SUSE-CU-2024:1697-1: Security update of rancher/elemental-teal-rt/5.4
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Apr 25 07:01:18 UTC 2024
SUSE Container Update Advisory: rancher/elemental-teal-rt/5.4
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:1697-1
Container Tags : rancher/elemental-teal-rt/5.4:1.2.3 , rancher/elemental-teal-rt/5.4:1.2.3-2.2.132 , rancher/elemental-teal-rt/5.4:latest
Container Release : 2.2.132
Severity : important
Type : security
References : 1107342 1108281 1144060 1176006 1177529 1188307 1190495 1190495
1192051 1203823 1205502 1206627 1207987 1209834 1210507 1210959
1211515 1211886 1212091 1212514 1213189 1213418 1213456 1214064
1214934 1215377 1215434 1215885 1216016 1216198 1216702 1217217
1217445 1217450 1217589 1217667 1217670 1217895 1217964 1217987
1217988 1217989 1218195 1218216 1218232 1218492 1218562 1218571
1218689 1218713 1218730 1218752 1218757 1218768 1218804 1218832
1218836 1218842 1218866 1218894 1218915 1218916 1218929 1218930
1218968 1219031 1219053 1219073 1219120 1219126 1219127 1219128
1219146 1219238 1219243 1219295 1219321 1219349 1219412 1219429
1219434 1219490 1219520 1219559 1219563 1219576 1219608 1219633
1219653 1219767 1219827 1219835 1219975 1220009 1220061 1220117
1220117 1220140 1220187 1220237 1220238 1220240 1220241 1220243
1220250 1220251 1220253 1220254 1220255 1220257 1220320 1220326
1220328 1220330 1220335 1220340 1220344 1220350 1220364 1220366
1220385 1220398 1220409 1220411 1220413 1220433 1220439 1220441
1220443 1220444 1220445 1220457 1220459 1220466 1220469 1220478
1220482 1220484 1220486 1220487 1220568 1220649 1220724 1220735
1220736 1220770 1220771 1220790 1220796 1220797 1220825 1220831
1220833 1220836 1220839 1220840 1220843 1220845 1220870 1220871
1220872 1220878 1220879 1220885 1220898 1220917 1220918 1220920
1220921 1220926 1220927 1220929 1220930 1220931 1220932 1220933
1220938 1220940 1220954 1220955 1220959 1220960 1220961 1220965
1220969 1220978 1220979 1220981 1220982 1220983 1220985 1220986
1220987 1220989 1220990 1221009 1221012 1221015 1221022 1221039
1221040 1221048 1221050 1221055 1221058 1221077 1221218 1221239
1221276 1221289 1221399 1221470 1221551 1221553 1221665 1221667
1221677 1221677 1221725 1221831 1222073 1222619 CVE-2019-25162
CVE-2021-33631 CVE-2021-46923 CVE-2021-46924 CVE-2021-46925 CVE-2021-46926
CVE-2021-46927 CVE-2021-46929 CVE-2021-46930 CVE-2021-46931 CVE-2021-46932
CVE-2021-46933 CVE-2021-46934 CVE-2021-46936 CVE-2021-47082 CVE-2021-47083
CVE-2021-47087 CVE-2021-47091 CVE-2021-47093 CVE-2021-47094 CVE-2021-47095
CVE-2021-47096 CVE-2021-47097 CVE-2021-47098 CVE-2021-47099 CVE-2021-47100
CVE-2021-47101 CVE-2021-47102 CVE-2021-47104 CVE-2021-47105 CVE-2021-47107
CVE-2021-47108 CVE-2022-48626 CVE-2022-48627 CVE-2022-48629 CVE-2022-48630
CVE-2023-28746 CVE-2023-29383 CVE-2023-35827 CVE-2023-45918 CVE-2023-46838
CVE-2023-47233 CVE-2023-51042 CVE-2023-51043 CVE-2023-51780 CVE-2023-51782
CVE-2023-5197 CVE-2023-52160 CVE-2023-52340 CVE-2023-52425 CVE-2023-52429
CVE-2023-52439 CVE-2023-52443 CVE-2023-52445 CVE-2023-52447 CVE-2023-52448
