes). - tty: serial: clean up stop-tx part in altera_uart_tx_chars() (git-fixes). - uio: uio_dmem_genirq: Fix deadlock between irq config and handling (git-fixes). - uio: uio_dmem_genirq: Fix missing unlock in irq configuration (git-fixes). - units: Add SI metric prefix definitions (git-fixes). - units: add the HZ macros (git-fixes). - usb: cdnsp: fix lack of ZLP for ep0 (git-fixes). - usb: dwc3: core: defer probe on ulpi_read_id timeout (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes). - usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer (git-fixes). - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup (git-fixes). - usb: gadget: uvc: Prevent buffer overflow in setup handler (git-fixes). - usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags (git-fixes). - usb: rndis_host: Secure rndis_query check against int overflow (git-fixes). - usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (git-fixes). - usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes). - usb: serial: f81232: fix division by zero on line-speed change (git-fixes). - usb: serial: f81534: fix division by zero on line-speed change (git-fixes). - usb: serial: option: add Quectel EM05-G modem (git-fixes). - usb: storage: Add check for kcalloc (git-fixes). - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git-fixes). - usb: typec: Factor out non-PD fwnode properties (git-fixes). - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (git-fixes). - usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (git-fixes). - usb: typec: tipd: Fix spurious fwnode_handle_put in error path (git-fixes). - usb: ulpi: defer ulpi_register on ulpi_read_id timeout (git-fixes). - usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (git-fixes). - vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (git-fixes). - vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (git-fixes). - vfio: platform: Do not pass return buffer to ACPI _RST method (git-fixes). - vhost: fix range used in translate_desc() (git-fixes). - vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes). - vmxnet3: correctly report csum_level for encapsulated packet (git-fixes). - vringh: fix range used in iotlb_translate() (git-fixes). - vsock: Enable y2038 safe timeval for timeout (bsc#1206101). - vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt (bsc#1206101). - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (git-fixes). - wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (git-fixes). - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (git-fixes). - wifi: ath9k: verify the expected usb_endpoints are present (git-fixes). - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (git-fixes). - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (git-fixes). - wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (git-fixes). - wifi: iwlwifi: mvm: fix double free on tx path (git-fixes). - wifi: mac80211: fix memory leak in ieee80211_if_add() (git-fixes). - wifi: mt76: do not run mt76u_status_worker if the device is not running (git-fixes). - wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (git-fixes). - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (git-fixes). - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (git-fixes). - wifi: rtl8xxxu: Fix the channel width reporting (git-fixes). - wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes). - wifi: rtw89: fix physts IE page check (git-fixes). - wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (git-fixes). - wifi: rtw89: use u32_encode_bits() to fill MAC quota value (git-fixes). - wifi: wilc1000: sdio: fix module autoloading (git-fixes). - xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-146=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2023-146=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): cluster-md-kmp-azure-5.14.21-150400.14.31.1 cluster-md-kmp-azure-debuginfo-5.14.21-150400.14.31.1 dlm-kmp-azure-5.14.21-150400.14.31.1 dlm-kmp-azure-debuginfo-5.14.21-150400.14.31.1 gfs2-kmp-azure-5.14.21-150400.14.31.1 gfs2-kmp-azure-debuginfo-5.14.21-150400.14.31.1 kernel-azure-5.14.21-150400.14.31.1 kernel-azure-debuginfo-5.14.21-150400.14.31.1 kernel-azure-debugsource-5.14.21-150400.14.31.1 kernel-azure-devel-5.14.21-150400.14.31.1 kernel-azure-devel-debuginfo-5.14.21-150400.14.31.1 kernel-azure-extra-5.14.21-150400.14.31.1 kernel-azure-extra-debuginfo-5.14.21-150400.14.31.1 kernel-azure-livepatch-devel-5.14.21-150400.14.31.1 kernel-azure-optional-5.14.21-150400.14.31.1 kernel-azure-optional-debuginfo-5.14.21-150400.14.31.1 kernel-syms-azure-5.14.21-150400.14.31.1 kselftests-kmp-azure-5.14.21-150400.14.31.1 kselftests-kmp-azure-debuginfo-5.14.21-150400.14.31.1 ocfs2-kmp-azure-5.14.21-150400.14.31.1 ocfs2-kmp-azure-debuginfo-5.14.21-150400.14.31.1 reiserfs-kmp-azure-5.14.21-150400.14.31.1 reiserfs-kmp-azure-debuginfo-5.14.21-150400.14.31.1 - openSUSE Leap 15.4 (noarch): kernel-devel-azure-5.14.21-150400.14.31.1 kernel-source-azure-5.14.21-150400.14.31.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 x86_64): kernel-azure-5.14.21-150400.14.31.1 kernel-azure-debuginfo-5.14.21-150400.14.31.1 kernel-azure-debugsource-5.14.21-150400.14.31.1 kernel-azure-devel-5.14.21-150400.14.31.1 kernel-azure-devel-debuginfo-5.14.21-150400.14.31.1 kernel-syms-azure-5.14.21-150400.14.31.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): kernel-devel-azure-5.14.21-150400.14.31.1 kernel-source-azure-5.14.21-150400.14.31.1 References: https://www.suse.com/security/cve/CVE-2022-3104.html https://www.suse.com/security/cve/CVE-2022-3105.html https://www.suse.com/security/cve/CVE-2022-3106.html https://www.suse.com/security/cve/CVE-2022-3107.html https://www.suse.com/security/cve/CVE-2022-3108.html https://www.suse.com/security/cve/CVE-2022-3111.html https://www.suse.com/security/cve/CVE-2022-3112.html https://www.suse.com/security/cve/CVE-2022-3113.html https://www.suse.com/security/cve/CVE-2022-3114.html https://www.suse.com/security/cve/CVE-2022-3115.html https://www.suse.com/security/cve/CVE-2022-3344.html https://www.suse.com/security/cve/CVE-2022-3564.html https://www.suse.com/security/cve/CVE-2022-4379.html https://www.suse.com/security/cve/CVE-2022-4662.html https://www.suse.com/security/cve/CVE-2022-47520.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1187428 https://bugzilla.suse.com/1188605 https://bugzilla.suse.com/1190969 https://bugzilla.suse.com/1191259 https://bugzilla.suse.com/1193629 https://bugzilla.suse.com/1199294 https://bugzilla.suse.com/1201068 https://bugzilla.suse.com/1203219 https://bugzilla.suse.com/1203740 https://bugzilla.suse.com/1203829 https://bugzilla.suse.com/1204614 https://bugzilla.suse.com/1204652 https://bugzilla.suse.com/1204760 https://bugzilla.suse.com/1204911 https://bugzilla.suse.com/1204989 https://bugzilla.suse.com/1205257 https://bugzilla.suse.com/1205263 https://bugzilla.suse.com/1205485 https://bugzilla.suse.com/1205496 https://bugzilla.suse.com/1205601 https://bugzilla.suse.com/1205695 https://bugzilla.suse.com/1206073 https://bugzilla.suse.com/1206098 https://bugzilla.suse.com/1206101 https://bugzilla.suse.com/1206188 https://bugzilla.suse.com/1206209 https://bugzilla.suse.com/1206344 https://bugzilla.suse.com/1206389 https://bugzilla.suse.com/1206390 https://bugzilla.suse.com/1206391 https://bugzilla.suse.com/1206393 https://bugzilla.suse.com/1206394 https://bugzilla.suse.com/1206395 https://bugzilla.suse.com/1206396 https://bugzilla.suse.com/1206397 https://bugzilla.suse.com/1206398 https://bugzilla.suse.com/1206399 https://bugzilla.suse.com/1206456 https://bugzilla.suse.com/1206468 https://bugzilla.suse.com/1206515 https://bugzilla.suse.com/1206536 https://bugzilla.suse.com/1206554 https://bugzilla.suse.com/1206602 https://bugzilla.suse.com/1206619 https://bugzilla.suse.com/1206664 https://bugzilla.suse.com/1206703 https://bugzilla.suse.com/1206794 https://bugzilla.suse.com/1206896 https://bugzilla.suse.com/1206912 https://bugzilla.suse.com/1207016 From sle-security-updates at lists.suse.com Thu Jan 26 11:29:15 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 12:29:15 +0100 (CET) Subject: SUSE-SU-2023:0147-1: important: Security update for the Linux Kernel Message-ID: <20230126112915.B9CE6FD89@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0147-1 Rating: important References: #1065729 #1187428 #1188605 #1191259 #1193629 #1199294 #1201068 #1203219 #1203740 #1204614 #1204652 #1204760 #1204911 #1204989 #1205263 #1205485 #1205601 #1205695 #1206073 #1206098 #1206101 #1206188 #1206209 #1206344 #1206389 #1206390 #1206393 #1206394 #1206395 #1206396 #1206397 #1206398 #1206399 #1206456 #1206468 #1206515 #1206536 #1206554 #1206602 #1206619 #1206664 #1206703 #1206794 #1206896 #1206912 #1207016 PED-1445 PED-568 SLE-19249 Cross-References: CVE-2022-3104 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3108 CVE-2022-3111 CVE-2022-3112 CVE-2022-3113 CVE-2022-3115 CVE-2022-3344 CVE-2022-3564 CVE-2022-4379 CVE-2022-4662 CVE-2022-47520 CVSS scores: CVE-2022-3104 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3104 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3105 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3105 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3106 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3106 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3111 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3111 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3112 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3112 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3113 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3113 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3115 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3115 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3344 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3344 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-3564 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3564 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4379 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-4379 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-4662 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4662 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47520 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-47520 (SUSE): 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Module for Realtime 15-SP4 SUSE Linux Enterprise Real Time 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that solves 14 vulnerabilities, contains three features and has 32 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3344: Fixed a flaw found in the KVM's AMD nested virtualization (SVM). A malicious L1 guest could purposely fail to intercept the shutdown of a cooperative nested guest (L2), possibly leading to a page fault and kernel panic in the host (L0). (bsc#1204652) - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by a missing check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open. (bsc#1206209) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2022-3104: Fixed a null pointer dereference caused by a missing check of the return value of kzalloc() in bugs.c:lkdtm_ARRAY_BOUNDS. (bsc#1206396) - CVE-2022-3113: Fixed a null pointer dereference caused by a missing check of the return value of devm_kzalloc. (bsc#1206390) - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - acct: fix potential integer overflow in encode_comp_t() (git-fixes). - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (git-fixes). - ACPICA: Fix error code path in acpi_ds_call_control_method() (git-fixes). - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (git-fixes). - ALSA: asihpi: fix missing pci_disable_device() (git-fixes). - ALSA: control-led: use strscpy in set_led_id() (git-fixes). - ALSA: hda - Enable headset mic on another Dell laptop with ALC3254 (git-fixes). - ALSA: hda: cs35l41: Check runtime suspend capability at runtime_idle (git-fixes). - ALSA: hda: cs35l41: Do not return -EINVAL from system suspend/resume (git-fixes). - ALSA: hda/hdmi: Add a HP device 0x8715 to force connect list (git-fixes). - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (git-fixes). - ALSA: hda/realtek - Turn on power early (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (git-fixes). - ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (git-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for a HP platform (git-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs for a HP ProBook (git-fixes). - ALSA: line6: correct midi status byte when receiving data from podxt (git-fixes). - ALSA: line6: fix stack overflow in line6_midi_transmit (git-fixes). - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (git-fixes). - ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes). - ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (git-fixes). - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (git-fixes). - ALSA: pcm: Set missing stop_operating flag at undoing trigger start (git-fixes). - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (git-fixes). - ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (git-fixes). - ALSA: usb-audio: add the quirk for KT0206 device (git-fixes). - ALSA: usb-audio: Make sure to stop endpoints before closing EPs (git-fixes). - ALSA: usb-audio: Relax hw constraints for implicit fb sync (git-fixes). - amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (git-fixes). - apparmor: fix a memleak in multi_transaction_new() (git-fixes). - apparmor: Fix abi check to include v8 abi (git-fixes). - apparmor: fix lockdep warning when removing a namespace (git-fixes). - apparmor: Fix memleak in alloc_ns() (git-fixes). - apparmor: Use pointer to struct aa_label for lbs_cred (git-fixes). - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (git-fixes). - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (git-fixes). - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-39x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (git-fixes). - ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes). - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (git-fixes). - ARM: dts: rockchip: fix ir-receiver node names (git-fixes). - ARM: dts: rockchip: fix node name for hym8563 rtc (git-fixes). - ARM: dts: rockchip: remove clock-frequency from rtc (git-fixes). - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (git-fixes). - ARM: dts: spear600: Fix clcd interrupt (git-fixes). - ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (git-fixes). - ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (git-fixes). - ARM: dts: turris-omnia: Add ethernet aliases (git-fixes). - ARM: dts: turris-omnia: Add switch port 6 node (git-fixes). - ARM: mmp: fix timer_read delay (git-fixes). - ARM: ux500: do not directly dereference __iomem (git-fixes). - arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (performance bsc#1203219). - arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (git-fixes). - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (git-fixes). - arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (git-fixes). - arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (git-fixes). - arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (git-fixes). - arm64: dts: mt2712e: Fix unit address for pinctrl node (git-fixes). - arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (git-fixes). - arm64: dts: mt6779: Fix devicetree build warnings (git-fixes). - arm64: dts: mt7622: drop r_smpl property from mmc node (git-fixes). - arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes). - arm64: dts: mt8183: Fix Mali GPU clock (git-fixes). - arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes). - arm64: dts: qcom: msm8916: Drop MSS fallback compatible (git-fixes). - arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes). - arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes). - arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (git-fixes). - arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes). - arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (git-fixes). - arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (git-fixes). - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (git-fixes). - arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (git-fixes). - arm64: dts: qcom: sm8250: correct LPASS pin pull down (git-fixes). - arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes). - arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes). - arm64: dts: rockchip: fix ir-receiver node names (git-fixes). - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (git-fixes). - arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (git-fixes). - arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (git-fixes). - ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (git-fixes). - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (git-fixes). - ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes). - ASoC: dt-bindings: wcd9335: fix reset line polarity in example (git-fixes). - ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes). - ASoC: fsl_micfil: explicitly clear software reset bit (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (git-fixes). - ASoC: jz4740-i2s: Handle independent FIFO flush bits (git-fixes). - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (git-fixes). - ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (git-fixes). - ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes). - ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (git-fixes). - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Correct bounds check for second channel on SX controls (git-fixes). - ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (git-fixes). - ASoC: pxa: fix null-pointer dereference in filter() (git-fixes). - ASoC: qcom: Add checks for devm_kcalloc (git-fixes). - ASoC: qcom: lpass-cpu: Fix fallback SD line index handling (git-fixes). - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (git-fixes). - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (git-fixes). - ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes). - ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions (git-fixes). - ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes). - ASoC: wm8904: fix wrong outputs volume after power reactivation (git-fixes). - ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register (git-fixes). - ASoC: wm8994: Fix potential deadlock (git-fixes). - ata: ahci: Fix PCS quirk application for suspend (git-fixes). - binfmt_elf: fix documented return value for load_elf_phdrs() (git-fixes). - binfmt_misc: fix shift-out-of-bounds in check_special_flags (git-fixes). - binfmt: Fix error return code in load_elf_fdpic_binary() (git-fixes). - Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (git-fixes). - Bluetooth: btusb: Add debug message for CSR controllers (git-fixes). - Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_core: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (git-fixes). - Bluetooth: RFCOMM: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - brcmfmac: return error when getting invalid max_flowrings from dongle (git-fixes). - caif: fix memory leak in cfctrl_linkup_request() (git-fixes). - can: kvaser_usb_leaf: Fix bogus restart events (git-fixes). - can: kvaser_usb_leaf: Fix wrong CAN state after stopping (git-fixes). - can: kvaser_usb_leaf: Set Warning state even without bus errors (git-fixes). - can: kvaser_usb: do not increase tx statistics when sending error message frames (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (git-fixes). - can: mcba_usb: Fix termination command argument (git-fixes). - can: sja1000: fix size of OCR_MODE_MASK define (git-fixes). - can: tcan4x5x: Remove invalid write in clear_interrupts (git-fixes). - chardev: fix error handling in cdev_device_add() (git-fixes). - cifs: Add "extbuf" and "extbuflen" args to smb2_compound_op() (bsc#1193629). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1193629). - cifs: do not leak -ENOMEM in smb2_open_file() (bsc#1193629). - cifs: do not refresh cached referrals from unactive mounts (bsc#1193629). - cifs: fix confusing debug message (bsc#1193629). - cifs: Fix kmap_local_page() unmapping (git-fixes). - cifs: fix missing display of three mount options (bsc#1193629). - cifs: fix oops during encryption (bsc#1199294). - cifs: fix refresh of cached referrals (bsc#1193629). - cifs: fix source pathname comparison of dfs supers (bsc#1193629). - cifs: fix various whitespace errors in headers (bsc#1193629). - cifs: get rid of mount options string parsing (bsc#1193629). - cifs: minor cleanup of some headers (bsc#1193629). - cifs: optimize reconnect of nested links (bsc#1193629). - cifs: Parse owner/group for stat in smb311 posix extensions (bsc#1193629). - cifs: print warning when conflicting soft vs. hard mount options specified (bsc#1193629). - cifs: reduce roundtrips on create/qinfo requests (bsc#1193629). - cifs: refresh root referrals (bsc#1193629). - cifs: Remove duplicated include in cifsglob.h (bsc#1193629). - cifs: remove unused smb3_fs_context::mount_options (bsc#1193629). - cifs: set correct ipc status after initial tree connect (bsc#1193629). - cifs: set correct status of tcon ipc when reconnecting (bsc#1193629). - cifs: set correct tcon status after initial tree connect (bsc#1193629). - cifs: set resolved ip in sockaddr (bsc#1193629). - cifs: share dfs connections and supers (bsc#1193629). - cifs: skip alloc when request has no pages (bsc#1193629). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use fs_context for automounts (bsc#1193629). - cifs: use origin fullpath for automounts (bsc#1193629). - class: fix possible memory leak in __class_register() (git-fixes). - clk: Fix pointer casting to prevent oops in devm_clk_release() (git-fixes). - clk: generalize devm_clk_get() a bit (git-fixes). - clk: imx: imx8mp: add shared clk gate for usb suspend clk (git-fixes). - clk: imx: replace osc_hdmi with dummy (git-fixes). - clk: nomadik: correct struct name kernel-doc warning (git-fixes). - clk: Provide new devm_clk helpers for prepared and enabled clocks (git-fixes). - clk: qcom: clk-krait: fix wrong div2 functions (git-fixes). - clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (git-fixes). - clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes). - clk: renesas: r9a06g032: Repair grave increment error (git-fixes). - clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (git-fixes). - clk: samsung: Fix memory leak in _samsung_clk_register_pll() (git-fixes). - clk: socfpga: Fix memory leak in socfpga_gate_init() (git-fixes). - clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes). - clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h (git-fixes). - clocksource/drivers/sh_cmt: Access registers according to spec (git-fixes). - clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (git-fixes). - cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485). - cpufreq: ACPI: Only set boost MSRs on supported CPUs (bsc#1205485). - cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online' and 'ret' (bsc#1205485). - cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (bsc#1201068). - crypto: ccree - Make cc_debugfs_global_fini() available for module init function (git-fixes). - crypto: ccree - Remove debugfs when platform_driver_register failed (git-fixes). - crypto: cryptd - Use request context instead of stack for sub-request (git-fixes). - crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes). - crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (git-fixes). - crypto: n2 - add missing hash statesize (git-fixes). - crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (git-fixes). - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (git-fixes). - crypto: rockchip - add fallback for ahash (git-fixes). - crypto: rockchip - add fallback for cipher (git-fixes). - crypto: rockchip - better handle cipher key (git-fixes). - crypto: rockchip - do not do custom power management (git-fixes). - crypto: rockchip - do not store mode globally (git-fixes). - crypto: rockchip - remove non-aligned handling (git-fixes). - crypto: rockchip - rework by using crypto_engine (git-fixes). - crypto: sun8i-ss - use dma_addr instead u32 (git-fixes). - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (git-fixes). - device property: Fix documentation for fwnode_get_next_parent() (git-fixes). - dmaengine: idxd: Fix crc_val field for completion record (git-fixes). - docs/zh_CN: Fix '.. only::' directive's expression (git-fixes). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove call to memset before free device/resource/connection (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - driver core: Fix bus_type.match() error handling in __driver_attach() (git-fixes). - drivers: dio: fix possible memory leak in dio_init() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (git-fixes). - drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 (git-fixes). - drm/amd/display: fix array index out of bound error in bios parser (git-fixes). - drm/amd/display: Manually adjust strobe for DCN303 (git-fixes). - drm/amd/display: prevent memory leak (git-fixes). - drm/amd/display: Use the largest vready_offset in pipe group (git-fixes). - drm/amd/pm/smu11: BACO is supported when it's in BACO state (git-fixes). - drm/amdgpu: fix pci device refcount leak (git-fixes). - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (git-fixes). - drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (git-fixes). - drm/amdgpu: Fix type of second parameter in trans_msg() callback (git-fixes). - drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes). - drm/amdgpu: make display pinning more flexible (v2) (git-fixes). - drm/amdgpu/powerplay/psm: Fix memory leak in power state init (git-fixes). - drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend (git-fixes). - drm/amdkfd: Fix memory leakage (git-fixes). - drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (git-fixes). - drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read() (git-fixes). - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (git-fixes). - drm/connector: send hotplug uevent on connector cleanup (git-fixes). - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink (git-fixes). - drm/etnaviv: add missing quirks for GC300 (git-fixes). - drm/etnaviv: do not truncate physical page address (git-fixes). - drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes). - drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes). - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (git-fixes). - drm/i915: Fix documentation for intel_uncore_forcewake_put__locked (git-fixes). - drm/i915: remove circ_buf.h includes (git-fixes). - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (git-fixes). - drm/i915/display: Do not disable DDI/Transcoder when setting phy test pattern (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for dual link DSI (git-fixes). - drm/i915/gvt: fix gvt debugfs destroy (git-fixes). - drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes). - drm/i915/migrate: do not check the scratch page (git-fixes). - drm/i915/migrate: fix length calculation (git-fixes). - drm/i915/migrate: fix offset calculation (git-fixes). - drm/i915/ttm: never purge busy objects (git-fixes). - drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes). - drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (git-fixes). - drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (git-fixes). - drm/mediatek: Modify dpi power on/off sequence (git-fixes). - drm/meson: Reduce the FIFO lines held when AFBC is not used (git-fixes). - drm/msm: another fix for the headless Adreno GPU (git-fixes). - drm/msm: Use drm_mode_copy() (git-fixes). - drm/msm/adreno: Make adreno quirks not overwrite each other (git-fixes). - drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer (git-fixes). - drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (git-fixes). - drm/panfrost: Fix GEM handle creation ref-counting (git-fixes). - drm/radeon: Add the missed acpi_put_table() to fix memory leak (git-fixes). - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (git-fixes). - drm/rockchip: lvds: fix PM usage counter unbalance in poweron (git-fixes). - drm/rockchip: Use drm_mode_copy() (git-fixes). - drm/shmem-helper: Avoid vm_open error paths (git-fixes). - drm/shmem-helper: Remove errant put in error path (git-fixes). - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes). - drm/sti: Use drm_mode_copy() (git-fixes). - drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (git-fixes). - drm/virtio: Fix GEM handle creation UAF (git-fixes). - drm/vmwgfx: Do not use screen objects when SEV is active (git-fixes). - drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes). - drm/vmwgfx: Validate the box size for the snooped cursor (git-fixes). - Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259) - dt-bindings: clock: qcom,aoncc-sm8250: fix compatible (git-fixes). - dt-bindings: display: sun6i-dsi: Fix clock conditional (git-fixes). - dt-bindings: gpio: gpio-davinci: Increase maxItems in gpio-line-names (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix description of core clock (git-fixes). - dt-bindings: msm: dsi-controller-main: Fix operating-points-v2 constraint (git-fixes). - dt-bindings: msm: dsi-phy-28nm: Add missing qcom, dsi-phy-regulator-ldo-mode (git-fixes). - dt-bindings: msm/dsi: Do not require vcca-supply on 14nm PHY (git-fixes). - dt-bindings: msm/dsi: Do not require vdds-supply on 10nm PHY (git-fixes). - dt-bindings: net: sun8i-emac: Add phy-supply property (git-fixes). - EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1205263). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - efi: fix userspace infinite retry read efivars after EFI runtime services page fault (git-fixes). - extcon: usbc-tusb320: Add support for mode setting and reset (git-fixes). - extcon: usbc-tusb320: Add support for TUSB320L (git-fixes). - extcon: usbc-tusb320: Factor out extcon into dedicated functions (git-fixes). - fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes). - fbdev: fbcon: release buffer when fbcon_do_set_font() failed (git-fixes). - fbdev: geode: do not build on UML (git-fixes). - fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (git-fixes). - fbdev: pm2fb: fix missing pci_disable_device() (git-fixes). - fbdev: ssd1307fb: Drop optional dependency (git-fixes). - fbdev: uvesafb: do not build on UML (git-fixes). - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (git-fixes). - fbdev: vermilion: decrease reference count in error path (git-fixes). - fbdev: via: Fix error in via_core_init() (git-fixes). - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes). - floppy: Fix memory leak in do_floppy_init() (git-fixes). - gpio: sifive: Fix refcount leak in sifive_gpio_probe (git-fixes). - gpiolib: cdev: fix NULL-pointer dereferences (git-fixes). - gpiolib: check the 'ngpios' property in core gpiolib code (git-fixes). - gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes). - gpiolib: Get rid of redundant 'else' (git-fixes). - gpiolib: improve coding style for local variables (git-fixes). - gpiolib: make struct comments into real kernel docs (git-fixes). - hamradio: baycom_epp: Fix return type of baycom_send_packet() (git-fixes). - hamradio: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - HID: hid-sensor-custom: set fixed size for custom attributes (git-fixes). - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 (git-fixes). - HID: mcp2221: do not connect hidraw (git-fixes). - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (git-fixes). - HID: plantronics: Additional PIDs for double volume key presses quirk (git-fixes). - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes). - HID: wacom: Ensure bootloader PID is usable in hidraw mode (git-fixes). - HSI: omap_ssi_core: Fix error handling in ssi_init() (git-fixes). - HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (git-fixes). - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (git-fixes). - hwmon: (jc42) Convert register access and caching to regmap/regcache (git-fixes). - hwmon: (jc42) Fix missing unlock on error in jc42_write() (git-fixes). - hwmon: (jc42) Restore the min/max/critical temperatures on resume (git-fixes). - hwrng: amd - Fix PCI device refcount leak (git-fixes). - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (git-fixes). - i2c: mux: reg: check return value after calling platform_get_resource() (git-fixes). - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (git-fixes). - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes) - ibmveth: Always stop tx queues during close (bsc#1065729). - iio: adc: ad_sigma_delta: do not use internal iio_dev lock (git-fixes). - iio: adc128s052: add proper .data members in adc128_of_match table (git-fixes). - iio: fix memory leak in iio_device_register_eventset() (git-fixes). - iio: temperature: ltc2983: make bulk write buffer DMA-safe (git-fixes). - ima: Fix a potential NULL pointer access in ima_restore_measurement_list (git-fixes). - Input: elants_i2c - properly handle the reset GPIO when power is off (git-fixes). - Input: joystick - fix Kconfig warning for JOYSTICK_ADC (git-fixes). - Input: wistron_btns - disable on UML (git-fixes). - integrity: Fix memory leakage in keyring allocation error path (git-fixes). - ipmi: fix long wait in unload when IPMI disconnect (git-fixes). - ipmi: fix memleak when unload ipmi driver (git-fixes). - ipmi: fix use after free in _ipmi_destroy_user() (git-fixes). - ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes). - ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (git-fixes). - lib/debugobjects: fix stat count and optimize debug_objects_mem_init (git-fixes). - lib/fonts: fix undefined behavior in bit shift for get_default_font (git-fixes). - mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (git-fixes). - mailbox: mpfs: read the system controller's status (git-fixes). - mailbox: zynq-ipi: fix error handling while device_register() fails (git-fixes). - media: adv748x: afe: Select input port when initializing AFE (git-fixes). - media: camss: Clean up received buffers on failed start of streaming (git-fixes). - media: dvb-core: Fix double free in dvb_register_device() (git-fixes). - media: dvb-core: Fix ignored return value in dvb_register_frontend() (git-fixes). - media: dvb-frontends: fix leak of memory fw (git-fixes). - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (git-fixes). - media: i2c: ad5820: Fix error path (git-fixes). - media: imon: fix a race condition in send_packet() (git-fixes). - media: saa7164: fix missing pci_disable_device() (git-fixes). - media: si470x: Fix use-after-free in si470x_int_in_callback() (git-fixes). - media: solo6x10: fix possible memory leak in solo_sysfs_init() (git-fixes). - media: stv0288: use explicitly signed char (git-fixes). - media: v4l2-ctrls: Fix off-by-one error in integer menu control check (git-fixes). - media: v4l2-dv-timings.c: fix too strict blanking sanity checks (git-fixes). - media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes). - media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (git-fixes). - media: vimc: Fix wrong function called when vimc_init() fails (git-fixes). - media: vivid: fix compose size exceed boundary (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes). - mfd: mt6360: Add bounds checking in Regmap read/write call-backs (git-fixes). - mfd: pm8008: Fix return value check in pm8008_probe() (git-fixes). - mfd: pm8008: Remove driver data structure pm8008_data (git-fixes). - mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (git-fixes). - mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (git-fixes). - misc: ocxl: fix possible name leak in ocxl_file_register_afu() (git-fixes). - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (git-fixes). - mISDN: hfcmulti: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcpci: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcsusb: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1206468). - mmc: alcor: fix return value check of mmc_add_host() (git-fixes). - mmc: atmel-mci: fix return value check of mmc_add_host() (git-fixes). - mmc: core: Normalize the error handling branch in sd_read_ext_regs() (git-fixes). - mmc: f-sdh30: Add quirks for broken timeout clock capability (git-fixes). - mmc: meson-gx: fix return value check of mmc_add_host() (git-fixes). - mmc: mmci: fix return value check of mmc_add_host() (git-fixes). - mmc: moxart: fix return value check of mmc_add_host() (git-fixes). - mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (git-fixes). - mmc: mxcmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: omap_hsmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: pxamci: fix return value check of mmc_add_host() (git-fixes). - mmc: renesas_sdhi: alway populate SCC pointer (git-fixes). - mmc: renesas_sdhi: better reset from HS400 mode (git-fixes). - mmc: rtsx_pci: fix return value check of mmc_add_host() (git-fixes). - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (git-fixes). - mmc: toshsd: fix return value check of mmc_add_host() (git-fixes). - mmc: via-sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (git-fixes). - mmc: wbsd: fix return value check of mmc_add_host() (git-fixes). - mmc: wmt-sdmmc: fix return value check of mmc_add_host() (git-fixes). - mt76: stop the radar detector after leaving dfs channel (git-fixes). - mtd: Fix device name leak when register device failed in add_mtd_device() (git-fixes). - mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes). - mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes). - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (git-fixes). - mtd: spi-nor: Fix the number of bytes for the dummy cycles (git-fixes). - mtd: spi-nor: hide jedec_id sysfs attribute if not present (git-fixes). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428 bsc#1206619). - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - net: usb: smsc95xx: fix external PHY reset (git-fixes). - net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1206536). - net/mlx5: Lag, filter non compatible devices (bsc#1206536). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - nfc: Fix potential resource leaks (git-fixes). - nfc: pn533: Clear nfc_target before being used (git-fixes). - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - nilfs2: fix shift-out-of-bounds due to too large exponent of block size (git-fixes). - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (git-fixes). - octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (jsc#SLE-24682). - octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (jsc#SLE-24682). - octeontx2-af: Do not reset previous pfc config (jsc#SLE-24682). - octeontx2-af: fix operand size in bitwise operation (jsc#SLE-24682). - octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (jsc#SLE-24682). - octeontx2-af: Limit link bringup time at firmware (jsc#SLE-24682). - octeontx2-af: return correct ptp timestamp for CN10K silicon (jsc#SLE-24682). - octeontx2-af: Set NIX link credits based on max LMAC (jsc#SLE-24682). - octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (jsc#SLE-24682). - octeontx2-pf: Add egress PFC support (jsc#SLE-24682). - octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (jsc#SLE-24682). - octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682). - octeontx2-pf: Fix pfc_alloc_status array overflow (jsc#SLE-24682). - octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682). - octeontx2-pf: Fix unused variable build error (jsc#SLE-24682). - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (jsc#SLE-24682). - octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682). - octeontx2: Modify mbox request and response structures (jsc#SLE-24682). - PCI: Check for alloc failure in pci_request_irq() (git-fixes). - PCI: dwc: Fix n_fts[] array overrun (git-fixes). - PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes). - PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (git-fixes). - PCI: vmd: Disable MSI remapping after suspend (git-fixes). - PCI/sysfs: Fix double free in error path (git-fixes). - phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (git-fixes). - pinctrl: k210: call of_node_put() (git-fixes). - pinctrl: meditatek: Startup with the IRQs disabled (git-fixes). - pinctrl: pinconf-generic: add missing of_node_put() (git-fixes). - platform/chrome: cros_ec_typec: Cleanup switch handle return paths (git-fixes). - platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes). - platform/surface: aggregator: Add missing call to ssam_request_sync_free() (git-fixes). - platform/surface: aggregator: Ignore command messages not intended for us (git-fixes). - platform/x86: dell-privacy: Fix SW_CAMERA_LENS_COVER reporting (git-fixes). - platform/x86: dell-privacy: Only register SW_CAMERA_LENS_COVER if present (git-fixes). - platform/x86: huawei-wmi: fix return value calculation (git-fixes). - platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (git-fixes). - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (git-fixes). - platform/x86: sony-laptop: Do not turn off 0x153 keyboard backlight during probe (git-fixes). - PM: hibernate: Fix mistake in kerneldoc comment (git-fixes). - PM: runtime: Do not call __rpm_callback() from rpm_idle() (git-fixes). - PNP: fix name memory leak in pnp_alloc_dev() (git-fixes). - power: supply: ab8500: Fix error handling in ab8500_charger_init() (git-fixes). - power: supply: fix null pointer dereferencing in power_supply_get_battery_info (git-fixes). - power: supply: fix residue sysfs file in error handle route of __power_supply_register() (git-fixes). - power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (git-fixes). - powerpc: export the CPU node count (bsc#1207016 ltc#201108). - powerpc: Take in account addition CPU node when building kexec FDT (bsc#1207016 ltc#201108). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - proc: fixup uptime selftest (git-fixes). - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes). - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (git-fixes). - pstore: Properly assign mem_type property (git-fixes). - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (git-fixes). - pstore/ram: Fix error return code in ramoops_probe() (git-fixes). - pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes). - pwm: lpc18xx-sct: Fix a comment to match code (git-fixes). - pwm: mediatek: always use bus clock for PWM on MT7622 (git-fixes). - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (git-fixes). - pwm: tegra: Improve required rate calculation (git-fixes). - r6040: Fix kmemleak in probe and remove (git-fixes). - random: allow partial reads if later user copies fail (bsc#1204911). - random: check for signals every PAGE_SIZE chunk of /dev/random (bsc#1204911). - random: convert to using fops->read_iter() (bsc#1204911). - random: convert to using fops->write_iter() (bsc#1204911). - random: remove outdated INT_MAX >> 6 check in urandom_read() (bsc#1204911). - random: zero buffer after reading entropy from userspace (bsc#1204911). - RDMA: Disable IB HW for UML (git-fixes) - RDMA/core: Fix order of nldev_exit call (git-fixes) - RDMA/core: Make sure "ib_port" is valid when access sysfs node (git-fixes) - RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes) - RDMA/hfi: Decrease PCI device reference count in error path (git-fixes) - RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes) - RDMA/hns: Fix AH attr queried by query_qp (git-fixes) - RDMA/hns: Fix error code of CMD (git-fixes) - RDMA/hns: Fix ext_sge num error when post send (git-fixes) - RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes) - RDMA/hns: Fix page size cap from firmware (git-fixes) - RDMA/hns: Fix PBL page MTR find (git-fixes) - RDMA/hns: Fix XRC caps on HIP08 (git-fixes) - RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes) - RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes) - RDMA/irdma: Initialize net_type before checking it (git-fixes) - RDMA/irdma: Report the correct link speed (git-fixes) - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes) - RDMA/nldev: Fix failure to send large messages (git-fixes) - RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port (git-fixes) - RDMA/restrack: Release MR restrack when delete (git-fixes) - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes) - RDMA/siw: Fix immediate work request flush to completion queue (git-fixes) - RDMA/siw: Fix pointer cast warning (git-fixes) - RDMA/siw: Set defined status for work completion with undefined status (git-fixes) - RDMA/srp: Fix error return code in srp_parse_options() (git-fixes) - regulator: bd718x7: Drop unnecessary info print (git-fixes). - regulator: core: fix deadlock on regulator enable (git-fixes). - regulator: core: fix module refcount leak in set_supply() (git-fixes). - regulator: core: fix resource leak in regulator_register() (git-fixes). - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (git-fixes). - regulator: core: fix use_count leakage when handling boot-on (git-fixes). - regulator: core: use kfree_const() to free space conditionally (git-fixes). - regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (git-fixes). - regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes). - regulator: slg51000: Wait after asserting CS pin (git-fixes). - regulator: twl6030: fix get status of twl6032 regulators (git-fixes). - remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (git-fixes). - remoteproc: qcom_q6v5_pas: detach power domains on remove (git-fixes). - remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (git-fixes). - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (git-fixes). - remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (git-fixes). - remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (git-fixes). - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (git-fixes). - rtc: cmos: fix build on non-ACPI platforms (git-fixes). - rtc: cmos: Fix event handler registration ordering issue (git-fixes). - rtc: cmos: Fix wake alarm breakage (git-fixes). - rtc: ds1347: fix value written to century register (git-fixes). - rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes). - rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (git-fixes). - rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes). - rtc: snvs: Allow a time difference on clock register read (git-fixes). - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (git-fixes). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/core: Fix comparison in sched_group_cookie_match() (git-fixes) - sched/core: Fix the bug that task won't enqueue into core (git-fixes) - sched/topology: Remove redundant variable and fix incorrect (git-fixes) - sched/uclamp: Fix relationship between uclamp and migration (git-fixes) - sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes) - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (git-fixes). - scsi: core: Fix scsi_mode_sense() buffer length handling (git-fixes). - scsi: core: Reallocate device's budget map on queue depth change (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes). - scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes). - scsi: hisi_sas: Use managed PCI functions (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add recv workqueue helpers (git-fixes). - scsi: iscsi: Fix harmless double shift bug (git-fixes). - scsi: iscsi: Fix possible memory leak when device_register() failed (git-fixes). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (git-fixes). - scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes). - scsi: iscsi: kabi: fix libiscsi new field (git-fixes). - scsi: iscsi: Merge suspend fields (git-fixes). - scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes). - scsi: iscsi: Run recv path from workqueue (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: mpi3mr: Fix memory leaks (git-fixes). - scsi: mpi3mr: Fix reporting of actual data transfer size (git-fixes). - scsi: mpi3mr: Fixes around reply request queues (git-fixes). - scsi: mpt3sas: Do not change DMA mask while reallocating pools (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Fail reset operation if config request timed out (git-fixes). - scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes). - scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Remove usage of dma_get_required_mask() API (bsc#1206912,bsc#1206098). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function (git-fixes). - scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes). - scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes). - scsi: pm8001: Fix tag leaks on error (git-fixes). - scsi: pm8001: Fix task leak in pm8001_send_abort_all() (git-fixes). - scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (git-fixes). - scsi: pm8001: Fix use-after-free for aborted TMF sas_task (git-fixes). - scsi: pm80xx: Fix double completion for SATA devices (git-fixes). - scsi: pm80xx: Fix memory leak during rmmod (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add stag_work to all the vports (git-fixes). - scsi: qedf: Change context reset messages to ratelimited (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() (git-fixes). - scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (git-fixes). - scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (git-fixes). - scsi: smartpqi: Fix kdump issue when controller is locked up (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition (git-fixes). - scsi: ufs: Fix a kernel crash during shutdown (git-fixes). - scsi: ufs: Treat link loss as fatal error (git-fixes). - scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() (git-fixes). - scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() (git-fixes). - scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - selftests: devlink: fix the fd redirect in dummy_reporter_test (git-fixes). - selftests: set the BUILD variable to absolute path (git-fixes). - selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes). - selftests/efivarfs: Add checking of the test return value (git-fixes). - selftests/ftrace: event_triggers: wait longer for test_event_enable (git-fixes). - selftests/powerpc: Fix resource leaks (git-fixes). - serial: 8250_bcm7271: Fix error handling in brcmuart_init() (git-fixes). - serial: amba-pl011: avoid SBSA UART accessing DMACR register (git-fixes). - serial: pch: Fix PCI device refcount leak in pch_request_dma() (git-fixes). - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (git-fixes). - serial: stm32: move dma_request_chan() before clk_prepare_enable() (git-fixes). - serial: sunsab: Fix error handling in sunsab_init() (git-fixes). - serial: tegra: Read DMA status before terminating (git-fixes). - soc: mediatek: pm-domains: Fix the power glitch issue (git-fixes). - soc: qcom: llcc: make irq truly optional (git-fixes). - soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes). - soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (git-fixes). - soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (git-fixes). - soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (git-fixes). - spi: spi-gpio: Do not set MOSI as an input if not 3WIRE mode (git-fixes). - spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes). - spi: Update reference to struct spi_controller (git-fixes). - staging: media: tegra-video: fix chan->mipi value on error (git-fixes). - staging: media: tegra-video: fix device_node use after free (git-fixes). - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (git-fixes). - staging: rtl8192u: Fix use after free in ieee80211_rx() (git-fixes). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - test_firmware: fix memory leak in test_firmware_init() (git-fixes). - thermal: core: fix some possible name leaks in error paths (git-fixes). - thermal: int340x: Add missing attribute for data rate base (git-fixes). - thermal/drivers/imx8mm_thermal: Validate temperature range (git-fixes). - thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (git-fixes). - tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (git-fixes). - tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (git-fixes). - tracing/doc: Fix typos on the timerlat tracer documentation (git-fixes). - tty: serial: altera_uart_{r,t}x_chars() need only uart_port (git-fixes). - tty: serial: clean up stop-tx part in altera_uart_tx_chars() (git-fixes). - uio: uio_dmem_genirq: Fix deadlock between irq config and handling (git-fixes). - uio: uio_dmem_genirq: Fix missing unlock in irq configuration (git-fixes). - usb: cdnsp: fix lack of ZLP for ep0 (git-fixes). - usb: dwc3: core: defer probe on ulpi_read_id timeout (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes). - usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer (git-fixes). - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup (git-fixes). - usb: gadget: uvc: Prevent buffer overflow in setup handler (git-fixes). - usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags (git-fixes). - usb: rndis_host: Secure rndis_query check against int overflow (git-fixes). - usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (git-fixes). - usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes). - usb: serial: f81232: fix division by zero on line-speed change (git-fixes). - usb: serial: f81534: fix division by zero on line-speed change (git-fixes). - usb: serial: option: add Quectel EM05-G modem (git-fixes). - usb: storage: Add check for kcalloc (git-fixes). - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git-fixes). - usb: typec: Factor out non-PD fwnode properties (git-fixes). - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (git-fixes). - usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (git-fixes). - usb: typec: tipd: Fix spurious fwnode_handle_put in error path (git-fixes). - usb: ulpi: defer ulpi_register on ulpi_read_id timeout (git-fixes). - usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (git-fixes). - vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (git-fixes). - vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (git-fixes). - vfio: platform: Do not pass return buffer to ACPI _RST method (git-fixes). - vhost: fix range used in translate_desc() (git-fixes). - vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes). - vmxnet3: correctly report csum_level for encapsulated packet (git-fixes). - vringh: fix range used in iotlb_translate() (git-fixes). - vsock: Enable y2038 safe timeval for timeout (bsc#1206101). - vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt (bsc#1206101). - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (git-fixes). - wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (git-fixes). - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (git-fixes). - wifi: ath9k: verify the expected usb_endpoints are present (git-fixes). - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (git-fixes). - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (git-fixes). - wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (git-fixes). - wifi: iwlwifi: mvm: fix double free on tx path (git-fixes). - wifi: mac80211: fix memory leak in ieee80211_if_add() (git-fixes). - wifi: mt76: do not run mt76u_status_worker if the device is not running (git-fixes). - wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (git-fixes). - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (git-fixes). - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (git-fixes). - wifi: rtl8xxxu: Fix the channel width reporting (git-fixes). - wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes). - wifi: rtw89: fix physts IE page check (git-fixes). - wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (git-fixes). - wifi: rtw89: use u32_encode_bits() to fill MAC quota value (git-fixes). - wifi: wilc1000: sdio: fix module autoloading (git-fixes). - xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-147=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-147=1 - SUSE Linux Enterprise Module for Realtime 15-SP4: zypper in -t patch SUSE-SLE-Module-RT-15-SP4-2023-147=1 - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-147=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-147=1 Package List: - openSUSE Leap Micro 5.3 (x86_64): kernel-rt-5.14.21-150400.15.8.1 kernel-rt-debuginfo-5.14.21-150400.15.8.1 kernel-rt-debugsource-5.14.21-150400.15.8.1 - openSUSE Leap 15.4 (x86_64): cluster-md-kmp-rt-5.14.21-150400.15.8.1 cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.8.1 dlm-kmp-rt-5.14.21-150400.15.8.1 dlm-kmp-rt-debuginfo-5.14.21-150400.15.8.1 gfs2-kmp-rt-5.14.21-150400.15.8.1 gfs2-kmp-rt-debuginfo-5.14.21-150400.15.8.1 kernel-rt-5.14.21-150400.15.8.1 kernel-rt-debuginfo-5.14.21-150400.15.8.1 kernel-rt-debugsource-5.14.21-150400.15.8.1 kernel-rt-devel-5.14.21-150400.15.8.1 kernel-rt-devel-debuginfo-5.14.21-150400.15.8.1 kernel-rt_debug-5.14.21-150400.15.8.1 kernel-rt_debug-debuginfo-5.14.21-150400.15.8.1 kernel-rt_debug-debugsource-5.14.21-150400.15.8.1 kernel-rt_debug-devel-5.14.21-150400.15.8.1 kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.8.1 kernel-syms-rt-5.14.21-150400.15.8.1 ocfs2-kmp-rt-5.14.21-150400.15.8.1 ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.8.1 - openSUSE Leap 15.4 (noarch): kernel-devel-rt-5.14.21-150400.15.8.1 kernel-source-rt-5.14.21-150400.15.8.1 - SUSE Linux Enterprise Module for Realtime 15-SP4 (noarch): kernel-devel-rt-5.14.21-150400.15.8.1 kernel-source-rt-5.14.21-150400.15.8.1 - SUSE Linux Enterprise Module for Realtime 15-SP4 (x86_64): cluster-md-kmp-rt-5.14.21-150400.15.8.1 cluster-md-kmp-rt-debuginfo-5.14.21-150400.15.8.1 dlm-kmp-rt-5.14.21-150400.15.8.1 dlm-kmp-rt-debuginfo-5.14.21-150400.15.8.1 gfs2-kmp-rt-5.14.21-150400.15.8.1 gfs2-kmp-rt-debuginfo-5.14.21-150400.15.8.1 kernel-rt-5.14.21-150400.15.8.1 kernel-rt-debuginfo-5.14.21-150400.15.8.1 kernel-rt-debugsource-5.14.21-150400.15.8.1 kernel-rt-devel-5.14.21-150400.15.8.1 kernel-rt-devel-debuginfo-5.14.21-150400.15.8.1 kernel-rt_debug-5.14.21-150400.15.8.1 kernel-rt_debug-debuginfo-5.14.21-150400.15.8.1 kernel-rt_debug-debugsource-5.14.21-150400.15.8.1 kernel-rt_debug-devel-5.14.21-150400.15.8.1 kernel-rt_debug-devel-debuginfo-5.14.21-150400.15.8.1 kernel-syms-rt-5.14.21-150400.15.8.1 ocfs2-kmp-rt-5.14.21-150400.15.8.1 ocfs2-kmp-rt-debuginfo-5.14.21-150400.15.8.1 - SUSE Linux Enterprise Module for Live Patching 15-SP4 (x86_64): kernel-livepatch-5_14_21-150400_15_8-rt-1-150400.1.3.1 kernel-livepatch-5_14_21-150400_15_8-rt-debuginfo-1-150400.1.3.1 kernel-livepatch-SLE15-SP4-RT_Update_2-debugsource-1-150400.1.3.1 - SUSE Linux Enterprise Micro 5.3 (x86_64): kernel-rt-5.14.21-150400.15.8.1 kernel-rt-debuginfo-5.14.21-150400.15.8.1 kernel-rt-debugsource-5.14.21-150400.15.8.1 References: https://www.suse.com/security/cve/CVE-2022-3104.html https://www.suse.com/security/cve/CVE-2022-3105.html https://www.suse.com/security/cve/CVE-2022-3106.html https://www.suse.com/security/cve/CVE-2022-3107.html https://www.suse.com/security/cve/CVE-2022-3108.html https://www.suse.com/security/cve/CVE-2022-3111.html https://www.suse.com/security/cve/CVE-2022-3112.html https://www.suse.com/security/cve/CVE-2022-3113.html https://www.suse.com/security/cve/CVE-2022-3115.html https://www.suse.com/security/cve/CVE-2022-3344.html https://www.suse.com/security/cve/CVE-2022-3564.html https://www.suse.com/security/cve/CVE-2022-4379.html https://www.suse.com/security/cve/CVE-2022-4662.html https://www.suse.com/security/cve/CVE-2022-47520.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1187428 https://bugzilla.suse.com/1188605 https://bugzilla.suse.com/1191259 https://bugzilla.suse.com/1193629 https://bugzilla.suse.com/1199294 https://bugzilla.suse.com/1201068 https://bugzilla.suse.com/1203219 https://bugzilla.suse.com/1203740 https://bugzilla.suse.com/1204614 https://bugzilla.suse.com/1204652 https://bugzilla.suse.com/1204760 https://bugzilla.suse.com/1204911 https://bugzilla.suse.com/1204989 https://bugzilla.suse.com/1205263 https://bugzilla.suse.com/1205485 https://bugzilla.suse.com/1205601 https://bugzilla.suse.com/1205695 https://bugzilla.suse.com/1206073 https://bugzilla.suse.com/1206098 https://bugzilla.suse.com/1206101 https://bugzilla.suse.com/1206188 https://bugzilla.suse.com/1206209 https://bugzilla.suse.com/1206344 https://bugzilla.suse.com/1206389 https://bugzilla.suse.com/1206390 https://bugzilla.suse.com/1206393 https://bugzilla.suse.com/1206394 https://bugzilla.suse.com/1206395 https://bugzilla.suse.com/1206396 https://bugzilla.suse.com/1206397 https://bugzilla.suse.com/1206398 https://bugzilla.suse.com/1206399 https://bugzilla.suse.com/1206456 https://bugzilla.suse.com/1206468 https://bugzilla.suse.com/1206515 https://bugzilla.suse.com/1206536 https://bugzilla.suse.com/1206554 https://bugzilla.suse.com/1206602 https://bugzilla.suse.com/1206619 https://bugzilla.suse.com/1206664 https://bugzilla.suse.com/1206703 https://bugzilla.suse.com/1206794 https://bugzilla.suse.com/1206896 https://bugzilla.suse.com/1206912 https://bugzilla.suse.com/1207016 From sle-security-updates at lists.suse.com Thu Jan 26 14:19:00 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 15:19:00 +0100 (CET) Subject: SUSE-SU-2023:0149-1: important: Security update for the Linux Kernel Message-ID: <20230126141900.C7666FD89@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0149-1 Rating: important References: #1065729 #1187428 #1188605 #1190969 #1191259 #1193629 #1199294 #1201068 #1203219 #1203740 #1203829 #1204614 #1204652 #1204760 #1204911 #1204989 #1205257 #1205263 #1205485 #1205496 #1205601 #1205695 #1206073 #1206098 #1206101 #1206188 #1206209 #1206273 #1206344 #1206389 #1206390 #1206391 #1206393 #1206394 #1206395 #1206396 #1206397 #1206398 #1206399 #1206456 #1206468 #1206515 #1206536 #1206554 #1206602 #1206619 #1206664 #1206703 #1206794 #1206896 #1206912 #1207016 PED-1445 PED-568 Cross-References: CVE-2022-3104 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3108 CVE-2022-3111 CVE-2022-3112 CVE-2022-3113 CVE-2022-3114 CVE-2022-3115 CVE-2022-3344 CVE-2022-3564 CVE-2022-4379 CVE-2022-4662 CVE-2022-47520 CVSS scores: CVE-2022-3104 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3104 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3105 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3105 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3106 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3106 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3111 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3111 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3112 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3112 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3113 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3113 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3114 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3114 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3115 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3115 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3344 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3344 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-3564 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3564 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4379 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-4379 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-4662 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4662 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47520 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-47520 (SUSE): 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP4 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that solves 15 vulnerabilities, contains two features and has 37 fixes is now available. Description: The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3344: Fixed a bug where nested shutdown interception could lead to host crash (bsc#1204652) - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-4379: Fixed a use-after-free vulnerability in nfs4file.c:__nfs42_ssc_open. (bsc#1206209) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2022-3104: Fixed a null pointer dereference caused by caused by a missing check of the return value of kzalloc() in bugs.c:lkdtm_ARRAY_BOUNDS. (bsc#1206396) - CVE-2022-3113: Fixed a null pointer dereference caused by a missing check of the return value of devm_kzalloc. (bsc#1206390) - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3114: Fixed a null pointer dereference caused by a missing check of the return value of kcalloc. (bsc#1206391) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - acct: fix potential integer overflow in encode_comp_t() (git-fixes). - ACPI: resource: Skip IRQ override on Asus Vivobook K3402ZA/K3502ZA (git-fixes). - ACPICA: Fix error code path in acpi_ds_call_control_method() (git-fixes). - ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() (git-fixes). - ALSA: asihpi: fix missing pci_disable_device() (git-fixes). - ALSA: hda/hdmi: Add HP Device 0x8711 to force connect list (git-fixes). - ALSA: hda/realtek: Add quirk for Lenovo TianYi510Pro-14IOB (git-fixes). - ALSA: hda/realtek: Apply dual codec fixup for Dell Latitude laptops (git-fixes). - ALSA: line6: correct midi status byte when receiving data from podxt (git-fixes). - ALSA: line6: fix stack overflow in line6_midi_transmit (git-fixes). - ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt (git-fixes). - ALSA: patch_realtek: Fix Dell Inspiron Plus 16 (git-fixes). - ALSA: pcm: fix undefined behavior in bit shift for SNDRV_PCM_RATE_KNOT (git-fixes). - ALSA: pcm: Set missing stop_operating flag at undoing trigger start (git-fixes). - ALSA: seq: Fix function prototype mismatch in snd_seq_expand_var_event (git-fixes). - ALSA: seq: fix undefined behavior in bit shift for SNDRV_SEQ_FILTER_USE_EVENT (git-fixes). - ALSA: usb-audio: add the quirk for KT0206 device (git-fixes). - amdgpu/pm: prevent array underflow in vega20_odn_edit_dpm_table() (git-fixes). - apparmor: fix a memleak in multi_transaction_new() (git-fixes). - apparmor: Fix abi check to include v8 abi (git-fixes). - apparmor: fix lockdep warning when removing a namespace (git-fixes). - apparmor: Fix memleak in alloc_ns() (git-fixes). - apparmor: Use pointer to struct aa_label for lbs_cred (git-fixes). - ARM: 9251/1: perf: Fix stacktraces for tracepoint events in THUMB2 kernels (git-fixes). - ARM: 9256/1: NWFPE: avoid compiler-generated __aeabi_uldivmod (git-fixes). - ARM: dts: armada-370: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-375: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-38x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-39x: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: armada-39x: Fix compatible string for gpios (git-fixes). - ARM: dts: armada-xp: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: dove: Fix assigned-addresses for every PCIe Root Port (git-fixes). - ARM: dts: nuvoton: Remove bogus unit addresses from fixed-partition nodes (git-fixes). - ARM: dts: qcom: apq8064: fix coresight compatible (git-fixes). - ARM: dts: rockchip: disable arm_global_timer on rk3066 and rk3188 (git-fixes). - ARM: dts: rockchip: fix ir-receiver node names (git-fixes). - ARM: dts: rockchip: fix node name for hym8563 rtc (git-fixes). - ARM: dts: rockchip: remove clock-frequency from rtc (git-fixes). - ARM: dts: rockchip: rk3188: fix lcdc1-rgb24 node name (git-fixes). - ARM: dts: spear600: Fix clcd interrupt (git-fixes). - ARM: dts: stm32: Drop stm32mp15xc.dtsi from Avenger96 (git-fixes). - ARM: dts: stm32: Fix AV96 WLAN regulator gpio property (git-fixes). - ARM: dts: turris-omnia: Add ethernet aliases (git-fixes). - ARM: dts: turris-omnia: Add switch port 6 node (git-fixes). - ARM: mmp: fix timer_read delay (git-fixes). - ARM: ux500: do not directly dereference __iomem (git-fixes). - arm64: Avoid repeated AA64MMFR1_EL1 register read on pagefault path (performance bsc#1203219). - arm64: dts: armada-3720-turris-mox: Add missing interrupt for RTC (git-fixes). - arm64: dts: mediatek: mt6797: Fix 26M oscillator unit name (git-fixes). - arm64: dts: mediatek: pumpkin-common: Fix devicetree warnings (git-fixes). - arm64: dts: mt2712-evb: Fix usb vbus regulators unit names (git-fixes). - arm64: dts: mt2712-evb: Fix vproc fixed regulators unit names (git-fixes). - arm64: dts: mt2712e: Fix unit address for pinctrl node (git-fixes). - arm64: dts: mt2712e: Fix unit_address_vs_reg warning for oscillators (git-fixes). - arm64: dts: mt6779: Fix devicetree build warnings (git-fixes). - arm64: dts: mt7622: drop r_smpl property from mmc node (git-fixes). - arm64: dts: mt8183: drop drv-type from mmc-node (git-fixes). - arm64: dts: mt8183: Fix Mali GPU clock (git-fixes). - arm64: dts: qcom: ipq6018-cp01-c1: use BLSPI1 pins (git-fixes). - arm64: dts: qcom: msm8916: Drop MSS fallback compatible (git-fixes). - arm64: dts: qcom: msm8996: Add MSM8996 Pro support (git-fixes). - arm64: dts: qcom: msm8996: fix GPU OPP table (git-fixes). - arm64: dts: qcom: msm8996: fix supported-hw in cpufreq OPP tables (git-fixes). - arm64: dts: qcom: sdm630: fix UART1 pin bias (git-fixes). - arm64: dts: qcom: sdm845-cheza: fix AP suspend pin bias (git-fixes). - arm64: dts: qcom: sdm845-db845c: correct SPI2 pins drive strength (git-fixes). - arm64: dts: qcom: sdm850-lenovo-yoga-c630: correct I2C12 pins drive strength (git-fixes). - arm64: dts: qcom: sm8250-sony-xperia-edo: fix touchscreen bias-disable (git-fixes). - arm64: dts: qcom: sm8250: correct LPASS pin pull down (git-fixes). - arm64: dts: qcom: sm8250: drop bogus DP PHY clock (git-fixes). - arm64: dts: qcom: sm8250: fix USB-DP PHY registers (git-fixes). - arm64: dts: rockchip: fix ir-receiver node names (git-fixes). - arm64: dts: rockchip: keep I2S1 disabled for GPIO function on ROCK Pi 4 series (git-fixes). - arm64: dts: ti: k3-am65-main: Drop dma-coherent in crypto node (git-fixes). - arm64: dts: ti: k3-j721e-main: Drop dma-coherent in crypto node (git-fixes). - ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() (git-fixes). - ASoC: codecs: rt298: Add quirk for KBL-R RVP platform (git-fixes). - ASoC: cs42l51: Correct PGA Volume minimum value (git-fixes). - ASoC: dt-bindings: wcd9335: fix reset line polarity in example (git-fixes). - ASoC: fsl_micfil: explicitly clear CHnF flags (git-fixes). - ASoC: fsl_micfil: explicitly clear software reset bit (git-fixes). - ASoC: Intel: bytcr_rt5640: Add quirk for the Advantech MICA-071 tablet (git-fixes). - ASoC: jz4740-i2s: Handle independent FIFO flush bits (git-fixes). - ASoC: mediatek: mt8173-rt5650-rt5514: fix refcount leak in mt8173_rt5650_rt5514_dev_probe() (git-fixes). - ASoC: mediatek: mt8173: Enable IRQ when pdata is ready (git-fixes). - ASoC: mediatek: mt8183: fix refcount leak in mt8183_mt6358_ts3a227_max98357_dev_probe() (git-fixes). - ASoC: mediatek: mtk-btcvsd: Add checks for write and read of mtk_btcvsd_snd (git-fixes). - ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() (git-fixes). - ASoC: ops: Correct bounds check for second channel on SX controls (git-fixes). - ASoC: pcm512x: Fix PM disable depth imbalance in pcm512x_probe (git-fixes). - ASoC: pxa: fix null-pointer dereference in filter() (git-fixes). - ASoC: qcom: Add checks for devm_kcalloc (git-fixes). - ASoC: rockchip: pdm: Add missing clk_disable_unprepare() in rockchip_pdm_runtime_resume() (git-fixes). - ASoC: rockchip: spdif: Add missing clk_disable_unprepare() in rk_spdif_runtime_resume() (git-fixes). - ASoC: rt5670: Remove unbalanced pm_runtime_put() (git-fixes). - ASoC: rt711-sdca: fix the latency time of clock stop prepare state machine transitions (git-fixes). - ASoC: soc-pcm: Add NULL check in BE reparenting (git-fixes). - ASoC: wm8962: Wait for updated value of WM8962_CLOCKING1 register (git-fixes). - ASoC: wm8994: Fix potential deadlock (git-fixes). - ata: ahci: Fix PCS quirk application for suspend (git-fixes). - binfmt_elf: fix documented return value for load_elf_phdrs() (git-fixes). - binfmt_misc: fix shift-out-of-bounds in check_special_flags (git-fixes). - binfmt: Fix error return code in load_elf_fdpic_binary() (git-fixes). - block: Do not reread partition table on exclusively open device (bsc#1190969). - Bluetooth: btintel: Fix missing free skb in btintel_setup_combined() (git-fixes). - Bluetooth: btusb: Add debug message for CSR controllers (git-fixes). - Bluetooth: btusb: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_bcsp: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_core: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_h5: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_ll: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: hci_qca: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - Bluetooth: MGMT: Fix error report for ADD_EXT_ADV_PARAMS (git-fixes). - Bluetooth: RFCOMM: do not call kfree_skb() under spin_lock_irqsave() (git-fixes). - brcmfmac: return error when getting invalid max_flowrings from dongle (git-fixes). - caif: fix memory leak in cfctrl_linkup_request() (git-fixes). - can: do not increase rx statistics when generating a CAN rx error message frame (git-fixes). - can: do not increase rx_bytes statistics for RTR frames (git-fixes). - can: kvaser_usb_leaf: Fix bogus restart events (git-fixes). - can: kvaser_usb_leaf: Fix wrong CAN state after stopping (git-fixes). - can: kvaser_usb_leaf: Set Warning state even without bus errors (git-fixes). - can: kvaser_usb: do not increase tx statistics when sending error message frames (git-fixes). - can: kvaser_usb: kvaser_usb_leaf: fix bittiming limits (git-fixes). - can: kvaser_usb: make use of units.h in assignment of frequency (git-fixes). - can: m_can: fix typo prescalar -> prescaler (git-fixes). - can: m_can: is_lec_err(): clean up LEC error handling (git-fixes). - can: mcba_usb: Fix termination command argument (git-fixes). - can: sja1000: fix size of OCR_MODE_MASK define (git-fixes). - can: tcan4x5x: Remove invalid write in clear_interrupts (git-fixes). - chardev: fix error handling in cdev_device_add() (git-fixes). - cifs: Add "extbuf" and "extbuflen" args to smb2_compound_op() (bsc#1193629). - cifs: do not block in dfs_cache_noreq_update_tgthint() (bsc#1193629). - cifs: do not leak -ENOMEM in smb2_open_file() (bsc#1193629). - cifs: do not refresh cached referrals from unactive mounts (bsc#1193629). - cifs: fix confusing debug message (bsc#1193629). - cifs: Fix kmap_local_page() unmapping (git-fixes). - cifs: fix missing display of three mount options (bsc#1193629). - cifs: fix oops during encryption (bsc#1199294). - cifs: fix refresh of cached referrals (bsc#1193629). - cifs: fix source pathname comparison of dfs supers (bsc#1193629). - cifs: fix various whitespace errors in headers (bsc#1193629). - cifs: get rid of mount options string parsing (bsc#1193629). - cifs: minor cleanup of some headers (bsc#1193629). - cifs: optimize reconnect of nested links (bsc#1193629). - cifs: Parse owner/group for stat in smb311 posix extensions (bsc#1193629). - cifs: print warning when conflicting soft vs. hard mount options specified (bsc#1193629). - cifs: reduce roundtrips on create/qinfo requests (bsc#1193629). - cifs: refresh root referrals (bsc#1193629). - cifs: Remove duplicated include in cifsglob.h (bsc#1193629). - cifs: remove unused smb3_fs_context::mount_options (bsc#1193629). - cifs: set correct ipc status after initial tree connect (bsc#1193629). - cifs: set correct status of tcon ipc when reconnecting (bsc#1193629). - cifs: set correct tcon status after initial tree connect (bsc#1193629). - cifs: set resolved ip in sockaddr (bsc#1193629). - cifs: share dfs connections and supers (bsc#1193629). - cifs: skip alloc when request has no pages (bsc#1193629). - cifs: split out ses and tcon retrieval from mount_get_conns() (bsc#1193629). - cifs: update internal module number (bsc#1193629). - cifs: use fs_context for automounts (bsc#1193629). - cifs: use origin fullpath for automounts (bsc#1193629). - class: fix possible memory leak in __class_register() (git-fixes). - clk: Fix pointer casting to prevent oops in devm_clk_release() (git-fixes). - clk: generalize devm_clk_get() a bit (git-fixes). - clk: imx: imx8mp: add shared clk gate for usb suspend clk (git-fixes). - clk: imx: replace osc_hdmi with dummy (git-fixes). - clk: nomadik: correct struct name kernel-doc warning (git-fixes). - clk: Provide new devm_clk helpers for prepared and enabled clocks (git-fixes). - clk: qcom: clk-krait: fix wrong div2 functions (git-fixes). - clk: qcom: gcc-sm8250: Use retention mode for USB GDSCs (git-fixes). - clk: qcom: lpass-sc7180: Fix pm_runtime usage (git-fixes). - clk: renesas: r9a06g032: Repair grave increment error (git-fixes). - clk: rockchip: Fix memory leak in rockchip_clk_register_pll() (git-fixes). - clk: samsung: Fix memory leak in _samsung_clk_register_pll() (git-fixes). - clk: socfpga: Fix memory leak in socfpga_gate_init() (git-fixes). - clk: st: Fix memory leak in st_of_quadfs_setup() (git-fixes). - clk: sunxi-ng: v3s: Correct the header guard of ccu-sun8i-v3s.h (git-fixes). - clocksource/drivers/sh_cmt: Access registers according to spec (git-fixes). - clocksource/drivers/timer-ti-dm: Fix missing clk_disable_unprepare in dmtimer_systimer_init_clock() (git-fixes). - cpufreq: ACPI: Defer setting boost MSRs (bsc#1205485). - cpufreq: ACPI: Only set boost MSRs on supported CPUs (bsc#1205485). - cpufreq: ACPI: Remove unused variables 'acpi_cpufreq_online' and 'ret' (bsc#1205485). - cpufreq: intel_pstate: Add Sapphire Rapids support in no-HWP mode (bsc#1201068). - crypto: ccree - Make cc_debugfs_global_fini() available for module init function (git-fixes). - crypto: ccree - Remove debugfs when platform_driver_register failed (git-fixes). - crypto: cryptd - Use request context instead of stack for sub-request (git-fixes). - crypto: hisilicon/qm - fix missing destroy qp_idr (git-fixes). - crypto: img-hash - Fix variable dereferenced before check 'hdev->req' (git-fixes). - crypto: n2 - add missing hash statesize (git-fixes). - crypto: nitrox - avoid double free on error path in nitrox_sriov_init() (git-fixes). - crypto: omap-sham - Use pm_runtime_resume_and_get() in omap_sham_probe() (git-fixes). - crypto: rockchip - add fallback for ahash (git-fixes). - crypto: rockchip - add fallback for cipher (git-fixes). - crypto: rockchip - better handle cipher key (git-fixes). - crypto: rockchip - do not do custom power management (git-fixes). - crypto: rockchip - do not store mode globally (git-fixes). - crypto: rockchip - remove non-aligned handling (git-fixes). - crypto: rockchip - rework by using crypto_engine (git-fixes). - crypto: sun8i-ss - use dma_addr instead u32 (git-fixes). - crypto: tcrypt - Fix multibuffer skcipher speed test mem leak (git-fixes). - device property: Fix documentation for fwnode_get_next_parent() (git-fixes). - dmaengine: idxd: Fix crc_val field for completion record (git-fixes). - docs/zh_CN: Fix '.. only::' directive's expression (git-fixes). - Documentation: devres: add missing devm_acpi_dma_controller_free() helper (git-fixes). - Documentation: devres: add missing MEM helper (git-fixes). - Documentation: devres: add missing PHY helpers (git-fixes). - Documentation: devres: add missing PWM helper (git-fixes). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove call to memset before free device/resource/connection (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: set QUEUE_FLAG_STABLE_WRITES (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - driver core: Fix bus_type.match() error handling in __driver_attach() (git-fixes). - drivers: dio: fix possible memory leak in dio_init() (git-fixes). - drivers: soc: ti: knav_qmss_queue: Mark knav_acc_firmwares as static (git-fixes). - drm: bridge: dw_hdmi: fix preference of RGB modes over YUV420 (git-fixes). - drm/amd/display: fix array index out of bound error in bios parser (git-fixes). - drm/amd/display: Manually adjust strobe for DCN303 (git-fixes). - drm/amd/display: prevent memory leak (git-fixes). - drm/amd/display: Use the largest vready_offset in pipe group (git-fixes). - drm/amd/pm/smu11: BACO is supported when it's in BACO state (git-fixes). - drm/amdgpu: fix pci device refcount leak (git-fixes). - drm/amdgpu: Fix PCI device refcount leak in amdgpu_atrm_get_bios() (git-fixes). - drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback (git-fixes). - drm/amdgpu: Fix type of second parameter in trans_msg() callback (git-fixes). - drm/amdgpu: handle polaris10/11 overlap asics (v2) (git-fixes). - drm/amdgpu: make display pinning more flexible (v2) (git-fixes). - drm/amdgpu/powerplay/psm: Fix memory leak in power state init (git-fixes). - drm/amdgpu/sdma_v4_0: turn off SDMA ring buffer in the s2idle suspend (git-fixes). - drm/amdkfd: Fix memory leakage (git-fixes). - drm/bridge: adv7533: remove dynamic lane switching from adv7533 bridge (git-fixes). - drm/bridge: anx7625: Fix edid_read break case in sp_tx_edid_read() (git-fixes). - drm/bridge: ti-sn65dsi86: Fix output polarity setting bug (git-fixes). - drm/connector: send hotplug uevent on connector cleanup (git-fixes). - drm/edid: Fix minimum bpc supported with DSC1.2 for HDMI sink (git-fixes). - drm/etnaviv: add missing quirks for GC300 (git-fixes). - drm/etnaviv: do not truncate physical page address (git-fixes). - drm/fourcc: Add packed 10bit YUV 4:2:0 format (git-fixes). - drm/fourcc: Fix vsub/hsub for Q410 and Q401 (git-fixes). - drm/fsl-dcu: Fix return type of fsl_dcu_drm_connector_mode_valid() (git-fixes). - drm/i915: Fix documentation for intel_uncore_forcewake_put__locked (git-fixes). - drm/i915: remove circ_buf.h includes (git-fixes). - drm/i915: unpin on error in intel_vgpu_shadow_mm_pin() (git-fixes). - drm/i915/display: Do not disable DDI/Transcoder when setting phy test pattern (git-fixes). - drm/i915/dsi: fix VBT send packet port selection for dual link DSI (git-fixes). - drm/i915/gvt: fix gvt debugfs destroy (git-fixes). - drm/i915/gvt: fix vgpu debugfs clean in remove (git-fixes). - drm/i915/migrate: do not check the scratch page (git-fixes). - drm/i915/migrate: fix length calculation (git-fixes). - drm/i915/migrate: fix offset calculation (git-fixes). - drm/i915/ttm: never purge busy objects (git-fixes). - drm/imx: ipuv3-plane: Fix overlay plane width (git-fixes). - drm/ingenic: Fix missing platform_driver_unregister() call in ingenic_drm_init() (git-fixes). - drm/mediatek: Fix return type of mtk_hdmi_bridge_mode_valid() (git-fixes). - drm/mediatek: Modify dpi power on/off sequence (git-fixes). - drm/meson: Reduce the FIFO lines held when AFBC is not used (git-fixes). - drm/msm: Use drm_mode_copy() (git-fixes). - drm/panel/panel-sitronix-st7701: Remove panel on DSI attach failure (git-fixes). - drm/panfrost: Fix GEM handle creation ref-counting (git-fixes). - drm/radeon: Add the missed acpi_put_table() to fix memory leak (git-fixes). - drm/radeon: Fix PCI device refcount leak in radeon_atrm_get_bios() (git-fixes). - drm/rockchip: lvds: fix PM usage counter unbalance in poweron (git-fixes). - drm/rockchip: Use drm_mode_copy() (git-fixes). - drm/shmem-helper: Avoid vm_open error paths (git-fixes). - drm/shmem-helper: Remove errant put in error path (git-fixes). - drm/sti: Fix return type of sti_{dvo,hda,hdmi}_connector_mode_valid() (git-fixes). - drm/sti: Use drm_mode_copy() (git-fixes). - drm/tegra: Add missing clk_disable_unprepare() in tegra_dc_probe() (git-fixes). - drm/vmwgfx: Do not use screen objects when SEV is active (git-fixes). - drm/vmwgfx: Fix a sparse warning in kernel docs (git-fixes). - drm/vmwgfx: Validate the box size for the snooped cursor (git-fixes). - Drop FIPS mode DRBG->getrandom(2) wire-up (bsc#1191259) - dt-bindings: clock: qcom,aoncc-sm8250: fix compatible (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - dt-bindings: display: sun6i-dsi: Fix clock conditional (git-fixes). - dt-bindings: gpio: gpio-davinci: Increase maxItems in gpio-line-names (git-fixes). - dt-bindings: net: sun8i-emac: Add phy-supply property (git-fixes). - EDAC/mc_sysfs: Increase legacy channel support to 12 (bsc#1205263). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - extcon: usbc-tusb320: Add support for mode setting and reset (git-fixes). - extcon: usbc-tusb320: Add support for TUSB320L (git-fixes). - extcon: usbc-tusb320: Factor out extcon into dedicated functions (git-fixes). - fbcon: Use kzalloc() in fbcon_prepare_logo() (git-fixes). - fbdev: fbcon: release buffer when fbcon_do_set_font() failed (git-fixes). - fbdev: geode: do not build on UML (git-fixes). - fbdev: matroxfb: G200eW: Increase max memory from 1 MB to 16 MB (git-fixes). - fbdev: pm2fb: fix missing pci_disable_device() (git-fixes). - fbdev: smscufx: Fix several use-after-free bugs (git-fixes). - fbdev: ssd1307fb: Drop optional dependency (git-fixes). - fbdev: uvesafb: do not build on UML (git-fixes). - fbdev: uvesafb: Fixes an error handling path in uvesafb_probe() (git-fixes). - fbdev: vermilion: decrease reference count in error path (git-fixes). - fbdev: via: Fix error in via_core_init() (git-fixes). - firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() (git-fixes). - floppy: Fix memory leak in do_floppy_init() (git-fixes). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206273). - gpio: sifive: Fix refcount leak in sifive_gpio_probe (git-fixes). - gpiolib: cdev: fix NULL-pointer dereferences (git-fixes). - gpiolib: check the 'ngpios' property in core gpiolib code (git-fixes). - gpiolib: fix memory leak in gpiochip_setup_dev() (git-fixes). - gpiolib: Get rid of redundant 'else' (git-fixes). - gpiolib: improve coding style for local variables (git-fixes). - gpiolib: make struct comments into real kernel docs (git-fixes). - hamradio: baycom_epp: Fix return type of baycom_send_packet() (git-fixes). - hamradio: do not call dev_kfree_skb() under spin_lock_irqsave() (git-fixes). - HID: hid-sensor-custom: set fixed size for custom attributes (git-fixes). - HID: ite: Enable QUIRK_TOUCHPAD_ON_OFF_REPORT on Acer Aspire Switch V 10 (git-fixes). - HID: mcp2221: do not connect hidraw (git-fixes). - HID: multitouch: fix Asus ExpertBook P2 P2451FA trackpoint (git-fixes). - HID: plantronics: Additional PIDs for double volume key presses quirk (git-fixes). - HID: uclogic: Add HID_QUIRK_HIDINPUT_FORCE quirk (git-fixes). - HID: usbhid: Add ALWAYS_POLL quirk for some mice (git-fixes). - HID: wacom: Ensure bootloader PID is usable in hidraw mode (git-fixes). - HSI: omap_ssi_core: Fix error handling in ssi_init() (git-fixes). - HSI: omap_ssi_core: fix possible memory leak in ssi_probe() (git-fixes). - HSI: omap_ssi_core: fix unbalanced pm_runtime_disable() (git-fixes). - hwmon: (jc42) Convert register access and caching to regmap/regcache (git-fixes). - hwmon: (jc42) Fix missing unlock on error in jc42_write() (git-fixes). - hwmon: (jc42) Restore the min/max/critical temperatures on resume (git-fixes). - hwrng: amd - Fix PCI device refcount leak (git-fixes). - i2c: ismt: Fix an out-of-bounds bug in ismt_access() (git-fixes). - i2c: mux: reg: check return value after calling platform_get_resource() (git-fixes). - i2c: pxa-pci: fix missing pci_disable_device() on error in ce4100_i2c_probe (git-fixes). - IB/IPoIB: Fix queue count inconsistency for PKEY child interfaces (git-fixes) - ibmveth: Always stop tx queues during close (bsc#1065729). - iio: adc: ad_sigma_delta: do not use internal iio_dev lock (git-fixes). - iio: adc128s052: add proper .data members in adc128_of_match table (git-fixes). - iio: fix memory leak in iio_device_register_eventset() (git-fixes). - iio: temperature: ltc2983: make bulk write buffer DMA-safe (git-fixes). - ima: Fix a potential NULL pointer access in ima_restore_measurement_list (git-fixes). - Input: elants_i2c - properly handle the reset GPIO when power is off (git-fixes). - Input: joystick - fix Kconfig warning for JOYSTICK_ADC (git-fixes). - Input: wistron_btns - disable on UML (git-fixes). - integrity: Fix memory leakage in keyring allocation error path (git-fixes). - ipmi: fix long wait in unload when IPMI disconnect (git-fixes). - ipmi: fix memleak when unload ipmi driver (git-fixes). - ipmi: fix use after free in _ipmi_destroy_user() (git-fixes). - ipmi: kcs: Poll OBF briefly to reduce OBE latency (git-fixes). - ipu3-imgu: Fix NULL pointer dereference in imgu_subdev_set_selection() (git-fixes). - kABI: reintroduce a non-inline usleep_range (git-fixes). - lib/debugobjects: fix stat count and optimize debug_objects_mem_init (git-fixes). - lib/fonts: fix undefined behavior in bit shift for get_default_font (git-fixes). - mailbox: arm_mhuv2: Fix return value check in mhuv2_probe() (git-fixes). - mailbox: mpfs: read the system controller's status (git-fixes). - mailbox: zynq-ipi: fix error handling while device_register() fails (git-fixes). - media: adv748x: afe: Select input port when initializing AFE (git-fixes). - media: camss: Clean up received buffers on failed start of streaming (git-fixes). - media: dvb-core: Fix double free in dvb_register_device() (git-fixes). - media: dvb-core: Fix ignored return value in dvb_register_frontend() (git-fixes). - media: dvb-frontends: fix leak of memory fw (git-fixes). - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (git-fixes). - media: dvb-usb: fix memory leak in dvb_usb_adapter_init() (git-fixes). - media: i2c: ad5820: Fix error path (git-fixes). - media: imon: fix a race condition in send_packet() (git-fixes). - media: saa7164: fix missing pci_disable_device() (git-fixes). - media: si470x: Fix use-after-free in si470x_int_in_callback() (git-fixes). - media: solo6x10: fix possible memory leak in solo_sysfs_init() (git-fixes). - media: stv0288: use explicitly signed char (git-fixes). - media: v4l2-ctrls: Fix off-by-one error in integer menu control check (git-fixes). - media: v4l2-dv-timings.c: fix too strict blanking sanity checks (git-fixes). - media: videobuf-dma-contig: use dma_mmap_coherent (git-fixes). - media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init() (git-fixes). - media: vimc: Fix wrong function called when vimc_init() fails (git-fixes). - media: vivid: fix compose size exceed boundary (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mfd: bd957x: Fix Kconfig dependency on REGMAP_IRQ (git-fixes). - mfd: mt6360: Add bounds checking in Regmap read/write call-backs (git-fixes). - mfd: pm8008: Fix return value check in pm8008_probe() (git-fixes). - mfd: pm8008: Remove driver data structure pm8008_data (git-fixes). - mfd: qcom_rpm: Fix an error handling path in qcom_rpm_probe() (git-fixes). - mfd: qcom_rpm: Use devm_of_platform_populate() to simplify code (git-fixes). - misc: ocxl: fix possible name leak in ocxl_file_register_afu() (git-fixes). - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() (git-fixes). - mISDN: hfcmulti: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcpci: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mISDN: hfcsusb: do not call dev_kfree_skb/kfree_skb() under spin_lock_irqsave() (git-fixes). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/mempolicy: fix memory leak in set_mempolicy_home_node system call (bsc#1206468). - mmc: alcor: fix return value check of mmc_add_host() (git-fixes). - mmc: atmel-mci: fix return value check of mmc_add_host() (git-fixes). - mmc: core: Normalize the error handling branch in sd_read_ext_regs() (git-fixes). - mmc: f-sdh30: Add quirks for broken timeout clock capability (git-fixes). - mmc: meson-gx: fix return value check of mmc_add_host() (git-fixes). - mmc: mmci: fix return value check of mmc_add_host() (git-fixes). - mmc: moxart: fix return value check of mmc_add_host() (git-fixes). - mmc: mtk-sd: Fix missing clk_disable_unprepare in msdc_of_clock_parse() (git-fixes). - mmc: mxcmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: omap_hsmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: pxamci: fix return value check of mmc_add_host() (git-fixes). - mmc: renesas_sdhi: alway populate SCC pointer (git-fixes). - mmc: renesas_sdhi: better reset from HS400 mode (git-fixes). - mmc: rtsx_pci: fix return value check of mmc_add_host() (git-fixes). - mmc: rtsx_usb_sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: sdhci-sprd: Disable CLK_AUTO when the clock is less than 400K (git-fixes). - mmc: toshsd: fix return value check of mmc_add_host() (git-fixes). - mmc: via-sdmmc: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix return value check of mmc_add_host() (git-fixes). - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING (git-fixes). - mmc: wbsd: fix return value check of mmc_add_host() (git-fixes). - mmc: wmt-sdmmc: fix return value check of mmc_add_host() (git-fixes). - module: change to print useful messages from elf_validity_check() (git-fixes). - module: fix [e_shstrndx].sh_size=0 OOB access (git-fixes). - mt76: stop the radar detector after leaving dfs channel (git-fixes). - mtd: Fix device name leak when register device failed in add_mtd_device() (git-fixes). - mtd: lpddr2_nvm: Fix possible null-ptr-deref (git-fixes). - mtd: maps: pxa2xx-flash: fix memory leak in probe (git-fixes). - mtd: spi-nor: Check for zero erase size in spi_nor_find_best_erase_type() (git-fixes). - mtd: spi-nor: Fix the number of bytes for the dummy cycles (git-fixes). - mtd: spi-nor: hide jedec_id sysfs attribute if not present (git-fixes). - net: allow retransmitting a TCP packet if original is still in queue (bsc#1188605 bsc#1187428 bsc#1206619). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: phy: xgmiitorgmii: Fix refcount leak in xgmiitorgmii_probe (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - net: usb: smsc95xx: fix external PHY reset (git-fixes). - net/mlx5: Fix mlx5_get_next_dev() peer device matching (bsc#1206536). - net/mlx5: Lag, filter non compatible devices (bsc#1206536). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - nfc: Fix potential resource leaks (git-fixes). - nfc: pn533: Clear nfc_target before being used (git-fixes). - nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - nilfs2: fix shift-out-of-bounds due to too large exponent of block size (git-fixes). - nilfs2: fix shift-out-of-bounds/overflow in nilfs_sb2_bad_offset() (git-fixes). - octeontx2-af: Add PTP PPS Errata workaround on CN10K silicon (jsc#SLE-24682). - octeontx2-af: Allow mkex profile without DMAC and add L2M/L2B header extraction support (jsc#SLE-24682). - octeontx2-af: Do not reset previous pfc config (jsc#SLE-24682). - octeontx2-af: fix operand size in bitwise operation (jsc#SLE-24682). - octeontx2-af: Initialize PTP_SEC_ROLLOVER register properly (jsc#SLE-24682). - octeontx2-af: Limit link bringup time at firmware (jsc#SLE-24682). - octeontx2-af: return correct ptp timestamp for CN10K silicon (jsc#SLE-24682). - octeontx2-af: Set NIX link credits based on max LMAC (jsc#SLE-24682). - octeontx2-af: Skip CGX/RPM probe incase of zero lmac count (jsc#SLE-24682). - octeontx2-pf: Add egress PFC support (jsc#SLE-24682). - octeontx2-pf: Add support for ptp 1-step mode on CN10K silicon (jsc#SLE-24682). - octeontx2-pf: Fix lmtst ID used in aura free (jsc#SLE-24682). - octeontx2-pf: Fix pfc_alloc_status array overflow (jsc#SLE-24682). - octeontx2-pf: Fix SQE threshold checking (jsc#SLE-24682). - octeontx2-pf: Fix unused variable build error (jsc#SLE-24682). - octeontx2-pf: NIX TX overwrites SQ_CTX_HW_S[SQ_INT] (jsc#SLE-24682). - octeontx2-pf: Reduce minimum mtu size to 60 (jsc#SLE-24682). - octeontx2: Modify mbox request and response structures (jsc#SLE-24682). - padata: Fix list iterator in padata_do_serial() (git-fixes). - PCI: Check for alloc failure in pci_request_irq() (git-fixes). - PCI: dwc: Fix n_fts[] array overrun (git-fixes). - PCI: Fix pci_device_is_present() for VFs by checking PF (git-fixes). - PCI: pci-epf-test: Register notifier if only core_init_notifier is enabled (git-fixes). - PCI: vmd: Disable MSI remapping after suspend (git-fixes). - PCI/sysfs: Fix double free in error path (git-fixes). - phy: usb: s2 WoL wakeup_count not incremented for USB->Eth devices (git-fixes). - pinctrl: k210: call of_node_put() (git-fixes). - pinctrl: meditatek: Startup with the IRQs disabled (git-fixes). - pinctrl: pinconf-generic: add missing of_node_put() (git-fixes). - platform/chrome: cros_ec_typec: Cleanup switch handle return paths (git-fixes). - platform/chrome: cros_usbpd_notify: Fix error handling in cros_usbpd_notify_init() (git-fixes). - platform/mellanox: mlxbf-pmc: Fix event typo (git-fixes). - platform/x86: huawei-wmi: fix return value calculation (git-fixes). - platform/x86: intel_scu_ipc: fix possible name leak in __intel_scu_ipc_register() (git-fixes). - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() (git-fixes). - PM: hibernate: Fix mistake in kerneldoc comment (git-fixes). - PM: runtime: Do not call __rpm_callback() from rpm_idle() (git-fixes). - PNP: fix name memory leak in pnp_alloc_dev() (git-fixes). - power: supply: ab8500: Fix error handling in ab8500_charger_init() (git-fixes). - power: supply: fix null pointer dereferencing in power_supply_get_battery_info (git-fixes). - power: supply: fix residue sysfs file in error handle route of __power_supply_register() (git-fixes). - power: supply: z2_battery: Fix possible memleak in z2_batt_probe() (git-fixes). - powerpc: export the CPU node count (bsc#1207016 ltc#201108). - powerpc: Take in account addition CPU node when building kexec FDT (bsc#1207016 ltc#201108). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - proc: fixup uptime selftest (git-fixes). - pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP (git-fixes). - pstore: Make sure CONFIG_PSTORE_PMSG selects CONFIG_RT_MUTEXES (git-fixes). - pstore: Properly assign mem_type property (git-fixes). - pstore: Switch pmsg_lock to an rt_mutex to avoid priority inversion (git-fixes). - pstore/ram: Fix error return code in ramoops_probe() (git-fixes). - pstore/zone: Use GFP_ATOMIC to allocate zone buffer (git-fixes). - pwm: lpc18xx-sct: Fix a comment to match code (git-fixes). - pwm: mediatek: always use bus clock for PWM on MT7622 (git-fixes). - pwm: sifive: Call pwm_sifive_update_clock() while mutex is held (git-fixes). - pwm: tegra: Improve required rate calculation (git-fixes). - r6040: Fix kmemleak in probe and remove (git-fixes). - random: allow partial reads if later user copies fail (bsc#1204911). - random: check for signals every PAGE_SIZE chunk of /dev/random (bsc#1204911). - random: convert to using fops->read_iter() (bsc#1204911). - random: convert to using fops->write_iter() (bsc#1204911). - random: remove outdated INT_MAX >> 6 check in urandom_read() (bsc#1204911). - random: zero buffer after reading entropy from userspace (bsc#1204911). - RDMA: Disable IB HW for UML (git-fixes) - RDMA/core: Fix order of nldev_exit call (git-fixes) - RDMA/core: Make sure "ib_port" is valid when access sysfs node (git-fixes) - RDMA/efa: Add EFA 0xefa2 PCI ID (git-fixes) - RDMA/hfi: Decrease PCI device reference count in error path (git-fixes) - RDMA/hfi1: Fix error return code in parse_platform_config() (git-fixes) - RDMA/hns: Fix AH attr queried by query_qp (git-fixes) - RDMA/hns: Fix error code of CMD (git-fixes) - RDMA/hns: Fix ext_sge num error when post send (git-fixes) - RDMA/hns: fix memory leak in hns_roce_alloc_mr() (git-fixes) - RDMA/hns: Fix page size cap from firmware (git-fixes) - RDMA/hns: Fix PBL page MTR find (git-fixes) - RDMA/hns: Fix XRC caps on HIP08 (git-fixes) - RDMA/hns: Repacing 'dseg_len' by macros in fill_ext_sge_inl_data() (git-fixes) - RDMA/irdma: Do not request 2-level PBLEs for CQ alloc (git-fixes) - RDMA/irdma: Initialize net_type before checking it (git-fixes) - RDMA/irdma: Report the correct link speed (git-fixes) - RDMA/nldev: Add checks for nla_nest_start() in fill_stat_counter_qps() (git-fixes) - RDMA/nldev: Fix failure to send large messages (git-fixes) - RDMA/nldev: Return "-EAGAIN" if the cm_id isn't from expected port (git-fixes) - RDMA/restrack: Release MR restrack when delete (git-fixes) - RDMA/rxe: Fix NULL-ptr-deref in rxe_qp_do_cleanup() when socket create failed (git-fixes) - RDMA/siw: Fix immediate work request flush to completion queue (git-fixes) - RDMA/siw: Fix pointer cast warning (git-fixes) - RDMA/siw: Set defined status for work completion with undefined status (git-fixes) - RDMA/srp: Fix error return code in srp_parse_options() (git-fixes) - regulator: bd718x7: Drop unnecessary info print (git-fixes). - regulator: core: fix deadlock on regulator enable (git-fixes). - regulator: core: fix module refcount leak in set_supply() (git-fixes). - regulator: core: fix resource leak in regulator_register() (git-fixes). - regulator: core: fix unbalanced of node refcount in regulator_dev_lookup() (git-fixes). - regulator: core: fix use_count leakage when handling boot-on (git-fixes). - regulator: core: use kfree_const() to free space conditionally (git-fixes). - regulator: qcom-labibb: Fix missing of_node_put() in qcom_labibb_regulator_probe() (git-fixes). - regulator: qcom-rpmh: Fix PMR735a S3 regulator spec (git-fixes). - regulator: slg51000: Wait after asserting CS pin (git-fixes). - regulator: twl6030: fix get status of twl6032 regulators (git-fixes). - remoteproc: core: Do pm_relax when in RPROC_OFFLINE state (git-fixes). - remoteproc: qcom_q6v5_pas: detach power domains on remove (git-fixes). - remoteproc: qcom_q6v5_pas: disable wakeup on probe fail or remove (git-fixes). - remoteproc: qcom_q6v5_pas: Fix missing of_node_put() in adsp_alloc_memory_region() (git-fixes). - remoteproc: qcom: q6v5: Fix missing clk_disable_unprepare() in q6v5_wcss_qcs404_power_on() (git-fixes). - remoteproc: qcom: q6v5: Fix potential null-ptr-deref in q6v5_wcss_init_mmio() (git-fixes). - remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() (git-fixes). - rtc: cmos: fix build on non-ACPI platforms (git-fixes). - rtc: cmos: Fix event handler registration ordering issue (git-fixes). - rtc: cmos: Fix wake alarm breakage (git-fixes). - rtc: ds1347: fix value written to century register (git-fixes). - rtc: mxc_v2: Add missing clk_disable_unprepare() (git-fixes). - rtc: pcf85063: fix pcf85063_clkout_control (gut-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - rtc: pic32: Move devm_rtc_allocate_device earlier in pic32_rtc_probe() (git-fixes). - rtc: rtc-cmos: Do not check ACPI_FADT_LOW_POWER_S0 (git-fixes). - rtc: snvs: Allow a time difference on clock register read (git-fixes). - rtc: st-lpc: Add missing clk_disable_unprepare in st_rtc_probe() (git-fixes). - rtmutex: Add acquire semantics for rtmutex lock acquisition slow path (bnc#1203829). - s390/boot: add secure boot trailer (bsc#1205257 LTC#200451). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/core: Fix comparison in sched_group_cookie_match() (git-fixes) - sched/core: Fix the bug that task won't enqueue into core (git-fixes) - sched/topology: Remove redundant variable and fix incorrect (git-fixes) - sched/uclamp: Fix relationship between uclamp and migration (git-fixes) - sched/uclamp: Make task_fits_capacity() use util_fits_cpu() (git-fixes) - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: core: Fix sbitmap depth in scsi_realloc_sdev_budget_map() (git-fixes). - scsi: core: Fix scsi_mode_sense() buffer length handling (git-fixes). - scsi: core: Reallocate device's budget map on queue depth change (git-fixes). - scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes). - scsi: hisi_sas: Free irq vectors in order for v3 HW (git-fixes). - scsi: hisi_sas: Limit max hw sectors for v3 HW (git-fixes). - scsi: hisi_sas: Use managed PCI functions (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: iscsi: Add recv workqueue helpers (git-fixes). - scsi: iscsi: Fix harmless double shift bug (git-fixes). - scsi: iscsi: Fix possible memory leak when device_register() failed (git-fixes). - scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() (git-fixes). - scsi: iscsi: kabi: add iscsi_conn_queue_work back (git-fixes). - scsi: iscsi: kabi: fix libiscsi new field (git-fixes). - scsi: iscsi: Merge suspend fields (git-fixes). - scsi: iscsi: Rename iscsi_conn_queue_work() (git-fixes). - scsi: iscsi: Run recv path from workqueue (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: megaraid_sas: Fix double kfree() (git-fixes). - scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: mpi3mr: Fix memory leaks (git-fixes). - scsi: mpi3mr: Fix reporting of actual data transfer size (git-fixes). - scsi: mpi3mr: Fixes around reply request queues (git-fixes). - scsi: mpt3sas: Do not change DMA mask while reallocating pools (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Fail reset operation if config request timed out (git-fixes). - scsi: mpt3sas: Fix out-of-bounds compiler warning (git-fixes). - scsi: mpt3sas: re-do lost mpt3sas DMA mask fix (bsc#1206912,bsc#1206098). - scsi: mpt3sas: Remove usage of dma_get_required_mask() API (bsc#1206912,bsc#1206098). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes). - scsi: myrs: Fix crash in error case (git-fixes). - scsi: ncr53c8xx: Remove unused retrieve_from_waiting_list() function (git-fixes). - scsi: pm8001: Fix bogus FW crash for maxcpus=1 (git-fixes). - scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm8001: Fix pm80xx_pci_mem_copy() interface (git-fixes). - scsi: pm8001: Fix tag leaks on error (git-fixes). - scsi: pm8001: Fix task leak in pm8001_send_abort_all() (git-fixes). - scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task (git-fixes). - scsi: pm8001: Fix use-after-free for aborted TMF sas_task (git-fixes). - scsi: pm80xx: Fix double completion for SATA devices (git-fixes). - scsi: pm80xx: Fix memory leak during rmmod (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Add stag_work to all the vports (git-fixes). - scsi: qedf: Change context reset messages to ratelimited (git-fixes). - scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes). - scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() (git-fixes). - scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: Make the READ CAPACITY response compliant with ZBC (git-fixes). - scsi: scsi_dh_alua: Properly handle the ALUA transitioning state (git-fixes). - scsi: smartpqi: Fix kdump issue when controller is locked up (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: ufs: core: Fix ufshcd_probe_hba() prototype to match the definition (git-fixes). - scsi: ufs: Fix a kernel crash during shutdown (git-fixes). - scsi: ufs: Treat link loss as fatal error (git-fixes). - scsi: ufs: ufshcd-pltfrm: Check the return value of devm_kstrdup() (git-fixes). - scsi: ufs: Use generic error code in ufshcd_set_dev_pwr_mode() (git-fixes). - scsi: ufs: Use pm_runtime_resume_and_get() instead of pm_runtime_get_sync() (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - selftests: devlink: fix the fd redirect in dummy_reporter_test (git-fixes). - selftests: set the BUILD variable to absolute path (git-fixes). - selftests: Use optional USERCFLAGS and USERLDFLAGS (git-fixes). - selftests/efivarfs: Add checking of the test return value (git-fixes). - selftests/ftrace: event_triggers: wait longer for test_event_enable (git-fixes). - selftests/powerpc: Fix resource leaks (git-fixes). - serial: 8250_bcm7271: Fix error handling in brcmuart_init() (git-fixes). - serial: amba-pl011: avoid SBSA UART accessing DMACR register (git-fixes). - serial: pch: Fix PCI device refcount leak in pch_request_dma() (git-fixes). - serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle (git-fixes). - serial: stm32: move dma_request_chan() before clk_prepare_enable() (git-fixes). - serial: sunsab: Fix error handling in sunsab_init() (git-fixes). - serial: tegra: Read DMA status before terminating (git-fixes). - soc: mediatek: pm-domains: Fix the power glitch issue (git-fixes). - soc: qcom: llcc: make irq truly optional (git-fixes). - soc: qcom: Select REMAP_MMIO for LLCC driver (git-fixes). - soc: ti: knav_qmss_queue: Fix PM disable depth imbalance in knav_queue_probe (git-fixes). - soc: ti: knav_qmss_queue: Use pm_runtime_resume_and_get instead of pm_runtime_get_sync (git-fixes). - soc: ti: smartreflex: Fix PM disable depth imbalance in omap_sr_probe (git-fixes). - soundwire: dmi-quirks: add quirk variant for LAPBC710 NUC15 (git-fixes). - spi: spi-gpio: Do not set MOSI as an input if not 3WIRE mode (git-fixes). - spi: spidev: mask SPI_CS_HIGH in SPI_IOC_RD_MODE (git-fixes). - spi: Update reference to struct spi_controller (git-fixes). - staging: media: tegra-video: fix chan->mipi value on error (git-fixes). - staging: media: tegra-video: fix device_node use after free (git-fixes). - staging: rtl8192e: Fix potential use-after-free in rtllib_rx_Monitor() (git-fixes). - staging: rtl8192u: Fix use after free in ieee80211_rx() (git-fixes). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - test_firmware: fix memory leak in test_firmware_init() (git-fixes). - thermal: core: fix some possible name leaks in error paths (git-fixes). - thermal: int340x: Add missing attribute for data rate base (git-fixes). - thermal/drivers/imx8mm_thermal: Validate temperature range (git-fixes). - thermal/drivers/qcom/temp-alarm: Fix inaccurate warning for gen2 (git-fixes). - timers: implement usleep_idle_range() (git-fixes). - tpm: acpi: Call acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_crb: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak (git-fixes). - tpm/tpm_crb: Fix error message in __crb_relinquish_locality() (git-fixes). - tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing/doc: Fix typos on the timerlat tracer documentation (git-fixes). - tracing/osnoise: Fix duration type (git-fixes). - tty: serial: altera_uart_{r,t}x_chars() need only uart_port (git-fixes). - tty: serial: clean up stop-tx part in altera_uart_tx_chars() (git-fixes). - uio: uio_dmem_genirq: Fix deadlock between irq config and handling (git-fixes). - uio: uio_dmem_genirq: Fix missing unlock in irq configuration (git-fixes). - units: Add SI metric prefix definitions (git-fixes). - units: add the HZ macros (git-fixes). - usb: cdnsp: fix lack of ZLP for ep0 (git-fixes). - usb: dwc3: core: defer probe on ulpi_read_id timeout (git-fixes). - usb: dwc3: fix PHY disable sequence (git-fixes). - usb: dwc3: Fix race between dwc3_set_mode and __dwc3_set_mode (git-fixes). - usb: dwc3: gadget: Disable GUSB2PHYCFG.SUSPHY for End Transfer (git-fixes). - usb: dwc3: pci: Update PCIe device ID for USB3 controller on CPU sub-system for Raptor Lake (git-fixes). - usb: dwc3: qcom: fix runtime PM wakeup (git-fixes). - usb: gadget: uvc: Prevent buffer overflow in setup handler (git-fixes). - usb: gadget: uvc: Rename bmInterfaceFlags -> bmInterlaceFlags (git-fixes). - usb: rndis_host: Secure rndis_query check against int overflow (git-fixes). - usb: roles: fix of node refcount leak in usb_role_switch_is_parent() (git-fixes). - usb: serial: cp210x: add Kamstrup RF sniffer PIDs (git-fixes). - usb: serial: f81232: fix division by zero on line-speed change (git-fixes). - usb: serial: f81534: fix division by zero on line-speed change (git-fixes). - usb: serial: option: add Quectel EM05-G modem (git-fixes). - usb: storage: Add check for kcalloc (git-fixes). - usb: typec: Check for ops->exit instead of ops->enter in altmode_exit (git-fixes). - usb: typec: Factor out non-PD fwnode properties (git-fixes). - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() (git-fixes). - usb: typec: tipd: Cleanup resources if devm_tps6598_psy_register fails (git-fixes). - usb: typec: tipd: Fix spurious fwnode_handle_put in error path (git-fixes). - usb: ulpi: defer ulpi_register on ulpi_read_id timeout (git-fixes). - usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq (git-fixes). - vdpa_sim: fix possible memory leak in vdpasim_net_init() and vdpasim_blk_init() (git-fixes). - vdpa_sim: fix vringh initialization in vdpasim_queue_ready() (git-fixes). - vfio: platform: Do not pass return buffer to ACPI _RST method (git-fixes). - vhost: fix range used in translate_desc() (git-fixes). - vhost/vsock: Fix error handling in vhost_vsock_init() (git-fixes). - vmxnet3: correctly report csum_level for encapsulated packet (git-fixes). - vringh: fix range used in iotlb_translate() (git-fixes). - vsock: Enable y2038 safe timeval for timeout (bsc#1206101). - vsock: Refactor vsock_*_getsockopt to resemble sock_getsockopt (bsc#1206101). - wifi: ar5523: Fix use-after-free on ar5523_cmd() timed out (git-fixes). - wifi: ath10k: Fix return value in ath10k_pci_init() (git-fixes). - wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() (git-fixes). - wifi: ath9k: hif_usb: Fix use-after-free in ath9k_hif_usb_reg_in_cb() (git-fixes). - wifi: ath9k: verify the expected usb_endpoints are present (git-fixes). - wifi: brcmfmac: Fix error return code in brcmf_sdio_download_firmware() (git-fixes). - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() (git-fixes). - wifi: cfg80211: Fix not unregister reg_pdev when load_builtin_regdb_keys() fails (git-fixes). - wifi: iwlwifi: mvm: fix double free on tx path (git-fixes). - wifi: mac80211: fix memory leak in ieee80211_if_add() (git-fixes). - wifi: mt76: do not run mt76u_status_worker if the device is not running (git-fixes). - wifi: mt76: fix coverity overrun-call in mt76_get_txpower() (git-fixes). - wifi: rsi: Fix handling of 802.3 EAPOL frames sent via control port (git-fixes). - wifi: rtl8xxxu: Add __packed to struct rtl8723bu_c2h (git-fixes). - wifi: rtl8xxxu: Fix the channel width reporting (git-fixes). - wifi: rtl8xxxu: gen2: Turn on the rate control (git-fixes). - wifi: rtw89: fix physts IE page check (git-fixes). - wifi: rtw89: Fix some error handling path in rtw89_core_sta_assoc() (git-fixes). - wifi: rtw89: use u32_encode_bits() to fill MAC quota value (git-fixes). - wifi: wilc1000: sdio: fix module autoloading (git-fixes). - xfrm: Fix oops in __xfrm_state_delete() (bsc#1206794). - xhci: Apply XHCI_RESET_TO_DEFAULT quirk to ADL-N (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-149=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-149=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-149=1 - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2023-149=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Module for Legacy Software 15-SP4: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP4-2023-149=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2023-149=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-149=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-149=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-149=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): kernel-default-5.14.21-150400.24.41.1 kernel-default-base-5.14.21-150400.24.41.1.150400.24.15.1 kernel-default-debuginfo-5.14.21-150400.24.41.1 kernel-default-debugsource-5.14.21-150400.24.41.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.41.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.41.1 dlm-kmp-default-5.14.21-150400.24.41.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.41.1 gfs2-kmp-default-5.14.21-150400.24.41.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.41.1 kernel-default-5.14.21-150400.24.41.1 kernel-default-base-5.14.21-150400.24.41.1.150400.24.15.1 kernel-default-base-rebuild-5.14.21-150400.24.41.1.150400.24.15.1 kernel-default-debuginfo-5.14.21-150400.24.41.1 kernel-default-debugsource-5.14.21-150400.24.41.1 kernel-default-devel-5.14.21-150400.24.41.1 kernel-default-devel-debuginfo-5.14.21-150400.24.41.1 kernel-default-extra-5.14.21-150400.24.41.1 kernel-default-extra-debuginfo-5.14.21-150400.24.41.1 kernel-default-livepatch-5.14.21-150400.24.41.1 kernel-default-livepatch-devel-5.14.21-150400.24.41.1 kernel-default-optional-5.14.21-150400.24.41.1 kernel-default-optional-debuginfo-5.14.21-150400.24.41.1 kernel-obs-build-5.14.21-150400.24.41.1 kernel-obs-build-debugsource-5.14.21-150400.24.41.1 kernel-obs-qa-5.14.21-150400.24.41.1 kernel-syms-5.14.21-150400.24.41.1 kselftests-kmp-default-5.14.21-150400.24.41.1 kselftests-kmp-default-debuginfo-5.14.21-150400.24.41.1 ocfs2-kmp-default-5.14.21-150400.24.41.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.41.1 reiserfs-kmp-default-5.14.21-150400.24.41.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.41.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): kernel-kvmsmall-5.14.21-150400.24.41.1 kernel-kvmsmall-debuginfo-5.14.21-150400.24.41.1 kernel-kvmsmall-debugsource-5.14.21-150400.24.41.1 kernel-kvmsmall-devel-5.14.21-150400.24.41.1 kernel-kvmsmall-devel-debuginfo-5.14.21-150400.24.41.1 kernel-kvmsmall-livepatch-devel-5.14.21-150400.24.41.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-5.14.21-150400.24.41.1 kernel-debug-debuginfo-5.14.21-150400.24.41.1 kernel-debug-debugsource-5.14.21-150400.24.41.1 kernel-debug-devel-5.14.21-150400.24.41.1 kernel-debug-devel-debuginfo-5.14.21-150400.24.41.1 kernel-debug-livepatch-devel-5.14.21-150400.24.41.1 - openSUSE Leap 15.4 (aarch64): cluster-md-kmp-64kb-5.14.21-150400.24.41.1 cluster-md-kmp-64kb-debuginfo-5.14.21-150400.24.41.1 dlm-kmp-64kb-5.14.21-150400.24.41.1 dlm-kmp-64kb-debuginfo-5.14.21-150400.24.41.1 dtb-allwinner-5.14.21-150400.24.41.1 dtb-altera-5.14.21-150400.24.41.1 dtb-amazon-5.14.21-150400.24.41.1 dtb-amd-5.14.21-150400.24.41.1 dtb-amlogic-5.14.21-150400.24.41.1 dtb-apm-5.14.21-150400.24.41.1 dtb-apple-5.14.21-150400.24.41.1 dtb-arm-5.14.21-150400.24.41.1 dtb-broadcom-5.14.21-150400.24.41.1 dtb-cavium-5.14.21-150400.24.41.1 dtb-exynos-5.14.21-150400.24.41.1 dtb-freescale-5.14.21-150400.24.41.1 dtb-hisilicon-5.14.21-150400.24.41.1 dtb-lg-5.14.21-150400.24.41.1 dtb-marvell-5.14.21-150400.24.41.1 dtb-mediatek-5.14.21-150400.24.41.1 dtb-nvidia-5.14.21-150400.24.41.1 dtb-qcom-5.14.21-150400.24.41.1 dtb-renesas-5.14.21-150400.24.41.1 dtb-rockchip-5.14.21-150400.24.41.1 dtb-socionext-5.14.21-150400.24.41.1 dtb-sprd-5.14.21-150400.24.41.1 dtb-xilinx-5.14.21-150400.24.41.1 gfs2-kmp-64kb-5.14.21-150400.24.41.1 gfs2-kmp-64kb-debuginfo-5.14.21-150400.24.41.1 kernel-64kb-5.14.21-150400.24.41.1 kernel-64kb-debuginfo-5.14.21-150400.24.41.1 kernel-64kb-debugsource-5.14.21-150400.24.41.1 kernel-64kb-devel-5.14.21-150400.24.41.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.41.1 kernel-64kb-extra-5.14.21-150400.24.41.1 kernel-64kb-extra-debuginfo-5.14.21-150400.24.41.1 kernel-64kb-livepatch-devel-5.14.21-150400.24.41.1 kernel-64kb-optional-5.14.21-150400.24.41.1 kernel-64kb-optional-debuginfo-5.14.21-150400.24.41.1 kselftests-kmp-64kb-5.14.21-150400.24.41.1 kselftests-kmp-64kb-debuginfo-5.14.21-150400.24.41.1 ocfs2-kmp-64kb-5.14.21-150400.24.41.1 ocfs2-kmp-64kb-debuginfo-5.14.21-150400.24.41.1 reiserfs-kmp-64kb-5.14.21-150400.24.41.1 reiserfs-kmp-64kb-debuginfo-5.14.21-150400.24.41.1 - openSUSE Leap 15.4 (noarch): kernel-devel-5.14.21-150400.24.41.1 kernel-docs-5.14.21-150400.24.41.1 kernel-docs-html-5.14.21-150400.24.41.1 kernel-macros-5.14.21-150400.24.41.1 kernel-source-5.14.21-150400.24.41.1 kernel-source-vanilla-5.14.21-150400.24.41.1 - openSUSE Leap 15.4 (s390x): kernel-zfcpdump-5.14.21-150400.24.41.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.41.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.41.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): kernel-default-debuginfo-5.14.21-150400.24.41.1 kernel-default-debugsource-5.14.21-150400.24.41.1 kernel-default-extra-5.14.21-150400.24.41.1 kernel-default-extra-debuginfo-5.14.21-150400.24.41.1 - SUSE Linux Enterprise Module for Live Patching 15-SP4 (ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.41.1 kernel-default-debugsource-5.14.21-150400.24.41.1 kernel-default-livepatch-5.14.21-150400.24.41.1 kernel-default-livepatch-devel-5.14.21-150400.24.41.1 kernel-livepatch-5_14_21-150400_24_41-default-1-150400.9.3.1 kernel-livepatch-5_14_21-150400_24_41-default-debuginfo-1-150400.9.3.1 kernel-livepatch-SLE15-SP4_Update_7-debugsource-1-150400.9.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.14.21-150400.24.41.1 kernel-default-debugsource-5.14.21-150400.24.41.1 reiserfs-kmp-default-5.14.21-150400.24.41.1 reiserfs-kmp-default-debuginfo-5.14.21-150400.24.41.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.14.21-150400.24.41.1 kernel-obs-build-debugsource-5.14.21-150400.24.41.1 kernel-syms-5.14.21-150400.24.41.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): kernel-docs-5.14.21-150400.24.41.1 kernel-source-5.14.21-150400.24.41.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): kernel-default-5.14.21-150400.24.41.1 kernel-default-base-5.14.21-150400.24.41.1.150400.24.15.1 kernel-default-debuginfo-5.14.21-150400.24.41.1 kernel-default-debugsource-5.14.21-150400.24.41.1 kernel-default-devel-5.14.21-150400.24.41.1 kernel-default-devel-debuginfo-5.14.21-150400.24.41.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64): kernel-64kb-5.14.21-150400.24.41.1 kernel-64kb-debuginfo-5.14.21-150400.24.41.1 kernel-64kb-debugsource-5.14.21-150400.24.41.1 kernel-64kb-devel-5.14.21-150400.24.41.1 kernel-64kb-devel-debuginfo-5.14.21-150400.24.41.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): kernel-devel-5.14.21-150400.24.41.1 kernel-macros-5.14.21-150400.24.41.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (s390x): kernel-zfcpdump-5.14.21-150400.24.41.1 kernel-zfcpdump-debuginfo-5.14.21-150400.24.41.1 kernel-zfcpdump-debugsource-5.14.21-150400.24.41.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): kernel-default-5.14.21-150400.24.41.1 kernel-default-base-5.14.21-150400.24.41.1.150400.24.15.1 kernel-default-debuginfo-5.14.21-150400.24.41.1 kernel-default-debugsource-5.14.21-150400.24.41.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.14.21-150400.24.41.1 cluster-md-kmp-default-debuginfo-5.14.21-150400.24.41.1 dlm-kmp-default-5.14.21-150400.24.41.1 dlm-kmp-default-debuginfo-5.14.21-150400.24.41.1 gfs2-kmp-default-5.14.21-150400.24.41.1 gfs2-kmp-default-debuginfo-5.14.21-150400.24.41.1 kernel-default-debuginfo-5.14.21-150400.24.41.1 kernel-default-debugsource-5.14.21-150400.24.41.1 ocfs2-kmp-default-5.14.21-150400.24.41.1 ocfs2-kmp-default-debuginfo-5.14.21-150400.24.41.1 References: https://www.suse.com/security/cve/CVE-2022-3104.html https://www.suse.com/security/cve/CVE-2022-3105.html https://www.suse.com/security/cve/CVE-2022-3106.html https://www.suse.com/security/cve/CVE-2022-3107.html https://www.suse.com/security/cve/CVE-2022-3108.html https://www.suse.com/security/cve/CVE-2022-3111.html https://www.suse.com/security/cve/CVE-2022-3112.html https://www.suse.com/security/cve/CVE-2022-3113.html https://www.suse.com/security/cve/CVE-2022-3114.html https://www.suse.com/security/cve/CVE-2022-3115.html https://www.suse.com/security/cve/CVE-2022-3344.html https://www.suse.com/security/cve/CVE-2022-3564.html https://www.suse.com/security/cve/CVE-2022-4379.html https://www.suse.com/security/cve/CVE-2022-4662.html https://www.suse.com/security/cve/CVE-2022-47520.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1187428 https://bugzilla.suse.com/1188605 https://bugzilla.suse.com/1190969 https://bugzilla.suse.com/1191259 https://bugzilla.suse.com/1193629 https://bugzilla.suse.com/1199294 https://bugzilla.suse.com/1201068 https://bugzilla.suse.com/1203219 https://bugzilla.suse.com/1203740 https://bugzilla.suse.com/1203829 https://bugzilla.suse.com/1204614 https://bugzilla.suse.com/1204652 https://bugzilla.suse.com/1204760 https://bugzilla.suse.com/1204911 https://bugzilla.suse.com/1204989 https://bugzilla.suse.com/1205257 https://bugzilla.suse.com/1205263 https://bugzilla.suse.com/1205485 https://bugzilla.suse.com/1205496 https://bugzilla.suse.com/1205601 https://bugzilla.suse.com/1205695 https://bugzilla.suse.com/1206073 https://bugzilla.suse.com/1206098 https://bugzilla.suse.com/1206101 https://bugzilla.suse.com/1206188 https://bugzilla.suse.com/1206209 https://bugzilla.suse.com/1206273 https://bugzilla.suse.com/1206344 https://bugzilla.suse.com/1206389 https://bugzilla.suse.com/1206390 https://bugzilla.suse.com/1206391 https://bugzilla.suse.com/1206393 https://bugzilla.suse.com/1206394 https://bugzilla.suse.com/1206395 https://bugzilla.suse.com/1206396 https://bugzilla.suse.com/1206397 https://bugzilla.suse.com/1206398 https://bugzilla.suse.com/1206399 https://bugzilla.suse.com/1206456 https://bugzilla.suse.com/1206468 https://bugzilla.suse.com/1206515 https://bugzilla.suse.com/1206536 https://bugzilla.suse.com/1206554 https://bugzilla.suse.com/1206602 https://bugzilla.suse.com/1206619 https://bugzilla.suse.com/1206664 https://bugzilla.suse.com/1206703 https://bugzilla.suse.com/1206794 https://bugzilla.suse.com/1206896 https://bugzilla.suse.com/1206912 https://bugzilla.suse.com/1207016 From sle-security-updates at lists.suse.com Thu Jan 26 14:25:40 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 15:25:40 +0100 (CET) Subject: SUSE-SU-2023:0152-1: important: Security update for the Linux Kernel Message-ID: <20230126142540.98E8AFD2D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0152-1 Rating: important References: #1065729 #1151927 #1156395 #1157049 #1190969 #1203183 #1203693 #1203740 #1204171 #1204250 #1204614 #1204693 #1204760 #1204989 #1205149 #1205256 #1205495 #1205496 #1205601 #1205695 #1206073 #1206113 #1206114 #1206174 #1206175 #1206176 #1206177 #1206178 #1206179 #1206344 #1206389 #1206393 #1206394 #1206395 #1206397 #1206398 #1206399 #1206515 #1206602 #1206634 #1206635 #1206636 #1206637 #1206640 #1206641 #1206642 #1206643 #1206644 #1206645 #1206646 #1206647 #1206648 #1206649 #1206663 #1206664 #1206784 #1206841 #1206854 #1206855 #1206857 #1206858 #1206859 #1206860 #1206873 #1206875 #1206876 #1206877 #1206878 #1206880 #1206881 #1206882 #1206883 #1206884 #1206885 #1206886 #1206887 #1206888 #1206889 #1206890 #1206891 #1206893 #1206896 #1206904 #1207036 #1207125 #1207134 #1207186 #1207198 #1207218 #1207237 PED-1445 PED-1706 PED-568 Cross-References: CVE-2019-19083 CVE-2022-3105 CVE-2022-3106 CVE-2022-3107 CVE-2022-3108 CVE-2022-3111 CVE-2022-3112 CVE-2022-3115 CVE-2022-3435 CVE-2022-3564 CVE-2022-3643 CVE-2022-42328 CVE-2022-42329 CVE-2022-4662 CVE-2022-47520 CVE-2022-47929 CVE-2023-0266 CVE-2023-23454 CVE-2023-23455 CVSS scores: CVE-2019-19083 (NVD) : 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2019-19083 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3105 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3105 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3106 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3106 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3111 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3111 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3112 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3112 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3115 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3115 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3435 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-3435 (SUSE): 5.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H CVE-2022-3564 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3564 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3643 (NVD) : 10 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2022-3643 (SUSE): 6.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H CVE-2022-42328 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42328 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-42329 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4662 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4662 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47520 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-47520 (SUSE): 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L CVE-2022-47929 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-47929 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H CVE-2023-0266 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-23454 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-23454 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-23455 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2023-23455 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves 19 vulnerabilities, contains three features and has 71 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-0266: Fixed a use-after-free bug led by a missing lock in ALSA. (bsc#1207134) - CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control subsystem which allowed an unprivileged user to trigger a denial of service via a crafted traffic control configuration. (bsc#1207237) - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036) - CVE-2023-23455: Fixed a bug that could allow attackers to cause a denial of service because of type confusion in atm_tc_enqueue. (bsc#1207125) - CVE-2022-3435: Fixed an out-of-bounds read in fib_nh_match() of the file net/ipv4/fib_semantics.c (bsc#1204171). - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3115: Fixed a null pointer dereference in malidp_crtc.c caused by a lack of checks of the return value of kzalloc. (bsc#1206393) - CVE-2022-47520: Fixed an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet. (bsc#1206515) - CVE-2022-3112: Fixed a null pointer dereference caused by lacks check of the return value of kzalloc() in vdec_helpers.c:amvdec_set_canvases. (bsc#1206399) - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2019-19083: Fixed a memory leaks in clock_source_create that could allow attackers to cause a denial of service (bsc#1157049). - CVE-2022-42328: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206114). - CVE-2022-42329: Fixed a bug which could allow guests to trigger denial of service via the netback driver (bsc#1206113). - CVE-2022-3643: Fixed a bug which could allow guests to trigger NIC interface reset/abort/crash via netback driver (bsc#1206113). - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) - CVE-2022-3111: Fixed a missing release of resource after effective lifetime bug caused by a missing free of the WM8350_IRQ_CHG_FAST_RDY in wm8350_init_charger. (bsc#1206394) - CVE-2022-3105: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc_array. (bsc#1206398) - CVE-2022-3106: Fixed a null pointer dereference caused by a missing check of the return value of kmalloc. (bsc#1206397) The following non-security bugs were fixed: - afs: Fix some tracing details (git-fixes). - arm64: cpu_errata: Add Hisilicon TSV110 to spectre-v2 safe list (git-fixes) - arm64: dts: allwinner: H5: Add PMU node (git-fixes) - arm64: dts: allwinner: H6: Add PMU mode (git-fixes) - arm64: dts: marvell: Add AP806-dual missing CPU clocks (git-fixes) - arm64: dts: rockchip: add reg property to brcmf sub-nodes (git-fixes) - arm64: dts: rockchip: fix dwmmc clock name for px30 (git-fixes) - arm64: dts: rockchip: Fix NanoPC-T4 cooling maps (git-fixes) - arm64: memory: Add missing brackets to untagged_addr() macro (git-fixes) - arm64: psci: Reduce the waiting time for cpu_psci_cpu_kill() (git-fixes). - arm64: tags: Preserve tags for addresses translated via TTBR1 (git-fixes) - arm64: tegra: Fix 'active-low' warning for Jetson Xavier regulator (git-fixes) - block: Do not reread partition table on exclusively open device (bsc#1190969). - ceph: avoid putting the realm twice when decoding snaps fails (bsc#1207198). - ceph: do not update snapshot context when there is no new snapshot (bsc#1207218). - cuse: prevent clone (bsc#1206177). - drbd: destroy workqueue when drbd device was freed (git-fixes). - drbd: remove usage of list iterator variable after loop (git-fixes). - drbd: use after free in drbd_create_device() (git-fixes). - dt-bindings: clocks: imx8mp: Add ID for usb suspend clock (git-fixes). - efi: Add iMac Pro 2017 to uefi skip cert quirk (git-fixes). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: avoid BUG_ON when creating xattrs (bsc#1205496). - ext4: avoid crash when inline data creation follows DIO write (bsc#1206883). - ext4: avoid race conditions when remounting with options that change dax (bsc#1206860). - ext4: avoid resizing to a partial cluster size (bsc#1206880). - ext4: choose hardlimit when softlimit is larger than hardlimit in ext4_statfs_project() (bsc#1206854). - ext4: continue to expand file system when the target size does not reach (bsc#1206882). - ext4: convert BUG_ON's to WARN_ON's in mballoc.c (bsc#1206859). - ext4: correct max_inline_xattr_value_size computing (bsc#1206878). - ext4: correct the error path of ext4_write_inline_data_end() (bsc#1206875). - ext4: correct the misjudgment in ext4_iget_extra_inode (bsc#1206878). - ext4: Detect already used quota file early (bsc#1206873). - ext4: fix a data race at inode->i_disksize (bsc#1206855). - ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 (bsc#1206881). - ext4: fix BUG_ON() when directory entry has invalid rec_len (bsc#1206886). - ext4: fix corruption when online resizing a 1K bigalloc fs (bsc#1206891). - ext4: fix extent status tree race in writeback error recovery path (bsc#1206877). - ext4: fix null-ptr-deref in ext4_write_info (bsc#1206884). - ext4: fix undefined behavior in bit shift for ext4_check_flag_values (bsc#1206890). - ext4: fix uninititialized value in 'ext4_evict_inode' (bsc#1206893). - ext4: fix use-after-free in ext4_ext_shift_extents (bsc#1206888). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878). - ext4: fix warning in 'ext4_da_release_space' (bsc#1206887). - ext4: Fixup pages without buffers (bsc#1205495). - ext4: iomap that extends beyond EOF should be marked dirty (bsc#1206637). - ext4: make ext4_lazyinit_thread freezable (bsc#1206885). - ext4: mark block bitmap corrupted when found instead of BUGON (bsc#1206857). - ext4: silence the warning when evicting inode with dioread_nolock (bsc#1206889). - ext4: update s_overhead_clusters in the superblock during an on-line resize (bsc#1206876). - ext4: use matching invalidatepage in ext4_writepage (bsc#1206858). - fs: nfsd: fix kconfig dependency warning for NFSD_V4 (git-fixes). - fuse: do not check refcount after stealing page (bsc#1206174). - fuse: fix the ->direct_IO() treatment of iov_iter (bsc#1206176). - fuse: fix use after free in fuse_read_interrupt() (bsc#1206178). - fuse: lock inode unconditionally in fuse_fallocate() (bsc#1206179). - fuse: update attr_version counter on fuse_notify_inval_inode() (bsc#1206175). - HID: betop: check shape of output reports (git-fixes, bsc#1207186). - HID: check empty report_list in bigben_probe() (git-fixes, bsc#1206784). - HID: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784). - ibmveth: Always stop tx queues during close (bsc#1065729). - ipv6: ping: fix wrong checksum for large frames (bsc#1203183). - isofs: joliet: Fix iocharset=utf8 mount option (bsc#1206636). - kbuild: Unify options for BTF generation for vmlinux and modules (bsc#1204693). - lib/notifier-error-inject: fix error when writing -errno to debugfs file (bsc#1206634). - libfs: add DEFINE_SIMPLE_ATTRIBUTE_SIGNED for signed value (bsc#1206634). - lockd: lockd server-side shouldn't set fl_ops (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250). - mm: fix race between MADV_FREE reclaim and blkdev direct IO read (bsc#1204989,bsc#1205601). - mm/filemap.c: clear page error before actual read (bsc#1206635). - mm/memcg: optimize memory.numa_stat like memory.stat (bsc#1206663). - module: avoid *goto*s in module_sig_check() (git-fixes). - module: lockdep: Suppress suspicious RCU usage warning (git-fixes). - module: merge repetitive strings in module_sig_check() (git-fixes). - module: Remove accidental change of module_enable_x() (git-fixes). - module: set MODULE_STATE_GOING state when a module fails to load (git-fixes). - net: mana: Fix race on per-CQ variable napi work_done (git-fixes). - net: sched: atm: dont intepret cls results when asked to drop (bsc#1207036). - net: sched: cbq: dont intepret cls results when asked to drop (bsc#1207036). - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes). - net: usb: cdc_ncm: do not spew notifications (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() (bsc#1204614). - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: Fix memory leaks (git-fixes). - NFS: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes). - NFS: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes). - NFS: Handle missing attributes in OPEN reply (bsc#1203740). - NFS: nfs_find_open_context() may only select open files (git-fixes). - NFS: nfs_xdr_status should record the procedure name (git-fixes). - NFS: nfs4clinet: check the return value of kstrdup() (git-fixes). - NFS: we do not support removing system.nfs4_acl (git-fixes). - NFS: Zero-stateid SETATTR should first return delegation (git-fixes). - NFS4: Fix kmemleak when allocate slot failed (git-fixes). - NFS4: Fix oops when copy_file_range is attempted with NFS4.0 source (git-fixes). - NFSD: Clone should commit src file metadata too (git-fixes). - NFSD: do not call nfsd_file_put from client states seqfile display (git-fixes). - NFSD: fix error handling in NFSv4.0 callbacks (git-fixes). - NFSD: Fix handling of oversized NFSv4 COMPOUND requests (git-fixes). - NFSD: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes). - NFSD: Keep existing listeners on portlist error (git-fixes). - NFSD: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - NFSD: safer handling of corrupted c_type (git-fixes). - NFSv4 expose nfs_parse_server_name function (git-fixes). - NFSv4 only print the label when its queried (git-fixes). - NFSv4 remove zero number of fs_locations entries error check (git-fixes). - NFSv4: Do not hold the layoutget locks across multiple RPC calls (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix a pNFS layout related use-after-free race when freeing the inode (git-fixes). - NFSv4: Fix races between open and dentry revalidation (git-fixes). - NFSv4: Protect the state recovery thread against direct reclaim (git-fixes). - NFSv4: Retry LOCK on OLD_STATEID during delegation return (git-fixes). - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes). - NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes). - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - NFSv4.2: error out when relink swapfile (git-fixes). - NFSv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - NFSv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes). - NFSv4/pNFS: Fix a use-after-free bug in open (git-fixes). - NFSv4/pNFS: Try to return invalid layout in pnfs_layout_process() (git-fixes). - powerpc: Ensure that swiotlb buffer is allocated from low memory (bsc#1156395). - powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729). - powerpc: improve handling of unrecoverable system reset (bsc#1065729). - powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729). - powerpc/book3s/mm: Update Oops message to print the correct translation in use (bsc#1156395). - powerpc/boot: Fixup device-tree on little endian (bsc#1065729). - powerpc/crashkernel: Take "mem=" option into account (bsc#1065729). - powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/powernv: Avoid re-registration of imc debugfs directory (bsc#1156395). - powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729). - powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729). - powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729). - powerpc/xive: Add a check for memory allocation failure (git-fixes). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - quota: Check next/prev free block number after reading from quota file (bsc#1206640). - rpc: fix gss_svc_init cleanup on failure (git-fixes). - rpc: fix NULL dereference on kmalloc failure (git-fixes). - rtc: pcf85063: Fix reading alarm (git-fixes). - s390/boot: add secure boot trailer (bsc#1205256 LTC#1205256). - sbitmap: fix lockup while swapping (bsc#1206602). - sched/psi: Fix sampling error and rare div0 crashes with cgroups and high uptime (bsc#1206841). - scsi: lpfc: Correct bandwidth logging during receipt of congestion sync WCQE (jsc#PED-1445). - scsi: lpfc: Fix crash involving race between FLOGI timeout and devloss handler (jsc#PED-1445). - scsi: lpfc: Fix MI capability display in cmf_info sysfs attribute (jsc#PED-1445). - scsi: lpfc: Fix WQ|CQ|EQ resource check (jsc#PED-1445). - scsi: lpfc: Remove linux/msi.h include (jsc#PED-1445). - scsi: lpfc: Remove redundant pointer 'lp' (jsc#PED-1445). - scsi: lpfc: Update lpfc version to 14.2.0.9 (jsc#PED-1445). - scsi: lpfc: Use memset_startat() helper (jsc#PED-1445). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - sctp: sysctl: make extra pointers netns aware (bsc#1204760). - string.h: Introduce memset_startat() for wiping trailing members and padding (jsc#PED-1445). - SUNRPC: check that domain table is empty at module unload (git-fixes). - SUNRPC: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - SUNRPC: Do not start a timer on an already queued rpc task (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - SUNRPC: Fix potential leaks in sunrpc_cache_unhash() (git-fixes). - SUNRPC: Fix socket waits for write buffer space (git-fixes). - SUNRPC: Handle 0 length opaque XDR object data properly (git-fixes). - SUNRPC: Mitigate cond_resched() in xprt_transmit() (git-fixes). - SUNRPC: Move simple_get_bytes and simple_get_netobj into private header (git-fixes). - SUNRPC: stop printk reading past end of string (git-fixes). - svcrdma: Fix another Receive buffer leak (git-fixes). - svcrdma: Fix backchannel return code (git-fixes). - tracing: Add tracing_reset_all_online_cpus_unlocked() function (git-fixes). - tracing: Free buffers when a used dynamic event is removed (git-fixes). - tracing: Verify if trace array exists before destroying it (git-fixes). - tracing/dynevent: Delete all matched events (git-fixes). - udf_get_extendedattr() had no boundary checks (bsc#1206648). - udf: Avoid accessing uninitialized data on failed inode read (bsc#1206642). - udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (bsc#1206649). - udf: Fix free space reporting for metadata and virtual partitions (bsc#1206641). - udf: Fix iocharset=utf8 mount option (bsc#1206647). - udf: Fix NULL pointer dereference in udf_symlink function (bsc#1206646). - udf: fix silent AED tagLocation corruption (bsc#1206645). - udf: fix the problem that the disc content is not displayed (bsc#1206644). - udf: Limit sparing table size (bsc#1206643). - usb: host: xhci-hub: fix extra endianness conversion (git-fixes). - usbnet: move new members to end (git-fixes). - xprtrdma: Fix regbuf data not freed in rpcrdma_req_create() (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-152=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-152=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-152=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-152=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-152=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-152=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-152=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-152=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-152=1 Please note that this is the initial kernel livepatch without fixes itself, this livepatch package is later updated by seperate standalone livepatch updates. - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-152=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-152=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-152=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-152=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-152=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-152=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): kernel-default-5.3.18-150300.59.109.1 kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1 kernel-default-debuginfo-5.3.18-150300.59.109.1 kernel-default-debugsource-5.3.18-150300.59.109.1 - openSUSE Leap 15.4 (aarch64): dtb-al-5.3.18-150300.59.109.1 dtb-zte-5.3.18-150300.59.109.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.109.1 kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1 kernel-default-debuginfo-5.3.18-150300.59.109.1 kernel-default-debugsource-5.3.18-150300.59.109.1 kernel-default-devel-5.3.18-150300.59.109.1 kernel-default-devel-debuginfo-5.3.18-150300.59.109.1 - SUSE Manager Server 4.2 (noarch): kernel-devel-5.3.18-150300.59.109.1 kernel-macros-5.3.18-150300.59.109.1 - SUSE Manager Server 4.2 (x86_64): kernel-preempt-5.3.18-150300.59.109.1 kernel-preempt-debuginfo-5.3.18-150300.59.109.1 kernel-preempt-debugsource-5.3.18-150300.59.109.1 - SUSE Manager Server 4.2 (s390x): kernel-zfcpdump-5.3.18-150300.59.109.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.109.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.109.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): kernel-default-5.3.18-150300.59.109.1 kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1 kernel-default-debuginfo-5.3.18-150300.59.109.1 kernel-default-debugsource-5.3.18-150300.59.109.1 kernel-default-devel-5.3.18-150300.59.109.1 kernel-default-devel-debuginfo-5.3.18-150300.59.109.1 kernel-preempt-5.3.18-150300.59.109.1 kernel-preempt-debuginfo-5.3.18-150300.59.109.1 kernel-preempt-debugsource-5.3.18-150300.59.109.1 - SUSE Manager Retail Branch Server 4.2 (noarch): kernel-devel-5.3.18-150300.59.109.1 kernel-macros-5.3.18-150300.59.109.1 - SUSE Manager Proxy 4.2 (noarch): kernel-devel-5.3.18-150300.59.109.1 kernel-macros-5.3.18-150300.59.109.1 - SUSE Manager Proxy 4.2 (x86_64): kernel-default-5.3.18-150300.59.109.1 kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1 kernel-default-debuginfo-5.3.18-150300.59.109.1 kernel-default-debugsource-5.3.18-150300.59.109.1 kernel-default-devel-5.3.18-150300.59.109.1 kernel-default-devel-debuginfo-5.3.18-150300.59.109.1 kernel-preempt-5.3.18-150300.59.109.1 kernel-preempt-debuginfo-5.3.18-150300.59.109.1 kernel-preempt-debugsource-5.3.18-150300.59.109.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): kernel-default-5.3.18-150300.59.109.1 kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1 kernel-default-debuginfo-5.3.18-150300.59.109.1 kernel-default-debugsource-5.3.18-150300.59.109.1 kernel-default-devel-5.3.18-150300.59.109.1 kernel-default-devel-debuginfo-5.3.18-150300.59.109.1 kernel-obs-build-5.3.18-150300.59.109.1 kernel-obs-build-debugsource-5.3.18-150300.59.109.1 kernel-syms-5.3.18-150300.59.109.1 reiserfs-kmp-default-5.3.18-150300.59.109.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.109.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): kernel-preempt-5.3.18-150300.59.109.1 kernel-preempt-debuginfo-5.3.18-150300.59.109.1 kernel-preempt-debugsource-5.3.18-150300.59.109.1 kernel-preempt-devel-5.3.18-150300.59.109.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.109.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.109.1 kernel-docs-5.3.18-150300.59.109.1 kernel-macros-5.3.18-150300.59.109.1 kernel-source-5.3.18-150300.59.109.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.109.1 kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1 kernel-default-debuginfo-5.3.18-150300.59.109.1 kernel-default-debugsource-5.3.18-150300.59.109.1 kernel-default-devel-5.3.18-150300.59.109.1 kernel-default-devel-debuginfo-5.3.18-150300.59.109.1 kernel-obs-build-5.3.18-150300.59.109.1 kernel-obs-build-debugsource-5.3.18-150300.59.109.1 kernel-syms-5.3.18-150300.59.109.1 reiserfs-kmp-default-5.3.18-150300.59.109.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.109.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.109.1 kernel-preempt-debuginfo-5.3.18-150300.59.109.1 kernel-preempt-debugsource-5.3.18-150300.59.109.1 kernel-preempt-devel-5.3.18-150300.59.109.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.109.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64): kernel-64kb-5.3.18-150300.59.109.1 kernel-64kb-debuginfo-5.3.18-150300.59.109.1 kernel-64kb-debugsource-5.3.18-150300.59.109.1 kernel-64kb-devel-5.3.18-150300.59.109.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.109.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): kernel-devel-5.3.18-150300.59.109.1 kernel-docs-5.3.18-150300.59.109.1 kernel-macros-5.3.18-150300.59.109.1 kernel-source-5.3.18-150300.59.109.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (s390x): kernel-zfcpdump-5.3.18-150300.59.109.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.109.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.109.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.109.1 kernel-docs-5.3.18-150300.59.109.1 kernel-macros-5.3.18-150300.59.109.1 kernel-source-5.3.18-150300.59.109.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): kernel-default-5.3.18-150300.59.109.1 kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1 kernel-default-debuginfo-5.3.18-150300.59.109.1 kernel-default-debugsource-5.3.18-150300.59.109.1 kernel-default-devel-5.3.18-150300.59.109.1 kernel-default-devel-debuginfo-5.3.18-150300.59.109.1 kernel-obs-build-5.3.18-150300.59.109.1 kernel-obs-build-debugsource-5.3.18-150300.59.109.1 kernel-preempt-5.3.18-150300.59.109.1 kernel-preempt-debuginfo-5.3.18-150300.59.109.1 kernel-preempt-debugsource-5.3.18-150300.59.109.1 kernel-preempt-devel-5.3.18-150300.59.109.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.109.1 kernel-syms-5.3.18-150300.59.109.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.109.1 kernel-default-debugsource-5.3.18-150300.59.109.1 kernel-default-livepatch-5.3.18-150300.59.109.1 kernel-default-livepatch-devel-5.3.18-150300.59.109.1 kernel-livepatch-5_3_18-150300_59_109-default-1-150300.7.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.109.1 kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1 kernel-default-debuginfo-5.3.18-150300.59.109.1 kernel-default-debugsource-5.3.18-150300.59.109.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.109.1 kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1 kernel-default-debuginfo-5.3.18-150300.59.109.1 kernel-default-debugsource-5.3.18-150300.59.109.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): kernel-default-5.3.18-150300.59.109.1 kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1 kernel-default-debuginfo-5.3.18-150300.59.109.1 kernel-default-debugsource-5.3.18-150300.59.109.1 kernel-default-devel-5.3.18-150300.59.109.1 kernel-default-devel-debuginfo-5.3.18-150300.59.109.1 kernel-obs-build-5.3.18-150300.59.109.1 kernel-obs-build-debugsource-5.3.18-150300.59.109.1 kernel-preempt-5.3.18-150300.59.109.1 kernel-preempt-debuginfo-5.3.18-150300.59.109.1 kernel-preempt-debugsource-5.3.18-150300.59.109.1 kernel-preempt-devel-5.3.18-150300.59.109.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.109.1 kernel-syms-5.3.18-150300.59.109.1 reiserfs-kmp-default-5.3.18-150300.59.109.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.109.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64): kernel-64kb-5.3.18-150300.59.109.1 kernel-64kb-debuginfo-5.3.18-150300.59.109.1 kernel-64kb-debugsource-5.3.18-150300.59.109.1 kernel-64kb-devel-5.3.18-150300.59.109.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.109.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): kernel-devel-5.3.18-150300.59.109.1 kernel-docs-5.3.18-150300.59.109.1 kernel-macros-5.3.18-150300.59.109.1 kernel-source-5.3.18-150300.59.109.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): kernel-default-5.3.18-150300.59.109.1 kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1 kernel-default-debuginfo-5.3.18-150300.59.109.1 kernel-default-debugsource-5.3.18-150300.59.109.1 kernel-default-devel-5.3.18-150300.59.109.1 kernel-default-devel-debuginfo-5.3.18-150300.59.109.1 kernel-obs-build-5.3.18-150300.59.109.1 kernel-obs-build-debugsource-5.3.18-150300.59.109.1 kernel-preempt-5.3.18-150300.59.109.1 kernel-preempt-debuginfo-5.3.18-150300.59.109.1 kernel-preempt-debugsource-5.3.18-150300.59.109.1 kernel-preempt-devel-5.3.18-150300.59.109.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.109.1 kernel-syms-5.3.18-150300.59.109.1 reiserfs-kmp-default-5.3.18-150300.59.109.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.109.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64): kernel-64kb-5.3.18-150300.59.109.1 kernel-64kb-debuginfo-5.3.18-150300.59.109.1 kernel-64kb-debugsource-5.3.18-150300.59.109.1 kernel-64kb-devel-5.3.18-150300.59.109.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.109.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): kernel-devel-5.3.18-150300.59.109.1 kernel-docs-5.3.18-150300.59.109.1 kernel-macros-5.3.18-150300.59.109.1 kernel-source-5.3.18-150300.59.109.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.109.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.109.1 dlm-kmp-default-5.3.18-150300.59.109.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.109.1 gfs2-kmp-default-5.3.18-150300.59.109.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.109.1 kernel-default-debuginfo-5.3.18-150300.59.109.1 kernel-default-debugsource-5.3.18-150300.59.109.1 ocfs2-kmp-default-5.3.18-150300.59.109.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.109.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): kernel-default-5.3.18-150300.59.109.1 kernel-default-base-5.3.18-150300.59.109.1.150300.18.62.1 kernel-default-debuginfo-5.3.18-150300.59.109.1 kernel-default-debugsource-5.3.18-150300.59.109.1 kernel-default-devel-5.3.18-150300.59.109.1 kernel-default-devel-debuginfo-5.3.18-150300.59.109.1 kernel-obs-build-5.3.18-150300.59.109.1 kernel-obs-build-debugsource-5.3.18-150300.59.109.1 kernel-preempt-5.3.18-150300.59.109.1 kernel-preempt-debuginfo-5.3.18-150300.59.109.1 kernel-preempt-debugsource-5.3.18-150300.59.109.1 kernel-preempt-devel-5.3.18-150300.59.109.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.109.1 kernel-syms-5.3.18-150300.59.109.1 reiserfs-kmp-default-5.3.18-150300.59.109.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.109.1 - SUSE Enterprise Storage 7.1 (aarch64): kernel-64kb-5.3.18-150300.59.109.1 kernel-64kb-debuginfo-5.3.18-150300.59.109.1 kernel-64kb-debugsource-5.3.18-150300.59.109.1 kernel-64kb-devel-5.3.18-150300.59.109.