CVE-2023-52449 CVE-2023-52450 CVE-2023-52451 CVE-2023-52452 CVE-2023-52454
CVE-2023-52456 CVE-2023-52457 CVE-2023-52463 CVE-2023-52464 CVE-2023-52467
CVE-2023-52469 CVE-2023-52470 CVE-2023-52474 CVE-2023-52475 CVE-2023-52477
CVE-2023-52478 CVE-2023-52482 CVE-2023-52484 CVE-2023-52492 CVE-2023-52497
CVE-2023-52501 CVE-2023-52502 CVE-2023-52504 CVE-2023-52507 CVE-2023-52508
CVE-2023-52509 CVE-2023-52510 CVE-2023-52511 CVE-2023-52513 CVE-2023-52515
CVE-2023-52517 CVE-2023-52519 CVE-2023-52520 CVE-2023-52523 CVE-2023-52524
CVE-2023-52525 CVE-2023-52528 CVE-2023-52529 CVE-2023-52530 CVE-2023-52531
CVE-2023-52532 CVE-2023-52559 CVE-2023-52564 CVE-2023-52566 CVE-2023-52567
CVE-2023-52569 CVE-2023-52574 CVE-2023-52575 CVE-2023-52576 CVE-2023-52582
CVE-2023-52583 CVE-2023-52597 CVE-2023-52605 CVE-2023-52621 CVE-2023-5388
CVE-2023-6040 CVE-2023-6270 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536
CVE-2023-6817 CVE-2023-6915 CVE-2023-7207 CVE-2024-0340 CVE-2024-0565
CVE-2024-0607 CVE-2024-0641 CVE-2024-0727 CVE-2024-0775 CVE-2024-1085
CVE-2024-1086 CVE-2024-1151 CVE-2024-1753 CVE-2024-1753 CVE-2024-2004
CVE-2024-21626 CVE-2024-23849 CVE-2024-23850 CVE-2024-23851 CVE-2024-2398
CVE-2024-24860 CVE-2024-25062 CVE-2024-25742 CVE-2024-26458 CVE-2024-26461
CVE-2024-26585 CVE-2024-26586 CVE-2024-26589 CVE-2024-26591 CVE-2024-26593
CVE-2024-26595 CVE-2024-26598 CVE-2024-26600 CVE-2024-26602 CVE-2024-26603
CVE-2024-26607 CVE-2024-26622 CVE-2024-28085 CVE-2024-28182 CVE-2024-28757
-----------------------------------------------------------------
The container rancher/elemental-teal-rt/5.4 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:322-1
Released: Fri Feb 2 15:13:26 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1107342,1215434
This update for aaa_base fixes the following issues:
- Set JAVA_HOME correctly (bsc#1107342, bsc#1215434)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:459-1
Released: Tue Feb 13 15:28:56 2024
Summary: Security update for runc
Type: security
Severity: important
References: 1218894,CVE-2024-21626
This update for runc fixes the following issues:
- Update to runc v1.1.12 (bsc#1218894)
The following CVE was already fixed with the previous release.
- CVE-2024-21626: Fixed container breakout.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:476-1
Released: Wed Feb 14 19:35:24 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1108281,1177529,1209834,1212091,1215885,1216016,1216702,1217217,1217670,1217895,1217987,1217988,1217989,1218689,1218713,1218730,1218752,1218757,1218768,1218804,1218832,1218836,1218916,1218929,1218930,1218968,1219053,1219120,1219128,1219349,1219412,1219429,1219434,1219490,1219608,CVE-2021-33631,CVE-2023-46838,CVE-2023-47233,CVE-2023-51042,CVE-2023-51043,CVE-2023-51780,CVE-2023-51782,CVE-2023-6040,CVE-2023-6356,CVE-2023-6535,CVE-2023-6536,CVE-2023-6915,CVE-2024-0340,CVE-2024-0565,CVE-2024-0641,CVE-2024-0775,CVE-2024-1085,CVE-2024-1086,CVE-2024-24860
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-0340: Fixed information disclosure in vhost/vhost.c:vhost_new_msg() (bsc#1218689).