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.109.1 - SUSE Enterprise Storage 7.1 (noarch): kernel-devel-5.3.18-150300.59.109.1 kernel-docs-5.3.18-150300.59.109.1 kernel-macros-5.3.18-150300.59.109.1 kernel-source-5.3.18-150300.59.109.1 References: https://www.suse.com/security/cve/CVE-2019-19083.html https://www.suse.com/security/cve/CVE-2022-3105.html https://www.suse.com/security/cve/CVE-2022-3106.html https://www.suse.com/security/cve/CVE-2022-3107.html https://www.suse.com/security/cve/CVE-2022-3108.html https://www.suse.com/security/cve/CVE-2022-3111.html https://www.suse.com/security/cve/CVE-2022-3112.html https://www.suse.com/security/cve/CVE-2022-3115.html https://www.suse.com/security/cve/CVE-2022-3435.html https://www.suse.com/security/cve/CVE-2022-3564.html https://www.suse.com/security/cve/CVE-2022-3643.html https://www.suse.com/security/cve/CVE-2022-42328.html https://www.suse.com/security/cve/CVE-2022-42329.html https://www.suse.com/security/cve/CVE-2022-4662.html https://www.suse.com/security/cve/CVE-2022-47520.html https://www.suse.com/security/cve/CVE-2022-47929.html https://www.suse.com/security/cve/CVE-2023-0266.html https://www.suse.com/security/cve/CVE-2023-23454.html https://www.suse.com/security/cve/CVE-2023-23455.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1151927 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1157049 https://bugzilla.suse.com/1190969 https://bugzilla.suse.com/1203183 https://bugzilla.suse.com/1203693 https://bugzilla.suse.com/1203740 https://bugzilla.suse.com/1204171 https://bugzilla.suse.com/1204250 https://bugzilla.suse.com/1204614 https://bugzilla.suse.com/1204693 https://bugzilla.suse.com/1204760 https://bugzilla.suse.com/1204989 https://bugzilla.suse.com/1205149 https://bugzilla.suse.com/1205256 https://bugzilla.suse.com/1205495 https://bugzilla.suse.com/1205496 https://bugzilla.suse.com/1205601 https://bugzilla.suse.com/1205695 https://bugzilla.suse.com/1206073 https://bugzilla.suse.com/1206113 https://bugzilla.suse.com/1206114 https://bugzilla.suse.com/1206174 https://bugzilla.suse.com/1206175 https://bugzilla.suse.com/1206176 https://bugzilla.suse.com/1206177 https://bugzilla.suse.com/1206178 https://bugzilla.suse.com/1206179 https://bugzilla.suse.com/1206344 https://bugzilla.suse.com/1206389 https://bugzilla.suse.com/1206393 https://bugzilla.suse.com/1206394 https://bugzilla.suse.com/1206395 https://bugzilla.suse.com/1206397 https://bugzilla.suse.com/1206398 https://bugzilla.suse.com/1206399 https://bugzilla.suse.com/1206515 https://bugzilla.suse.com/1206602 https://bugzilla.suse.com/1206634 https://bugzilla.suse.com/1206635 https://bugzilla.suse.com/1206636 https://bugzilla.suse.com/1206637 https://bugzilla.suse.com/1206640 https://bugzilla.suse.com/1206641 https://bugzilla.suse.com/1206642 https://bugzilla.suse.com/1206643 https://bugzilla.suse.com/1206644 https://bugzilla.suse.com/1206645 https://bugzilla.suse.com/1206646 https://bugzilla.suse.com/1206647 https://bugzilla.suse.com/1206648 https://bugzilla.suse.com/1206649 https://bugzilla.suse.com/1206663 https://bugzilla.suse.com/1206664 https://bugzilla.suse.com/1206784 https://bugzilla.suse.com/1206841 https://bugzilla.suse.com/1206854 https://bugzilla.suse.com/1206855 https://bugzilla.suse.com/1206857 https://bugzilla.suse.com/1206858 https://bugzilla.suse.com/1206859 https://bugzilla.suse.com/1206860 https://bugzilla.suse.com/1206873 https://bugzilla.suse.com/1206875 https://bugzilla.suse.com/1206876 https://bugzilla.suse.com/1206877 https://bugzilla.suse.com/1206878 https://bugzilla.suse.com/1206880 https://bugzilla.suse.com/1206881 https://bugzilla.suse.com/1206882 https://bugzilla.suse.com/1206883 https://bugzilla.suse.com/1206884 https://bugzilla.suse.com/1206885 https://bugzilla.suse.com/1206886 https://bugzilla.suse.com/1206887 https://bugzilla.suse.com/1206888 https://bugzilla.suse.com/1206889 https://bugzilla.suse.com/1206890 https://bugzilla.suse.com/1206891 https://bugzilla.suse.com/1206893 https://bugzilla.suse.com/1206896 https://bugzilla.suse.com/1206904 https://bugzilla.suse.com/1207036 https://bugzilla.suse.com/1207125 https://bugzilla.suse.com/1207134 https://bugzilla.suse.com/1207186 https://bugzilla.suse.com/1207198 https://bugzilla.suse.com/1207218 https://bugzilla.suse.com/1207237 From sle-security-updates at lists.suse.com Thu Jan 26 14:34:17 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 15:34:17 +0100 (CET) Subject: SUSE-SU-2023:0151-1: important: Security update for xrdp Message-ID: <20230126143417.9814DFD2D@maintenance.suse.de> SUSE Security Update: Security update for xrdp ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0151-1 Rating: important References: #1206301 Cross-References: CVE-2022-23477 CVSS scores: CVE-2022-23477 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23477 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xrdp fixes the following issues: - CVE-2022-23477: Fixed a buffer overflow for oversized audio format from client (bsc#1206301). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-151=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-151=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-151=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-151=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-151=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-151=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-151=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-151=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-151=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-151=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-151=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-151=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-151=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-151=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-151=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpainter0-0.9.13.1-150200.4.18.1 libpainter0-debuginfo-0.9.13.1-150200.4.18.1 librfxencode0-0.9.13.1-150200.4.18.1 librfxencode0-debuginfo-0.9.13.1-150200.4.18.1 xrdp-0.9.13.1-150200.4.18.1 xrdp-debuginfo-0.9.13.1-150200.4.18.1 xrdp-debugsource-0.9.13.1-150200.4.18.1 xrdp-devel-0.9.13.1-150200.4.18.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): libpainter0-0.9.13.1-150200.4.18.1 libpainter0-debuginfo-0.9.13.1-150200.4.18.1 librfxencode0-0.9.13.1-150200.4.18.1 librfxencode0-debuginfo-0.9.13.1-150200.4.18.1 xrdp-0.9.13.1-150200.4.18.1 xrdp-debuginfo-0.9.13.1-150200.4.18.1 xrdp-debugsource-0.9.13.1-150200.4.18.1 xrdp-devel-0.9.13.1-150200.4.18.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): libpainter0-0.9.13.1-150200.4.18.1 libpainter0-debuginfo-0.9.13.1-150200.4.18.1 librfxencode0-0.9.13.1-150200.4.18.1 librfxencode0-debuginfo-0.9.13.1-150200.4.18.1 xrdp-0.9.13.1-150200.4.18.1 xrdp-debuginfo-0.9.13.1-150200.4.18.1 xrdp-debugsource-0.9.13.1-150200.4.18.1 xrdp-devel-0.9.13.1-150200.4.18.1 - SUSE Manager Proxy 4.2 (x86_64): libpainter0-0.9.13.1-150200.4.18.1 libpainter0-debuginfo-0.9.13.1-150200.4.18.1 librfxencode0-0.9.13.1-150200.4.18.1 librfxencode0-debuginfo-0.9.13.1-150200.4.18.1 xrdp-0.9.13.1-150200.4.18.1 xrdp-debuginfo-0.9.13.1-150200.4.18.1 xrdp-debugsource-0.9.13.1-150200.4.18.1 xrdp-devel-0.9.13.1-150200.4.18.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): libpainter0-0.9.13.1-150200.4.18.1 libpainter0-debuginfo-0.9.13.1-150200.4.18.1 librfxencode0-0.9.13.1-150200.4.18.1 librfxencode0-debuginfo-0.9.13.1-150200.4.18.1 xrdp-0.9.13.1-150200.4.18.1 xrdp-debuginfo-0.9.13.1-150200.4.18.1 xrdp-debugsource-0.9.13.1-150200.4.18.1 xrdp-devel-0.9.13.1-150200.4.18.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libpainter0-0.9.13.1-150200.4.18.1 libpainter0-debuginfo-0.9.13.1-150200.4.18.1 librfxencode0-0.9.13.1-150200.4.18.1 librfxencode0-debuginfo-0.9.13.1-150200.4.18.1 xrdp-0.9.13.1-150200.4.18.1 xrdp-debuginfo-0.9.13.1-150200.4.18.1 xrdp-debugsource-0.9.13.1-150200.4.18.1 xrdp-devel-0.9.13.1-150200.4.18.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): libpainter0-0.9.13.1-150200.4.18.1 libpainter0-debuginfo-0.9.13.1-150200.4.18.1 librfxencode0-0.9.13.1-150200.4.18.1 librfxencode0-debuginfo-0.9.13.1-150200.4.18.1 xrdp-0.9.13.1-150200.4.18.1 xrdp-debuginfo-0.9.13.1-150200.4.18.1 xrdp-debugsource-0.9.13.1-150200.4.18.1 xrdp-devel-0.9.13.1-150200.4.18.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libpainter0-0.9.13.1-150200.4.18.1 libpainter0-debuginfo-0.9.13.1-150200.4.18.1 librfxencode0-0.9.13.1-150200.4.18.1 librfxencode0-debuginfo-0.9.13.1-150200.4.18.1 xrdp-0.9.13.1-150200.4.18.1 xrdp-debuginfo-0.9.13.1-150200.4.18.1 xrdp-debugsource-0.9.13.1-150200.4.18.1 xrdp-devel-0.9.13.1-150200.4.18.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): libpainter0-0.9.13.1-150200.4.18.1 libpainter0-debuginfo-0.9.13.1-150200.4.18.1 librfxencode0-0.9.13.1-150200.4.18.1 librfxencode0-debuginfo-0.9.13.1-150200.4.18.1 xrdp-0.9.13.1-150200.4.18.1 xrdp-debuginfo-0.9.13.1-150200.4.18.1 xrdp-debugsource-0.9.13.1-150200.4.18.1 xrdp-devel-0.9.13.1-150200.4.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libpainter0-0.9.13.1-150200.4.18.1 libpainter0-debuginfo-0.9.13.1-150200.4.18.1 librfxencode0-0.9.13.1-150200.4.18.1 librfxencode0-debuginfo-0.9.13.1-150200.4.18.1 xrdp-0.9.13.1-150200.4.18.1 xrdp-debuginfo-0.9.13.1-150200.4.18.1 xrdp-debugsource-0.9.13.1-150200.4.18.1 xrdp-devel-0.9.13.1-150200.4.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): libpainter0-0.9.13.1-150200.4.18.1 libpainter0-debuginfo-0.9.13.1-150200.4.18.1 librfxencode0-0.9.13.1-150200.4.18.1 librfxencode0-debuginfo-0.9.13.1-150200.4.18.1 xrdp-0.9.13.1-150200.4.18.1 xrdp-debuginfo-0.9.13.1-150200.4.18.1 xrdp-debugsource-0.9.13.1-150200.4.18.1 xrdp-devel-0.9.13.1-150200.4.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): libpainter0-0.9.13.1-150200.4.18.1 libpainter0-debuginfo-0.9.13.1-150200.4.18.1 librfxencode0-0.9.13.1-150200.4.18.1 librfxencode0-debuginfo-0.9.13.1-150200.4.18.1 xrdp-0.9.13.1-150200.4.18.1 xrdp-debuginfo-0.9.13.1-150200.4.18.1 xrdp-debugsource-0.9.13.1-150200.4.18.1 xrdp-devel-0.9.13.1-150200.4.18.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libpainter0-0.9.13.1-150200.4.18.1 libpainter0-debuginfo-0.9.13.1-150200.4.18.1 librfxencode0-0.9.13.1-150200.4.18.1 librfxencode0-debuginfo-0.9.13.1-150200.4.18.1 xrdp-0.9.13.1-150200.4.18.1 xrdp-debuginfo-0.9.13.1-150200.4.18.1 xrdp-debugsource-0.9.13.1-150200.4.18.1 xrdp-devel-0.9.13.1-150200.4.18.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): libpainter0-0.9.13.1-150200.4.18.1 libpainter0-debuginfo-0.9.13.1-150200.4.18.1 librfxencode0-0.9.13.1-150200.4.18.1 librfxencode0-debuginfo-0.9.13.1-150200.4.18.1 xrdp-0.9.13.1-150200.4.18.1 xrdp-debuginfo-0.9.13.1-150200.4.18.1 xrdp-debugsource-0.9.13.1-150200.4.18.1 xrdp-devel-0.9.13.1-150200.4.18.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libpainter0-0.9.13.1-150200.4.18.1 libpainter0-debuginfo-0.9.13.1-150200.4.18.1 librfxencode0-0.9.13.1-150200.4.18.1 librfxencode0-debuginfo-0.9.13.1-150200.4.18.1 xrdp-0.9.13.1-150200.4.18.1 xrdp-debuginfo-0.9.13.1-150200.4.18.1 xrdp-debugsource-0.9.13.1-150200.4.18.1 xrdp-devel-0.9.13.1-150200.4.18.1 References: https://www.suse.com/security/cve/CVE-2022-23477.html https://bugzilla.suse.com/1206301 From sle-security-updates at lists.suse.com Thu Jan 26 14:35:25 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 15:35:25 +0100 (CET) Subject: SUSE-SU-2023:0148-1: important: Security update for the Linux Kernel Message-ID: <20230126143525.F0BA1FD2D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0148-1 Rating: important References: #1065729 #1174298 #1174299 #1203740 #1204250 #1204667 #1205695 #1206073 #1206344 #1206389 #1206395 #1206664 #1206896 PED-568 Cross-References: CVE-2022-3107 CVE-2022-3108 CVE-2022-3564 CVE-2022-4662 CVSS scores: CVE-2022-3107 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3107 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3108 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3564 (NVD) : 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-3564 (SUSE): 8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-4662 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-4662 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves four vulnerabilities, contains one feature and has 9 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-3564: Fixed a bug which could lead to use after free, it was found in the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. (bsc#1206073) - CVE-2022-3108: Fixed a bug in kfd_parse_subtype_iolink in drivers/gpu/drm/amd/amdkfd/kfd_crat.c where a lack of check of the return value of kmemdup() could lead to a NULL pointer dereference. (bsc#1206389) - CVE-2022-4662: Fixed a recursive locking violation in usb-storage that can cause the kernel to deadlock. (bsc#1206664) - CVE-2022-3107: Fixed a null pointer dereference caused by a missing check of the return value of kvmalloc_array. (bsc#1206395) The following non-security bugs were fixed: - arm64: alternative: Use true and false for boolean values (git-fixes) - arm64: cmpwait: Clear event register before arming exclusive monitor (git-fixes) - arm64: Fix minor issues with the dcache_by_line_op macro (git-fixes) - arm64: fix possible spectre-v1 in ptrace_hbp_get_event() (git-fixes) - arm64: fix possible spectre-v1 write in ptrace_hbp_set_event() (git-fixes) - arm64: ftrace: do not adjust the LR value (git-fixes) - arm64: io: Ensure calls to delay routines are ordered against prior (git-fixes) - arm64: io: Ensure value passed to __iormb() is held in a 64-bit (git-fixes) - arm64: jump_label.h: use asm_volatile_goto macro instead of "asm (git-fixes) - arm64: make secondary_start_kernel() notrace (git-fixes) - arm64: makefile fix build of .i file in external module case (git-fixes) - arm64: ptrace: remove addr_limit manipulation (git-fixes) - arm64: rockchip: Force CONFIG_PM on Rockchip systems (git-fixes) - arm64: smp: Handle errors reported by the firmware (git-fixes) - arm64/kvm: consistently handle host HCR_EL2 flags (git-fixes) - Bluetooth: hci_qca: Fix the teardown problem for real (git-fixes). - CDC-NCM: remove "connected" log message (git-fixes). - flexfiles: enforce per-mirror stateid only for v4 DSes (git-fixes). - flexfiles: use per-mirror specified stateid for IO (git-fixes). - fs: nfs: Fix possible null-pointer dereferences in encode_attrs() (git-fixes). - ibmveth: Always stop tx queues during close (bsc#1065729). - kABI: mitigate new ufs_stats field (git-fixes). - lockd: fix decoding of TEST results (git-fixes). - media: Do not let tvp5150_get_vbi() go out of vbi_ram_default array (git-fixes). - media: i2c: tvp5150: remove useless variable assignment in tvp5150_set_vbi() (git-fixes). - memcg, kmem: further deprecate kmem.limit_in_bytes (bsc#1206896). - memcg: Fix possible use-after-free in memcg_write_event_control() (bsc#1206344). - mm, page_alloc: avoid expensive reclaim when compaction may not succeed (bsc#1204250). - move new members of struct usbnet to end (git-fixes). - net :sunrpc :clnt :Fix xps refcount imbalance on the error path (git-fixes). - net: kalmia: clean up bind error path (git-fixes). - net: kalmia: fix memory leaks (git-fixes). - net: sunrpc: Fix off-by-one issues in 'rpc_ntop6' (git-fixes). - net: usb: asix: ax88772_bind return error when hw_reset fail (git-fixes). - net: usb: asix: init MAC address buffers (git-fixes). - net: usb: qmi_wwan: add Quectel EM160R-GL (git-fixes). - net: usb: qmi_wwan: add Telit 0x103a composition (git-fixes). - net: usb: qmi_wwan: Add the BroadMobi BM818 card (git-fixes). - net: usb: qmi_wwan: add u-blox 0x1342 composition (git-fixes). - net: usb: qmi_wwan: restore mtu min/max values after raw_ip switch (git-fixes). - net: usb: qmi_wwan: Set DTR quirk for MR400 (git-fixes). - net: usb: rtl8150: demote allmulti message to dev_dbg() (git-fixes). - net: xfrm: fix compress vs decompress serialization (SLE Realtime Extension, bsc#1174298, bsc#1204667). - net/usb/kalmia: use ARRAY_SIZE for various array sizing calculations (git-fixes). - net/xfrm/input: Protect queue with lock (SLE Realtime Extension, bsc#1174299, bsc#1204667). - NFS Handle missing attributes in OPEN reply (bsc#1203740). - NFS: Correct size calculation for create reply length (git-fixes). - NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails (git-fixes). - NFS: Fix an Oops in nfs_d_automount() (git-fixes). - NFS: Fix initialisation of I/O result struct in nfs_pgio_rpcsetup (git-fixes). - NFS: Fix memory leaks in nfs_pageio_stop_mirroring() (git-fixes). - NFS: Fix NULL pointer dereference of dev_name (git-fixes). - NFS: fix PNFS_FLEXFILE_LAYOUT Kconfig default (git-fixes). - NFS: nfs_compare_mount_options always compare auth flavors (git-fixes). - NFS: nfs_find_open_context() may only select open files (git-fixes). - NFS: nfs4clinet: check the return value of kstrdup() (git-fixes). - NFS: swap IO handling is slightly different for O_DIRECT IO (git-fixes). - NFS: swap-out must always use STABLE writes (git-fixes). - NFS: we do not support removing system.nfs4_acl (git-fixes). - nfs4: Fix kmemleak when allocate slot failed (git-fixes). - nfsd: allow fh_want_write to be called twice (git-fixes). - nfsd: fix a warning in __cld_pipe_upcall() (git-fixes). - nfsd: Fix svc_xprt refcnt leak when setup callback client failed (git-fixes). - nfsd: fix wrong check in write_v4_end_grace() (git-fixes). - nfsd: Keep existing listeners on portlist error (git-fixes). - nfsd: Return EPERM, not EACCES, in some SETATTR cases (git-fixes). - nfsd: Return nfserr_serverfault if splice_ok but buf->pages have data (git-fixes). - nfsd4: fix crash on writing v4_end_grace before nfsd startup (git-fixes). - NFSv2: Fix eof handling (git-fixes). - NFSv2: Fix write regression (git-fixes). - NFSv4 expose nfs_parse_server_name function (git-fixes). - NFSv4 only print the label when its queried (git-fixes). - NFSv4 remove zero number of fs_locations entries error check (git-fixes). - NFSv4: Fix a deadlock between nfs4_open_recover_helper() and delegreturn (git-fixes). - NFSv4: Fix open create exclusive when the server reboots (git-fixes). - NFSv4: Fix return value in nfs_finish_open() (git-fixes). - NFSv4: Fix return values for nfs4_file_open() (git-fixes). - NFSv4.1 handle ERR_DELAY error reclaiming locking state on delegation recall (git-fixes). - NFSv4.1: Fix uninitialised variable in devicenotify (git-fixes). - NFSv4.1: Handle RECLAIM_COMPLETE trunking errors (git-fixes). - NFSv4.1: We must always send RECLAIM_COMPLETE after a reboot (git-fixes). - NFSv4.2: Clear FATTR4_WORD2_SECURITY_LABEL when done decoding (git-fixes). - NFSv4.2: Fix a memory stomp in decode_attr_security_label (git-fixes). - NFSv4.2: Fix initialisation of struct nfs4_label (git-fixes). - NFSv4.2: Fixup CLONE dest file size for zero-length count (git-fixes). - NFSv4.x: Fail client initialisation if state manager thread can't run (git-fixes). - NFSv4.x: fix lock recovery during delegation recall (git-fixes). - NFSv4/pNFS: Always return layout stats on layout return for flexfiles (git-fixes). - NFSv4/pNFS: Try to return invalid layout in pnfs_layout_process() (git-fixes). - powerpc: Force inlining of cpu_has_feature() to avoid build failure (bsc#1065729). - powerpc: improve handling of unrecoverable system reset (bsc#1065729). - powerpc: sysdev: add missing iounmap() on error in mpic_msgr_probe() (bsc#1065729). - powerpc/64: Init jump labels before parse_early_param() (bsc#1065729). - powerpc/64/module: REL32 relocation range check (bsc#1065729). - powerpc/64s/hash: Fix stab_rr off by one initialization (bsc#1065729). - powerpc/64s/pgtable: fix an undefined behaviour (bsc#1065729). - powerpc/boot: Disable vector instructions (bsc#1065729). - powerpc/boot: Explicitly disable usage of SPE instructions (bsc#1065729). - powerpc/boot: Fix 64-bit boot wrapper build with non-biarch compiler (bsc#1065729). - powerpc/boot: Fix missing check of lseek() return value (bsc#1065729). - powerpc/boot: Fixup device-tree on little endian (bsc#1065729). - powerpc/crashkernel: Take "mem=" option into account (bsc#1065729). - powerpc/eeh: Fix possible null deref in eeh_dump_dev_log() (bsc#1065729). - powerpc/eeh: Fix use of EEH_PE_KEEP on wrong field (bsc#1065729). - powerpc/eeh: Only dump stack once if an MMIO loop is detected (bsc#1065729). - powerpc/futex: Fix warning: 'oldval' may be used uninitialized in this function (bsc#1065729). - powerpc/iommu: Avoid derefence before pointer check (bsc#1065729). - powerpc/mm: Make NULL pointer deferences explicit on bad page faults (bsc#1065729). - powerpc/pci: Fix get_phb_number() locking (bsc#1065729). - powerpc/pci/of: Fix OF flags parsing for 64bit BARs (bsc#1065729). - powerpc/perf: callchain validate kernel stack pointer bounds (bsc#1065729). - powerpc/powernv: add missing of_node_put (bsc#1065729). - powerpc/powernv: opal_put_chars partial write fix (bsc#1065729). - powerpc/powernv/eeh/npu: Fix uninitialized variables in opal_pci_eeh_freeze_status (bsc#1065729). - powerpc/powernv/iov: Ensure the pdn for VFs always contains a valid PE number (bsc#1065729). - powerpc/powernv/smp: Fix spurious DBG() warning (bsc#1065729). - powerpc/pseries: add of_node_put() in dlpar_detach_node() (bsc#1065729). - powerpc/pseries: Fix node leak in update_lmb_associativity_index() (bsc#1065729). - powerpc/pseries: Mark accumulate_stolen_time() as notrace (bsc#1065729). - powerpc/pseries: Stop calling printk in rtas_stop_self() (bsc#1065729). - powerpc/pseries: unregister VPA when hot unplugging a CPU (bsc#1205695 ltc#200603). - powerpc/pseries/cmm: Implement release() function for sysfs device (bsc#1065729). - powerpc/pseries/eeh: use correct API for error log size (bsc#1065729). - powerpc/pseries/hvconsole: Fix stack overread via udbg (bsc#1065729). - powerpc/rtas: avoid device tree lookups in rtas_os_term() (bsc#1065729). - powerpc/rtas: avoid scheduling in rtas_os_term() (bsc#1065729). - powerpc/smp: Set numa node before updating mask (bsc#1065729). - powerpc/sriov: Remove VF eeh_dev state when disabling SR-IOV (bsc#1065729). - powerpc/time: Fix clockevent_decrementer initalisation for PR KVM (bsc#1065729). - powerpc/time: Use clockevents_register_device(), fixing an issue with large decrementer (bsc#1065729). - powerpc/traps: Fix the message printed when stack overflows (bsc#1065729). - powerpc/xive: Add a check for memory allocation failure (git-fixes). - powerpc/xive: add missing iounmap() in error path in xive_spapr_populate_irq_data() (git-fixes). - powerpc/xive: Move a dereference below a NULL test (bsc#1065729). - powerpc/xive/spapr: correct bitmap allocation size (git-fixes). - powerpc/xmon: fix dump_segments() (bsc#1065729). - rndis_host: increase sleep time in the query-response loop (git-fixes). - rpc: fix gss_svc_init cleanup on failure (git-fixes). - rpc: fix NULL dereference on kmalloc failure (git-fixes). - scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes). - scsi: 3ware: fix return 0 on the error path of probe (git-fixes). - scsi: 53c700: pass correct "dev" to dma_alloc_attrs() (git-fixes). - scsi: aacraid: Disabling TM path and only processing IOP reset (git-fixes). - scsi: aacraid: fix illegal IO beyond last LBA (git-fixes). - scsi: advansys: Fix kernel pointer leak (git-fixes). - scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes). - scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes). - scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes). - scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes). - scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes). - scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git-fixes). - scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes). - scsi: core: Do not start concurrent async scan on same host (git-fixes). - scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes). - scsi: core: Reduce memory required for SCSI logging (git-fixes). - scsi: core: replace GFP_ATOMIC with GFP_KERNEL in scsi_scan.c (git-fixes). - scsi: dc395x: fix DMA API usage in sg_update_list (git-fixes). - scsi: dc395x: fix dma API usage in srb_done (git-fixes). - scsi: fcoe: drop frames in ELS LOGO error path (git-fixes). - scsi: fcoe: fix use-after-free in fcoe_ctlr_els_send (git-fixes). - scsi: fix kconfig dependency warning related to 53C700_LE_ON_BE (git-fixes). - scsi: fnic: fix use after free (git-fixes). - scsi: hisi_sas: Check sas_port before using it (git-fixes). - scsi: hpsa: correct scsi command status issue after reset (git-fixes). - scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes). - scsi: ibmvscsis: Ensure partition name is properly NUL terminated (git-fixes). - scsi: ibmvscsis: Fix a stringop-overflow warning (git-fixes). - scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes). - scsi: ipr: Fix softlockup when rescanning devices in petitboot (git-fixes). - scsi: ips: fix missing break in switch (git-fixes). - scsi: isci: Change sci_controller_start_task's return type to sci_status (git-fixes). - scsi: isci: Use proper enumerated type in atapi_d2h_reg_frame_handler (git-fixes). - scsi: iscsi_tcp: Explicitly cast param in iscsi_sw_tcp_host_get_param (git-fixes). - scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes). - scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes). - scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes). - scsi: iscsi: Do not send data to unbound connection (git-fixes). - scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes). - scsi: iscsi: Fix shost->max_id use (git-fixes). - scsi: iscsi: flush running unbind operations when removing a session (git-fixes). - scsi: iscsi: Report unbind session event when the target has been removed (git-fixes). - scsi: iscsi: Unblock session then wake up error handler (git-fixes). - scsi: libcxgbi: add a check for NULL pointer in cxgbi_check_route() (git-fixes). - scsi: libcxgbi: fix NULL pointer dereference in cxgbi_device_destroy() (git-fixes). - scsi: libfc: Fix a format specifier (git-fixes). - scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes). - scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes). - scsi: libiscsi: Fix NOP race condition (git-fixes). - scsi: libiscsi: Fix NULL pointer dereference in iscsi_eh_session_reset (git-fixes). - scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes). - scsi: libsas: Check SMP PHY control function result (git-fixes). - scsi: lpfc: Fix port stuck in bypassed state after LIP in PT2PT topology (git-fixes). - scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes). - scsi: megaraid_sas: fix panic on loading firmware crashdump (git-fixes). - scsi: megaraid_sas: reduce module load time (git-fixes). - scsi: megaraid: disable device when probe failed after enabled device (git-fixes). - scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes). - scsi: mpt3sas: Fix clear pending bit in ioctl status (git-fixes). - scsi: mpt3sas: Fix double free warnings (git-fixes). - scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes). - scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes). - scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes). - scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes). - scsi: NCR5380: Add disconnect_mask module parameter (git-fixes). - scsi: NCR5380: Check for bus reset (git-fixes). - scsi: NCR5380: Check for invalid reselection target (git-fixes). - scsi: NCR5380: Clear all unissued commands on host reset (git-fixes). - scsi: NCR5380: Do not call dsprintk() following reselection interrupt (git-fixes). - scsi: NCR5380: Do not clear busy flag when abort fails (git-fixes). - scsi: NCR5380: Handle BUS FREE during reselection (git-fixes). - scsi: NCR5380: Have NCR5380_select() return a bool (git-fixes). - scsi: NCR5380: Use DRIVER_SENSE to indicate valid sense data (git-fixes). - scsi: NCR5380: Withhold disconnect privilege for REQUEST SENSE (git-fixes). - scsi: pm8001: Fix memleak in pm8001_exec_internal_task_abort (git-fixes). - scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes). - scsi: pm80xx: Corrected dma_unmap_sg() parameter (git-fixes). - scsi: pm80xx: Fix for SATA device discovery (git-fixes). - scsi: pm80xx: Fixed system hang issue during kexec boot (git-fixes). - scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes). - scsi: qedf: Do not retry ELS request if qedf_alloc_cmd fails (git-fixes). - scsi: qedi: Abort ep termination if offload not scheduled (git-fixes). - scsi: qedi: Do not flush offload work if ARP not resolved (git-fixes). - scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes). - scsi: qedi: Fix null ref during abort handling (git-fixes). - scsi: qedi: Fix termination timeouts in session logout (git-fixes). - scsi: qedi: Protect active command list to avoid list corruption (git-fixes). - scsi: qla2xxx: Fix crash when I/O abort times out (jsc#PED-568). - scsi: qla2xxx: Fix set-but-not-used variable warnings (jsc#PED-568). - scsi: qla2xxx: Initialize vha->unknown_atio_[list, work] for NPIV hosts (jsc#PED-568). - scsi: qla2xxx: Remove duplicate of vha->iocb_work initialization (jsc#PED-568). - scsi: qla2xxx: Remove unused variable 'found_devs' (jsc#PED-568). - scsi: qla4xxx: check return code of qla4xxx_copy_from_fwddb_param (git-fixes). - scsi: qla4xxx: fix a potential NULL pointer dereference (git-fixes). - scsi: Revert "target: iscsi: Wait for all commands to finish before freeing a session" (git-fixes). - scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes). - scsi: scsi_debug: num_tgts must be >= 0 (git-fixes). - scsi: scsi_dh_alua: always use a 2 second delay before retrying RTPG (git-fixes). - scsi: scsi_dh_alua: handle RTPG sense code correctly during state transitions (git-fixes). - scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes). - scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes). - scsi: scsi_transport_spi: Fix function pointer check (git-fixes). - scsi: scsi_transport_srp: Do not block target in failfast state (git-fixes). - scsi: scsi_transport_srp: Do not block target in SRP_PORT_LOST state (git-fixes). - scsi: sd: do not crash the host on invalid commands (git-fixes). - scsi: sd: Free scsi_disk device via put_device() (git-fixes). - scsi: ses: Fix unsigned comparison with less than zero (git-fixes). - scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes). - scsi: sni_53c710: fix compilation error (git-fixes). - scsi: sr: Do not use GFP_DMA (git-fixes). - scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes). - scsi: sr: Return appropriate error code when disk is ejected (git-fixes). - scsi: sr: Return correct event when media event code is 3 (git-fixes). - scsi: st: Fix a use after free in st_open() (git-fixes). - scsi: target: iscsi: Wait for all commands to finish before freeing a session (git-fixes). - scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes). - scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes). - scsi: ufs: Avoid configuring regulator with undefined voltage range (git-fixes). - scsi: ufs: Clean up completed request without interrupt notification (git-fixes). - scsi: ufs: Complete pending requests in host reset and restore path (git-fixes). - scsi: ufs: delete redundant function ufshcd_def_desc_sizes() (git-fixes). - scsi: ufs: Fix error handing during hibern8 enter (git-fixes). - scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes). - scsi: ufs: fix potential bug which ends in system hang (git-fixes). - scsi: ufs: Fix regulator load and icc-level configuration (git-fixes). - scsi: ufs: Fix system suspend status (git-fixes). - scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes). - scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes). - scsi: ufs: skip shutdown if hba is not powered (git-fixes). - scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes). - scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported" (git-fixes). - scsi: vmw_pscsi: Rearrange code to avoid multiple calls to free_irq during unload (git-fixes). - scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes). - scsi: vmw_pvscsi: Return DID_RESET for status SAM_STAT_COMMAND_TERMINATED (git-fixes). - scsi: vmw_pvscsi: Set correct residual data length (git-fixes). - scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes). - SUNRPC: Do not call __UDPX_INC_STATS() from a preemptible context (git-fixes). - SUNRPC: Do not leak netobj memory when gss_read_proxy_verf() fails (git-fixes). - SUNRPC: do not mark uninitialised items as VALID (git-fixes). - SUNRPC: drop pointless static qualifier in xdr_get_next_encode_buffer() (git-fixes). - SUNRPC: Fix a bogus get/put in generic_key_to_expire() (git-fixes). - SUNRPC: Fix a compile warning for cmpxchg64() (git-fixes). - SUNRPC: Fix a race with XPRT_CONNECTING (git-fixes). - SUNRPC: fix cache_head leak due to queued request (git-fixes). - SUNRPC: Fix connect metrics (git-fixes). - SUNRPC: fix crash when cache_head become valid before update (git-fixes). - SUNRPC: Fix missing release socket in rpc_sockname() (git-fixes). - SUNRPC: Handle 0 length opaque XDR object data properly (git-fixes). - SUNRPC: Move simple_get_bytes and simple_get_netobj into private header (git-fixes). - SUNRPC: stop printk reading past end of string (git-fixes). - svcrdma: Ignore source port when computing DRC hash (git-fixes). - tracing: Fix code comments in trace.c (git-fixes). - usb: dwc3: gadget: Fix OTG events when gadget driver isn't loaded (git-fixes). - usb: dwc3: gadget: only unmap requests from DMA if mapped (git-fixes). - xprtrdma: treat all calls not a bcall when bc_serv is NULL (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2023-148=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.112.1 cluster-md-kmp-rt-debuginfo-4.12.14-10.112.1 dlm-kmp-rt-4.12.14-10.112.1 dlm-kmp-rt-debuginfo-4.12.14-10.112.1 gfs2-kmp-rt-4.12.14-10.112.1 gfs2-kmp-rt-debuginfo-4.12.14-10.112.1 kernel-rt-4.12.14-10.112.1 kernel-rt-base-4.12.14-10.112.1 kernel-rt-base-debuginfo-4.12.14-10.112.1 kernel-rt-debuginfo-4.12.14-10.112.1 kernel-rt-debugsource-4.12.14-10.112.1 kernel-rt-devel-4.12.14-10.112.1 kernel-rt-devel-debuginfo-4.12.14-10.112.1 kernel-rt_debug-4.12.14-10.112.1 kernel-rt_debug-debuginfo-4.12.14-10.112.1 kernel-rt_debug-debugsource-4.12.14-10.112.1 kernel-rt_debug-devel-4.12.14-10.112.1 kernel-rt_debug-devel-debuginfo-4.12.14-10.112.1 kernel-syms-rt-4.12.14-10.112.1 ocfs2-kmp-rt-4.12.14-10.112.1 ocfs2-kmp-rt-debuginfo-4.12.14-10.112.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.112.1 kernel-source-rt-4.12.14-10.112.1 References: https://www.suse.com/security/cve/CVE-2022-3107.html https://www.suse.com/security/cve/CVE-2022-3108.html https://www.suse.com/security/cve/CVE-2022-3564.html https://www.suse.com/security/cve/CVE-2022-4662.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1174298 https://bugzilla.suse.com/1174299 https://bugzilla.suse.com/1203740 https://bugzilla.suse.com/1204250 https://bugzilla.suse.com/1204667 https://bugzilla.suse.com/1205695 https://bugzilla.suse.com/1206073 https://bugzilla.suse.com/1206344 https://bugzilla.suse.com/1206389 https://bugzilla.suse.com/1206395 https://bugzilla.suse.com/1206664 https://bugzilla.suse.com/1206896 From sle-security-updates at lists.suse.com Thu Jan 26 17:18:54 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 18:18:54 +0100 (CET) Subject: SUSE-SU-2023:0153-1: important: Security update for haproxy Message-ID: <20230126171854.94CF7FD89@maintenance.suse.de> SUSE Security Update: Security update for haproxy ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0153-1 Rating: important References: #1207181 Cross-References: CVE-2023-0056 CVSS scores: CVE-2023-0056 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for haproxy fixes the following issues: - CVE-2023-0056: Fixed a server crash that could be triggered via a malformed HTTP/2 frame (bsc#1207181). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-153=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-153=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-153=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-153=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): haproxy-2.4.8+git0.d1f8d41e0-150400.3.6.1 haproxy-debuginfo-2.4.8+git0.d1f8d41e0-150400.3.6.1 haproxy-debugsource-2.4.8+git0.d1f8d41e0-150400.3.6.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): haproxy-2.4.8+git0.d1f8d41e0-150400.3.6.1 haproxy-debuginfo-2.4.8+git0.d1f8d41e0-150400.3.6.1 haproxy-debugsource-2.4.8+git0.d1f8d41e0-150400.3.6.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): haproxy-2.4.8+git0.d1f8d41e0-150400.3.6.1 haproxy-debuginfo-2.4.8+git0.d1f8d41e0-150400.3.6.1 haproxy-debugsource-2.4.8+git0.d1f8d41e0-150400.3.6.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): haproxy-2.4.8+git0.d1f8d41e0-150400.3.6.1 haproxy-debuginfo-2.4.8+git0.d1f8d41e0-150400.3.6.1 haproxy-debugsource-2.4.8+git0.d1f8d41e0-150400.3.6.1 References: https://www.suse.com/security/cve/CVE-2023-0056.html https://bugzilla.suse.com/1207181 From sle-security-updates at lists.suse.com Thu Jan 26 20:23:51 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 21:23:51 +0100 (CET) Subject: SUSE-SU-2023:0159-1: moderate: Security update for python-setuptools Message-ID: <20230126202351.C37F9FD89@maintenance.suse.de> SUSE Security Update: Security update for python-setuptools ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0159-1 Rating: moderate References: #1206667 Cross-References: CVE-2022-40897 CVSS scores: CVE-2022-40897 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40897 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-159=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-159=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-159=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-159=1 Package List: - openSUSE Leap Micro 5.3 (noarch): python3-setuptools-44.1.1-150400.3.3.1 - openSUSE Leap 15.4 (noarch): python3-setuptools-44.1.1-150400.3.3.1 python3-setuptools-test-44.1.1-150400.3.3.1 python3-setuptools-wheel-44.1.1-150400.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-setuptools-44.1.1-150400.3.3.1 python3-setuptools-test-44.1.1-150400.3.3.1 python3-setuptools-wheel-44.1.1-150400.3.3.1 - SUSE Linux Enterprise Micro 5.3 (noarch): python3-setuptools-44.1.1-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-40897.html https://bugzilla.suse.com/1206667 From sle-security-updates at lists.suse.com Thu Jan 26 20:25:03 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 21:25:03 +0100 (CET) Subject: SUSE-SU-2023:0160-1: important: Security update for samba Message-ID: <20230126202503.9B83AFD89@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0160-1 Rating: important References: #1200102 #1201490 #1201492 #1201493 #1201495 #1201496 #1201689 #1204254 #1205126 #1205385 #1205386 #1206504 #1206546 Cross-References: CVE-2021-20251 CVE-2022-2031 CVE-2022-32742 CVE-2022-32744 CVE-2022-32745 CVE-2022-32746 CVE-2022-3437 CVE-2022-37966 CVE-2022-37967 CVE-2022-38023 CVE-2022-42898 CVSS scores: CVE-2021-20251 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-2031 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-2031 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32742 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-32742 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-32744 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32744 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-32745 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2022-32745 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-32746 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-32746 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2022-3437 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3437 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L CVE-2022-37966 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37966 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37967 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-37967 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-38023 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-38023 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-42898 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42898 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that solves 11 vulnerabilities and has two fixes is now available. Description: This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - Updated to version 4.15.13: - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). - CVE-2022-37967: Fixed a potential privilege escalation issue via constrained delegation due to weak a cryptographic algorithm being selected (bsc#1205386). - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504). - Updated to version 4.15.12: - CVE-2022-42898: Fixed several buffer overflow vulnerabilities on 32-bit systems (bsc#1205126). - Updated to version 4.15.11: - CVE-2022-3437: Fixed a buffer overflow in Heimdal unwrap_des3() (bsc#1204254). - Updated to version 4.15.10: - Fixed a potential crash due to a concurrency issue (bsc#1200102). - Updated to version 4.15.9: - CVE-2022-32742: Fixed an information leak that could be triggered via SMB1 (bsc#1201496). - CVE-2022-32746: Fixed a memory corruption issue in database audit logging (bsc#1201490). - CVE-2022-2031: Fixed AD restrictions bypass associated with changing passwords (bsc#1201495). - CVE-2022-32745: Fixed a remote server crash that could be triggered with certain LDAP requests (bsc#1201492). - CVE-2022-32744: Fixed an issue where AD users could have forged password change requests on behalf of other users (bsc#1201493). Other fixes: - Fixed a problem when using bind as samba-ad-dc backend related to the named service (bsc#1201689). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-160=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-160=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-160=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-160=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2023-160=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): samba-client-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-client-libs-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-debugsource-4.15.13+git.591.ab36624310c-150400.3.19.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ctdb-4.15.13+git.591.ab36624310c-150400.3.19.1 ctdb-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 ctdb-pcp-pmda-4.15.13+git.591.ab36624310c-150400.3.19.1 ctdb-pcp-pmda-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 libsamba-policy-devel-4.15.13+git.591.ab36624310c-150400.3.19.1 libsamba-policy-python3-devel-4.15.13+git.591.ab36624310c-150400.3.19.1 libsamba-policy0-python3-4.15.13+git.591.ab36624310c-150400.3.19.1 libsamba-policy0-python3-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-ad-dc-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-ad-dc-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-ad-dc-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-ad-dc-libs-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-client-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-client-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-client-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-client-libs-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-debugsource-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-devel-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-dsdb-modules-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-dsdb-modules-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-gpupdate-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-ldb-ldap-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-ldb-ldap-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-libs-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-libs-python3-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-libs-python3-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-python3-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-python3-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-test-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-test-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-tool-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-winbind-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-winbind-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-winbind-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-winbind-libs-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 - openSUSE Leap 15.4 (aarch64 x86_64): samba-ceph-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-ceph-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 - openSUSE Leap 15.4 (x86_64): libsamba-policy0-python3-32bit-4.15.13+git.591.ab36624310c-150400.3.19.1 libsamba-policy0-python3-32bit-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-ad-dc-libs-32bit-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-client-32bit-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-client-32bit-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-client-libs-32bit-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-client-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-devel-32bit-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-libs-32bit-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-libs-python3-32bit-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-libs-python3-32bit-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-winbind-libs-32bit-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 - openSUSE Leap 15.4 (noarch): samba-doc-4.15.13+git.591.ab36624310c-150400.3.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libsamba-policy-devel-4.15.13+git.591.ab36624310c-150400.3.19.1 libsamba-policy-python3-devel-4.15.13+git.591.ab36624310c-150400.3.19.1 libsamba-policy0-python3-4.15.13+git.591.ab36624310c-150400.3.19.1 libsamba-policy0-python3-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-ad-dc-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-ad-dc-libs-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-client-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-client-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-client-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-client-libs-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-debugsource-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-devel-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-dsdb-modules-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-dsdb-modules-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-gpupdate-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-ldb-ldap-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-ldb-ldap-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-libs-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-libs-python3-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-libs-python3-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-python3-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-python3-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-tool-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-winbind-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-winbind-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-winbind-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-winbind-libs-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 x86_64): samba-ceph-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-ceph-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): samba-client-libs-32bit-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-client-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-libs-32bit-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): samba-client-libs-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-client-libs-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-debugsource-4.15.13+git.591.ab36624310c-150400.3.19.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): ctdb-4.15.13+git.591.ab36624310c-150400.3.19.1 ctdb-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-debuginfo-4.15.13+git.591.ab36624310c-150400.3.19.1 samba-debugsource-4.15.13+git.591.ab36624310c-150400.3.19.1 References: https://www.suse.com/security/cve/CVE-2021-20251.html https://www.suse.com/security/cve/CVE-2022-2031.html https://www.suse.com/security/cve/CVE-2022-32742.html https://www.suse.com/security/cve/CVE-2022-32744.html https://www.suse.com/security/cve/CVE-2022-32745.html https://www.suse.com/security/cve/CVE-2022-32746.html https://www.suse.com/security/cve/CVE-2022-3437.html https://www.suse.com/security/cve/CVE-2022-37966.html https://www.suse.com/security/cve/CVE-2022-37967.html https://www.suse.com/security/cve/CVE-2022-38023.html https://www.suse.com/security/cve/CVE-2022-42898.html https://bugzilla.suse.com/1200102 https://bugzilla.suse.com/1201490 https://bugzilla.suse.com/1201492 https://bugzilla.suse.com/1201493 https://bugzilla.suse.com/1201495 https://bugzilla.suse.com/1201496 https://bugzilla.suse.com/1201689 https://bugzilla.suse.com/1204254 https://bugzilla.suse.com/1205126 https://bugzilla.suse.com/1205385 https://bugzilla.suse.com/1205386 https://bugzilla.suse.com/1206504 https://bugzilla.suse.com/1206546 From sle-security-updates at lists.suse.com Thu Jan 26 20:27:05 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 21:27:05 +0100 (CET) Subject: SUSE-SU-2023:0161-1: moderate: Security update for python-py Message-ID: <20230126202705.86662FD89@maintenance.suse.de> SUSE Security Update: Security update for python-py ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0161-1 Rating: moderate References: #1204364 Cross-References: CVE-2022-42969 CVSS scores: CVE-2022-42969 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-42969 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-py fixes the following issues: - CVE-2022-42969: Fixed an excessive resource consumption that could be triggered when interacting with a Subversion repository containing crated data (bsc#1204364). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-161=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-161=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-161=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-161=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-161=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-161=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-161=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-161=1 Package List: - openSUSE Leap Micro 5.3 (noarch): python3-py-1.10.0-150100.5.12.1 - openSUSE Leap Micro 5.2 (noarch): python3-py-1.10.0-150100.5.12.1 - openSUSE Leap 15.4 (noarch): python3-py-1.10.0-150100.5.12.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): python3-py-1.10.0-150100.5.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-py-1.10.0-150100.5.12.1 - SUSE Linux Enterprise Micro 5.3 (noarch): python3-py-1.10.0-150100.5.12.1 - SUSE Linux Enterprise Micro 5.2 (noarch): python3-py-1.10.0-150100.5.12.1 - SUSE Linux Enterprise Micro 5.1 (noarch): python3-py-1.10.0-150100.5.12.1 References: https://www.suse.com/security/cve/CVE-2022-42969.html https://bugzilla.suse.com/1204364 From sle-security-updates at lists.suse.com Thu Jan 26 20:28:15 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 21:28:15 +0100 (CET) Subject: SUSE-SU-2023:0165-1: important: Security update for libXpm Message-ID: <20230126202815.AAFE2FD89@maintenance.suse.de> SUSE Security Update: Security update for libXpm ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0165-1 Rating: important References: #1207029 #1207030 #1207031 Cross-References: CVE-2022-44617 CVE-2022-46285 CVE-2022-4883 CVSS scores: CVE-2022-44617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-46285 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-4883 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libXpm fixes the following issues: - CVE-2022-46285: Fixed an infinite loop that could be triggered when reading a XPM image with a C-style comment that is never closed (bsc#1207029). - CVE-2022-44617: Fixed an excessive resource consumption that could be triggered when reading small crafted XPM image (bsc#1207030). - CVE-2022-4883: Fixed an issue that made decompression commands susceptible to PATH environment variable manipulation attacks (bsc#1207031). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-165=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-165=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-165=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-165=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-165=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-165=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-165=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libXpm-debugsource-3.5.11-6.7.1 libXpm4-3.5.11-6.7.1 libXpm4-32bit-3.5.11-6.7.1 libXpm4-debuginfo-3.5.11-6.7.1 libXpm4-debuginfo-32bit-3.5.11-6.7.1 - SUSE OpenStack Cloud 9 (x86_64): libXpm-debugsource-3.5.11-6.7.1 libXpm4-3.5.11-6.7.1 libXpm4-32bit-3.5.11-6.7.1 libXpm4-debuginfo-3.5.11-6.7.1 libXpm4-debuginfo-32bit-3.5.11-6.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libXpm-debugsource-3.5.11-6.7.1 libXpm-devel-3.5.11-6.7.1 libXpm-tools-3.5.11-6.7.1 libXpm-tools-debuginfo-3.5.11-6.7.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libXpm-debugsource-3.5.11-6.7.1 libXpm4-3.5.11-6.7.1 libXpm4-debuginfo-3.5.11-6.7.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libXpm4-32bit-3.5.11-6.7.1 libXpm4-debuginfo-32bit-3.5.11-6.7.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libXpm-debugsource-3.5.11-6.7.1 libXpm4-3.5.11-6.7.1 libXpm4-debuginfo-3.5.11-6.7.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libXpm4-32bit-3.5.11-6.7.1 libXpm4-debuginfo-32bit-3.5.11-6.7.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libXpm-debugsource-3.5.11-6.7.1 libXpm4-3.5.11-6.7.1 libXpm4-debuginfo-3.5.11-6.7.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libXpm4-32bit-3.5.11-6.7.1 libXpm4-debuginfo-32bit-3.5.11-6.7.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libXpm-debugsource-3.5.11-6.7.1 libXpm4-3.5.11-6.7.1 libXpm4-32bit-3.5.11-6.7.1 libXpm4-debuginfo-3.5.11-6.7.1 libXpm4-debuginfo-32bit-3.5.11-6.7.1 References: https://www.suse.com/security/cve/CVE-2022-44617.html https://www.suse.com/security/cve/CVE-2022-46285.html https://www.suse.com/security/cve/CVE-2022-4883.html https://bugzilla.suse.com/1207029 https://bugzilla.suse.com/1207030 https://bugzilla.suse.com/1207031 From sle-security-updates at lists.suse.com Thu Jan 26 20:29:35 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 21:29:35 +0100 (CET) Subject: SUSE-SU-2023:0166-1: important: Security update for bluez Message-ID: <20230126202935.C804EFD89@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0166-1 Rating: important References: #1203120 #1203121 Cross-References: CVE-2022-39176 CVE-2022-39177 CVSS scores: CVE-2022-39176 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-39176 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2022-39177 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-39177 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bluez fixes the following issues: - CVE-2022-39176: Fixed a memory safety issue that could allow physically proximate attackers to obtain sensitive information (bsc#1203121). - CVE-2022-39177: Fixed a memory safety issue that could allow physically proximate attackers to cause a denial of service (bsc#1203120). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-166=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-166=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2023-166=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-166=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-166=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-166=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-166=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-166=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): bluez-5.13-5.36.1 bluez-debuginfo-5.13-5.36.1 bluez-debugsource-5.13-5.36.1 libbluetooth3-5.13-5.36.1 libbluetooth3-debuginfo-5.13-5.36.1 - SUSE OpenStack Cloud 9 (x86_64): bluez-5.13-5.36.1 bluez-debuginfo-5.13-5.36.1 bluez-debugsource-5.13-5.36.1 libbluetooth3-5.13-5.36.1 libbluetooth3-debuginfo-5.13-5.36.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): bluez-cups-5.13-5.36.1 bluez-cups-debuginfo-5.13-5.36.1 bluez-debuginfo-5.13-5.36.1 bluez-debugsource-5.13-5.36.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.13-5.36.1 bluez-debugsource-5.13-5.36.1 bluez-devel-5.13-5.36.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): bluez-5.13-5.36.1 bluez-debuginfo-5.13-5.36.1 bluez-debugsource-5.13-5.36.1 libbluetooth3-5.13-5.36.1 libbluetooth3-debuginfo-5.13-5.36.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): bluez-5.13-5.36.1 bluez-debuginfo-5.13-5.36.1 bluez-debugsource-5.13-5.36.1 libbluetooth3-5.13-5.36.1 libbluetooth3-debuginfo-5.13-5.36.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): bluez-5.13-5.36.1 bluez-debuginfo-5.13-5.36.1 bluez-debugsource-5.13-5.36.1 libbluetooth3-5.13-5.36.1 libbluetooth3-debuginfo-5.13-5.36.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bluez-5.13-5.36.1 bluez-debuginfo-5.13-5.36.1 bluez-debugsource-5.13-5.36.1 libbluetooth3-5.13-5.36.1 libbluetooth3-debuginfo-5.13-5.36.1 References: https://www.suse.com/security/cve/CVE-2022-39176.html https://www.suse.com/security/cve/CVE-2022-39177.html https://bugzilla.suse.com/1203120 https://bugzilla.suse.com/1203121 From sle-security-updates at lists.suse.com Thu Jan 26 20:32:31 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 21:32:31 +0100 (CET) Subject: SUSE-SU-2023:0163-1: important: Security update for samba Message-ID: <20230126203231.9574DFD89@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0163-1 Rating: important References: #1205385 #1206504 #1206546 Cross-References: CVE-2021-20251 CVE-2022-37966 CVE-2022-38023 CVSS scores: CVE-2021-20251 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37966 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37966 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-38023 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-38023 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - CVE-2022-38023: Disabled weak ciphers by default in the Netlogon Secure channel (bsc#1206504). - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-163=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-163=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-163=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-163=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2023-163=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-163=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libndr0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 - openSUSE Leap 15.4 (x86_64): libndr0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libdcerpc-binding0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-binding0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-samr-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-samr0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-samr0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-policy-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-policy-python3-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-policy0-python3-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-policy0-python3-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbclient-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbclient0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbclient0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap2-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap2-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-ad-dc-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-ad-dc-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-client-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-client-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-core-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-debugsource-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-dsdb-modules-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-dsdb-modules-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-python3-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-python3-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-python3-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-python3-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-winbind-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-winbind-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap2-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap2-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-ceph-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-ceph-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-winbind-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-winbind-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-binding0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-samr-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-samr0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-samr0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-policy-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-policy-python3-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-policy0-python3-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-policy0-python3-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbclient-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbclient0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbclient0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap2-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap2-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-ad-dc-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-ad-dc-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-client-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-client-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-core-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-debugsource-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-dsdb-modules-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-dsdb-modules-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-python3-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-python3-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-python3-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-python3-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-winbind-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-winbind-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): samba-ceph-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-ceph-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libdcerpc-binding0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap2-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap2-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-winbind-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-winbind-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libdcerpc-binding0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-binding0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-samr-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-samr0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-samr0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-policy-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-policy-python3-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-policy0-python3-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-policy0-python3-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbclient-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbclient0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbclient0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap2-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap2-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-ad-dc-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-ad-dc-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-ceph-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-ceph-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-client-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-client-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-core-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-debugsource-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-dsdb-modules-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-dsdb-modules-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-python3-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-python3-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-python3-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-python3-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-winbind-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-winbind-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libdcerpc-binding0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap2-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap2-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-winbind-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-winbind-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ctdb-4.11.14+git.384.5dc2c21dce-150200.4.44.1 ctdb-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-debugsource-4.11.14+git.384.5dc2c21dce-150200.4.44.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libdcerpc-binding0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-binding0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-samr-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-samr0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-samr0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-policy-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-policy-python3-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-policy0-python3-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-policy0-python3-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbclient-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbclient0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbclient0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap2-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap2-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient0-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient0-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-ad-dc-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-ad-dc-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-ceph-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-ceph-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-client-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-client-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-core-devel-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-debugsource-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-dsdb-modules-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-dsdb-modules-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-python3-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-python3-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-python3-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-python3-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-winbind-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-winbind-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 - SUSE Enterprise Storage 7 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libdcerpc0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-nbt0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr-standard0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libndr0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libnetapi0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-credentials0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-errors0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-passdb0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamba-util0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsamdb0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbconf0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap2-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libsmbldap2-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libtevent-util0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient0-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 libwbclient0-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-libs-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-winbind-32bit-4.11.14+git.384.5dc2c21dce-150200.4.44.1 samba-winbind-32bit-debuginfo-4.11.14+git.384.5dc2c21dce-150200.4.44.1 References: https://www.suse.com/security/cve/CVE-2021-20251.html https://www.suse.com/security/cve/CVE-2022-37966.html https://www.suse.com/security/cve/CVE-2022-38023.html https://bugzilla.suse.com/1205385 https://bugzilla.suse.com/1206504 https://bugzilla.suse.com/1206546 From sle-security-updates at lists.suse.com Thu Jan 26 20:33:50 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 21:33:50 +0100 (CET) Subject: SUSE-SU-2023:0170-1: important: Security update for xen Message-ID: <20230126203350.2EC3AFD89@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0170-1 Rating: important References: #1027519 #1205209 Cross-References: CVE-2022-23824 CVSS scores: CVE-2022-23824 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-23824 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative security issues (bsc#1205209). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-170=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-170=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-170=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-170=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-170=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-170=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-170=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-170=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-170=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-170=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-170=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-170=1 Package List: - openSUSE Leap Micro 5.2 (x86_64): xen-debugsource-4.14.5_10-150300.3.45.1 xen-libs-4.14.5_10-150300.3.45.1 xen-libs-debuginfo-4.14.5_10-150300.3.45.1 - SUSE Manager Server 4.2 (noarch): xen-tools-xendomains-wait-disk-4.14.5_10-150300.3.45.1 - SUSE Manager Server 4.2 (x86_64): xen-4.14.5_10-150300.3.45.1 xen-debugsource-4.14.5_10-150300.3.45.1 xen-devel-4.14.5_10-150300.3.45.1 xen-libs-4.14.5_10-150300.3.45.1 xen-libs-debuginfo-4.14.5_10-150300.3.45.1 xen-tools-4.14.5_10-150300.3.45.1 xen-tools-debuginfo-4.14.5_10-150300.3.45.1 xen-tools-domU-4.14.5_10-150300.3.45.1 xen-tools-domU-debuginfo-4.14.5_10-150300.3.45.1 - SUSE Manager Retail Branch Server 4.2 (noarch): xen-tools-xendomains-wait-disk-4.14.5_10-150300.3.45.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): xen-4.14.5_10-150300.3.45.1 xen-debugsource-4.14.5_10-150300.3.45.1 xen-devel-4.14.5_10-150300.3.45.1 xen-libs-4.14.5_10-150300.3.45.1 xen-libs-debuginfo-4.14.5_10-150300.3.45.1 xen-tools-4.14.5_10-150300.3.45.1 xen-tools-debuginfo-4.14.5_10-150300.3.45.1 xen-tools-domU-4.14.5_10-150300.3.45.1 xen-tools-domU-debuginfo-4.14.5_10-150300.3.45.1 - SUSE Manager Proxy 4.2 (x86_64): xen-4.14.5_10-150300.3.45.1 xen-debugsource-4.14.5_10-150300.3.45.1 xen-devel-4.14.5_10-150300.3.45.1 xen-libs-4.14.5_10-150300.3.45.1 xen-libs-debuginfo-4.14.5_10-150300.3.45.1 xen-tools-4.14.5_10-150300.3.45.1 xen-tools-debuginfo-4.14.5_10-150300.3.45.1 xen-tools-domU-4.14.5_10-150300.3.45.1 xen-tools-domU-debuginfo-4.14.5_10-150300.3.45.1 - SUSE Manager Proxy 4.2 (noarch): xen-tools-xendomains-wait-disk-4.14.5_10-150300.3.45.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): xen-4.14.5_10-150300.3.45.1 xen-debugsource-4.14.5_10-150300.3.45.1 xen-devel-4.14.5_10-150300.3.45.1 xen-libs-4.14.5_10-150300.3.45.1 xen-libs-debuginfo-4.14.5_10-150300.3.45.1 xen-tools-4.14.5_10-150300.3.45.1 xen-tools-debuginfo-4.14.5_10-150300.3.45.1 xen-tools-domU-4.14.5_10-150300.3.45.1 xen-tools-domU-debuginfo-4.14.5_10-150300.3.45.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): xen-tools-xendomains-wait-disk-4.14.5_10-150300.3.45.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): xen-tools-xendomains-wait-disk-4.14.5_10-150300.3.45.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (x86_64): xen-4.14.5_10-150300.3.45.1 xen-debugsource-4.14.5_10-150300.3.45.1 xen-devel-4.14.5_10-150300.3.45.1 xen-libs-4.14.5_10-150300.3.45.1 xen-libs-debuginfo-4.14.5_10-150300.3.45.1 xen-tools-4.14.5_10-150300.3.45.1 xen-tools-debuginfo-4.14.5_10-150300.3.45.1 xen-tools-domU-4.14.5_10-150300.3.45.1 xen-tools-domU-debuginfo-4.14.5_10-150300.3.45.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): xen-4.14.5_10-150300.3.45.1 xen-debugsource-4.14.5_10-150300.3.45.1 xen-devel-4.14.5_10-150300.3.45.1 xen-libs-4.14.5_10-150300.3.45.1 xen-libs-debuginfo-4.14.5_10-150300.3.45.1 xen-tools-4.14.5_10-150300.3.45.1 xen-tools-debuginfo-4.14.5_10-150300.3.45.1 xen-tools-domU-4.14.5_10-150300.3.45.1 xen-tools-domU-debuginfo-4.14.5_10-150300.3.45.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): xen-tools-xendomains-wait-disk-4.14.5_10-150300.3.45.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): xen-debugsource-4.14.5_10-150300.3.45.1 xen-libs-4.14.5_10-150300.3.45.1 xen-libs-debuginfo-4.14.5_10-150300.3.45.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): xen-debugsource-4.14.5_10-150300.3.45.1 xen-libs-4.14.5_10-150300.3.45.1 xen-libs-debuginfo-4.14.5_10-150300.3.45.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (x86_64): xen-4.14.5_10-150300.3.45.1 xen-debugsource-4.14.5_10-150300.3.45.1 xen-devel-4.14.5_10-150300.3.45.1 xen-libs-4.14.5_10-150300.3.45.1 xen-libs-debuginfo-4.14.5_10-150300.3.45.1 xen-tools-4.14.5_10-150300.3.45.1 xen-tools-debuginfo-4.14.5_10-150300.3.45.1 xen-tools-domU-4.14.5_10-150300.3.45.1 xen-tools-domU-debuginfo-4.14.5_10-150300.3.45.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): xen-tools-xendomains-wait-disk-4.14.5_10-150300.3.45.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): xen-tools-xendomains-wait-disk-4.14.5_10-150300.3.45.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (x86_64): xen-4.14.5_10-150300.3.45.1 xen-debugsource-4.14.5_10-150300.3.45.1 xen-devel-4.14.5_10-150300.3.45.1 xen-libs-4.14.5_10-150300.3.45.1 xen-libs-debuginfo-4.14.5_10-150300.3.45.1 xen-tools-4.14.5_10-150300.3.45.1 xen-tools-debuginfo-4.14.5_10-150300.3.45.1 xen-tools-domU-4.14.5_10-150300.3.45.1 xen-tools-domU-debuginfo-4.14.5_10-150300.3.45.1 - SUSE Enterprise Storage 7.1 (x86_64): xen-4.14.5_10-150300.3.45.1 xen-debugsource-4.14.5_10-150300.3.45.1 xen-devel-4.14.5_10-150300.3.45.1 xen-libs-4.14.5_10-150300.3.45.1 xen-libs-debuginfo-4.14.5_10-150300.3.45.1 xen-tools-4.14.5_10-150300.3.45.1 xen-tools-debuginfo-4.14.5_10-150300.3.45.1 xen-tools-domU-4.14.5_10-150300.3.45.1 xen-tools-domU-debuginfo-4.14.5_10-150300.3.45.1 - SUSE Enterprise Storage 7.1 (noarch): xen-tools-xendomains-wait-disk-4.14.5_10-150300.3.45.1 References: https://www.suse.com/security/cve/CVE-2022-23824.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1205209 From sle-security-updates at lists.suse.com Thu Jan 26 20:34:55 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 21:34:55 +0100 (CET) Subject: SUSE-SU-2023:0173-1: important: Security update for xterm Message-ID: <20230126203455.0F3E7FD2D@maintenance.suse.de> SUSE Security Update: Security update for xterm ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0173-1 Rating: important References: #1205305 Cross-References: CVE-2022-45063 CVSS scores: CVE-2022-45063 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-45063 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xterm fixes the following issues: - CVE-2022-45063: Fixed an arbitrary code execution issue under configurations using vi and zsh (bsc#1205305). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-173=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-173=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-173=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-173=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): xterm-330-150000.4.6.1 xterm-bin-330-150000.4.6.1 xterm-bin-debuginfo-330-150000.4.6.1 xterm-debugsource-330-150000.4.6.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): xterm-330-150000.4.6.1 xterm-bin-330-150000.4.6.1 xterm-bin-debuginfo-330-150000.4.6.1 xterm-debugsource-330-150000.4.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): xterm-330-150000.4.6.1 xterm-bin-330-150000.4.6.1 xterm-bin-debuginfo-330-150000.4.6.1 xterm-debugsource-330-150000.4.6.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): xterm-330-150000.4.6.1 xterm-bin-330-150000.4.6.1 xterm-bin-debuginfo-330-150000.4.6.1 xterm-debugsource-330-150000.4.6.1 - SUSE CaaS Platform 4.0 (x86_64): xterm-330-150000.4.6.1 xterm-bin-330-150000.4.6.1 xterm-bin-debuginfo-330-150000.4.6.1 xterm-debugsource-330-150000.4.6.1 References: https://www.suse.com/security/cve/CVE-2022-45063.html https://bugzilla.suse.com/1205305 From sle-security-updates at lists.suse.com Thu Jan 26 20:35:51 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 21:35:51 +0100 (CET) Subject: SUSE-SU-2023:0167-1: moderate: Security update for bluez Message-ID: <20230126203551.01CA2FD2D@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0167-1 Rating: moderate References: #1204426 Cross-References: CVE-2022-3563 CVSS scores: CVE-2022-3563 (NVD) : 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-3563 (SUSE): 5.3 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for bluez fixes the following issues: - CVE-2022-3563: Fixed a potential crash in the mgmt-tester tool (bsc#1204426). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-167=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-167=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-167=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-167=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): bluez-5.62-150400.4.8.1 bluez-cups-5.62-150400.4.8.1 bluez-cups-debuginfo-5.62-150400.4.8.1 bluez-debuginfo-5.62-150400.4.8.1 bluez-debugsource-5.62-150400.4.8.1 bluez-deprecated-5.62-150400.4.8.1 bluez-deprecated-debuginfo-5.62-150400.4.8.1 bluez-devel-5.62-150400.4.8.1 bluez-test-5.62-150400.4.8.1 bluez-test-debuginfo-5.62-150400.4.8.1 libbluetooth3-5.62-150400.4.8.1 libbluetooth3-debuginfo-5.62-150400.4.8.1 - openSUSE Leap 15.4 (x86_64): bluez-devel-32bit-5.62-150400.4.8.1 libbluetooth3-32bit-5.62-150400.4.8.1 libbluetooth3-32bit-debuginfo-5.62-150400.4.8.1 - openSUSE Leap 15.4 (noarch): bluez-auto-enable-devices-5.62-150400.4.8.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): bluez-cups-5.62-150400.4.8.1 bluez-cups-debuginfo-5.62-150400.4.8.1 bluez-debuginfo-5.62-150400.4.8.1 bluez-debugsource-5.62-150400.4.8.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): bluez-debuginfo-5.62-150400.4.8.1 bluez-debugsource-5.62-150400.4.8.1 bluez-devel-5.62-150400.4.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): bluez-5.62-150400.4.8.1 bluez-debuginfo-5.62-150400.4.8.1 bluez-debugsource-5.62-150400.4.8.1 bluez-deprecated-5.62-150400.4.8.1 bluez-deprecated-debuginfo-5.62-150400.4.8.1 libbluetooth3-5.62-150400.4.8.1 libbluetooth3-debuginfo-5.62-150400.4.8.1 References: https://www.suse.com/security/cve/CVE-2022-3563.html https://bugzilla.suse.com/1204426 From sle-security-updates at lists.suse.com Thu Jan 26 20:36:55 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 21:36:55 +0100 (CET) Subject: SUSE-SU-2023:0168-1: important: Security update for bluez Message-ID: <20230126203655.3D506FD2D@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0168-1 Rating: important References: #1203120 #1203121 Cross-References: CVE-2022-39176 CVE-2022-39177 CVSS scores: CVE-2022-39176 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-39176 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2022-39177 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-39177 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bluez fixes the following issues: - CVE-2022-39176: Fixed a memory safety issue that could allow physically proximate attackers to obtain sensitive information (bsc#1203121). - CVE-2022-39177: Fixed a memory safety issue that could allow physically proximate attackers to cause a denial of service (bsc#1203120). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-168=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-168=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-168=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-168=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-168=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-168=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-168=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-168=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-168=1 Package List: - SUSE Manager Server 4.2 (ppc64le s390x x86_64): bluez-5.55-150300.3.19.1 bluez-debuginfo-5.55-150300.3.19.1 bluez-debugsource-5.55-150300.3.19.1 bluez-deprecated-5.55-150300.3.19.1 bluez-deprecated-debuginfo-5.55-150300.3.19.1 libbluetooth3-5.55-150300.3.19.1 libbluetooth3-debuginfo-5.55-150300.3.19.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): bluez-5.55-150300.3.19.1 bluez-debuginfo-5.55-150300.3.19.1 bluez-debugsource-5.55-150300.3.19.1 bluez-deprecated-5.55-150300.3.19.1 bluez-deprecated-debuginfo-5.55-150300.3.19.1 libbluetooth3-5.55-150300.3.19.1 libbluetooth3-debuginfo-5.55-150300.3.19.1 - SUSE Manager Proxy 4.2 (x86_64): bluez-5.55-150300.3.19.1 bluez-debuginfo-5.55-150300.3.19.1 bluez-debugsource-5.55-150300.3.19.1 bluez-deprecated-5.55-150300.3.19.1 bluez-deprecated-debuginfo-5.55-150300.3.19.1 libbluetooth3-5.55-150300.3.19.1 libbluetooth3-debuginfo-5.55-150300.3.19.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): bluez-5.55-150300.3.19.1 bluez-debuginfo-5.55-150300.3.19.1 bluez-debugsource-5.55-150300.3.19.1 bluez-deprecated-5.55-150300.3.19.1 bluez-deprecated-debuginfo-5.55-150300.3.19.1 bluez-devel-5.55-150300.3.19.1 libbluetooth3-5.55-150300.3.19.1 libbluetooth3-debuginfo-5.55-150300.3.19.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): bluez-5.55-150300.3.19.1 bluez-debuginfo-5.55-150300.3.19.1 bluez-debugsource-5.55-150300.3.19.1 bluez-deprecated-5.55-150300.3.19.1 bluez-deprecated-debuginfo-5.55-150300.3.19.1 bluez-devel-5.55-150300.3.19.1 libbluetooth3-5.55-150300.3.19.1 libbluetooth3-debuginfo-5.55-150300.3.19.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): bluez-5.55-150300.3.19.1 bluez-debuginfo-5.55-150300.3.19.1 bluez-debugsource-5.55-150300.3.19.1 bluez-deprecated-5.55-150300.3.19.1 bluez-deprecated-debuginfo-5.55-150300.3.19.1 bluez-devel-5.55-150300.3.19.1 libbluetooth3-5.55-150300.3.19.1 libbluetooth3-debuginfo-5.55-150300.3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): bluez-5.55-150300.3.19.1 bluez-debuginfo-5.55-150300.3.19.1 bluez-debugsource-5.55-150300.3.19.1 bluez-deprecated-5.55-150300.3.19.1 bluez-deprecated-debuginfo-5.55-150300.3.19.1 bluez-devel-5.55-150300.3.19.1 libbluetooth3-5.55-150300.3.19.1 libbluetooth3-debuginfo-5.55-150300.3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): bluez-5.55-150300.3.19.1 bluez-debuginfo-5.55-150300.3.19.1 bluez-debugsource-5.55-150300.3.19.1 bluez-deprecated-5.55-150300.3.19.1 bluez-deprecated-debuginfo-5.55-150300.3.19.1 bluez-devel-5.55-150300.3.19.1 libbluetooth3-5.55-150300.3.19.1 libbluetooth3-debuginfo-5.55-150300.3.19.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): bluez-5.55-150300.3.19.1 bluez-debuginfo-5.55-150300.3.19.1 bluez-debugsource-5.55-150300.3.19.1 bluez-deprecated-5.55-150300.3.19.1 bluez-deprecated-debuginfo-5.55-150300.3.19.1 bluez-devel-5.55-150300.3.19.1 libbluetooth3-5.55-150300.3.19.1 libbluetooth3-debuginfo-5.55-150300.3.19.1 References: https://www.suse.com/security/cve/CVE-2022-39176.html https://www.suse.com/security/cve/CVE-2022-39177.html https://bugzilla.suse.com/1203120 https://bugzilla.suse.com/1203121 From sle-security-updates at lists.suse.com Thu Jan 26 20:38:04 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 21:38:04 +0100 (CET) Subject: SUSE-SU-2023:0164-1: important: Security update for samba Message-ID: <20230126203804.2FEFDFD2D@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0164-1 Rating: important References: #1205385 #1206504 #1206546 Cross-References: CVE-2021-20251 CVE-2022-37966 CVE-2022-38023 CVSS scores: CVE-2021-20251 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37966 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-37966 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-38023 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-38023 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). - CVE-2022-37966: Fixed an issue where a weak cipher would be selected to encrypt session keys, which could lead to privilege escalation (bsc#1205385). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-164=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-164=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2023-164=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libsamba-policy-devel-4.15.13+git.534.0d9f8ece26-3.77.1 libsamba-policy-python3-devel-4.15.13+git.534.0d9f8ece26-3.77.1 samba-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-debugsource-4.15.13+git.534.0d9f8ece26-3.77.1 samba-devel-4.15.13+git.534.0d9f8ece26-3.77.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (s390x x86_64): samba-devel-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsamba-policy0-python3-4.15.13+git.534.0d9f8ece26-3.77.1 libsamba-policy0-python3-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-4.15.13+git.534.0d9f8ece26-3.77.1 samba-client-4.15.13+git.534.0d9f8ece26-3.77.1 samba-client-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-client-libs-4.15.13+git.534.0d9f8ece26-3.77.1 samba-client-libs-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-debugsource-4.15.13+git.534.0d9f8ece26-3.77.1 samba-ldb-ldap-4.15.13+git.534.0d9f8ece26-3.77.1 samba-ldb-ldap-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-python3-4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-python3-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-python3-4.15.13+git.534.0d9f8ece26-3.77.1 samba-python3-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-tool-4.15.13+git.534.0d9f8ece26-3.77.1 samba-winbind-4.15.13+git.534.0d9f8ece26-3.77.1 samba-winbind-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-winbind-libs-4.15.13+git.534.0d9f8ece26-3.77.1 samba-winbind-libs-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsamba-policy0-python3-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 libsamba-policy0-python3-debuginfo-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-client-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-client-debuginfo-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-client-libs-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-client-libs-debuginfo-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-debuginfo-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-python3-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-libs-python3-debuginfo-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-winbind-libs-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 samba-winbind-libs-debuginfo-32bit-4.15.13+git.534.0d9f8ece26-3.77.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64): samba-devel-4.15.13+git.534.0d9f8ece26-3.77.1 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): libsamba-policy-python3-devel-4.15.13+git.534.0d9f8ece26-3.77.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): samba-doc-4.15.13+git.534.0d9f8ece26-3.77.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ctdb-4.15.13+git.534.0d9f8ece26-3.77.1 ctdb-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-debuginfo-4.15.13+git.534.0d9f8ece26-3.77.1 samba-debugsource-4.15.13+git.534.0d9f8ece26-3.77.1 References: https://www.suse.com/security/cve/CVE-2021-20251.html https://www.suse.com/security/cve/CVE-2022-37966.html https://www.suse.com/security/cve/CVE-2022-38023.html https://bugzilla.suse.com/1205385 https://bugzilla.suse.com/1206504 https://bugzilla.suse.com/1206546 From sle-security-updates at lists.suse.com Thu Jan 26 20:39:04 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 21:39:04 +0100 (CET) Subject: SUSE-SU-2023:0169-1: important: Security update for xen Message-ID: <20230126203904.E5A0CFD2D@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0169-1 Rating: important References: #1027519 #1205209 Cross-References: CVE-2022-23824 CVSS scores: CVE-2022-23824 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-23824 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209). Non-security fixes: - Updated to version 4.16.3 (bsc#1027519). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-169=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-169=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-169=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-169=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-169=1 Package List: - openSUSE Leap Micro 5.3 (x86_64): xen-debugsource-4.16.3_02-150400.4.19.1 xen-libs-4.16.3_02-150400.4.19.1 xen-libs-debuginfo-4.16.3_02-150400.4.19.1 - openSUSE Leap 15.4 (aarch64 x86_64): xen-4.16.3_02-150400.4.19.1 xen-debugsource-4.16.3_02-150400.4.19.1 xen-devel-4.16.3_02-150400.4.19.1 xen-doc-html-4.16.3_02-150400.4.19.1 xen-libs-4.16.3_02-150400.4.19.1 xen-libs-debuginfo-4.16.3_02-150400.4.19.1 xen-tools-4.16.3_02-150400.4.19.1 xen-tools-debuginfo-4.16.3_02-150400.4.19.1 xen-tools-domU-4.16.3_02-150400.4.19.1 xen-tools-domU-debuginfo-4.16.3_02-150400.4.19.1 - openSUSE Leap 15.4 (noarch): xen-tools-xendomains-wait-disk-4.16.3_02-150400.4.19.1 - openSUSE Leap 15.4 (x86_64): xen-libs-32bit-4.16.3_02-150400.4.19.1 xen-libs-32bit-debuginfo-4.16.3_02-150400.4.19.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): xen-tools-xendomains-wait-disk-4.16.3_02-150400.4.19.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (x86_64): xen-4.16.3_02-150400.4.19.1 xen-debugsource-4.16.3_02-150400.4.19.1 xen-devel-4.16.3_02-150400.4.19.1 xen-tools-4.16.3_02-150400.4.19.1 xen-tools-debuginfo-4.16.3_02-150400.4.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): xen-debugsource-4.16.3_02-150400.4.19.1 xen-libs-4.16.3_02-150400.4.19.1 xen-libs-debuginfo-4.16.3_02-150400.4.19.1 xen-tools-domU-4.16.3_02-150400.4.19.1 xen-tools-domU-debuginfo-4.16.3_02-150400.4.19.1 - SUSE Linux Enterprise Micro 5.3 (x86_64): xen-debugsource-4.16.3_02-150400.4.19.1 xen-libs-4.16.3_02-150400.4.19.1 xen-libs-debuginfo-4.16.3_02-150400.4.19.1 References: https://www.suse.com/security/cve/CVE-2022-23824.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1205209 From sle-security-updates at lists.suse.com Thu Jan 26 20:39:59 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 21:39:59 +0100 (CET) Subject: SUSE-SU-2023:0172-1: moderate: Security update for ffmpeg-4 Message-ID: <20230126203959.2BB5DFD2D@maintenance.suse.de> SUSE Security Update: Security update for ffmpeg-4 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0172-1 Rating: moderate References: #1206778 Cross-References: CVE-2022-3341 CVSS scores: CVE-2022-3341 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3341 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for ffmpeg-4 fixes the following issues: - CVE-2022-3341: Fixed a potential crash when processing a crafted NUT stream (bsc#1206778). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-172=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-172=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-172=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-172=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ffmpeg-4-4.4-150400.3.11.1 ffmpeg-4-debuginfo-4.4-150400.3.11.1 ffmpeg-4-debugsource-4.4-150400.3.11.1 ffmpeg-4-libavcodec-devel-4.4-150400.3.11.1 ffmpeg-4-libavdevice-devel-4.4-150400.3.11.1 ffmpeg-4-libavfilter-devel-4.4-150400.3.11.1 ffmpeg-4-libavformat-devel-4.4-150400.3.11.1 ffmpeg-4-libavresample-devel-4.4-150400.3.11.1 ffmpeg-4-libavutil-devel-4.4-150400.3.11.1 ffmpeg-4-libpostproc-devel-4.4-150400.3.11.1 ffmpeg-4-libswresample-devel-4.4-150400.3.11.1 ffmpeg-4-libswscale-devel-4.4-150400.3.11.1 ffmpeg-4-private-devel-4.4-150400.3.11.1 libavcodec58_134-4.4-150400.3.11.1 libavcodec58_134-debuginfo-4.4-150400.3.11.1 libavdevice58_13-4.4-150400.3.11.1 libavdevice58_13-debuginfo-4.4-150400.3.11.1 libavfilter7_110-4.4-150400.3.11.1 libavfilter7_110-debuginfo-4.4-150400.3.11.1 libavformat58_76-4.4-150400.3.11.1 libavformat58_76-debuginfo-4.4-150400.3.11.1 libavresample4_0-4.4-150400.3.11.1 libavresample4_0-debuginfo-4.4-150400.3.11.1 libavutil56_70-4.4-150400.3.11.1 libavutil56_70-debuginfo-4.4-150400.3.11.1 libpostproc55_9-4.4-150400.3.11.1 libpostproc55_9-debuginfo-4.4-150400.3.11.1 libswresample3_9-4.4-150400.3.11.1 libswresample3_9-debuginfo-4.4-150400.3.11.1 libswscale5_9-4.4-150400.3.11.1 libswscale5_9-debuginfo-4.4-150400.3.11.1 - openSUSE Leap 15.4 (x86_64): libavcodec58_134-32bit-4.4-150400.3.11.1 libavcodec58_134-32bit-debuginfo-4.4-150400.3.11.1 libavdevice58_13-32bit-4.4-150400.3.11.1 libavdevice58_13-32bit-debuginfo-4.4-150400.3.11.1 libavfilter7_110-32bit-4.4-150400.3.11.1 libavfilter7_110-32bit-debuginfo-4.4-150400.3.11.1 libavformat58_76-32bit-4.4-150400.3.11.1 libavformat58_76-32bit-debuginfo-4.4-150400.3.11.1 libavresample4_0-32bit-4.4-150400.3.11.1 libavresample4_0-32bit-debuginfo-4.4-150400.3.11.1 libavutil56_70-32bit-4.4-150400.3.11.1 libavutil56_70-32bit-debuginfo-4.4-150400.3.11.1 libpostproc55_9-32bit-4.4-150400.3.11.1 libpostproc55_9-32bit-debuginfo-4.4-150400.3.11.1 libswresample3_9-32bit-4.4-150400.3.11.1 libswresample3_9-32bit-debuginfo-4.4-150400.3.11.1 libswscale5_9-32bit-4.4-150400.3.11.1 libswscale5_9-32bit-debuginfo-4.4-150400.3.11.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): ffmpeg-4-debuginfo-4.4-150400.3.11.1 ffmpeg-4-debugsource-4.4-150400.3.11.1 libavformat58_76-4.4-150400.3.11.1 libavformat58_76-debuginfo-4.4-150400.3.11.1 libswscale5_9-4.4-150400.3.11.1 libswscale5_9-debuginfo-4.4-150400.3.11.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): ffmpeg-4-debuginfo-4.4-150400.3.11.1 ffmpeg-4-debugsource-4.4-150400.3.11.1 libavformat58_76-4.4-150400.3.11.1 libavformat58_76-debuginfo-4.4-150400.3.11.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): ffmpeg-4-debuginfo-4.4-150400.3.11.1 ffmpeg-4-debugsource-4.4-150400.3.11.1 libavcodec58_134-4.4-150400.3.11.1 libavcodec58_134-debuginfo-4.4-150400.3.11.1 libavformat58_76-4.4-150400.3.11.1 libavformat58_76-debuginfo-4.4-150400.3.11.1 libavutil56_70-4.4-150400.3.11.1 libavutil56_70-debuginfo-4.4-150400.3.11.1 libpostproc55_9-4.4-150400.3.11.1 libpostproc55_9-debuginfo-4.4-150400.3.11.1 libswresample3_9-4.4-150400.3.11.1 libswresample3_9-debuginfo-4.4-150400.3.11.1 References: https://www.suse.com/security/cve/CVE-2022-3341.html https://bugzilla.suse.com/1206778 From sle-security-updates at lists.suse.com Thu Jan 26 20:41:10 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 21:41:10 +0100 (CET) Subject: SUSE-SU-2023:0162-1: important: Security update for samba Message-ID: <20230126204110.44E0BFD2D@maintenance.suse.de> SUSE Security Update: Security update for samba ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0162-1 Rating: important References: #1206504 #1206546 Cross-References: CVE-2021-20251 CVE-2022-38023 CVSS scores: CVE-2021-20251 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-38023 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-38023 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for samba fixes the following issues: - CVE-2021-20251: Fixed an issue where the bad password count would not be properly incremented, which could allow attackers to brute force a user's password (bsc#1206546). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-162=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-162=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-162=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-162=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-162=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-162=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-162=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-162=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-162=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-162=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2023-162=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-162=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): samba-client-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debugsource-4.15.13+git.591.ab36624310c-150300.3.49.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): libsamba-policy-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy-python3-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy0-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy0-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debugsource-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-dsdb-modules-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-dsdb-modules-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-gpupdate-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ldb-ldap-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ldb-ldap-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-tool-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 - SUSE Manager Server 4.2 (x86_64): samba-ad-dc-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ceph-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ceph-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-devel-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): libsamba-policy-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy-python3-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy0-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy0-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ceph-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ceph-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debugsource-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-devel-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-dsdb-modules-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-dsdb-modules-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-gpupdate-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ldb-ldap-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ldb-ldap-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-tool-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 - SUSE Manager Proxy 4.2 (x86_64): libsamba-policy-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy-python3-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy0-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy0-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ceph-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ceph-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debugsource-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-devel-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-dsdb-modules-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-dsdb-modules-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-gpupdate-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ldb-ldap-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ldb-ldap-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-tool-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): libsamba-policy-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy-python3-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy0-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy0-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debugsource-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-dsdb-modules-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-dsdb-modules-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-gpupdate-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ldb-ldap-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ldb-ldap-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-tool-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): samba-ad-dc-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ceph-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ceph-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-devel-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): libsamba-policy-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy-python3-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy0-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy0-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debugsource-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-dsdb-modules-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-dsdb-modules-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-gpupdate-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ldb-ldap-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ldb-ldap-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-tool-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 x86_64): samba-ceph-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ceph-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (x86_64): samba-ad-dc-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-devel-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): libsamba-policy-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy-python3-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy0-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy0-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ceph-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ceph-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debugsource-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-devel-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-dsdb-modules-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-dsdb-modules-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-gpupdate-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ldb-ldap-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ldb-ldap-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-tool-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): samba-client-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debugsource-4.15.13+git.591.ab36624310c-150300.3.49.