- CVE-2024-24860: Fixed a denial of service caused by a race condition in {min,max}_key_size_set() (bsc#1219608).
- CVE-2024-1085: Fixed nf_tables use-after-free vulnerability in the nft_setelem_catchall_deactivate() function (bsc#1219429).
- CVE-2024-1086: Fixed a use-after-free vulnerability inside the nf_tables component that could have been exploited to achieve local privilege escalation (bsc#1219434).
- CVE-2023-51042: Fixed use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (bsc#1219128).
- CVE-2023-51780: Fixed a use-after-free in do_vcc_ioctl in net/atm/ioctl.c, because of a vcc_recvmsg race condition (bsc#1218730).
- CVE-2023-46838: Fixed an issue with Xen netback processing of zero-length transmit fragment (bsc#1218836).
- CVE-2021-33631: Fixed an integer overflow in ext4_write_inline_data_end() (bsc#1219412).
- CVE-2023-6535: Fixed a NULL pointer dereference in nvmet_tcp_execute_request (bsc#1217988).
- CVE-2023-6536: Fixed a NULL pointer dereference in __nvmet_req_complete (bsc#1217989).
- CVE-2023-6356: Fixed a NULL pointer dereference in nvmet_tcp_build_pdu_iovec (bsc#1217987).
- CVE-2023-47233: Fixed a use-after-free in the device unplugging (disconnect the USB by hotplug) code inside the brcm80211 component (bsc#1216702).
- CVE-2023-51043: Fixed use-after-free during a race condition between a nonblocking atomic commit and a driver unload in drivers/gpu/drm/drm_atomic.c (bsc#1219120).
- CVE-2024-0775: Fixed use-after-free in __ext4_remount in fs/ext4/super.c that could allow a local user to cause an information leak problem while freeing the old quota file names before a potential failure (bsc#1219053).
- CVE-2023-6040: Fixed an out-of-bounds access vulnerability while creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function (bsc#1218752).
- CVE-2024-0641: Fixed a denial of service vulnerability in tipc_crypto_key_revoke in net/tipc/crypto.c (bsc#1218916).
- CVE-2024-0565: Fixed an out-of-bounds memory read flaw in receive_encrypted_standard in fs/smb/client/smb2ops.c (bsc#1218832).
- CVE-2023-6915: Fixed a NULL pointer dereference problem in ida_free in lib/idr.c (bsc#1218804).
- CVE-2023-51782: Fixed use-after-free in rose_ioctl in net/rose/af_rose.c because of a rose_accept race condition (bsc#1218757).
The following non-security bugs were fixed:
- Store the old kernel changelog entries in kernel-docs package (bsc#1218713).
- bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent (git-fixes).
- bcache: Remove unnecessary NULL point check in node allocations (git-fixes).
- bcache: add code comments for bch_btree_node_get() and __bch_btree_node_alloc() (git-fixes).
- bcache: avoid NULL checking to c->root in run_cache_set() (git-fixes).
- bcache: avoid oversize memory allocation by small stripe_size (git-fixes).
- bcache: check return value from btree_node_alloc_replacement() (git-fixes).
- bcache: fixup btree_cache_wait list damage (git-fixes).
- bcache: fixup init dirty data errors (git-fixes).
- bcache: fixup lock c->root error (git-fixes).
- bcache: fixup multi-threaded bch_sectors_dirty_init() wake-up race (git-fixes).
- bcache: prevent potential division by zero error (git-fixes).
- bcache: remove redundant assignment to variable cur_idx (git-fixes).
- bcache: replace a mistaken IS_ERR() by IS_ERR_OR_NULL() in btree_gc_coalesce() (git-fixes).
- bcache: revert replacing IS_ERR_OR_NULL with IS_ERR (git-fixes).
- block: Fix kabi header include (bsc#1218929).