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): libsamba-policy-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy-python3-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy0-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy0-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ceph-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ceph-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debugsource-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-dsdb-modules-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-dsdb-modules-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-gpupdate-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ldb-ldap-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ldb-ldap-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-tool-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (x86_64): samba-ad-dc-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-devel-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): libsamba-policy-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy-python3-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy0-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy0-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ceph-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ceph-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debugsource-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-dsdb-modules-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-dsdb-modules-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-gpupdate-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ldb-ldap-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ldb-ldap-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-tool-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (x86_64): samba-ad-dc-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-devel-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ctdb-4.15.13+git.591.ab36624310c-150300.3.49.1 ctdb-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debugsource-4.15.13+git.591.ab36624310c-150300.3.49.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): ctdb-4.15.13+git.591.ab36624310c-150300.3.49.1 ctdb-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy-python3-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy0-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 libsamba-policy0-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ceph-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ceph-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-debugsource-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-devel-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-dsdb-modules-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-dsdb-modules-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-gpupdate-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ldb-ldap-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ldb-ldap-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-python3-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-python3-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-tool-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 - SUSE Enterprise Storage 7.1 (x86_64): samba-ad-dc-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-ad-dc-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-client-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-devel-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-32bit-4.15.13+git.591.ab36624310c-150300.3.49.1 samba-winbind-libs-32bit-debuginfo-4.15.13+git.591.ab36624310c-150300.3.49.1 References: https://www.suse.com/security/cve/CVE-2021-20251.html https://www.suse.com/security/cve/CVE-2022-38023.html https://bugzilla.suse.com/1206504 https://bugzilla.suse.com/1206546 From sle-security-updates at lists.suse.com Thu Jan 26 20:42:26 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 21:42:26 +0100 (CET) Subject: SUSE-SU-2023:0155-1: important: Security update for bluez Message-ID: <20230126204226.5585AFD2D@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0155-1 Rating: important References: #1203120 #1203121 Cross-References: CVE-2022-39176 CVE-2022-39177 CVSS scores: CVE-2022-39176 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-39176 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2022-39177 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-39177 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bluez fixes the following issues: - CVE-2022-39176: Fixed a memory safety issue that could allow physically proximate attackers to obtain sensitive information (bsc#1203121). - CVE-2022-39177: Fixed a memory safety issue that could allow physically proximate attackers to cause a denial of service (bsc#1203120). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-155=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-155=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-155=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-155=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): bluez-5.48-150000.5.46.1 bluez-debuginfo-5.48-150000.5.46.1 bluez-debugsource-5.48-150000.5.46.1 bluez-devel-5.48-150000.5.46.1 libbluetooth3-5.48-150000.5.46.1 libbluetooth3-debuginfo-5.48-150000.5.46.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): bluez-5.48-150000.5.46.1 bluez-debuginfo-5.48-150000.5.46.1 bluez-debugsource-5.48-150000.5.46.1 bluez-devel-5.48-150000.5.46.1 libbluetooth3-5.48-150000.5.46.1 libbluetooth3-debuginfo-5.48-150000.5.46.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): bluez-5.48-150000.5.46.1 bluez-debuginfo-5.48-150000.5.46.1 bluez-debugsource-5.48-150000.5.46.1 bluez-devel-5.48-150000.5.46.1 libbluetooth3-5.48-150000.5.46.1 libbluetooth3-debuginfo-5.48-150000.5.46.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): bluez-5.48-150000.5.46.1 bluez-debuginfo-5.48-150000.5.46.1 bluez-debugsource-5.48-150000.5.46.1 bluez-devel-5.48-150000.5.46.1 libbluetooth3-5.48-150000.5.46.1 libbluetooth3-debuginfo-5.48-150000.5.46.1 - SUSE CaaS Platform 4.0 (x86_64): bluez-5.48-150000.5.46.1 bluez-debuginfo-5.48-150000.5.46.1 bluez-debugsource-5.48-150000.5.46.1 bluez-devel-5.48-150000.5.46.1 libbluetooth3-5.48-150000.5.46.1 libbluetooth3-debuginfo-5.48-150000.5.46.1 References: https://www.suse.com/security/cve/CVE-2022-39176.html https://www.suse.com/security/cve/CVE-2022-39177.html https://bugzilla.suse.com/1203120 https://bugzilla.suse.com/1203121 From sle-security-updates at lists.suse.com Thu Jan 26 20:43:57 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 21:43:57 +0100 (CET) Subject: SUSE-SU-2023:0171-1: important: Security update for libXpm Message-ID: <20230126204357.D45B3FD2D@maintenance.suse.de> SUSE Security Update: Security update for libXpm ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0171-1 Rating: important References: #1207029 #1207030 #1207031 Cross-References: CVE-2022-44617 CVE-2022-46285 CVE-2022-4883 CVSS scores: CVE-2022-44617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-46285 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-4883 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.2 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libXpm fixes the following issues: - CVE-2022-46285: Fixed an infinite loop that could be triggered when reading a XPM image with a C-style comment that is never closed (bsc#1207029). - CVE-2022-44617: Fixed an excessive resource consumption that could be triggered when reading small crafted XPM image (bsc#1207030). - CVE-2022-4883: Fixed an issue that made decompression commands susceptible to PATH environment variable manipulation attacks (bsc#1207031). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-171=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-171=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-171=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-171=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-171=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-171=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-171=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-171=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-171=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-171=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-171=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-171=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-171=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-171=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-171=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-171=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-171=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-171=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-171=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-171=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-171=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm-tools-3.5.12-150000.3.7.2 libXpm-tools-debuginfo-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 - openSUSE Leap 15.4 (x86_64): libXpm-devel-32bit-3.5.12-150000.3.7.2 libXpm4-32bit-3.5.12-150000.3.7.2 libXpm4-32bit-debuginfo-3.5.12-150000.3.7.2 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 - SUSE Manager Retail Branch Server 4.2 (x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 - SUSE Manager Proxy 4.2 (x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-tools-3.5.12-150000.3.7.2 libXpm-tools-debuginfo-3.5.12-150000.3.7.2 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm4-32bit-3.5.12-150000.3.7.2 libXpm4-32bit-debuginfo-3.5.12-150000.3.7.2 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 - SUSE CaaS Platform 4.0 (x86_64): libXpm-debugsource-3.5.12-150000.3.7.2 libXpm-devel-3.5.12-150000.3.7.2 libXpm4-3.5.12-150000.3.7.2 libXpm4-debuginfo-3.5.12-150000.3.7.2 References: https://www.suse.com/security/cve/CVE-2022-44617.html https://www.suse.com/security/cve/CVE-2022-46285.html https://www.suse.com/security/cve/CVE-2022-4883.html https://bugzilla.suse.com/1207029 https://bugzilla.suse.com/1207030 https://bugzilla.suse.com/1207031 From sle-security-updates at lists.suse.com Thu Jan 26 20:45:29 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 21:45:29 +0100 (CET) Subject: SUSE-SU-2023:0154-1: important: Security update for xen Message-ID: <20230126204529.DF8F3FD2D@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0154-1 Rating: important References: #1205209 Cross-References: CVE-2022-23824 CVSS scores: CVE-2022-23824 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-23824 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-154=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-154=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-154=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-154=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): xen-4.12.4_32-150100.3.83.1 xen-debugsource-4.12.4_32-150100.3.83.1 xen-devel-4.12.4_32-150100.3.83.1 xen-libs-4.12.4_32-150100.3.83.1 xen-libs-debuginfo-4.12.4_32-150100.3.83.1 xen-tools-4.12.4_32-150100.3.83.1 xen-tools-debuginfo-4.12.4_32-150100.3.83.1 xen-tools-domU-4.12.4_32-150100.3.83.1 xen-tools-domU-debuginfo-4.12.4_32-150100.3.83.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): xen-4.12.4_32-150100.3.83.1 xen-debugsource-4.12.4_32-150100.3.83.1 xen-devel-4.12.4_32-150100.3.83.1 xen-libs-4.12.4_32-150100.3.83.1 xen-libs-debuginfo-4.12.4_32-150100.3.83.1 xen-tools-4.12.4_32-150100.3.83.1 xen-tools-debuginfo-4.12.4_32-150100.3.83.1 xen-tools-domU-4.12.4_32-150100.3.83.1 xen-tools-domU-debuginfo-4.12.4_32-150100.3.83.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): xen-4.12.4_32-150100.3.83.1 xen-debugsource-4.12.4_32-150100.3.83.1 xen-devel-4.12.4_32-150100.3.83.1 xen-libs-4.12.4_32-150100.3.83.1 xen-libs-debuginfo-4.12.4_32-150100.3.83.1 xen-tools-4.12.4_32-150100.3.83.1 xen-tools-debuginfo-4.12.4_32-150100.3.83.1 xen-tools-domU-4.12.4_32-150100.3.83.1 xen-tools-domU-debuginfo-4.12.4_32-150100.3.83.1 - SUSE Enterprise Storage 6 (x86_64): xen-4.12.4_32-150100.3.83.1 xen-debugsource-4.12.4_32-150100.3.83.1 xen-devel-4.12.4_32-150100.3.83.1 xen-libs-4.12.4_32-150100.3.83.1 xen-libs-debuginfo-4.12.4_32-150100.3.83.1 xen-tools-4.12.4_32-150100.3.83.1 xen-tools-debuginfo-4.12.4_32-150100.3.83.1 xen-tools-domU-4.12.4_32-150100.3.83.1 xen-tools-domU-debuginfo-4.12.4_32-150100.3.83.1 - SUSE CaaS Platform 4.0 (x86_64): xen-4.12.4_32-150100.3.83.1 xen-debugsource-4.12.4_32-150100.3.83.1 xen-devel-4.12.4_32-150100.3.83.1 xen-libs-4.12.4_32-150100.3.83.1 xen-libs-debuginfo-4.12.4_32-150100.3.83.1 xen-tools-4.12.4_32-150100.3.83.1 xen-tools-debuginfo-4.12.4_32-150100.3.83.1 xen-tools-domU-4.12.4_32-150100.3.83.1 xen-tools-domU-debuginfo-4.12.4_32-150100.3.83.1 References: https://www.suse.com/security/cve/CVE-2022-23824.html https://bugzilla.suse.com/1205209 From sle-security-updates at lists.suse.com Thu Jan 26 20:46:21 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Thu, 26 Jan 2023 21:46:21 +0100 (CET) Subject: SUSE-SU-2023:0156-1: important: Security update for bluez Message-ID: <20230126204621.A95C4FD2D@maintenance.suse.de> SUSE Security Update: Security update for bluez ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0156-1 Rating: important References: #1203120 #1203121 Cross-References: CVE-2022-39176 CVE-2022-39177 CVSS scores: CVE-2022-39176 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-39176 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2022-39177 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-39177 (SUSE): 5.7 CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for bluez fixes the following issues: - CVE-2022-39176: Fixed a memory safety issue that could allow physically proximate attackers to obtain sensitive information (bsc#1203121). - CVE-2022-39177: Fixed a memory safety issue that could allow physically proximate attackers to cause a denial of service (bsc#1203120). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-156=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-156=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-156=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-156=1 Package List: - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): bluez-5.48-150200.13.22.1 bluez-debuginfo-5.48-150200.13.22.1 bluez-debugsource-5.48-150200.13.22.1 bluez-devel-5.48-150200.13.22.1 libbluetooth3-5.48-150200.13.22.1 libbluetooth3-debuginfo-5.48-150200.13.22.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): bluez-5.48-150200.13.22.1 bluez-debuginfo-5.48-150200.13.22.1 bluez-debugsource-5.48-150200.13.22.1 bluez-devel-5.48-150200.13.22.1 libbluetooth3-5.48-150200.13.22.1 libbluetooth3-debuginfo-5.48-150200.13.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): bluez-5.48-150200.13.22.1 bluez-debuginfo-5.48-150200.13.22.1 bluez-debugsource-5.48-150200.13.22.1 bluez-devel-5.48-150200.13.22.1 libbluetooth3-5.48-150200.13.22.1 libbluetooth3-debuginfo-5.48-150200.13.22.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): bluez-5.48-150200.13.22.1 bluez-debuginfo-5.48-150200.13.22.1 bluez-debugsource-5.48-150200.13.22.1 bluez-devel-5.48-150200.13.22.1 libbluetooth3-5.48-150200.13.22.1 libbluetooth3-debuginfo-5.48-150200.13.22.1 References: https://www.suse.com/security/cve/CVE-2022-39176.html https://www.suse.com/security/cve/CVE-2022-39177.html https://bugzilla.suse.com/1203120 https://bugzilla.suse.com/1203121 From sle-security-updates at lists.suse.com Thu Jan 26 23:24:47 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 27 Jan 2023 00:24:47 +0100 (CET) Subject: SUSE-SU-2022:1455-2: Security update for glib2 Message-ID: <20230126232447.7C20BFD2D@maintenance.suse.de> SUSE Security Update: Security update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1455-2 Rating: low References: #1183533 Cross-References: CVE-2021-28153 CVSS scores: CVE-2021-28153 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-28153 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-174=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-174=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-174=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-174=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-174=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-174=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-174=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-174=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-174=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-174=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-174=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-174=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-174=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-174=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): glib2-debugsource-2.62.6-150200.3.10.1 glib2-tools-2.62.6-150200.3.10.1 glib2-tools-debuginfo-2.62.6-150200.3.10.1 libgio-2_0-0-2.62.6-150200.3.10.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-2.62.6-150200.3.10.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-2.62.6-150200.3.10.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-2.62.6-150200.3.10.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): glib2-debugsource-2.62.6-150200.3.10.1 glib2-devel-2.62.6-150200.3.10.1 glib2-devel-debuginfo-2.62.6-150200.3.10.1 glib2-tools-2.62.6-150200.3.10.1 glib2-tools-debuginfo-2.62.6-150200.3.10.1 libgio-2_0-0-2.62.6-150200.3.10.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-2.62.6-150200.3.10.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-2.62.6-150200.3.10.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-2.62.6-150200.3.10.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgthread-2_0-0-2.62.6-150200.3.10.1 libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1 - SUSE Manager Server 4.2 (noarch): glib2-lang-2.62.6-150200.3.10.1 - SUSE Manager Server 4.2 (x86_64): libgio-2_0-0-32bit-2.62.6-150200.3.10.1 libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 - SUSE Manager Retail Branch Server 4.2 (noarch): glib2-lang-2.62.6-150200.3.10.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): glib2-debugsource-2.62.6-150200.3.10.1 glib2-devel-2.62.6-150200.3.10.1 glib2-devel-debuginfo-2.62.6-150200.3.10.1 glib2-tools-2.62.6-150200.3.10.1 glib2-tools-debuginfo-2.62.6-150200.3.10.1 libgio-2_0-0-2.62.6-150200.3.10.1 libgio-2_0-0-32bit-2.62.6-150200.3.10.1 libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgthread-2_0-0-2.62.6-150200.3.10.1 libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1 - SUSE Manager Proxy 4.2 (x86_64): glib2-debugsource-2.62.6-150200.3.10.1 glib2-devel-2.62.6-150200.3.10.1 glib2-devel-debuginfo-2.62.6-150200.3.10.1 glib2-tools-2.62.6-150200.3.10.1 glib2-tools-debuginfo-2.62.6-150200.3.10.1 libgio-2_0-0-2.62.6-150200.3.10.1 libgio-2_0-0-32bit-2.62.6-150200.3.10.1 libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgthread-2_0-0-2.62.6-150200.3.10.1 libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1 - SUSE Manager Proxy 4.2 (noarch): glib2-lang-2.62.6-150200.3.10.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): glib2-debugsource-2.62.6-150200.3.10.1 glib2-devel-2.62.6-150200.3.10.1 glib2-devel-debuginfo-2.62.6-150200.3.10.1 glib2-tools-2.62.6-150200.3.10.1 glib2-tools-debuginfo-2.62.6-150200.3.10.1 libgio-2_0-0-2.62.6-150200.3.10.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-2.62.6-150200.3.10.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-2.62.6-150200.3.10.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-2.62.6-150200.3.10.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgthread-2_0-0-2.62.6-150200.3.10.1 libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): glib2-lang-2.62.6-150200.3.10.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): libgio-2_0-0-32bit-2.62.6-150200.3.10.1 libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): glib2-debugsource-2.62.6-150200.3.10.1 glib2-devel-2.62.6-150200.3.10.1 glib2-devel-debuginfo-2.62.6-150200.3.10.1 glib2-tools-2.62.6-150200.3.10.1 glib2-tools-debuginfo-2.62.6-150200.3.10.1 libgio-2_0-0-2.62.6-150200.3.10.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-2.62.6-150200.3.10.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-2.62.6-150200.3.10.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-2.62.6-150200.3.10.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgthread-2_0-0-2.62.6-150200.3.10.1 libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): glib2-lang-2.62.6-150200.3.10.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libgio-2_0-0-32bit-2.62.6-150200.3.10.1 libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.62.6-150200.3.10.1 glib2-devel-2.62.6-150200.3.10.1 glib2-devel-debuginfo-2.62.6-150200.3.10.1 glib2-tools-2.62.6-150200.3.10.1 glib2-tools-debuginfo-2.62.6-150200.3.10.1 libgio-2_0-0-2.62.6-150200.3.10.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-2.62.6-150200.3.10.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-2.62.6-150200.3.10.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-2.62.6-150200.3.10.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgthread-2_0-0-2.62.6-150200.3.10.1 libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): glib2-lang-2.62.6-150200.3.10.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (x86_64): libgio-2_0-0-32bit-2.62.6-150200.3.10.1 libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.62.6-150200.3.10.1 glib2-devel-2.62.6-150200.3.10.1 glib2-devel-debuginfo-2.62.6-150200.3.10.1 glib2-tools-2.62.6-150200.3.10.1 glib2-tools-debuginfo-2.62.6-150200.3.10.1 libgio-2_0-0-2.62.6-150200.3.10.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-2.62.6-150200.3.10.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-2.62.6-150200.3.10.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-2.62.6-150200.3.10.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgthread-2_0-0-2.62.6-150200.3.10.1 libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): glib2-lang-2.62.6-150200.3.10.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libgio-2_0-0-32bit-2.62.6-150200.3.10.1 libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): glib2-lang-2.62.6-150200.3.10.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): glib2-debugsource-2.62.6-150200.3.10.1 glib2-devel-2.62.6-150200.3.10.1 glib2-devel-debuginfo-2.62.6-150200.3.10.1 glib2-tools-2.62.6-150200.3.10.1 glib2-tools-debuginfo-2.62.6-150200.3.10.1 libgio-2_0-0-2.62.6-150200.3.10.1 libgio-2_0-0-32bit-2.62.6-150200.3.10.1 libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgthread-2_0-0-2.62.6-150200.3.10.1 libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): glib2-debugsource-2.62.6-150200.3.10.1 glib2-devel-2.62.6-150200.3.10.1 glib2-devel-debuginfo-2.62.6-150200.3.10.1 glib2-tools-2.62.6-150200.3.10.1 glib2-tools-debuginfo-2.62.6-150200.3.10.1 libgio-2_0-0-2.62.6-150200.3.10.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-2.62.6-150200.3.10.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-2.62.6-150200.3.10.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-2.62.6-150200.3.10.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgthread-2_0-0-2.62.6-150200.3.10.1 libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): glib2-lang-2.62.6-150200.3.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (x86_64): libgio-2_0-0-32bit-2.62.6-150200.3.10.1 libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): glib2-debugsource-2.62.6-150200.3.10.1 glib2-devel-2.62.6-150200.3.10.1 glib2-devel-debuginfo-2.62.6-150200.3.10.1 glib2-tools-2.62.6-150200.3.10.1 glib2-tools-debuginfo-2.62.6-150200.3.10.1 libgio-2_0-0-2.62.6-150200.3.10.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-2.62.6-150200.3.10.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-2.62.6-150200.3.10.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-2.62.6-150200.3.10.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgthread-2_0-0-2.62.6-150200.3.10.1 libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): glib2-lang-2.62.6-150200.3.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (x86_64): libgio-2_0-0-32bit-2.62.6-150200.3.10.1 libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): glib2-debugsource-2.62.6-150200.3.10.1 glib2-devel-2.62.6-150200.3.10.1 glib2-devel-debuginfo-2.62.6-150200.3.10.1 glib2-tools-2.62.6-150200.3.10.1 glib2-tools-debuginfo-2.62.6-150200.3.10.1 libgio-2_0-0-2.62.6-150200.3.10.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-2.62.6-150200.3.10.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-2.62.6-150200.3.10.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-2.62.6-150200.3.10.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgthread-2_0-0-2.62.6-150200.3.10.1 libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libgio-2_0-0-32bit-2.62.6-150200.3.10.1 libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): glib2-lang-2.62.6-150200.3.10.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): glib2-debugsource-2.62.6-150200.3.10.1 glib2-devel-2.62.6-150200.3.10.1 glib2-devel-debuginfo-2.62.6-150200.3.10.1 glib2-tools-2.62.6-150200.3.10.1 glib2-tools-debuginfo-2.62.6-150200.3.10.1 libgio-2_0-0-2.62.6-150200.3.10.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-2.62.6-150200.3.10.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-2.62.6-150200.3.10.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-2.62.6-150200.3.10.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgthread-2_0-0-2.62.6-150200.3.10.1 libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1 - SUSE Enterprise Storage 7.1 (x86_64): libgio-2_0-0-32bit-2.62.6-150200.3.10.1 libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 - SUSE Enterprise Storage 7.1 (noarch): glib2-lang-2.62.6-150200.3.10.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): glib2-debugsource-2.62.6-150200.3.10.1 glib2-devel-2.62.6-150200.3.10.1 glib2-devel-debuginfo-2.62.6-150200.3.10.1 glib2-tools-2.62.6-150200.3.10.1 glib2-tools-debuginfo-2.62.6-150200.3.10.1 libgio-2_0-0-2.62.6-150200.3.10.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-2.62.6-150200.3.10.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-2.62.6-150200.3.10.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-2.62.6-150200.3.10.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.10.1 libgthread-2_0-0-2.62.6-150200.3.10.1 libgthread-2_0-0-debuginfo-2.62.6-150200.3.10.1 - SUSE Enterprise Storage 7 (noarch): glib2-lang-2.62.6-150200.3.10.1 - SUSE Enterprise Storage 7 (x86_64): libgio-2_0-0-32bit-2.62.6-150200.3.10.1 libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-2.62.6-150200.3.10.1 libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-2.62.6-150200.3.10.1 libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-2.62.6-150200.3.10.1 libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.10.1 References: https://www.suse.com/security/cve/CVE-2021-28153.html https://bugzilla.suse.com/1183533 From sle-security-updates at lists.suse.com Fri Jan 27 08:46:47 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 27 Jan 2023 09:46:47 +0100 (CET) Subject: SUSE-CU-2023:216-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230127084647.69439FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:216-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.344 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.344 Severity : moderate Type : security References : 1183533 1194038 1202436 1205646 CVE-2021-28153 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) The following package changes have been done: - libgmodule-2_0-0-2.62.6-150200.3.10.1 updated - tar-1.34-150000.3.26.1 updated - util-linux-systemd-2.36.2-150300.4.32.1 updated From sle-security-updates at lists.suse.com Fri Jan 27 08:58:01 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 27 Jan 2023 09:58:01 +0100 (CET) Subject: SUSE-CU-2023:218-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20230127085801.3EDF0FCC9@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:218-1 Container Tags : suse/sle-micro/5.2/toolbox:11.1 , suse/sle-micro/5.2/toolbox:11.1-6.2.165 , suse/sle-micro/5.2/toolbox:latest Container Release : 6.2.165 Severity : moderate Type : security References : 1183533 1194038 1202436 1205646 CVE-2021-28153 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:179-1 Released: Thu Jan 26 21:54:30 2023 Summary: Recommended update for tar Type: recommended Severity: low References: 1202436 This update for tar fixes the following issue: - Fix hang when unpacking test tarball (bsc#1202436) The following package changes have been done: - libgmodule-2_0-0-2.62.6-150200.3.10.1 updated - tar-1.34-150000.3.26.1 updated - util-linux-systemd-2.36.2-150300.4.32.1 updated From sle-security-updates at lists.suse.com Fri Jan 27 14:20:38 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 27 Jan 2023 15:20:38 +0100 (CET) Subject: SUSE-SU-2023:0186-1: important: Security update for xen Message-ID: <20230127142038.3B4E0FD89@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0186-1 Rating: important References: #1027519 #1205209 Cross-References: CVE-2022-23824 CVSS scores: CVE-2022-23824 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-23824 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative execution issues (bnc#1205209). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-186=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_30-43.101.1 xen-debugsource-4.7.6_30-43.101.1 xen-doc-html-4.7.6_30-43.101.1 xen-libs-32bit-4.7.6_30-43.101.1 xen-libs-4.7.6_30-43.101.1 xen-libs-debuginfo-32bit-4.7.6_30-43.101.1 xen-libs-debuginfo-4.7.6_30-43.101.1 xen-tools-4.7.6_30-43.101.1 xen-tools-debuginfo-4.7.6_30-43.101.1 xen-tools-domU-4.7.6_30-43.101.1 xen-tools-domU-debuginfo-4.7.6_30-43.101.1 References: https://www.suse.com/security/cve/CVE-2022-23824.html https://bugzilla.suse.com/1027519 https://bugzilla.suse.com/1205209 From sle-security-updates at lists.suse.com Fri Jan 27 14:22:28 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 27 Jan 2023 15:22:28 +0100 (CET) Subject: SUSE-SU-2023:0185-1: important: Security update for apache2 Message-ID: <20230127142228.EC900FD89@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0185-1 Rating: important References: #1207247 #1207250 #1207251 Cross-References: CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 CVSS scores: CVE-2006-20001 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2006-20001 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36760 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-36760 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L CVE-2022-37436 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-37436 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in mod_proxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body (bsc#1207251). - CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow request smuggling attacks (bsc#1207250). - CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request header could cause memory corruption (bsc#1207247). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-185=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-185=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-debuginfo-2.4.51-35.22.1 apache2-debugsource-2.4.51-35.22.1 apache2-devel-2.4.51-35.22.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): apache2-2.4.51-35.22.1 apache2-debuginfo-2.4.51-35.22.1 apache2-debugsource-2.4.51-35.22.1 apache2-example-pages-2.4.51-35.22.1 apache2-prefork-2.4.51-35.22.1 apache2-prefork-debuginfo-2.4.51-35.22.1 apache2-utils-2.4.51-35.22.1 apache2-utils-debuginfo-2.4.51-35.22.1 apache2-worker-2.4.51-35.22.1 apache2-worker-debuginfo-2.4.51-35.22.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): apache2-doc-2.4.51-35.22.1 References: https://www.suse.com/security/cve/CVE-2006-20001.html https://www.suse.com/security/cve/CVE-2022-36760.html https://www.suse.com/security/cve/CVE-2022-37436.html https://bugzilla.suse.com/1207247 https://bugzilla.suse.com/1207250 https://bugzilla.suse.com/1207251 From sle-security-updates at lists.suse.com Fri Jan 27 14:25:40 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 27 Jan 2023 15:25:40 +0100 (CET) Subject: SUSE-SU-2023:0187-1: important: Security update for podman Message-ID: <20230127142540.D1A3FFD89@maintenance.suse.de> SUSE Security Update: Security update for podman ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0187-1 Rating: important References: #1181640 #1181961 #1193166 #1193273 #1197672 #1199790 #1202809 PED-2771 Cross-References: CVE-2021-20199 CVE-2021-20206 CVE-2021-4024 CVE-2021-41190 CVE-2022-27649 CVE-2022-2989 CVSS scores: CVE-2021-20199 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-20199 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-20206 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-20206 (SUSE): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-4024 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2021-4024 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2021-41190 (NVD) : 3 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:N CVE-2021-41190 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N CVE-2022-27649 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27649 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2022-2989 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2022-2989 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that solves 6 vulnerabilities, contains one feature and has one errata is now available. Description: This update for podman fixes the following issues: podman was updated to version 4.3.1: 4.3.1: * Bugfixes - Fixed a deadlock between the `podman ps` and `podman container inspect` commands * Misc - Updated the containers/image library to v5.23.1 4.3.0: * Features - A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers. - A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted - A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command). - The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend. - Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers). - Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers). - The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml` - The `podman kube play` command now supports the `emptyDir` volume type - The `podman kube play` command now supports the `HostUsers` field in the pod spec. - The `podman play kube` command now supports `binaryData` in ConfigMaps. - The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options. - The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user - The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out. - Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images. - The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge "PATH=$PATH:/my/app" ...`) - The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container). - The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container) - The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file - The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options. - The `podman restart` command now supports the `--cidfile` and `--filter` options. - The `podman rm` command now supports the `--filter` option to select which containers will be removed. - The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images. - The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility. - The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility. - The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility - The `podman manifest create` command now accepts a new option, `--amend`/`-a`. - The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility. - The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`. - The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets. - The `podman secret ls` command now accepts the `--quiet`/`-q` option. - The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format. - The `podman stats` command now accepts the `--no-trunc` option. - The `podman save` command now accepts the `--signature-policy` option - The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods - A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility. - The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set ### Changes - Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match - The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function. - A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success. - When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored. - The installer for the Windows Podman client has been improved. - The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) - Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container - Events for containers that are part of a pod now include the ID of the pod in the event. - SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication. - The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this. - The `podman inspect` command on containers now includes the digest of the image used to create the container. - Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled. Update to version 4.2.0: * Features - Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines. - A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod - A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins - A new command has been added, podman machine info, which displays information about the host and the versions of various machine components. - Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube at .service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd. - The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context. - The podman play kube command now supports volumes with the BlockDevice and CharDevice types - The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto - The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation. - Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube - The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work. - The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) - The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609). - The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod. - The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release! - The podman create and podman run commands now include the -c short option for the --cpu-shares option. - The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773). - The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing. - The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context. - The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231). - The podman machine init command on Windows now fetches an image with packages pre-installed (#14698). - Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697). - The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230). - Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427). - The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up). - Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458). - The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583). - When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v. - The remote Podman client's podman push command now supports the --remove-signatures option (#14558). - The remote Podman client now supports the podman image scp command. - The podman image scp command now supports tagging the transferred image with a new name. - The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595). - The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions. - The podman events command now includes the -f short option for the --filter option. - The podman pull command now includes the -a short option for the --all-tags option. - The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP). - The Podman global option --url now has two aliases: -H and --host. - The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API. - Added the ability to create sigstore signatures in podman push and podman manifest push. - Added an option to read image signing passphrase from a file. * Changes - Paused containers can now be killed with the podman kill command. - The podman system prune command now removes unused networks. - The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman. - If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577). - The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148). - All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless. - The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers. - Init containers created with podman play kube now default to the once type (#14877). - Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048). - The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion. - The libpod/common package has been removed as it's not used anywhere. - The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233). * Misc - Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server. - The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time. - Podman Machine support for QEMU installations at non-default paths has been improved. - The podman machine ssh command no longer prints spurious warnings every time it is run. - When accessing the WSL prompt on Windows, the rootless user will be preferred. - The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty. - The podman system prune command now no longer prints the Deleted Images header if no images were pruned. - The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573). - Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338) - Updated the containers/image library to v5.22.0 - Updated the containers/storage library to v1.42.0 (fixes bsc#1196751) - Updated the containers/common library to v0.49.1 - Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884). - Fixed an incorrect release note about regexp. - A new MacOS installer (via pkginstaller) is now supported. Update to version 4.1.1: * The output of the podman load command now mirrors that of docker load. * Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0. * A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so. * Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable. * Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers. * The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries. * The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources. * The podman play kube command will now set default resource limits when the provided YAML does not include them. * The podman play kube command now supports a new option, --annotation, to add annotations to created containers. * The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile. * The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer. * The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them. * The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images. * The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network. * The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information. * The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers. * The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter. * The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format. * The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security. * The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for. * The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create. * The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961). * The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file. * The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}. * The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined. * The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization. * Fix CVE-2022-27191 / bsc#1197284 - Require catatonit >= 0.1.7 for pause functionality needed by pods Update to version 4.0.3: * Security - This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set. * Changes - The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448). - When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510). - Updated the containers/common library to v0.47.5 - This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777. - This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients. Update to version 3.1.0: (bsc#1181961, CVE-2021-20206) - A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-187=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-187=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2023-187=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-187=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): podman-4.3.1-150400.4.11.1 podman-debuginfo-4.3.1-150400.4.11.1 - openSUSE Leap Micro 5.3 (noarch): podman-cni-config-4.3.1-150400.4.11.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): podman-4.3.1-150400.4.11.1 podman-debuginfo-4.3.1-150400.4.11.1 podman-remote-4.3.1-150400.4.11.1 podman-remote-debuginfo-4.3.1-150400.4.11.1 - openSUSE Leap 15.4 (noarch): podman-cni-config-4.3.1-150400.4.11.1 podman-docker-4.3.1-150400.4.11.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): podman-4.3.1-150400.4.11.1 podman-debuginfo-4.3.1-150400.4.11.1 podman-remote-4.3.1-150400.4.11.1 podman-remote-debuginfo-4.3.1-150400.4.11.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (noarch): podman-cni-config-4.3.1-150400.4.11.1 podman-docker-4.3.1-150400.4.11.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): podman-4.3.1-150400.4.11.1 podman-debuginfo-4.3.1-150400.4.11.1 - SUSE Linux Enterprise Micro 5.3 (noarch): podman-cni-config-4.3.1-150400.4.11.1 References: https://www.suse.com/security/cve/CVE-2021-20199.html https://www.suse.com/security/cve/CVE-2021-20206.html https://www.suse.com/security/cve/CVE-2021-4024.html https://www.suse.com/security/cve/CVE-2021-41190.html https://www.suse.com/security/cve/CVE-2022-27649.html https://www.suse.com/security/cve/CVE-2022-2989.html https://bugzilla.suse.com/1181640 https://bugzilla.suse.com/1181961 https://bugzilla.suse.com/1193166 https://bugzilla.suse.com/1193273 https://bugzilla.suse.com/1197672 https://bugzilla.suse.com/1199790 https://bugzilla.suse.com/1202809 From sle-security-updates at lists.suse.com Fri Jan 27 14:31:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 27 Jan 2023 15:31:06 +0100 (CET) Subject: SUSE-SU-2023:0183-1: important: Security update for apache2 Message-ID: <20230127143106.59913FD89@maintenance.suse.de> SUSE Security Update: Security update for apache2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0183-1 Rating: important References: #1207247 #1207250 #1207251 Cross-References: CVE-2006-20001 CVE-2022-36760 CVE-2022-37436 CVSS scores: CVE-2006-20001 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2006-20001 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-36760 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-36760 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L CVE-2022-37436 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-37436 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for apache2 fixes the following issues: - CVE-2022-37436: Fixed an issue in mod_proxy where a malicious backend could cause the response headers to be truncated early, resulting in some headers being incorporated into the response body (bsc#1207251). - CVE-2022-36760: Fixed an issue in mod_proxy_ajp that could allow request smuggling attacks (bsc#1207250). - CVE-2006-20001: Fixed an issue in mod_proxy_ajp where a request header could cause memory corruption (bsc#1207247). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-183=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-183=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-183=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-183=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-183=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): apache2-2.4.23-29.94.1 apache2-debuginfo-2.4.23-29.94.1 apache2-debugsource-2.4.23-29.94.1 apache2-example-pages-2.4.23-29.94.1 apache2-prefork-2.4.23-29.94.1 apache2-prefork-debuginfo-2.4.23-29.94.1 apache2-utils-2.4.23-29.94.1 apache2-utils-debuginfo-2.4.23-29.94.1 apache2-worker-2.4.23-29.94.1 apache2-worker-debuginfo-2.4.23-29.94.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): apache2-doc-2.4.23-29.94.1 - SUSE OpenStack Cloud 9 (noarch): apache2-doc-2.4.23-29.94.1 - SUSE OpenStack Cloud 9 (x86_64): apache2-2.4.23-29.94.1 apache2-debuginfo-2.4.23-29.94.1 apache2-debugsource-2.4.23-29.94.1 apache2-example-pages-2.4.23-29.94.1 apache2-prefork-2.4.23-29.94.1 apache2-prefork-debuginfo-2.4.23-29.94.1 apache2-utils-2.4.23-29.94.1 apache2-utils-debuginfo-2.4.23-29.94.1 apache2-worker-2.4.23-29.94.1 apache2-worker-debuginfo-2.4.23-29.94.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): apache2-2.4.23-29.94.1 apache2-debuginfo-2.4.23-29.94.1 apache2-debugsource-2.4.23-29.94.1 apache2-example-pages-2.4.23-29.94.1 apache2-prefork-2.4.23-29.94.1 apache2-prefork-debuginfo-2.4.23-29.94.1 apache2-utils-2.4.23-29.94.1 apache2-utils-debuginfo-2.4.23-29.94.1 apache2-worker-2.4.23-29.94.1 apache2-worker-debuginfo-2.4.23-29.94.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): apache2-doc-2.4.23-29.94.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): apache2-2.4.23-29.94.1 apache2-debuginfo-2.4.23-29.94.1 apache2-debugsource-2.4.23-29.94.1 apache2-example-pages-2.4.23-29.94.1 apache2-prefork-2.4.23-29.94.1 apache2-prefork-debuginfo-2.4.23-29.94.1 apache2-utils-2.4.23-29.94.1 apache2-utils-debuginfo-2.4.23-29.94.1 apache2-worker-2.4.23-29.94.1 apache2-worker-debuginfo-2.4.23-29.94.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): apache2-doc-2.4.23-29.94.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): apache2-2.4.23-29.94.1 apache2-debuginfo-2.4.23-29.94.1 apache2-debugsource-2.4.23-29.94.1 apache2-example-pages-2.4.23-29.94.1 apache2-prefork-2.4.23-29.94.1 apache2-prefork-debuginfo-2.4.23-29.94.1 apache2-utils-2.4.23-29.94.1 apache2-utils-debuginfo-2.4.23-29.94.1 apache2-worker-2.4.23-29.94.1 apache2-worker-debuginfo-2.4.23-29.94.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): apache2-doc-2.4.23-29.94.1 References: https://www.suse.com/security/cve/CVE-2006-20001.html https://www.suse.com/security/cve/CVE-2022-36760.html https://www.suse.com/security/cve/CVE-2022-37436.html https://bugzilla.suse.com/1207247 https://bugzilla.suse.com/1207250 https://bugzilla.suse.com/1207251 From sle-security-updates at lists.suse.com Fri Jan 27 17:18:46 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 27 Jan 2023 18:18:46 +0100 (CET) Subject: SUSE-SU-2023:0198-1: important: Security update for krb5 Message-ID: <20230127171846.EF7C4FDD0@maintenance.suse.de> SUSE Security Update: Security update for krb5 ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0198-1 Rating: important References: #1205126 Cross-References: CVE-2022-42898 CVSS scores: CVE-2022-42898 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-42898 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for krb5 fixes the following issues: - CVE-2022-42898: Fixed integer overflow in PAC parsing (bsc#1205126). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-198=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-198=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-198=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-198=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-198=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-198=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-198=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-198=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-198=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-198=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-198=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-198=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): krb5-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): krb5-1.19.2-150300.10.1 krb5-client-1.19.2-150300.10.1 krb5-client-debuginfo-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 krb5-devel-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-otp-1.19.2-150300.10.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-spake-1.19.2-150300.10.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.10.1 krb5-server-1.19.2-150300.10.1 krb5-server-debuginfo-1.19.2-150300.10.1 - SUSE Manager Server 4.2 (x86_64): krb5-32bit-1.19.2-150300.10.1 krb5-32bit-debuginfo-1.19.2-150300.10.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): krb5-1.19.2-150300.10.1 krb5-32bit-1.19.2-150300.10.1 krb5-32bit-debuginfo-1.19.2-150300.10.1 krb5-client-1.19.2-150300.10.1 krb5-client-debuginfo-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 krb5-devel-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-otp-1.19.2-150300.10.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-spake-1.19.2-150300.10.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.10.1 krb5-server-1.19.2-150300.10.1 krb5-server-debuginfo-1.19.2-150300.10.1 - SUSE Manager Proxy 4.2 (x86_64): krb5-1.19.2-150300.10.1 krb5-32bit-1.19.2-150300.10.1 krb5-32bit-debuginfo-1.19.2-150300.10.1 krb5-client-1.19.2-150300.10.1 krb5-client-debuginfo-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 krb5-devel-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-otp-1.19.2-150300.10.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-spake-1.19.2-150300.10.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.10.1 krb5-server-1.19.2-150300.10.1 krb5-server-debuginfo-1.19.2-150300.10.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): krb5-1.19.2-150300.10.1 krb5-client-1.19.2-150300.10.1 krb5-client-debuginfo-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 krb5-devel-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-otp-1.19.2-150300.10.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-spake-1.19.2-150300.10.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.10.1 krb5-server-1.19.2-150300.10.1 krb5-server-debuginfo-1.19.2-150300.10.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): krb5-32bit-1.19.2-150300.10.1 krb5-32bit-debuginfo-1.19.2-150300.10.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): krb5-1.19.2-150300.10.1 krb5-client-1.19.2-150300.10.1 krb5-client-debuginfo-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 krb5-devel-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-otp-1.19.2-150300.10.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-spake-1.19.2-150300.10.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.10.1 krb5-server-1.19.2-150300.10.1 krb5-server-debuginfo-1.19.2-150300.10.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (x86_64): krb5-32bit-1.19.2-150300.10.1 krb5-32bit-debuginfo-1.19.2-150300.10.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): krb5-1.19.2-150300.10.1 krb5-32bit-1.19.2-150300.10.1 krb5-32bit-debuginfo-1.19.2-150300.10.1 krb5-client-1.19.2-150300.10.1 krb5-client-debuginfo-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 krb5-devel-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-otp-1.19.2-150300.10.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-spake-1.19.2-150300.10.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.10.1 krb5-server-1.19.2-150300.10.1 krb5-server-debuginfo-1.19.2-150300.10.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): krb5-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): krb5-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): krb5-1.19.2-150300.10.1 krb5-client-1.19.2-150300.10.1 krb5-client-debuginfo-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 krb5-devel-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-otp-1.19.2-150300.10.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-spake-1.19.2-150300.10.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.10.1 krb5-server-1.19.2-150300.10.1 krb5-server-debuginfo-1.19.2-150300.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (x86_64): krb5-32bit-1.19.2-150300.10.1 krb5-32bit-debuginfo-1.19.2-150300.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): krb5-1.19.2-150300.10.1 krb5-client-1.19.2-150300.10.1 krb5-client-debuginfo-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 krb5-devel-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-otp-1.19.2-150300.10.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-spake-1.19.2-150300.10.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.10.1 krb5-server-1.19.2-150300.10.1 krb5-server-debuginfo-1.19.2-150300.10.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (x86_64): krb5-32bit-1.19.2-150300.10.1 krb5-32bit-debuginfo-1.19.2-150300.10.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): krb5-1.19.2-150300.10.1 krb5-client-1.19.2-150300.10.1 krb5-client-debuginfo-1.19.2-150300.10.1 krb5-debuginfo-1.19.2-150300.10.1 krb5-debugsource-1.19.2-150300.10.1 krb5-devel-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-1.19.2-150300.10.1 krb5-plugin-kdb-ldap-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-otp-1.19.2-150300.10.1 krb5-plugin-preauth-otp-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-1.19.2-150300.10.1 krb5-plugin-preauth-pkinit-debuginfo-1.19.2-150300.10.1 krb5-plugin-preauth-spake-1.19.2-150300.10.1 krb5-plugin-preauth-spake-debuginfo-1.19.2-150300.10.1 krb5-server-1.19.2-150300.10.1 krb5-server-debuginfo-1.19.2-150300.10.1 - SUSE Enterprise Storage 7.1 (x86_64): krb5-32bit-1.19.2-150300.10.1 krb5-32bit-debuginfo-1.19.2-150300.10.1 References: https://www.suse.com/security/cve/CVE-2022-42898.html https://bugzilla.suse.com/1205126 From sle-security-updates at lists.suse.com Fri Jan 27 20:17:32 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 27 Jan 2023 21:17:32 +0100 (CET) Subject: SUSE-SU-2023:0199-1: important: Security update for tiff Message-ID: <20230127201732.729FDFDD0@maintenance.suse.de> SUSE Security Update: Security update for tiff ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0199-1 Rating: important References: #1207413 Cross-References: CVE-2022-48281 CVSS scores: CVE-2022-48281 (SUSE): 7.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for tiff fixes the following issues: - CVE-2022-48281: Fixed a buffer overflow that could be triggered via a crafted image (bsc#1207413). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-199=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-199=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-199=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-199=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-199=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-199=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-199=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libtiff5-32bit-4.0.9-44.65.1 libtiff5-4.0.9-44.65.1 libtiff5-debuginfo-32bit-4.0.9-44.65.1 libtiff5-debuginfo-4.0.9-44.65.1 tiff-4.0.9-44.65.1 tiff-debuginfo-4.0.9-44.65.1 tiff-debugsource-4.0.9-44.65.1 - SUSE OpenStack Cloud 9 (x86_64): libtiff5-32bit-4.0.9-44.65.1 libtiff5-4.0.9-44.65.1 libtiff5-debuginfo-32bit-4.0.9-44.65.1 libtiff5-debuginfo-4.0.9-44.65.1 tiff-4.0.9-44.65.1 tiff-debuginfo-4.0.9-44.65.1 tiff-debugsource-4.0.9-44.65.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libtiff-devel-4.0.9-44.65.1 tiff-debuginfo-4.0.9-44.65.1 tiff-debugsource-4.0.9-44.65.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libtiff5-4.0.9-44.65.1 libtiff5-debuginfo-4.0.9-44.65.1 tiff-4.0.9-44.65.1 tiff-debuginfo-4.0.9-44.65.1 tiff-debugsource-4.0.9-44.65.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libtiff5-32bit-4.0.9-44.65.1 libtiff5-debuginfo-32bit-4.0.9-44.65.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.65.1 libtiff5-debuginfo-4.0.9-44.65.1 tiff-4.0.9-44.65.1 tiff-debuginfo-4.0.9-44.65.1 tiff-debugsource-4.0.9-44.65.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libtiff5-32bit-4.0.9-44.65.1 libtiff5-debuginfo-32bit-4.0.9-44.65.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libtiff5-4.0.9-44.65.1 libtiff5-debuginfo-4.0.9-44.65.1 tiff-4.0.9-44.65.1 tiff-debuginfo-4.0.9-44.65.1 tiff-debugsource-4.0.9-44.65.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libtiff5-32bit-4.0.9-44.65.1 libtiff5-debuginfo-32bit-4.0.9-44.65.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libtiff5-32bit-4.0.9-44.65.1 libtiff5-4.0.9-44.65.1 libtiff5-debuginfo-32bit-4.0.9-44.65.1 libtiff5-debuginfo-4.0.9-44.65.1 tiff-4.0.9-44.65.1 tiff-debuginfo-4.0.9-44.65.1 tiff-debugsource-4.0.9-44.65.1 References: https://www.suse.com/security/cve/CVE-2022-48281.html https://bugzilla.suse.com/1207413 From sle-security-updates at lists.suse.com Fri Jan 27 20:18:27 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 27 Jan 2023 21:18:27 +0100 (CET) Subject: SUSE-SU-2023:0201-1: moderate: Security update for systemd Message-ID: <20230127201827.36950FDD0@maintenance.suse.de> SUSE Security Update: Security update for systemd ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0201-1 Rating: moderate References: #1204944 #1205000 #1207264 PED-2663 Cross-References: CVE-2022-4415 CVSS scores: CVE-2022-4415 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-4415 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has two fixes is now available. Description: This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-201=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-201=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-201=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-201=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): libsystemd0-249.14-150400.8.19.1 libsystemd0-debuginfo-249.14-150400.8.19.1 libudev1-249.14-150400.8.19.1 libudev1-debuginfo-249.14-150400.8.19.1 systemd-249.14-150400.8.19.1 systemd-container-249.14-150400.8.19.1 systemd-container-debuginfo-249.14-150400.8.19.1 systemd-debuginfo-249.14-150400.8.19.1 systemd-debugsource-249.14-150400.8.19.1 systemd-journal-remote-249.14-150400.8.19.1 systemd-journal-remote-debuginfo-249.14-150400.8.19.1 systemd-sysvinit-249.14-150400.8.19.1 udev-249.14-150400.8.19.1 udev-debuginfo-249.14-150400.8.19.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libsystemd0-249.14-150400.8.19.1 libsystemd0-debuginfo-249.14-150400.8.19.1 libudev1-249.14-150400.8.19.1 libudev1-debuginfo-249.14-150400.8.19.1 nss-myhostname-249.14-150400.8.19.1 nss-myhostname-debuginfo-249.14-150400.8.19.1 nss-systemd-249.14-150400.8.19.1 nss-systemd-debuginfo-249.14-150400.8.19.1 systemd-249.14-150400.8.19.1 systemd-container-249.14-150400.8.19.1 systemd-container-debuginfo-249.14-150400.8.19.1 systemd-coredump-249.14-150400.8.19.1 systemd-coredump-debuginfo-249.14-150400.8.19.1 systemd-debuginfo-249.14-150400.8.19.1 systemd-debugsource-249.14-150400.8.19.1 systemd-devel-249.14-150400.8.19.1 systemd-doc-249.14-150400.8.19.1 systemd-experimental-249.14-150400.8.19.1 systemd-experimental-debuginfo-249.14-150400.8.19.1 systemd-journal-remote-249.14-150400.8.19.1 systemd-journal-remote-debuginfo-249.14-150400.8.19.1 systemd-network-249.14-150400.8.19.1 systemd-network-debuginfo-249.14-150400.8.19.1 systemd-portable-249.14-150400.8.19.1 systemd-portable-debuginfo-249.14-150400.8.19.1 systemd-sysvinit-249.14-150400.8.19.1 systemd-testsuite-249.14-150400.8.19.1 systemd-testsuite-debuginfo-249.14-150400.8.19.1 udev-249.14-150400.8.19.1 udev-debuginfo-249.14-150400.8.19.1 - openSUSE Leap 15.4 (noarch): systemd-lang-249.14-150400.8.19.1 - openSUSE Leap 15.4 (x86_64): libsystemd0-32bit-249.14-150400.8.19.1 libsystemd0-32bit-debuginfo-249.14-150400.8.19.1 libudev1-32bit-249.14-150400.8.19.1 libudev1-32bit-debuginfo-249.14-150400.8.19.1 nss-myhostname-32bit-249.14-150400.8.19.1 nss-myhostname-32bit-debuginfo-249.14-150400.8.19.1 systemd-32bit-249.14-150400.8.19.1 systemd-32bit-debuginfo-249.14-150400.8.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libsystemd0-249.14-150400.8.19.1 libsystemd0-debuginfo-249.14-150400.8.19.1 libudev1-249.14-150400.8.19.1 libudev1-debuginfo-249.14-150400.8.19.1 systemd-249.14-150400.8.19.1 systemd-container-249.14-150400.8.19.1 systemd-container-debuginfo-249.14-150400.8.19.1 systemd-coredump-249.14-150400.8.19.1 systemd-coredump-debuginfo-249.14-150400.8.19.1 systemd-debuginfo-249.14-150400.8.19.1 systemd-debugsource-249.14-150400.8.19.1 systemd-devel-249.14-150400.8.19.1 systemd-doc-249.14-150400.8.19.1 systemd-sysvinit-249.14-150400.8.19.1 udev-249.14-150400.8.19.1 udev-debuginfo-249.14-150400.8.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libsystemd0-32bit-249.14-150400.8.19.1 libsystemd0-32bit-debuginfo-249.14-150400.8.19.1 libudev1-32bit-249.14-150400.8.19.1 libudev1-32bit-debuginfo-249.14-150400.8.19.1 systemd-32bit-249.14-150400.8.19.1 systemd-32bit-debuginfo-249.14-150400.8.19.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): systemd-lang-249.14-150400.8.19.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): libsystemd0-249.14-150400.8.19.1 libsystemd0-debuginfo-249.14-150400.8.19.1 libudev1-249.14-150400.8.19.1 libudev1-debuginfo-249.14-150400.8.19.1 systemd-249.14-150400.8.19.1 systemd-container-249.14-150400.8.19.1 systemd-container-debuginfo-249.14-150400.8.19.1 systemd-debuginfo-249.14-150400.8.19.1 systemd-debugsource-249.14-150400.8.19.1 systemd-journal-remote-249.14-150400.8.19.1 systemd-journal-remote-debuginfo-249.14-150400.8.19.1 systemd-sysvinit-249.14-150400.8.19.1 udev-249.14-150400.8.19.1 udev-debuginfo-249.14-150400.8.19.1 References: https://www.suse.com/security/cve/CVE-2022-4415.html https://bugzilla.suse.com/1204944 https://bugzilla.suse.com/1205000 https://bugzilla.suse.com/1207264 From sle-security-updates at lists.suse.com Fri Jan 27 20:19:20 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 27 Jan 2023 21:19:20 +0100 (CET) Subject: SUSE-SU-2023:0202-1: moderate: Security update for python39-setuptools Message-ID: <20230127201920.0F74EFDD0@maintenance.suse.de> SUSE Security Update: Security update for python39-setuptools ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0202-1 Rating: moderate References: #1206667 Cross-References: CVE-2022-40897 CVSS scores: CVE-2022-40897 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-40897 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python39-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-202=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-202=1 Package List: - openSUSE Leap 15.4 (noarch): python39-setuptools-44.1.1-150300.7.6.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): python39-setuptools-44.1.1-150300.7.6.1 References: https://www.suse.com/security/cve/CVE-2022-40897.html https://bugzilla.suse.com/1206667 From sle-security-updates at lists.suse.com Fri Jan 27 20:20:02 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 27 Jan 2023 21:20:02 +0100 (CET) Subject: SUSE-SU-2023:0200-1: important: Security update for sssd Message-ID: <20230127202002.17C7BFDD0@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0200-1 Rating: important References: #1207474 Cross-References: CVE-2022-4254 CVSS scores: CVE-2022-4254 (SUSE): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover. (bsc#1207474) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-200=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-200=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-200=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-200=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libipa_hbac0-1.16.1-4.43.1 libipa_hbac0-debuginfo-1.16.1-4.43.1 libsss_certmap0-1.16.1-4.43.1 libsss_certmap0-debuginfo-1.16.1-4.43.1 libsss_idmap0-1.16.1-4.43.1 libsss_idmap0-debuginfo-1.16.1-4.43.1 libsss_nss_idmap0-1.16.1-4.43.1 libsss_nss_idmap0-debuginfo-1.16.1-4.43.1 libsss_simpleifp0-1.16.1-4.43.1 libsss_simpleifp0-debuginfo-1.16.1-4.43.1 python-sssd-config-1.16.1-4.43.1 python-sssd-config-debuginfo-1.16.1-4.43.1 sssd-1.16.1-4.43.1 sssd-32bit-1.16.1-4.43.1 sssd-ad-1.16.1-4.43.1 sssd-ad-debuginfo-1.16.1-4.43.1 sssd-dbus-1.16.1-4.43.1 sssd-dbus-debuginfo-1.16.1-4.43.1 sssd-debuginfo-1.16.1-4.43.1 sssd-debuginfo-32bit-1.16.1-4.43.1 sssd-debugsource-1.16.1-4.43.1 sssd-ipa-1.16.1-4.43.1 sssd-ipa-debuginfo-1.16.1-4.43.1 sssd-krb5-1.16.1-4.43.1 sssd-krb5-common-1.16.1-4.43.1 sssd-krb5-common-debuginfo-1.16.1-4.43.1 sssd-krb5-debuginfo-1.16.1-4.43.1 sssd-ldap-1.16.1-4.43.1 sssd-ldap-debuginfo-1.16.1-4.43.1 sssd-proxy-1.16.1-4.43.1 sssd-proxy-debuginfo-1.16.1-4.43.1 sssd-tools-1.16.1-4.43.1 sssd-tools-debuginfo-1.16.1-4.43.1 - SUSE OpenStack Cloud 9 (x86_64): libipa_hbac0-1.16.1-4.43.1 libipa_hbac0-debuginfo-1.16.1-4.43.1 libsss_certmap0-1.16.1-4.43.1 libsss_certmap0-debuginfo-1.16.1-4.43.1 libsss_idmap0-1.16.1-4.43.1 libsss_idmap0-debuginfo-1.16.1-4.43.1 libsss_nss_idmap0-1.16.1-4.43.1 libsss_nss_idmap0-debuginfo-1.16.1-4.43.1 libsss_simpleifp0-1.16.1-4.43.1 libsss_simpleifp0-debuginfo-1.16.1-4.43.1 python-sssd-config-1.16.1-4.43.1 python-sssd-config-debuginfo-1.16.1-4.43.1 sssd-1.16.1-4.43.1 sssd-32bit-1.16.1-4.43.1 sssd-ad-1.16.1-4.43.1 sssd-ad-debuginfo-1.16.1-4.43.1 sssd-dbus-1.16.1-4.43.1 sssd-dbus-debuginfo-1.16.1-4.43.1 sssd-debuginfo-1.16.1-4.43.1 sssd-debuginfo-32bit-1.16.1-4.43.1 sssd-debugsource-1.16.1-4.43.1 sssd-ipa-1.16.1-4.43.1 sssd-ipa-debuginfo-1.16.1-4.43.1 sssd-krb5-1.16.1-4.43.1 sssd-krb5-common-1.16.1-4.43.1 sssd-krb5-common-debuginfo-1.16.1-4.43.1 sssd-krb5-debuginfo-1.16.1-4.43.1 sssd-ldap-1.16.1-4.43.1 sssd-ldap-debuginfo-1.16.1-4.43.1 sssd-proxy-1.16.1-4.43.1 sssd-proxy-debuginfo-1.16.1-4.43.1 sssd-tools-1.16.1-4.43.1 sssd-tools-debuginfo-1.16.1-4.43.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libipa_hbac0-1.16.1-4.43.1 libipa_hbac0-debuginfo-1.16.1-4.43.1 libsss_certmap0-1.16.1-4.43.1 libsss_certmap0-debuginfo-1.16.1-4.43.1 libsss_idmap0-1.16.1-4.43.1 libsss_idmap0-debuginfo-1.16.1-4.43.1 libsss_nss_idmap0-1.16.1-4.43.1 libsss_nss_idmap0-debuginfo-1.16.1-4.43.1 libsss_simpleifp0-1.16.1-4.43.1 libsss_simpleifp0-debuginfo-1.16.1-4.43.1 python-sssd-config-1.16.1-4.43.1 python-sssd-config-debuginfo-1.16.1-4.43.1 sssd-1.16.1-4.43.1 sssd-ad-1.16.1-4.43.1 sssd-ad-debuginfo-1.16.1-4.43.1 sssd-dbus-1.16.1-4.43.1 sssd-dbus-debuginfo-1.16.1-4.43.1 sssd-debuginfo-1.16.1-4.43.1 sssd-debugsource-1.16.1-4.43.1 sssd-ipa-1.16.1-4.43.1 sssd-ipa-debuginfo-1.16.1-4.43.1 sssd-krb5-1.16.1-4.43.1 sssd-krb5-common-1.16.1-4.43.1 sssd-krb5-common-debuginfo-1.16.1-4.43.1 sssd-krb5-debuginfo-1.16.1-4.43.1 sssd-ldap-1.16.1-4.43.1 sssd-ldap-debuginfo-1.16.1-4.43.1 sssd-proxy-1.16.1-4.43.1 sssd-proxy-debuginfo-1.16.1-4.43.1 sssd-tools-1.16.1-4.43.1 sssd-tools-debuginfo-1.16.1-4.43.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): sssd-32bit-1.16.1-4.43.1 sssd-debuginfo-32bit-1.16.1-4.43.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.16.1-4.43.1 libipa_hbac0-debuginfo-1.16.1-4.43.1 libsss_certmap0-1.16.1-4.43.1 libsss_certmap0-debuginfo-1.16.1-4.43.1 libsss_idmap0-1.16.1-4.43.1 libsss_idmap0-debuginfo-1.16.1-4.43.1 libsss_nss_idmap0-1.16.1-4.43.1 libsss_nss_idmap0-debuginfo-1.16.1-4.43.1 libsss_simpleifp0-1.16.1-4.43.1 libsss_simpleifp0-debuginfo-1.16.1-4.43.1 python-sssd-config-1.16.1-4.43.1 python-sssd-config-debuginfo-1.16.1-4.43.1 sssd-1.16.1-4.43.1 sssd-ad-1.16.1-4.43.1 sssd-ad-debuginfo-1.16.1-4.43.1 sssd-dbus-1.16.1-4.43.1 sssd-dbus-debuginfo-1.16.1-4.43.1 sssd-debuginfo-1.16.1-4.43.1 sssd-debugsource-1.16.1-4.43.1 sssd-ipa-1.16.1-4.43.1 sssd-ipa-debuginfo-1.16.1-4.43.1 sssd-krb5-1.16.1-4.43.1 sssd-krb5-common-1.16.1-4.43.1 sssd-krb5-common-debuginfo-1.16.1-4.43.1 sssd-krb5-debuginfo-1.16.1-4.43.1 sssd-ldap-1.16.1-4.43.1 sssd-ldap-debuginfo-1.16.1-4.43.1 sssd-proxy-1.16.1-4.43.1 sssd-proxy-debuginfo-1.16.1-4.43.1 sssd-tools-1.16.1-4.43.1 sssd-tools-debuginfo-1.16.1-4.43.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): sssd-32bit-1.16.1-4.43.1 sssd-debuginfo-32bit-1.16.1-4.43.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): libsss_nss_idmap-devel-1.16.1-4.43.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): libsss_idmap-devel-1.16.1-4.43.1 References: https://www.suse.com/security/cve/CVE-2022-4254.html https://bugzilla.suse.com/1207474 From sle-security-updates at lists.suse.com Fri Jan 27 20:21:04 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 27 Jan 2023 21:21:04 +0100 (CET) Subject: SUSE-SU-2023:0204-1: important: Security update for sssd Message-ID: <20230127202104.5482CFDD0@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0204-1 Rating: important References: #1207474 Cross-References: CVE-2022-4254 CVSS scores: CVE-2022-4254 (SUSE): 8.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for sssd fixes the following issues: - CVE-2022-4254: Fixed a bug in libsss_certmap which could allow an attacker to gain control of the admin account and perform a full domain takeover. (bsc#1207474) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-204=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-204=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-204=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-204=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-204=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-204=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-204=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-204=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-204=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-204=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-204=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-204=1 Package List: - openSUSE Leap Micro 5.2 (aarch64 x86_64): libsss_certmap0-1.16.1-150300.23.37.1 libsss_certmap0-debuginfo-1.16.1-150300.23.37.1 libsss_idmap0-1.16.1-150300.23.37.1 libsss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_nss_idmap0-1.16.1-150300.23.37.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.37.1 sssd-1.16.1-150300.23.37.1 sssd-common-1.16.1-150300.23.37.1 sssd-common-debuginfo-1.16.1-150300.23.37.1 sssd-debugsource-1.16.1-150300.23.37.1 sssd-krb5-common-1.16.1-150300.23.37.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.37.1 sssd-ldap-1.16.1-150300.23.37.1 sssd-ldap-debuginfo-1.16.1-150300.23.37.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-150300.23.37.1 libipa_hbac0-1.16.1-150300.23.37.1 libipa_hbac0-debuginfo-1.16.1-150300.23.37.1 libsss_certmap-devel-1.16.1-150300.23.37.1 libsss_certmap0-1.16.1-150300.23.37.1 libsss_certmap0-debuginfo-1.16.1-150300.23.37.1 libsss_idmap-devel-1.16.1-150300.23.37.1 libsss_idmap0-1.16.1-150300.23.37.1 libsss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_nss_idmap-devel-1.16.1-150300.23.37.1 libsss_nss_idmap0-1.16.1-150300.23.37.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_simpleifp-devel-1.16.1-150300.23.37.1 libsss_simpleifp0-1.16.1-150300.23.37.1 libsss_simpleifp0-debuginfo-1.16.1-150300.23.37.1 python3-sssd-config-1.16.1-150300.23.37.1 python3-sssd-config-debuginfo-1.16.1-150300.23.37.1 sssd-1.16.1-150300.23.37.1 sssd-ad-1.16.1-150300.23.37.1 sssd-ad-debuginfo-1.16.1-150300.23.37.1 sssd-common-1.16.1-150300.23.37.1 sssd-common-debuginfo-1.16.1-150300.23.37.1 sssd-dbus-1.16.1-150300.23.37.1 sssd-dbus-debuginfo-1.16.1-150300.23.37.1 sssd-debugsource-1.16.1-150300.23.37.1 sssd-ipa-1.16.1-150300.23.37.1 sssd-ipa-debuginfo-1.16.1-150300.23.37.1 sssd-krb5-1.16.1-150300.23.37.1 sssd-krb5-common-1.16.1-150300.23.37.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.37.1 sssd-krb5-debuginfo-1.16.1-150300.23.37.1 sssd-ldap-1.16.1-150300.23.37.1 sssd-ldap-debuginfo-1.16.1-150300.23.37.1 sssd-proxy-1.16.1-150300.23.37.1 sssd-proxy-debuginfo-1.16.1-150300.23.37.1 sssd-tools-1.16.1-150300.23.37.1 sssd-tools-debuginfo-1.16.1-150300.23.37.1 sssd-winbind-idmap-1.16.1-150300.23.37.1 sssd-winbind-idmap-debuginfo-1.16.1-150300.23.37.1 - SUSE Manager Server 4.2 (x86_64): sssd-common-32bit-1.16.1-150300.23.37.1 sssd-common-32bit-debuginfo-1.16.1-150300.23.37.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): libipa_hbac-devel-1.16.1-150300.23.37.1 libipa_hbac0-1.16.1-150300.23.37.1 libipa_hbac0-debuginfo-1.16.1-150300.23.37.1 libsss_certmap-devel-1.16.1-150300.23.37.1 libsss_certmap0-1.16.1-150300.23.37.1 libsss_certmap0-debuginfo-1.16.1-150300.23.37.1 libsss_idmap-devel-1.16.1-150300.23.37.1 libsss_idmap0-1.16.1-150300.23.37.1 libsss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_nss_idmap-devel-1.16.1-150300.23.37.1 libsss_nss_idmap0-1.16.1-150300.23.37.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_simpleifp-devel-1.16.1-150300.23.37.1 libsss_simpleifp0-1.16.1-150300.23.37.1 libsss_simpleifp0-debuginfo-1.16.1-150300.23.37.1 python3-sssd-config-1.16.1-150300.23.37.1 python3-sssd-config-debuginfo-1.16.1-150300.23.37.1 sssd-1.16.1-150300.23.37.1 sssd-ad-1.16.1-150300.23.37.1 sssd-ad-debuginfo-1.16.1-150300.23.37.1 sssd-common-1.16.1-150300.23.37.1 sssd-common-32bit-1.16.1-150300.23.37.1 sssd-common-32bit-debuginfo-1.16.1-150300.23.37.1 sssd-common-debuginfo-1.16.1-150300.23.37.1 sssd-dbus-1.16.1-150300.23.37.1 sssd-dbus-debuginfo-1.16.1-150300.23.37.1 sssd-debugsource-1.16.1-150300.23.37.1 sssd-ipa-1.16.1-150300.23.37.1 sssd-ipa-debuginfo-1.16.1-150300.23.37.1 sssd-krb5-1.16.1-150300.23.37.1 sssd-krb5-common-1.16.1-150300.23.37.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.37.1 sssd-krb5-debuginfo-1.16.1-150300.23.37.1 sssd-ldap-1.16.1-150300.23.37.1 sssd-ldap-debuginfo-1.16.1-150300.23.37.1 sssd-proxy-1.16.1-150300.23.37.1 sssd-proxy-debuginfo-1.16.1-150300.23.37.1 sssd-tools-1.16.1-150300.23.37.1 sssd-tools-debuginfo-1.16.1-150300.23.37.1 sssd-winbind-idmap-1.16.1-150300.23.37.1 sssd-winbind-idmap-debuginfo-1.16.1-150300.23.37.1 - SUSE Manager Proxy 4.2 (x86_64): libipa_hbac-devel-1.16.1-150300.23.37.1 libipa_hbac0-1.16.1-150300.23.37.1 libipa_hbac0-debuginfo-1.16.1-150300.23.37.1 libsss_certmap-devel-1.16.1-150300.23.37.1 libsss_certmap0-1.16.1-150300.23.37.1 libsss_certmap0-debuginfo-1.16.1-150300.23.37.1 libsss_idmap-devel-1.16.1-150300.23.37.1 libsss_idmap0-1.16.1-150300.23.37.1 libsss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_nss_idmap-devel-1.16.1-150300.23.37.1 libsss_nss_idmap0-1.16.1-150300.23.37.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_simpleifp-devel-1.16.1-150300.23.37.1 libsss_simpleifp0-1.16.1-150300.23.37.1 libsss_simpleifp0-debuginfo-1.16.1-150300.23.37.1 python3-sssd-config-1.16.1-150300.23.37.1 python3-sssd-config-debuginfo-1.16.1-150300.23.37.1 sssd-1.16.1-150300.23.37.1 sssd-ad-1.16.1-150300.23.37.1 sssd-ad-debuginfo-1.16.1-150300.23.37.1 sssd-common-1.16.1-150300.23.37.1 sssd-common-32bit-1.16.1-150300.23.37.1 sssd-common-32bit-debuginfo-1.16.1-150300.23.37.1 sssd-common-debuginfo-1.16.1-150300.23.37.1 sssd-dbus-1.16.1-150300.23.37.1 sssd-dbus-debuginfo-1.16.1-150300.23.37.1 sssd-debugsource-1.16.1-150300.23.37.1 sssd-ipa-1.16.1-150300.23.37.1 sssd-ipa-debuginfo-1.16.1-150300.23.37.1 sssd-krb5-1.16.1-150300.23.37.1 sssd-krb5-common-1.16.1-150300.23.37.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.37.1 sssd-krb5-debuginfo-1.16.1-150300.23.37.1 sssd-ldap-1.16.1-150300.23.37.1 sssd-ldap-debuginfo-1.16.1-150300.23.37.1 sssd-proxy-1.16.1-150300.23.37.1 sssd-proxy-debuginfo-1.16.1-150300.23.37.1 sssd-tools-1.16.1-150300.23.37.1 sssd-tools-debuginfo-1.16.1-150300.23.37.1 sssd-winbind-idmap-1.16.1-150300.23.37.1 sssd-winbind-idmap-debuginfo-1.16.1-150300.23.37.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): libipa_hbac-devel-1.16.1-150300.23.37.1 libipa_hbac0-1.16.1-150300.23.37.1 libipa_hbac0-debuginfo-1.16.1-150300.23.37.1 libsss_certmap-devel-1.16.1-150300.23.37.1 libsss_certmap0-1.16.1-150300.23.37.1 libsss_certmap0-debuginfo-1.16.1-150300.23.37.1 libsss_idmap-devel-1.16.1-150300.23.37.1 libsss_idmap0-1.16.1-150300.23.37.1 libsss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_nss_idmap-devel-1.16.1-150300.23.37.1 libsss_nss_idmap0-1.16.1-150300.23.37.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_simpleifp-devel-1.16.1-150300.23.37.1 libsss_simpleifp0-1.16.1-150300.23.37.1 libsss_simpleifp0-debuginfo-1.16.1-150300.23.37.1 python3-sssd-config-1.16.1-150300.23.37.1 python3-sssd-config-debuginfo-1.16.1-150300.23.37.1 sssd-1.16.1-150300.23.37.1 sssd-ad-1.16.1-150300.23.37.1 sssd-ad-debuginfo-1.16.1-150300.23.37.1 sssd-common-1.16.1-150300.23.37.1 sssd-common-debuginfo-1.16.1-150300.23.37.1 sssd-dbus-1.16.1-150300.23.37.1 sssd-dbus-debuginfo-1.16.1-150300.23.37.1 sssd-debugsource-1.16.1-150300.23.37.1 sssd-ipa-1.16.1-150300.23.37.1 sssd-ipa-debuginfo-1.16.1-150300.23.37.1 sssd-krb5-1.16.1-150300.23.37.1 sssd-krb5-common-1.16.1-150300.23.37.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.37.1 sssd-krb5-debuginfo-1.16.1-150300.23.37.1 sssd-ldap-1.16.1-150300.23.37.1 sssd-ldap-debuginfo-1.16.1-150300.23.37.1 sssd-proxy-1.16.1-150300.23.37.1 sssd-proxy-debuginfo-1.16.1-150300.23.37.1 sssd-tools-1.16.1-150300.23.37.1 sssd-tools-debuginfo-1.16.1-150300.23.37.1 sssd-winbind-idmap-1.16.1-150300.23.37.1 sssd-winbind-idmap-debuginfo-1.16.1-150300.23.37.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (x86_64): sssd-common-32bit-1.16.1-150300.23.37.1 sssd-common-32bit-debuginfo-1.16.1-150300.23.37.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-150300.23.37.1 libipa_hbac0-1.16.1-150300.23.37.1 libipa_hbac0-debuginfo-1.16.1-150300.23.37.1 libsss_certmap-devel-1.16.1-150300.23.37.1 libsss_certmap0-1.16.1-150300.23.37.1 libsss_certmap0-debuginfo-1.16.1-150300.23.37.1 libsss_idmap-devel-1.16.1-150300.23.37.1 libsss_idmap0-1.16.1-150300.23.37.1 libsss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_nss_idmap-devel-1.16.1-150300.23.37.1 libsss_nss_idmap0-1.16.1-150300.23.37.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_simpleifp-devel-1.16.1-150300.23.37.1 libsss_simpleifp0-1.16.1-150300.23.37.1 libsss_simpleifp0-debuginfo-1.16.1-150300.23.37.1 python3-sssd-config-1.16.1-150300.23.37.1 python3-sssd-config-debuginfo-1.16.1-150300.23.37.1 sssd-1.16.1-150300.23.37.1 sssd-ad-1.16.1-150300.23.37.1 sssd-ad-debuginfo-1.16.1-150300.23.37.1 sssd-common-1.16.1-150300.23.37.1 sssd-common-debuginfo-1.16.1-150300.23.37.1 sssd-dbus-1.16.1-150300.23.37.1 sssd-dbus-debuginfo-1.16.1-150300.23.37.1 sssd-debugsource-1.16.1-150300.23.37.1 sssd-ipa-1.16.1-150300.23.37.1 sssd-ipa-debuginfo-1.16.1-150300.23.37.1 sssd-krb5-1.16.1-150300.23.37.1 sssd-krb5-common-1.16.1-150300.23.37.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.37.1 sssd-krb5-debuginfo-1.16.1-150300.23.37.1 sssd-ldap-1.16.1-150300.23.37.1 sssd-ldap-debuginfo-1.16.1-150300.23.37.1 sssd-proxy-1.16.1-150300.23.37.1 sssd-proxy-debuginfo-1.16.1-150300.23.37.1 sssd-tools-1.16.1-150300.23.37.1 sssd-tools-debuginfo-1.16.1-150300.23.37.1 sssd-winbind-idmap-1.16.1-150300.23.37.1 sssd-winbind-idmap-debuginfo-1.16.1-150300.23.37.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (x86_64): sssd-common-32bit-1.16.1-150300.23.37.1 sssd-common-32bit-debuginfo-1.16.1-150300.23.37.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): libipa_hbac-devel-1.16.1-150300.23.37.1 libipa_hbac0-1.16.1-150300.23.37.1 libipa_hbac0-debuginfo-1.16.1-150300.23.37.1 libsss_certmap-devel-1.16.1-150300.23.37.1 libsss_certmap0-1.16.1-150300.23.37.1 libsss_certmap0-debuginfo-1.16.1-150300.23.37.1 libsss_idmap-devel-1.16.1-150300.23.37.1 libsss_idmap0-1.16.1-150300.23.37.1 libsss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_nss_idmap-devel-1.16.1-150300.23.37.1 libsss_nss_idmap0-1.16.1-150300.23.37.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_simpleifp-devel-1.16.1-150300.23.37.1 libsss_simpleifp0-1.16.1-150300.23.37.1 libsss_simpleifp0-debuginfo-1.16.1-150300.23.37.1 python3-sssd-config-1.16.1-150300.23.37.1 python3-sssd-config-debuginfo-1.16.1-150300.23.37.1 sssd-1.16.1-150300.23.37.1 sssd-ad-1.16.1-150300.23.37.1 sssd-ad-debuginfo-1.16.1-150300.23.37.1 sssd-common-1.16.1-150300.23.37.1 sssd-common-32bit-1.16.1-150300.23.37.1 sssd-common-32bit-debuginfo-1.16.1-150300.23.37.1 sssd-common-debuginfo-1.16.1-150300.23.37.1 sssd-dbus-1.16.1-150300.23.37.1 sssd-dbus-debuginfo-1.16.1-150300.23.37.1 sssd-debugsource-1.16.1-150300.23.37.1 sssd-ipa-1.16.1-150300.23.37.1 sssd-ipa-debuginfo-1.16.1-150300.23.37.1 sssd-krb5-1.16.1-150300.23.37.1 sssd-krb5-common-1.16.1-150300.23.37.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.37.1 sssd-krb5-debuginfo-1.16.1-150300.23.37.1 sssd-ldap-1.16.1-150300.23.37.1 sssd-ldap-debuginfo-1.16.1-150300.23.37.1 sssd-proxy-1.16.1-150300.23.37.1 sssd-proxy-debuginfo-1.16.1-150300.23.37.1 sssd-tools-1.16.1-150300.23.37.1 sssd-tools-debuginfo-1.16.1-150300.23.37.1 sssd-winbind-idmap-1.16.1-150300.23.37.1 sssd-winbind-idmap-debuginfo-1.16.1-150300.23.37.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libsss_certmap0-1.16.1-150300.23.37.1 libsss_certmap0-debuginfo-1.16.1-150300.23.37.1 libsss_idmap0-1.16.1-150300.23.37.1 libsss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_nss_idmap0-1.16.1-150300.23.37.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.37.1 sssd-1.16.1-150300.23.37.1 sssd-common-1.16.1-150300.23.37.1 sssd-common-debuginfo-1.16.1-150300.23.37.1 sssd-debugsource-1.16.1-150300.23.37.1 sssd-krb5-common-1.16.1-150300.23.37.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.37.1 sssd-ldap-1.16.1-150300.23.37.1 sssd-ldap-debuginfo-1.16.1-150300.23.37.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libsss_certmap0-1.16.1-150300.23.37.1 libsss_certmap0-debuginfo-1.16.1-150300.23.37.1 libsss_idmap0-1.16.1-150300.23.37.1 libsss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_nss_idmap0-1.16.1-150300.23.37.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.37.1 sssd-1.16.1-150300.23.37.1 sssd-common-1.16.1-150300.23.37.1 sssd-common-debuginfo-1.16.1-150300.23.37.1 sssd-debugsource-1.16.1-150300.23.37.1 sssd-krb5-common-1.16.1-150300.23.37.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.37.1 sssd-ldap-1.16.1-150300.23.37.1 sssd-ldap-debuginfo-1.16.1-150300.23.37.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): libipa_hbac-devel-1.16.1-150300.23.37.1 libipa_hbac0-1.16.1-150300.23.37.1 libipa_hbac0-debuginfo-1.16.1-150300.23.37.1 libsss_certmap-devel-1.16.1-150300.23.37.1 libsss_certmap0-1.16.1-150300.23.37.1 libsss_certmap0-debuginfo-1.16.1-150300.23.37.1 libsss_idmap-devel-1.16.1-150300.23.37.1 libsss_idmap0-1.16.1-150300.23.37.1 libsss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_nss_idmap-devel-1.16.1-150300.23.37.1 libsss_nss_idmap0-1.16.1-150300.23.37.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_simpleifp-devel-1.16.1-150300.23.37.1 libsss_simpleifp0-1.16.1-150300.23.37.1 libsss_simpleifp0-debuginfo-1.16.1-150300.23.37.1 python3-sssd-config-1.16.1-150300.23.37.1 python3-sssd-config-debuginfo-1.16.1-150300.23.37.1 sssd-1.16.1-150300.23.37.1 sssd-ad-1.16.1-150300.23.37.1 sssd-ad-debuginfo-1.16.1-150300.23.37.1 sssd-common-1.16.1-150300.23.37.1 sssd-common-debuginfo-1.16.1-150300.23.37.1 sssd-dbus-1.16.1-150300.23.37.1 sssd-dbus-debuginfo-1.16.1-150300.23.37.1 sssd-debugsource-1.16.1-150300.23.37.1 sssd-ipa-1.16.1-150300.23.37.1 sssd-ipa-debuginfo-1.16.1-150300.23.37.1 sssd-krb5-1.16.1-150300.23.37.1 sssd-krb5-common-1.16.1-150300.23.37.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.37.1 sssd-krb5-debuginfo-1.16.1-150300.23.37.1 sssd-ldap-1.16.1-150300.23.37.1 sssd-ldap-debuginfo-1.16.1-150300.23.37.1 sssd-proxy-1.16.1-150300.23.37.1 sssd-proxy-debuginfo-1.16.1-150300.23.37.1 sssd-tools-1.16.1-150300.23.37.1 sssd-tools-debuginfo-1.16.1-150300.23.37.1 sssd-winbind-idmap-1.16.1-150300.23.37.1 sssd-winbind-idmap-debuginfo-1.16.1-150300.23.37.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (x86_64): sssd-common-32bit-1.16.1-150300.23.37.1 sssd-common-32bit-debuginfo-1.16.1-150300.23.37.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): libipa_hbac-devel-1.16.1-150300.23.37.1 libipa_hbac0-1.16.1-150300.23.37.1 libipa_hbac0-debuginfo-1.16.1-150300.23.37.1 libsss_certmap-devel-1.16.1-150300.23.37.1 libsss_certmap0-1.16.1-150300.23.37.1 libsss_certmap0-debuginfo-1.16.1-150300.23.37.1 libsss_idmap-devel-1.16.1-150300.23.37.1 libsss_idmap0-1.16.1-150300.23.37.1 libsss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_nss_idmap-devel-1.16.1-150300.23.37.1 libsss_nss_idmap0-1.16.1-150300.23.37.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_simpleifp-devel-1.16.1-150300.23.37.1 libsss_simpleifp0-1.16.1-150300.23.37.1 libsss_simpleifp0-debuginfo-1.16.1-150300.23.37.1 python3-sssd-config-1.16.1-150300.23.37.1 python3-sssd-config-debuginfo-1.16.1-150300.23.37.1 sssd-1.16.1-150300.23.37.1 sssd-ad-1.16.1-150300.23.37.1 sssd-ad-debuginfo-1.16.1-150300.23.37.1 sssd-common-1.16.1-150300.23.37.1 sssd-common-debuginfo-1.16.1-150300.23.37.1 sssd-dbus-1.16.1-150300.23.37.1 sssd-dbus-debuginfo-1.16.1-150300.23.37.1 sssd-debugsource-1.16.1-150300.23.37.1 sssd-ipa-1.16.1-150300.23.37.1 sssd-ipa-debuginfo-1.16.1-150300.23.37.1 sssd-krb5-1.16.1-150300.23.37.1 sssd-krb5-common-1.16.1-150300.23.37.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.37.1 sssd-krb5-debuginfo-1.16.1-150300.23.37.1 sssd-ldap-1.16.1-150300.23.37.1 sssd-ldap-debuginfo-1.16.1-150300.23.37.1 sssd-proxy-1.16.1-150300.23.37.1 sssd-proxy-debuginfo-1.16.1-150300.23.37.1 sssd-tools-1.16.1-150300.23.37.1 sssd-tools-debuginfo-1.16.1-150300.23.37.1 sssd-winbind-idmap-1.16.1-150300.23.37.1 sssd-winbind-idmap-debuginfo-1.16.1-150300.23.37.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (x86_64): sssd-common-32bit-1.16.1-150300.23.37.1 sssd-common-32bit-debuginfo-1.16.1-150300.23.37.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): libipa_hbac-devel-1.16.1-150300.23.37.1 libipa_hbac0-1.16.1-150300.23.37.1 libipa_hbac0-debuginfo-1.16.1-150300.23.37.1 libsss_certmap-devel-1.16.1-150300.23.37.1 libsss_certmap0-1.16.1-150300.23.37.1 libsss_certmap0-debuginfo-1.16.1-150300.23.37.1 libsss_idmap-devel-1.16.1-150300.23.37.1 libsss_idmap0-1.16.1-150300.23.37.1 libsss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_nss_idmap-devel-1.16.1-150300.23.37.1 libsss_nss_idmap0-1.16.1-150300.23.37.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.37.1 libsss_simpleifp-devel-1.16.1-150300.23.37.1 libsss_simpleifp0-1.16.1-150300.23.37.1 libsss_simpleifp0-debuginfo-1.16.1-150300.23.37.1 python3-sssd-config-1.16.1-150300.23.37.1 python3-sssd-config-debuginfo-1.16.1-150300.23.37.1 sssd-1.16.1-150300.23.37.1 sssd-ad-1.16.1-150300.23.37.1 sssd-ad-debuginfo-1.16.1-150300.23.37.1 sssd-common-1.16.1-150300.23.37.1 sssd-common-debuginfo-1.16.1-150300.23.37.1 sssd-dbus-1.16.1-150300.23.37.1 sssd-dbus-debuginfo-1.16.1-150300.23.37.1 sssd-debugsource-1.16.1-150300.23.37.1 sssd-ipa-1.16.1-150300.23.37.1 sssd-ipa-debuginfo-1.16.1-150300.23.37.1 sssd-krb5-1.16.1-150300.23.37.1 sssd-krb5-common-1.16.1-150300.23.37.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.37.1 sssd-krb5-debuginfo-1.16.1-150300.23.37.1 sssd-ldap-1.16.1-150300.23.37.1 sssd-ldap-debuginfo-1.16.1-150300.23.37.1 sssd-proxy-1.16.1-150300.23.37.1 sssd-proxy-debuginfo-1.16.1-150300.23.37.1 sssd-tools-1.16.1-150300.23.37.1 sssd-tools-debuginfo-1.16.1-150300.23.37.1 sssd-winbind-idmap-1.16.1-150300.23.37.1 sssd-winbind-idmap-debuginfo-1.16.1-150300.23.37.1 - SUSE Enterprise Storage 7.1 (x86_64): sssd-common-32bit-1.16.1-150300.23.37.1 sssd-common-32bit-debuginfo-1.16.1-150300.23.37.1 References: https://www.suse.com/security/cve/CVE-2022-4254.html https://bugzilla.suse.com/1207474 From sle-security-updates at lists.suse.com Fri Jan 27 20:22:15 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Fri, 27 Jan 2023 21:22:15 +0100 (CET) Subject: SUSE-SU-2023:0205-1: important: Security update for nginx Message-ID: <20230127202215.75E23FD89@maintenance.suse.de> SUSE Security Update: Security update for nginx ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0205-1 Rating: important References: #1204526 #1204527 Cross-References: CVE-2022-41741 CVE-2022-41742 CVSS scores: CVE-2022-41741 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41741 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-41742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-41742 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP3-LTSS SUSE Linux Enterprise Server for SAP 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nginx fixes the following issues: - CVE-2022-41741: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204526) - CVE-2022-41742: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204527) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-205=1 - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-205=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-205=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-205=1 - SUSE Linux Enterprise Server for SAP 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-205=1 - SUSE Linux Enterprise Server 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-205=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-205=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-205=1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-205=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2023-205=1 Package List: - openSUSE Leap 15.4 (noarch): vim-plugin-nginx-1.19.8-150300.3.12.1 - SUSE Manager Server 4.2 (ppc64le s390x x86_64): nginx-1.19.8-150300.3.12.1 nginx-debuginfo-1.19.8-150300.3.12.1 nginx-debugsource-1.19.8-150300.3.12.1 - SUSE Manager Server 4.2 (noarch): nginx-source-1.19.8-150300.3.12.1 - SUSE Manager Retail Branch Server 4.2 (noarch): nginx-source-1.19.8-150300.3.12.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): nginx-1.19.8-150300.3.12.1 nginx-debuginfo-1.19.8-150300.3.12.1 nginx-debugsource-1.19.8-150300.3.12.1 - SUSE Manager Proxy 4.2 (noarch): nginx-source-1.19.8-150300.3.12.1 - SUSE Manager Proxy 4.2 (x86_64): nginx-1.19.8-150300.3.12.1 nginx-debuginfo-1.19.8-150300.3.12.1 nginx-debugsource-1.19.8-150300.3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (ppc64le x86_64): nginx-1.19.8-150300.3.12.1 nginx-debuginfo-1.19.8-150300.3.12.1 nginx-debugsource-1.19.8-150300.3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP3 (noarch): nginx-source-1.19.8-150300.3.12.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (aarch64 ppc64le s390x x86_64): nginx-1.19.8-150300.3.12.1 nginx-debuginfo-1.19.8-150300.3.12.1 nginx-debugsource-1.19.8-150300.3.12.1 - SUSE Linux Enterprise Server 15-SP3-LTSS (noarch): nginx-source-1.19.8-150300.3.12.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): nginx-source-1.19.8-150300.3.12.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): nginx-1.19.8-150300.3.12.1 nginx-debuginfo-1.19.8-150300.3.12.1 nginx-debugsource-1.19.8-150300.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (aarch64 x86_64): nginx-1.19.8-150300.3.12.1 nginx-debuginfo-1.19.8-150300.3.12.1 nginx-debugsource-1.19.8-150300.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-LTSS (noarch): nginx-source-1.19.8-150300.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (aarch64 x86_64): nginx-1.19.8-150300.3.12.1 nginx-debuginfo-1.19.8-150300.3.12.1 nginx-debugsource-1.19.8-150300.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP3-ESPOS (noarch): nginx-source-1.19.8-150300.3.12.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): nginx-1.19.8-150300.3.12.1 nginx-debuginfo-1.19.8-150300.3.12.1 nginx-debugsource-1.19.8-150300.3.12.1 - SUSE Enterprise Storage 7.1 (noarch): nginx-source-1.19.8-150300.3.12.1 References: https://www.suse.com/security/cve/CVE-2022-41741.html https://www.suse.com/security/cve/CVE-2022-41742.html https://bugzilla.suse.com/1204526 https://bugzilla.suse.com/1204527 From sle-security-updates at lists.suse.com Sat Jan 28 08:34:11 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 28 Jan 2023 09:34:11 +0100 (CET) Subject: SUSE-CU-2023:220-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230128083411.E668CF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:220-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.71 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.71 Severity : moderate Type : security References : 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - systemd-249.14-150400.8.19.1 updated From sle-security-updates at lists.suse.com Sat Jan 28 08:35:09 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 28 Jan 2023 09:35:09 +0100 (CET) Subject: SUSE-CU-2023:221-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230128083509.AC0A5F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:221-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-3.2.44 , suse/sle-micro/5.4/toolbox:latest Container Release : 3.2.44 Severity : moderate Type : security References : 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - systemd-249.14-150400.8.19.1 updated From sle-security-updates at lists.suse.com Sat Jan 28 09:27:59 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 28 Jan 2023 10:27:59 +0100 (CET) Subject: SUSE-CU-2023:224-1: Security update of suse/sle15 Message-ID: <20230128092759.D49B1F46D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:224-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.257 Container Release : 9.5.257 Severity : important Type : security References : 1183533 1203652 1206412 1206738 CVE-2021-28153 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libz1-1.2.11-150000.3.39.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated From sle-security-updates at lists.suse.com Sat Jan 28 09:40:53 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 28 Jan 2023 10:40:53 +0100 (CET) Subject: SUSE-CU-2023:225-1: Security update of suse/sle15 Message-ID: <20230128094053.8D285F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:225-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.20.97 , suse/sle15:15.3 , suse/sle15:15.3.17.20.97 Container Release : 17.20.97 Severity : moderate Type : security References : 1183533 1194038 1205646 1206412 1206738 CVE-2021-28153 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:157-1 Released: Thu Jan 26 15:54:43 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). - Use chown --quiet to prevent error message if /var/lib/libuuid/clock.txt does not exist. - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:174-1 Released: Thu Jan 26 20:52:38 2023 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:176-1 Released: Thu Jan 26 20:56:20 2023 Summary: Recommended update for permissions Type: recommended Severity: moderate References: 1206738 This update for permissions fixes the following issues: Update to version 20181225: * Backport postfix permissions to SLE 15 SP2 (bsc#1206738) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) The following package changes have been done: - libblkid1-2.36.2-150300.4.32.1 updated - libfdisk1-2.36.2-150300.4.32.1 updated - libglib-2_0-0-2.62.6-150200.3.10.1 updated - libmount1-2.36.2-150300.4.32.1 updated - libprocps7-3.3.15-150000.7.28.1 updated - libsmartcols1-2.36.2-150300.4.32.1 updated - libuuid1-2.36.2-150300.4.32.1 updated - permissions-20181225-150200.23.23.1 updated - procps-3.3.15-150000.7.28.1 updated - util-linux-2.36.2-150300.4.32.1 updated From sle-security-updates at lists.suse.com Sat Jan 28 09:44:02 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 28 Jan 2023 10:44:02 +0100 (CET) Subject: SUSE-CU-2023:226-1: Security update of suse/389-ds Message-ID: <20230128094402.542C6F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:226-1 Container Tags : suse/389-ds:2.0 , suse/389-ds:2.0-19.12 , suse/389-ds:latest Container Release : 19.12 Severity : important Type : security References : 1194038 1203652 1204944 1205000 1205646 1206667 1207182 1207264 CVE-2022-40897 CVE-2022-4415 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:159-1 Released: Thu Jan 26 18:21:56 2023 Summary: Security update for python-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libuuid1-2.37.2-150400.8.14.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - libopenssl1_1-1.1.1l-150400.7.19.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.19.1 updated - libmount1-2.37.2-150400.8.14.1 updated - util-linux-2.37.2-150400.8.14.1 updated - openssl-1_1-1.1.1l-150400.7.19.1 updated - python3-setuptools-44.1.1-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Sat Jan 28 09:46:50 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 28 Jan 2023 10:46:50 +0100 (CET) Subject: SUSE-CU-2023:228-1: Security update of bci/dotnet-aspnet Message-ID: <20230128094650.CC9F9F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:228-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-46.22 , bci/dotnet-aspnet:3.1.32 , bci/dotnet-aspnet:3.1.32-46.22 Container Release : 46.22 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Sat Jan 28 09:49:31 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 28 Jan 2023 10:49:31 +0100 (CET) Subject: SUSE-CU-2023:230-1: Security update of bci/dotnet-aspnet Message-ID: <20230128094931.F06C7F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:230-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-27.85 , bci/dotnet-aspnet:5.0.17 , bci/dotnet-aspnet:5.0.17-27.85 Container Release : 27.85 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Sat Jan 28 09:52:23 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 28 Jan 2023 10:52:23 +0100 (CET) Subject: SUSE-CU-2023:231-1: Security update of bci/dotnet-aspnet Message-ID: <20230128095223.A5BB1F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:231-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-27.7 , bci/dotnet-aspnet:6.0.13 , bci/dotnet-aspnet:6.0.13-27.7 Container Release : 27.7 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Sat Jan 28 09:55:21 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 28 Jan 2023 10:55:21 +0100 (CET) Subject: SUSE-CU-2023:233-1: Security update of bci/dotnet-sdk Message-ID: <20230128095521.4D3E2F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:233-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-51.22 , bci/dotnet-sdk:3.1.32 , bci/dotnet-sdk:3.1.32-51.22 Container Release : 51.22 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Sat Jan 28 09:58:18 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 28 Jan 2023 10:58:18 +0100 (CET) Subject: SUSE-CU-2023:235-1: Security update of bci/dotnet-sdk Message-ID: <20230128095818.B3CFEF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:235-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-35.84 , bci/dotnet-sdk:5.0.17 , bci/dotnet-sdk:5.0.17-35.84 Container Release : 35.84 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Sat Jan 28 10:01:43 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 28 Jan 2023 11:01:43 +0100 (CET) Subject: SUSE-CU-2023:237-1: Security update of bci/dotnet-sdk Message-ID: <20230128100143.9EB9FF78A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:237-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-29.7 , bci/dotnet-sdk:6.0.13 , bci/dotnet-sdk:6.0.13-29.7 Container Release : 29.7 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Sat Jan 28 10:04:53 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sat, 28 Jan 2023 11:04:53 +0100 (CET) Subject: SUSE-CU-2023:239-1: Security update of bci/dotnet-runtime Message-ID: <20230128100453.B73B4F78A@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:239-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-52.22 , bci/dotnet-runtime:3.1.32 , bci/dotnet-runtime:3.1.32-52.22 Container Release : 52.22 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Sun Jan 29 08:27:23 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 29 Jan 2023 09:27:23 +0100 (CET) Subject: SUSE-CU-2023:241-1: Security update of bci/dotnet-runtime Message-ID: <20230129082723.0F031F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:241-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-34.83 , bci/dotnet-runtime:5.0.17 , bci/dotnet-runtime:5.0.17-34.83 Container Release : 34.83 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Sun Jan 29 08:30:55 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 29 Jan 2023 09:30:55 +0100 (CET) Subject: SUSE-CU-2023:243-1: Security update of bci/dotnet-runtime Message-ID: <20230129083055.0606DF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:243-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-26.7 , bci/dotnet-runtime:6.0.13 , bci/dotnet-runtime:6.0.13-26.7 Container Release : 26.7 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Sun Jan 29 08:42:42 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 29 Jan 2023 09:42:42 +0100 (CET) Subject: SUSE-CU-2023:246-1: Security update of bci/bci-init Message-ID: <20230129084242.2B2A0F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:246-1 Container Tags : bci/bci-init:15.4 , bci/bci-init:15.4.25.6 , bci/bci-init:latest Container Release : 25.6 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libudev1-249.14-150400.8.19.1 updated - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - systemd-249.14-150400.8.19.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Sun Jan 29 08:46:01 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 29 Jan 2023 09:46:01 +0100 (CET) Subject: SUSE-CU-2023:249-1: Security update of bci/nodejs Message-ID: <20230129084601.3DB13F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:249-1 Container Tags : bci/node:16 , bci/node:16-13.8 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-13.8 , bci/nodejs:latest Container Release : 13.8 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libudev1-249.14-150400.8.19.1 updated - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Sun Jan 29 08:52:21 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 29 Jan 2023 09:52:21 +0100 (CET) Subject: SUSE-CU-2023:251-1: Security update of bci/openjdk-devel Message-ID: <20230129085221.985A2F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:251-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-38.53 Container Release : 38.53 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libudev1-249.14-150400.8.19.1 updated - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - container:bci-openjdk-11-15.4.11-34.26 updated From sle-security-updates at lists.suse.com Sun Jan 29 08:57:24 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 29 Jan 2023 09:57:24 +0100 (CET) Subject: SUSE-CU-2023:253-1: Security update of bci/openjdk Message-ID: <20230129085724.413D6F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:253-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-34.26 Container Release : 34.26 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Sun Jan 29 08:58:56 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 29 Jan 2023 09:58:56 +0100 (CET) Subject: SUSE-CU-2023:255-1: Security update of bci/openjdk-devel Message-ID: <20230129085856.190BDF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:255-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-13.16 , bci/openjdk-devel:latest Container Release : 13.16 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libudev1-249.14-150400.8.19.1 updated - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - container:bci-openjdk-17-15.4.17-12.10 updated From sle-security-updates at lists.suse.com Sun Jan 29 09:05:32 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 29 Jan 2023 10:05:32 +0100 (CET) Subject: SUSE-CU-2023:258-1: Security update of suse/pcp Message-ID: <20230129090532.3AD3BF46D@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:258-1 Container Tags : suse/pcp:5 , suse/pcp:5-12.16 , suse/pcp:5.2 , suse/pcp:5.2-12.16 , suse/pcp:5.2.2 , suse/pcp:5.2.2-12.16 , suse/pcp:latest Container Release : 12.16 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libudev1-249.14-150400.8.19.1 updated - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - systemd-249.14-150400.8.19.1 updated - container:bci-bci-init-15.4-15.4-25.6 updated From sle-security-updates at lists.suse.com Sun Jan 29 09:08:38 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 29 Jan 2023 10:08:38 +0100 (CET) Subject: SUSE-CU-2023:259-1: Security update of bci/python Message-ID: <20230129090838.33D74F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:259-1 Container Tags : bci/python:3 , bci/python:3-11.11 , bci/python:3.10 , bci/python:3.10-11.11 , bci/python:latest Container Release : 11.11 Severity : important Type : security References : 1194038 1203652 1204944 1205000 1205646 1207182 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libuuid1-2.37.2-150400.8.14.1 updated - libudev1-249.14-150400.8.19.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - libopenssl1_1-1.1.1l-150400.7.19.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.19.1 updated - libmount1-2.37.2-150400.8.14.1 updated - util-linux-2.37.2-150400.8.14.1 updated - openssl-1_1-1.1.1l-150400.7.19.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Sun Jan 29 09:12:07 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Sun, 29 Jan 2023 10:12:07 +0100 (CET) Subject: SUSE-CU-2023:260-1: Security update of bci/python Message-ID: <20230129091207.8D48AF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:260-1 Container Tags : bci/python:3 , bci/python:3-34.9 , bci/python:3.6 , bci/python:3.6-34.9 Container Release : 34.9 Severity : moderate Type : security References : 1194038 1205646 1206667 1207182 CVE-2022-40897 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:159-1 Released: Thu Jan 26 18:21:56 2023 Summary: Security update for python-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] The following package changes have been done: - libuuid1-2.37.2-150400.8.14.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libopenssl1_1-1.1.1l-150400.7.19.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.19.1 updated - libmount1-2.37.2-150400.8.14.1 updated - util-linux-2.37.2-150400.8.14.1 updated - openssl-1_1-1.1.1l-150400.7.19.1 updated - python3-setuptools-44.1.1-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.31 updated From sle-security-updates at lists.suse.com Mon Jan 30 08:26:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 30 Jan 2023 09:26:06 +0100 (CET) Subject: SUSE-CU-2023:260-1: Security update of bci/python Message-ID: <20230130082606.3557FF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:260-1 Container Tags : bci/python:3 , bci/python:3-34.9 , bci/python:3.6 , bci/python:3.6-34.9 Container Release : 34.9 Severity : moderate Type : security References : 1194038 1205646 1206667 1207182 CVE-2022-40897 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:159-1 Released: Thu Jan 26 18:21:56 2023 Summary: Security update for python-setuptools Type: security Severity: moderate References: 1206667,CVE-2022-40897 This update for python-setuptools fixes the following issues: - CVE-2022-40897: Fixed an excessive CPU usage that could be triggered by fetching a malicious HTML document (bsc#1206667). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] The following package changes have been done: - libuuid1-2.37.2-150400.8.14.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libopenssl1_1-1.1.1l-150400.7.19.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.19.1 updated - libmount1-2.37.2-150400.8.14.1 updated - util-linux-2.37.2-150400.8.14.1 updated - openssl-1_1-1.1.1l-150400.7.19.1 updated - python3-setuptools-44.1.1-150400.3.3.1 updated - container:sles15-image-15.0.0-27.14.31 updated From sle-security-updates at lists.suse.com Mon Jan 30 08:27:07 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 30 Jan 2023 09:27:07 +0100 (CET) Subject: SUSE-CU-2023:262-1: Security update of bci/rust Message-ID: <20230130082707.E736BF46D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:262-1 Container Tags : bci/rust:1.65 , bci/rust:1.65-13.10 Container Release : 13.10 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Mon Jan 30 08:27:30 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 30 Jan 2023 09:27:30 +0100 (CET) Subject: SUSE-CU-2023:264-1: Security update of bci/rust Message-ID: <20230130082730.2F504F46D@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:264-1 Container Tags : bci/rust:1.66 , bci/rust:1.66-2.10 , bci/rust:latest Container Release : 2.10 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Mon Jan 30 14:16:48 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 30 Jan 2023 15:16:48 +0100 (CET) Subject: SUSE-SU-2023:0206-1: moderate: Security update for ffmpeg Message-ID: <20230130141648.73ED2F78A@maintenance.suse.de> SUSE Security Update: Security update for ffmpeg ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0206-1 Rating: moderate References: #1140754 #1206778 Cross-References: CVE-2019-13390 CVE-2022-3341 CVSS scores: CVE-2019-13390 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-13390 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-3341 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3341 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ffmpeg fixes the following issues: - CVE-2022-3341: Fixed a potential crash when processing a crafted NUT stream (bsc#1206778). - CVE-2019-13390: Fixed a potential crash when processing a crafted AVI stream (bsc#1140754). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-206=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2023-206=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-206=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2023-206=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-206=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ffmpeg-3.4.2-150200.11.25.1 ffmpeg-debuginfo-3.4.2-150200.11.25.1 ffmpeg-debugsource-3.4.2-150200.11.25.1 ffmpeg-private-devel-3.4.2-150200.11.25.1 libavcodec-devel-3.4.2-150200.11.25.1 libavcodec57-3.4.2-150200.11.25.1 libavcodec57-debuginfo-3.4.2-150200.11.25.1 libavdevice-devel-3.4.2-150200.11.25.1 libavdevice57-3.4.2-150200.11.25.1 libavdevice57-debuginfo-3.4.2-150200.11.25.1 libavfilter-devel-3.4.2-150200.11.25.1 libavfilter6-3.4.2-150200.11.25.1 libavfilter6-debuginfo-3.4.2-150200.11.25.1 libavformat-devel-3.4.2-150200.11.25.1 libavformat57-3.4.2-150200.11.25.1 libavformat57-debuginfo-3.4.2-150200.11.25.1 libavresample-devel-3.4.2-150200.11.25.1 libavresample3-3.4.2-150200.11.25.1 libavresample3-debuginfo-3.4.2-150200.11.25.1 libavutil-devel-3.4.2-150200.11.25.1 libavutil55-3.4.2-150200.11.25.1 libavutil55-debuginfo-3.4.2-150200.11.25.1 libpostproc-devel-3.4.2-150200.11.25.1 libpostproc54-3.4.2-150200.11.25.1 libpostproc54-debuginfo-3.4.2-150200.11.25.1 libswresample-devel-3.4.2-150200.11.25.1 libswresample2-3.4.2-150200.11.25.1 libswresample2-debuginfo-3.4.2-150200.11.25.1 libswscale-devel-3.4.2-150200.11.25.1 libswscale4-3.4.2-150200.11.25.1 libswscale4-debuginfo-3.4.2-150200.11.25.1 - openSUSE Leap 15.4 (x86_64): libavcodec57-32bit-3.4.2-150200.11.25.1 libavcodec57-32bit-debuginfo-3.4.2-150200.11.25.1 libavdevice57-32bit-3.4.2-150200.11.25.1 libavdevice57-32bit-debuginfo-3.4.2-150200.11.25.1 libavfilter6-32bit-3.4.2-150200.11.25.1 libavfilter6-32bit-debuginfo-3.4.2-150200.11.25.1 libavformat57-32bit-3.4.2-150200.11.25.1 libavformat57-32bit-debuginfo-3.4.2-150200.11.25.1 libavresample3-32bit-3.4.2-150200.11.25.1 libavresample3-32bit-debuginfo-3.4.2-150200.11.25.1 libavutil55-32bit-3.4.2-150200.11.25.1 libavutil55-32bit-debuginfo-3.4.2-150200.11.25.1 libpostproc54-32bit-3.4.2-150200.11.25.1 libpostproc54-32bit-debuginfo-3.4.2-150200.11.25.1 libswresample2-32bit-3.4.2-150200.11.25.1 libswresample2-32bit-debuginfo-3.4.2-150200.11.25.1 libswscale4-32bit-3.4.2-150200.11.25.1 libswscale4-32bit-debuginfo-3.4.2-150200.11.25.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): ffmpeg-debuginfo-3.4.2-150200.11.25.1 ffmpeg-debugsource-3.4.2-150200.11.25.1 libavcodec-devel-3.4.2-150200.11.25.1 libavformat-devel-3.4.2-150200.11.25.1 libavformat57-3.4.2-150200.11.25.1 libavformat57-debuginfo-3.4.2-150200.11.25.1 libavresample-devel-3.4.2-150200.11.25.1 libavresample3-3.4.2-150200.11.25.1 libavresample3-debuginfo-3.4.2-150200.11.25.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): ffmpeg-debuginfo-3.4.2-150200.11.25.1 ffmpeg-debugsource-3.4.2-150200.11.25.1 libavcodec57-3.4.2-150200.11.25.1 libavcodec57-debuginfo-3.4.2-150200.11.25.1 libavformat57-3.4.2-150200.11.25.1 libavformat57-debuginfo-3.4.2-150200.11.25.1 libavresample-devel-3.4.2-150200.11.25.1 libavresample3-3.4.2-150200.11.25.1 libavresample3-debuginfo-3.4.2-150200.11.25.1 libavutil-devel-3.4.2-150200.11.25.1 libavutil55-3.4.2-150200.11.25.1 libavutil55-debuginfo-3.4.2-150200.11.25.1 libpostproc-devel-3.4.2-150200.11.25.1 libpostproc54-3.4.2-150200.11.25.1 libpostproc54-debuginfo-3.4.2-150200.11.25.1 libswresample-devel-3.4.2-150200.11.25.1 libswresample2-3.4.2-150200.11.25.1 libswresample2-debuginfo-3.4.2-150200.11.25.1 libswscale-devel-3.4.2-150200.11.25.1 libswscale4-3.4.2-150200.11.25.1 libswscale4-debuginfo-3.4.2-150200.11.25.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): ffmpeg-3.4.2-150200.11.25.1 ffmpeg-debuginfo-3.4.2-150200.11.25.1 ffmpeg-debugsource-3.4.2-150200.11.25.1 libavdevice57-3.4.2-150200.11.25.1 libavdevice57-debuginfo-3.4.2-150200.11.25.1 libavfilter6-3.4.2-150200.11.25.1 libavfilter6-debuginfo-3.4.2-150200.11.25.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): ffmpeg-debuginfo-3.4.2-150200.11.25.1 ffmpeg-debugsource-3.4.2-150200.11.25.1 libavcodec57-3.4.2-150200.11.25.1 libavcodec57-debuginfo-3.4.2-150200.11.25.1 libavformat57-3.4.2-150200.11.25.1 libavformat57-debuginfo-3.4.2-150200.11.25.1 libavresample3-3.4.2-150200.11.25.1 libavresample3-debuginfo-3.4.2-150200.11.25.1 libavutil-devel-3.4.2-150200.11.25.1 libavutil55-3.4.2-150200.11.25.1 libavutil55-debuginfo-3.4.2-150200.11.25.1 libpostproc-devel-3.4.2-150200.11.25.1 libpostproc54-3.4.2-150200.11.25.1 libpostproc54-debuginfo-3.4.2-150200.11.25.1 libswresample-devel-3.4.2-150200.11.25.1 libswresample2-3.4.2-150200.11.25.1 libswresample2-debuginfo-3.4.2-150200.11.25.1 libswscale-devel-3.4.2-150200.11.25.1 libswscale4-3.4.2-150200.11.25.1 libswscale4-debuginfo-3.4.2-150200.11.25.1 References: https://www.suse.com/security/cve/CVE-2019-13390.html https://www.suse.com/security/cve/CVE-2022-3341.html https://bugzilla.suse.com/1140754 https://bugzilla.suse.com/1206778 From sle-security-updates at lists.suse.com Mon Jan 30 20:18:09 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 30 Jan 2023 21:18:09 +0100 (CET) Subject: SUSE-SU-2023:0215-1: moderate: Security update for apache2-mod_auth_openidc Message-ID: <20230130201809.870D9FCFA@maintenance.suse.de> SUSE Security Update: Security update for apache2-mod_auth_openidc ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0215-1 Rating: moderate References: #1190223 #1199868 #1206441 Cross-References: CVE-2021-39191 CVE-2022-23527 CVSS scores: CVE-2021-39191 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-39191 (SUSE): 4.7 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CVE-2022-23527 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-23527 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for apache2-mod_auth_openidc fixes the following issues: - CVE-2022-23527: Fixed open redirect in oidc_validate_redirect_url() using tab character (bsc#1206441). - CVE-2021-39191: Fixed open redirect issue in target_link_uri parameter (bsc#1190223). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-215=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-215=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-215=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): apache2-mod_auth_openidc-2.3.8-150100.3.22.1 apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.22.1 apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.22.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): apache2-mod_auth_openidc-2.3.8-150100.3.22.1 apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.22.1 apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.22.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): apache2-mod_auth_openidc-2.3.8-150100.3.22.1 apache2-mod_auth_openidc-debuginfo-2.3.8-150100.3.22.1 apache2-mod_auth_openidc-debugsource-2.3.8-150100.3.22.1 References: https://www.suse.com/security/cve/CVE-2021-39191.html https://www.suse.com/security/cve/CVE-2022-23527.html https://bugzilla.suse.com/1190223 https://bugzilla.suse.com/1199868 https://bugzilla.suse.com/1206441 From sle-security-updates at lists.suse.com Mon Jan 30 20:19:08 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 30 Jan 2023 21:19:08 +0100 (CET) Subject: SUSE-SU-2023:0210-1: important: Security update for nginx Message-ID: <20230130201908.BB919FCFA@maintenance.suse.de> SUSE Security Update: Security update for nginx ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0210-1 Rating: important References: #1204526 #1204527 Cross-References: CVE-2022-41741 CVE-2022-41742 CVSS scores: CVE-2022-41741 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41741 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-41742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-41742 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nginx fixes the following issues: - CVE-2022-41741: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204526) - CVE-2022-41742: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204527) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-210=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-210=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-210=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-210=1 Package List: - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nginx-1.16.1-150200.3.12.1 nginx-debuginfo-1.16.1-150200.3.12.1 nginx-debugsource-1.16.1-150200.3.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): nginx-source-1.16.1-150200.3.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nginx-1.16.1-150200.3.12.1 nginx-debuginfo-1.16.1-150200.3.12.1 nginx-debugsource-1.16.1-150200.3.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): nginx-source-1.16.1-150200.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nginx-1.16.1-150200.3.12.1 nginx-debuginfo-1.16.1-150200.3.12.1 nginx-debugsource-1.16.1-150200.3.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): nginx-source-1.16.1-150200.3.12.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): nginx-1.16.1-150200.3.12.1 nginx-debuginfo-1.16.1-150200.3.12.1 nginx-debugsource-1.16.1-150200.3.12.1 - SUSE Enterprise Storage 7 (noarch): nginx-source-1.16.1-150200.3.12.1 References: https://www.suse.com/security/cve/CVE-2022-41741.html https://www.suse.com/security/cve/CVE-2022-41742.html https://bugzilla.suse.com/1204526 https://bugzilla.suse.com/1204527 From sle-security-updates at lists.suse.com Mon Jan 30 20:20:01 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 30 Jan 2023 21:20:01 +0100 (CET) Subject: SUSE-SU-2023:0213-1: important: Security update for python Message-ID: <20230130202001.9AAC3FCFA@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0213-1 Rating: important References: #1202666 #1205244 Cross-References: CVE-2022-45061 CVSS scores: CVE-2022-45061 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-45061 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for python fixes the following issues: - CVE-2022-45061: Fixed an excessive CPU usage when decoding crafted IDNA domain names (bsc#1205244). Non-security fixes: - Fixed the 2038 bug in the compileall module (bsc#1202666). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-213=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): python-doc-2.7.18-28.93.1 python-doc-pdf-2.7.18-28.93.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libpython2_7-1_0-2.7.18-28.93.1 libpython2_7-1_0-32bit-2.7.18-28.93.1 libpython2_7-1_0-debuginfo-2.7.18-28.93.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-28.93.1 python-2.7.18-28.93.1 python-32bit-2.7.18-28.93.1 python-base-2.7.18-28.93.1 python-base-32bit-2.7.18-28.93.1 python-base-debuginfo-2.7.18-28.93.1 python-base-debuginfo-32bit-2.7.18-28.93.1 python-base-debugsource-2.7.18-28.93.1 python-curses-2.7.18-28.93.1 python-curses-debuginfo-2.7.18-28.93.1 python-debuginfo-2.7.18-28.93.1 python-debuginfo-32bit-2.7.18-28.93.1 python-debugsource-2.7.18-28.93.1 python-demo-2.7.18-28.93.1 python-gdbm-2.7.18-28.93.1 python-gdbm-debuginfo-2.7.18-28.93.1 python-idle-2.7.18-28.93.1 python-tk-2.7.18-28.93.1 python-tk-debuginfo-2.7.18-28.93.1 python-xml-2.7.18-28.93.1 python-xml-debuginfo-2.7.18-28.93.1 References: https://www.suse.com/security/cve/CVE-2022-45061.html https://bugzilla.suse.com/1202666 https://bugzilla.suse.com/1205244 From sle-security-updates at lists.suse.com Mon Jan 30 20:20:47 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 30 Jan 2023 21:20:47 +0100 (CET) Subject: SUSE-SU-2023:0214-1: important: Security update for xen Message-ID: <20230130202047.4341EFCFA@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0214-1 Rating: important References: #1205209 Cross-References: CVE-2022-23824 CVSS scores: CVE-2022-23824 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-23824 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xen fixes the following issues: - CVE-2022-23824: Fixed multiple speculative security issues (bsc#1205209). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-214=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-214=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-214=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-214=1 Package List: - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): xen-4.13.4_18-150200.3.68.1 xen-debugsource-4.13.4_18-150200.3.68.1 xen-devel-4.13.4_18-150200.3.68.1 xen-libs-4.13.4_18-150200.3.68.1 xen-libs-debuginfo-4.13.4_18-150200.3.68.1 xen-tools-4.13.4_18-150200.3.68.1 xen-tools-debuginfo-4.13.4_18-150200.3.68.1 xen-tools-domU-4.13.4_18-150200.3.68.1 xen-tools-domU-debuginfo-4.13.4_18-150200.3.68.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): xen-tools-xendomains-wait-disk-4.13.4_18-150200.3.68.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): xen-4.13.4_18-150200.3.68.1 xen-debugsource-4.13.4_18-150200.3.68.1 xen-devel-4.13.4_18-150200.3.68.1 xen-libs-4.13.4_18-150200.3.68.1 xen-libs-debuginfo-4.13.4_18-150200.3.68.1 xen-tools-4.13.4_18-150200.3.68.1 xen-tools-debuginfo-4.13.4_18-150200.3.68.1 xen-tools-domU-4.13.4_18-150200.3.68.1 xen-tools-domU-debuginfo-4.13.4_18-150200.3.68.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): xen-tools-xendomains-wait-disk-4.13.4_18-150200.3.68.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): xen-4.13.4_18-150200.3.68.1 xen-debugsource-4.13.4_18-150200.3.68.1 xen-devel-4.13.4_18-150200.3.68.1 xen-libs-4.13.4_18-150200.3.68.1 xen-libs-debuginfo-4.13.4_18-150200.3.68.1 xen-tools-4.13.4_18-150200.3.68.1 xen-tools-debuginfo-4.13.4_18-150200.3.68.1 xen-tools-domU-4.13.4_18-150200.3.68.1 xen-tools-domU-debuginfo-4.13.4_18-150200.3.68.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): xen-tools-xendomains-wait-disk-4.13.4_18-150200.3.68.1 - SUSE Enterprise Storage 7 (x86_64): xen-4.13.4_18-150200.3.68.1 xen-debugsource-4.13.4_18-150200.3.68.1 xen-devel-4.13.4_18-150200.3.68.1 xen-libs-4.13.4_18-150200.3.68.1 xen-libs-debuginfo-4.13.4_18-150200.3.68.1 xen-tools-4.13.4_18-150200.3.68.1 xen-tools-debuginfo-4.13.4_18-150200.3.68.1 xen-tools-domU-4.13.4_18-150200.3.68.1 xen-tools-domU-debuginfo-4.13.4_18-150200.3.68.1 - SUSE Enterprise Storage 7 (noarch): xen-tools-xendomains-wait-disk-4.13.4_18-150200.3.68.1 References: https://www.suse.com/security/cve/CVE-2022-23824.html https://bugzilla.suse.com/1205209 From sle-security-updates at lists.suse.com Mon Jan 30 20:21:53 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 30 Jan 2023 21:21:53 +0100 (CET) Subject: SUSE-SU-2023:0211-1: moderate: Security update for vim Message-ID: <20230130202153.4E3E6FCFA@maintenance.suse.de> SUSE Security Update: Security update for vim ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0211-1 Rating: moderate References: #1206866 #1206867 #1206868 #1207162 #1207396 Cross-References: CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 CVSS scores: CVE-2023-0049 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-0049 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2023-0051 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-0051 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2023-0054 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-0054 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2023-0288 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-0288 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2023-0433 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Micro 5.3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 openSUSE Leap Micro 5.2 openSUSE Leap Micro 5.3 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap Micro 5.3: zypper in -t patch openSUSE-Leap-Micro-5.3-2023-211=1 - openSUSE Leap Micro 5.2: zypper in -t patch openSUSE-Leap-Micro-5.2-2023-211=1 - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-211=1 - SUSE Linux Enterprise Realtime Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-RT-15-SP3-2023-211=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2023-211=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2023-211=1 - SUSE Linux Enterprise Micro 5.3: zypper in -t patch SUSE-SLE-Micro-5.3-2023-211=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2023-211=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2023-211=1 Package List: - openSUSE Leap Micro 5.3 (aarch64 x86_64): vim-debuginfo-9.0.1234-150000.5.34.1 vim-debugsource-9.0.1234-150000.5.34.1 vim-small-9.0.1234-150000.5.34.1 vim-small-debuginfo-9.0.1234-150000.5.34.1 - openSUSE Leap Micro 5.3 (noarch): vim-data-common-9.0.1234-150000.5.34.1 - openSUSE Leap Micro 5.2 (aarch64 x86_64): vim-debuginfo-9.0.1234-150000.5.34.1 vim-debugsource-9.0.1234-150000.5.34.1 vim-small-9.0.1234-150000.5.34.1 vim-small-debuginfo-9.0.1234-150000.5.34.1 - openSUSE Leap Micro 5.2 (noarch): vim-data-common-9.0.1234-150000.5.34.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gvim-9.0.1234-150000.5.34.1 gvim-debuginfo-9.0.1234-150000.5.34.1 vim-9.0.1234-150000.5.34.1 vim-debuginfo-9.0.1234-150000.5.34.1 vim-debugsource-9.0.1234-150000.5.34.1 vim-small-9.0.1234-150000.5.34.1 vim-small-debuginfo-9.0.1234-150000.5.34.1 - openSUSE Leap 15.4 (noarch): vim-data-9.0.1234-150000.5.34.1 vim-data-common-9.0.1234-150000.5.34.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (noarch): vim-data-9.0.1234-150000.5.34.1 vim-data-common-9.0.1234-150000.5.34.1 - SUSE Linux Enterprise Realtime Extension 15-SP3 (x86_64): gvim-9.0.1234-150000.5.34.1 gvim-debuginfo-9.0.1234-150000.5.34.1 vim-9.0.1234-150000.5.34.1 vim-debuginfo-9.0.1234-150000.5.34.1 vim-debugsource-9.0.1234-150000.5.34.1 vim-small-9.0.1234-150000.5.34.1 vim-small-debuginfo-9.0.1234-150000.5.34.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): gvim-9.0.1234-150000.5.34.1 gvim-debuginfo-9.0.1234-150000.5.34.1 vim-debuginfo-9.0.1234-150000.5.34.1 vim-debugsource-9.0.1234-150000.5.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): vim-9.0.1234-150000.5.34.1 vim-debuginfo-9.0.1234-150000.5.34.1 vim-debugsource-9.0.1234-150000.5.34.1 vim-small-9.0.1234-150000.5.34.1 vim-small-debuginfo-9.0.1234-150000.5.34.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): vim-data-9.0.1234-150000.5.34.1 vim-data-common-9.0.1234-150000.5.34.1 - SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64): vim-debuginfo-9.0.1234-150000.5.34.1 vim-debugsource-9.0.1234-150000.5.34.1 vim-small-9.0.1234-150000.5.34.1 vim-small-debuginfo-9.0.1234-150000.5.34.1 - SUSE Linux Enterprise Micro 5.3 (noarch): vim-data-common-9.0.1234-150000.5.34.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): vim-debuginfo-9.0.1234-150000.5.34.1 vim-debugsource-9.0.1234-150000.5.34.1 vim-small-9.0.1234-150000.5.34.1 vim-small-debuginfo-9.0.1234-150000.5.34.1 - SUSE Linux Enterprise Micro 5.2 (noarch): vim-data-common-9.0.1234-150000.5.34.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): vim-debuginfo-9.0.1234-150000.5.34.1 vim-debugsource-9.0.1234-150000.5.34.1 vim-small-9.0.1234-150000.5.34.1 vim-small-debuginfo-9.0.1234-150000.5.34.1 - SUSE Linux Enterprise Micro 5.1 (noarch): vim-data-common-9.0.1234-150000.5.34.1 References: https://www.suse.com/security/cve/CVE-2023-0049.html https://www.suse.com/security/cve/CVE-2023-0051.html https://www.suse.com/security/cve/CVE-2023-0054.html https://www.suse.com/security/cve/CVE-2023-0288.html https://www.suse.com/security/cve/CVE-2023-0433.html https://bugzilla.suse.com/1206866 https://bugzilla.suse.com/1206867 https://bugzilla.suse.com/1206868 https://bugzilla.suse.com/1207162 https://bugzilla.suse.com/1207396 From sle-security-updates at lists.suse.com Mon Jan 30 20:23:11 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 30 Jan 2023 21:23:11 +0100 (CET) Subject: SUSE-SU-2023:0212-1: important: Security update for nginx Message-ID: <20230130202311.BEFECFCFA@maintenance.suse.de> SUSE Security Update: Security update for nginx ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0212-1 Rating: important References: #1204526 #1204527 Cross-References: CVE-2022-41741 CVE-2022-41742 CVSS scores: CVE-2022-41741 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-41741 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-41742 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2022-41742 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.3 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nginx fixes the following issues: - CVE-2022-41741: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204526) - CVE-2022-41742: Handle duplicated atoms in mp4 streams, to mitigate out-of-bound reads. (bsc#1204527) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-212=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2023-212=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nginx-1.21.5-150400.3.3.1 nginx-debuginfo-1.21.5-150400.3.3.1 nginx-debugsource-1.21.5-150400.3.3.1 - openSUSE Leap 15.4 (noarch): nginx-source-1.21.5-150400.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): nginx-1.21.5-150400.3.3.1 nginx-debuginfo-1.21.5-150400.3.3.1 nginx-debugsource-1.21.5-150400.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (noarch): nginx-source-1.21.5-150400.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-41741.html https://www.suse.com/security/cve/CVE-2022-41742.html https://bugzilla.suse.com/1204526 https://bugzilla.suse.com/1204527 From sle-security-updates at lists.suse.com Mon Jan 30 20:24:17 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Mon, 30 Jan 2023 21:24:17 +0100 (CET) Subject: SUSE-SU-2023:0209-1: important: Security update for vim Message-ID: <20230130202417.75678FCFA@maintenance.suse.de> SUSE Security Update: Security update for vim ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0209-1 Rating: important References: #1204779 #1205797 #1206028 #1206071 #1206072 #1206075 #1206077 #1206866 #1206867 #1206868 #1207162 #1207396 Cross-References: CVE-2022-3491 CVE-2022-3520 CVE-2022-3591 CVE-2022-3705 CVE-2022-4141 CVE-2022-4292 CVE-2022-4293 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 CVSS scores: CVE-2022-3491 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3491 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-3520 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-3520 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3591 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3591 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3705 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-3705 (SUSE): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-4141 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-4141 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2022-4292 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-4292 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-4293 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-4293 (SUSE): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2023-0049 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-0049 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2023-0051 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-0051 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2023-0054 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-0054 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2023-0288 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2023-0288 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2023-0433 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 12 vulnerabilities is now available. Description: This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). - CVE-2022-3491: Fixed an out of bounds memory access that could cause a crash (bsc#1206028). - CVE-2022-3520: Fixed an out of bounds memory access that could cause a crash (bsc#1206071). - CVE-2022-3591: Fixed a use-after-free issue that could cause memory corruption or undefined behavior (bsc#1206072). - CVE-2022-4292: Fixed a use-after-free issue that could cause memory corruption or undefined behavior (bsc#1206075). - CVE-2022-4293: Fixed a floating point exception that could cause a crash (bsc#1206077). - CVE-2022-4141: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1205797). - CVE-2022-3705: Fixed an use-after-free issue that could cause a crash or memory corruption (bsc#1204779). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2023-209=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2023-209=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-209=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-209=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2023-209=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2023-209=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): vim-data-9.0.1234-17.12.1 vim-data-common-9.0.1234-17.12.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): gvim-9.0.1234-17.12.1 gvim-debuginfo-9.0.1234-17.12.1 vim-9.0.1234-17.12.1 vim-debuginfo-9.0.1234-17.12.1 vim-debugsource-9.0.1234-17.12.1 - SUSE OpenStack Cloud 9 (x86_64): gvim-9.0.1234-17.12.1 gvim-debuginfo-9.0.1234-17.12.1 vim-9.0.1234-17.12.1 vim-debuginfo-9.0.1234-17.12.1 vim-debugsource-9.0.1234-17.12.1 - SUSE OpenStack Cloud 9 (noarch): vim-data-9.0.1234-17.12.1 vim-data-common-9.0.1234-17.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): gvim-9.0.1234-17.12.1 gvim-debuginfo-9.0.1234-17.12.1 vim-9.0.1234-17.12.1 vim-debuginfo-9.0.1234-17.12.1 vim-debugsource-9.0.1234-17.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): vim-data-9.0.1234-17.12.1 vim-data-common-9.0.1234-17.12.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gvim-9.0.1234-17.12.1 gvim-debuginfo-9.0.1234-17.12.1 vim-9.0.1234-17.12.1 vim-debuginfo-9.0.1234-17.12.1 vim-debugsource-9.0.1234-17.12.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): vim-data-9.0.1234-17.12.1 vim-data-common-9.0.1234-17.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): gvim-9.0.1234-17.12.1 gvim-debuginfo-9.0.1234-17.12.1 vim-9.0.1234-17.12.1 vim-debuginfo-9.0.1234-17.12.1 vim-debugsource-9.0.1234-17.12.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): vim-data-9.0.1234-17.12.1 vim-data-common-9.0.1234-17.12.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gvim-9.0.1234-17.12.1 gvim-debuginfo-9.0.1234-17.12.1 vim-9.0.1234-17.12.1 vim-debuginfo-9.0.1234-17.12.1 vim-debugsource-9.0.1234-17.12.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): vim-data-9.0.1234-17.12.1 vim-data-common-9.0.1234-17.12.1 References: https://www.suse.com/security/cve/CVE-2022-3491.html https://www.suse.com/security/cve/CVE-2022-3520.html https://www.suse.com/security/cve/CVE-2022-3591.html https://www.suse.com/security/cve/CVE-2022-3705.html https://www.suse.com/security/cve/CVE-2022-4141.html https://www.suse.com/security/cve/CVE-2022-4292.html https://www.suse.com/security/cve/CVE-2022-4293.html https://www.suse.com/security/cve/CVE-2023-0049.html https://www.suse.com/security/cve/CVE-2023-0051.html https://www.suse.com/security/cve/CVE-2023-0054.html https://www.suse.com/security/cve/CVE-2023-0288.html https://www.suse.com/security/cve/CVE-2023-0433.html https://bugzilla.suse.com/1204779 https://bugzilla.suse.com/1205797 https://bugzilla.suse.com/1206028 https://bugzilla.suse.com/1206071 https://bugzilla.suse.com/1206072 https://bugzilla.suse.com/1206075 https://bugzilla.suse.com/1206077 https://bugzilla.suse.com/1206866 https://bugzilla.suse.com/1206867 https://bugzilla.suse.com/1206868 https://bugzilla.suse.com/1207162 https://bugzilla.suse.com/1207396 From sle-security-updates at lists.suse.com Tue Jan 31 08:38:59 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 31 Jan 2023 09:38:59 +0100 (CET) Subject: SUSE-CU-2023:267-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20230131083859.5EC2BF78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:267-1 Container Tags : suse/sle-micro/5.3/toolbox:12.1 , suse/sle-micro/5.3/toolbox:12.1-5.2.73 , suse/sle-micro/5.3/toolbox:latest Container Release : 5.2.73 Severity : moderate Type : security References : 1206866 1206867 1206868 1207162 1207396 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:211-1 Released: Mon Jan 30 17:26:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1206866,1206867,1206868,1207162,1207396,CVE-2023-0049,CVE-2023-0051,CVE-2023-0054,CVE-2023-0288,CVE-2023-0433 This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). The following package changes have been done: - vim-data-common-9.0.1234-150000.5.34.1 updated - vim-9.0.1234-150000.5.34.1 updated From sle-security-updates at lists.suse.com Tue Jan 31 08:40:13 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 31 Jan 2023 09:40:13 +0100 (CET) Subject: SUSE-CU-2023:268-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20230131084013.1B5F3F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:268-1 Container Tags : suse/sle-micro/5.4/toolbox:12.1 , suse/sle-micro/5.4/toolbox:12.1-3.2.47 , suse/sle-micro/5.4/toolbox:latest Container Release : 3.2.47 Severity : moderate Type : security References : 1206866 1206867 1206868 1207162 1207396 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:211-1 Released: Mon Jan 30 17:26:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1206866,1206867,1206868,1207162,1207396,CVE-2023-0049,CVE-2023-0051,CVE-2023-0054,CVE-2023-0288,CVE-2023-0433 This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). The following package changes have been done: - vim-data-common-9.0.1234-150000.5.34.1 updated - vim-9.0.1234-150000.5.34.1 updated From sle-security-updates at lists.suse.com Tue Jan 31 08:59:00 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 31 Jan 2023 09:59:00 +0100 (CET) Subject: SUSE-CU-2023:273-1: Security update of bci/golang Message-ID: <20230131085900.8E476F78A@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:273-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-19.25 Container Release : 19.25 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libudev1-249.14-150400.8.19.1 updated - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Tue Jan 31 09:03:06 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 31 Jan 2023 10:03:06 +0100 (CET) Subject: SUSE-CU-2023:274-1: Security update of bci/golang Message-ID: <20230131090306.5753EF78A@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:274-1 Container Tags : bci/golang:1.19 , bci/golang:1.19-20.11 , bci/golang:latest Container Release : 20.11 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libudev1-249.14-150400.8.19.1 updated - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Tue Jan 31 09:06:37 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 31 Jan 2023 10:06:37 +0100 (CET) Subject: SUSE-CU-2023:275-1: Security update of bci/nodejs Message-ID: <20230131090637.56315F78A@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:275-1 Container Tags : bci/node:14 , bci/node:14-36.26 , bci/nodejs:14 , bci/nodejs:14-36.26 Container Release : 36.26 Severity : important Type : security References : 1194038 1203652 1204944 1205000 1205646 1207182 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libuuid1-2.37.2-150400.8.14.1 updated - libudev1-249.14-150400.8.19.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - libopenssl1_1-1.1.1l-150400.7.19.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.19.1 updated - libmount1-2.37.2-150400.8.14.1 updated - util-linux-2.37.2-150400.8.14.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Tue Jan 31 09:14:36 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 31 Jan 2023 10:14:36 +0100 (CET) Subject: SUSE-CU-2023:277-1: Security update of bci/openjdk Message-ID: <20230131091436.5DD5FF78A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:277-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-12.11 , bci/openjdk:latest Container Release : 12.11 Severity : important Type : security References : 1203652 1204944 1205000 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Tue Jan 31 09:26:28 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 31 Jan 2023 10:26:28 +0100 (CET) Subject: SUSE-CU-2023:279-1: Security update of bci/ruby Message-ID: <20230131092628.B6F96F78A@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:279-1 Container Tags : bci/ruby:2 , bci/ruby:2-33.11 , bci/ruby:2.5 , bci/ruby:2.5-33.11 , bci/ruby:latest Container Release : 33.11 Severity : important Type : security References : 1194038 1203652 1204944 1205000 1205646 1207182 1207264 CVE-2022-4415 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:177-1 Released: Thu Jan 26 20:57:35 2023 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194038,1205646 This update for util-linux fixes the following issues: - Fix tests not passing when '@' character is in build path: Fixes rpmbuild %checks fail when @ in the directory path (bsc#1194038). - libuuid continuous clock handling for time based UUIDs: Prevent use of the new libuuid ABI by uuidd %post before update of libuuid1 (bsc#1205646). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:178-1 Released: Thu Jan 26 20:58:21 2023 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1207182 This update for openssl-1_1 fixes the following issues: - FIPS: Add Pair-wise Consistency Test when generating DH key [bsc#1207182] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:188-1 Released: Fri Jan 27 12:07:19 2023 Summary: Recommended update for zlib Type: recommended Severity: important References: 1203652 This update for zlib fixes the following issues: - Follow up fix for bug bsc#1203652 due to libxml2 issues ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:201-1 Released: Fri Jan 27 15:24:15 2023 Summary: Security update for systemd Type: security Severity: moderate References: 1204944,1205000,1207264,CVE-2022-4415 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed an issue where users could access coredumps with changed uid, gid or capabilities (bsc#1205000). Non-security fixes: - Enabled the pstore service (jsc#PED-2663). - Fixed an issue accessing TPM when secure boot is enabled (bsc#1204944). - Fixed an issue where a pamd file could get accidentally overwritten after an update (bsc#1207264). The following package changes have been done: - libuuid1-2.37.2-150400.8.14.1 updated - libudev1-249.14-150400.8.19.1 updated - libsmartcols1-2.37.2-150400.8.14.1 updated - libblkid1-2.37.2-150400.8.14.1 updated - libfdisk1-2.37.2-150400.8.14.1 updated - libz1-1.2.11-150000.3.39.1 updated - libsystemd0-249.14-150400.8.19.1 updated - libopenssl1_1-1.1.1l-150400.7.19.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.19.1 updated - libmount1-2.37.2-150400.8.14.1 updated - util-linux-2.37.2-150400.8.14.1 updated - container:sles15-image-15.0.0-27.14.33 updated From sle-security-updates at lists.suse.com Tue Jan 31 09:29:48 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 31 Jan 2023 10:29:48 +0100 (CET) Subject: SUSE-CU-2023:280-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20230131092948.7B14DF78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:280-1 Container Tags : suse/sle-micro/5.1/toolbox:11.1 , suse/sle-micro/5.1/toolbox:11.1-2.2.347 , suse/sle-micro/5.1/toolbox:latest Container Release : 2.2.347 Severity : moderate Type : security References : 1206866 1206867 1206868 1207162 1207396 CVE-2023-0049 CVE-2023-0051 CVE-2023-0054 CVE-2023-0288 CVE-2023-0433 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:211-1 Released: Mon Jan 30 17:26:10 2023 Summary: Security update for vim Type: security Severity: moderate References: 1206866,1206867,1206868,1207162,1207396,CVE-2023-0049,CVE-2023-0051,CVE-2023-0054,CVE-2023-0288,CVE-2023-0433 This update for vim fixes the following issues: - Updated to version 9.0.1234: - CVE-2023-0433: Fixed an out of bounds memory access that could cause a crash (bsc#1207396). - CVE-2023-0288: Fixed an out of bounds memory access that could cause a crash (bsc#1207162). - CVE-2023-0054: Fixed an out of bounds memory write that could cause a crash or memory corruption (bsc#1206868). - CVE-2023-0051: Fixed an out of bounds memory access that could cause a crash (bsc#1206867). - CVE-2023-0049: Fixed an out of bounds memory access that could cause a crash (bsc#1206866). The following package changes have been done: - vim-data-common-9.0.1234-150000.5.34.1 updated - vim-9.0.1234-150000.5.34.1 updated From sle-security-updates at lists.suse.com Tue Jan 31 11:18:31 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 31 Jan 2023 12:18:31 +0100 (CET) Subject: SUSE-SU-2022:0088-3: moderate: Security update for ghostscript Message-ID: <20230131111831.28844FCFA@maintenance.suse.de> SUSE Security Update: Security update for ghostscript ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0088-3 Rating: moderate References: #1194303 #1194304 Cross-References: CVE-2021-45944 CVE-2021-45949 CVSS scores: CVE-2021-45944 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45944 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-45949 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45949 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ghostscript fixes the following issues: - CVE-2021-45944: Fixed use-after-free in sampled_data_sample (bsc#1194303) - CVE-2021-45949: Fixed heap-based buffer overflow in sampled_data_finish (bsc#1194304) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-216=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-216=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-216=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-216=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-216=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-216=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-216=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2023-216=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): ghostscript-9.52-161.1 ghostscript-debuginfo-9.52-161.1 ghostscript-debugsource-9.52-161.1 ghostscript-devel-9.52-161.1 ghostscript-x11-9.52-161.1 ghostscript-x11-debuginfo-9.52-161.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): ghostscript-9.52-161.1 ghostscript-debuginfo-9.52-161.1 ghostscript-debugsource-9.52-161.1 ghostscript-devel-9.52-161.1 ghostscript-x11-9.52-161.1 ghostscript-x11-debuginfo-9.52-161.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): ghostscript-9.52-161.1 ghostscript-debuginfo-9.52-161.1 ghostscript-debugsource-9.52-161.1 ghostscript-devel-9.52-161.1 ghostscript-x11-9.52-161.1 ghostscript-x11-debuginfo-9.52-161.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): ghostscript-9.52-161.1 ghostscript-debuginfo-9.52-161.1 ghostscript-debugsource-9.52-161.1 ghostscript-devel-9.52-161.1 ghostscript-x11-9.52-161.1 ghostscript-x11-debuginfo-9.52-161.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): ghostscript-9.52-161.1 ghostscript-debuginfo-9.52-161.1 ghostscript-debugsource-9.52-161.1 ghostscript-devel-9.52-161.1 ghostscript-x11-9.52-161.1 ghostscript-x11-debuginfo-9.52-161.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): ghostscript-9.52-161.1 ghostscript-debuginfo-9.52-161.1 ghostscript-debugsource-9.52-161.1 ghostscript-devel-9.52-161.1 ghostscript-x11-9.52-161.1 ghostscript-x11-debuginfo-9.52-161.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): ghostscript-9.52-161.1 ghostscript-debuginfo-9.52-161.1 ghostscript-debugsource-9.52-161.1 ghostscript-devel-9.52-161.1 ghostscript-x11-9.52-161.1 ghostscript-x11-debuginfo-9.52-161.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): ghostscript-9.52-161.1 ghostscript-debuginfo-9.52-161.1 ghostscript-debugsource-9.52-161.1 ghostscript-devel-9.52-161.1 ghostscript-x11-9.52-161.1 ghostscript-x11-debuginfo-9.52-161.1 - SUSE CaaS Platform 4.0 (x86_64): ghostscript-9.52-161.1 ghostscript-debuginfo-9.52-161.1 ghostscript-debugsource-9.52-161.1 ghostscript-devel-9.52-161.1 ghostscript-x11-9.52-161.1 ghostscript-x11-debuginfo-9.52-161.1 References: https://www.suse.com/security/cve/CVE-2021-45944.html https://www.suse.com/security/cve/CVE-2021-45949.html https://bugzilla.suse.com/1194303 https://bugzilla.suse.com/1194304 From sle-security-updates at lists.suse.com Tue Jan 31 11:19:38 2023 From: sle-security-updates at lists.suse.com (sle-security-updates at lists.suse.com) Date: Tue, 31 Jan 2023 12:19:38 +0100 (CET) Subject: SUSE-SU-2022:0944-2: moderate: Security update for libarchive Message-ID: <20230131111938.3C474FCFA@maintenance.suse.de> SUSE Security Update: Security update for libarchive ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0944-2 Rating: moderate References: #1022528 #1188572 #1189528 Cross-References: CVE-2017-5601 CVE-2021-36976 CVSS scores: CVE-2017-5601 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-5601 (SUSE): 4.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2021-36976 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-36976 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for libarchive fixes the following issues: - CVE-2021-36976: Fixed an invalid memory access that could cause data corruption (bsc#1188572). Non-security updates: - Updated references for CVE-2017-5601, which was already fixed in a previous version (bsc#1022528 bsc#1189528). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-217=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-217=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-217=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2023-217=1 Package List: - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): bsdtar-3.4.2-150200.4.3.1 bsdtar-debuginfo-3.4.2-150200.4.3.1 libarchive-debugsource-3.4.2-150200.4.3.1 libarchive-devel-3.4.2-150200.4.3.1 libarchive13-3.4.2-150200.4.3.1 libarchive13-debuginfo-3.4.2-150200.4.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): bsdtar-3.4.2-150200.4.3.1 bsdtar-debuginfo-3.4.2-150200.4.3.1 libarchive-debugsource-3.4.2-150200.4.3.1 libarchive-devel-3.4.2-150200.4.3.1 libarchive13-3.4.2-150200.4.3.1 libarchive13-debuginfo-3.4.2-150200.4.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): bsdtar-3.4.2-150200.4.3.1 bsdtar-debuginfo-3.4.2-150200.4.3.1 libarchive-debugsource-3.4.2-150200.4.3.1 libarchive-devel-3.4.2-150200.4.3.1 libarchive13-3.4.2-150200.4.3.1 libarchive13-debuginfo-3.4.2-150200.4.3.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): bsdtar-3.4.2-150200.4.3.1 bsdtar-debuginfo-3.4.2-150200.4.3.1 libarchive-debugsource-3.4.2-150200.4.3.1 libarchive-devel-3.4.2-150200.4.3.1 libarchive13-3.4.2-150200.4.3.1 libarchive13-debuginfo-3.4.2-150200.4.3.1 References: https://www.suse.com/security/cve/CVE-2017-5601.html https://www.suse.com/security/cve/CVE-2021-36976.html https://bugzilla.suse.com/1022528 https://bugzilla.suse.com/1188572 https://bugzilla.suse.com/1189528