- block: free the extended dev_t minor later (bsc#1218930).
- clocksource: Skip watchdog check for large watchdog intervals (bsc#1217217).
- clocksource: disable watchdog checks on TSC when TSC is watchdog (bsc#1215885).
- dm cache policy smq: ensure IO does not prevent cleaner policy progress (git-fixes).
- dm cache: add cond_resched() to various workqueue loops (git-fixes).
- dm clone: call kmem_cache_destroy() in dm_clone_init() error path (git-fixes).
- dm crypt: add cond_resched() to dmcrypt_write() (git-fixes).
- dm crypt: avoid accessing uninitialized tasklet (git-fixes).
- dm flakey: do not corrupt the zero page (git-fixes).
- dm flakey: fix a crash with invalid table line (git-fixes).
- dm flakey: fix logic when corrupting a bio (git-fixes).
- dm init: add dm-mod.waitfor to wait for asynchronously probed block devices (git-fixes).
- dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path (git-fixes).
- dm integrity: reduce vmalloc space footprint on 32-bit architectures (git-fixes).
- dm raid: clean up four equivalent goto tags in raid_ctr() (git-fixes).
- dm raid: fix missing reconfig_mutex unlock in raid_ctr() error paths (git-fixes).
- dm stats: check for and propagate alloc_percpu failure (git-fixes).
- dm thin metadata: Fix ABBA deadlock by resetting dm_bufio_client (git-fixes).
- dm thin metadata: check fail_io before using data_sm (git-fixes).
- dm thin: add cond_resched() to various workqueue loops (git-fixes).
- dm thin: fix deadlock when swapping to thin device (bsc#1177529).
- dm verity: do not perform FEC for failed readahead IO (git-fixes).
- dm verity: fix error handling for check_at_most_once on FEC (git-fixes).
- dm verity: skip redundant verity_handle_err() on I/O errors (git-fixes).
- dm zoned: free dmz->ddev array in dmz_put_zoned_devices (git-fixes).
- dm-delay: fix a race between delay_presuspend and delay_bio (git-fixes).
- dm-integrity: do not modify bio's immutable bio_vec in integrity_metadata() (git-fixes).
- dm-verity: align struct dm_verity_fec_io properly (git-fixes).
- dm: add cond_resched() to dm_wq_work() (git-fixes).
- dm: do not lock fs when the map is NULL during suspend or resume (git-fixes).
- dm: do not lock fs when the map is NULL in process of resume (git-fixes).
- dm: remove flush_scheduled_work() during local_exit() (git-fixes).
- dm: send just one event on resize, not two (git-fixes).
- doc/README.KSYMS: Add to repo.
- hv_netvsc: rndis_filter needs to select NLS (git-fixes).
- intel_idle: add Emerald Rapids Xeon support (bsc#1216016).
- kabi, vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
- kernel-source: Fix description typo
- loop: suppress uevents while reconfiguring the device (git-fixes).
- nbd: Fix debugfs_create_dir error checking (git-fixes).
- nbd: fix incomplete validation of ioctl arg (git-fixes).
- nbd: use the correct block_device in nbd_bdev_reset (git-fixes).
- nfsd4: add refcount for nfsd4_blocked_lock (bsc#1218968 bsc#1219349).
- nfsd: fix RELEASE_LOCKOWNER (bsc#1218968).
- null_blk: Always check queue mode setting from configfs (git-fixes).
- powerpc/pseries/iommu: enable_ddw incorrectly returns direct mapping for SR-IOV device (bsc#1212091 ltc#199106 git-fixes).
- rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails (git-fixes).
- rbd: decouple header read-in from updating rbd_dev->header (git-fixes).
- rbd: decouple parent info read-in from updating rbd_dev (git-fixes).
- rbd: get snapshot context after exclusive lock is ensured to be held (git-fixes).
- rbd: harden get_lock_owner_info() a bit (git-fixes).
- rbd: make get_lock_owner_info() return a single locker or NULL (git-fixes).
- rbd: move RBD_OBJ_FLAG_COPYUP_ENABLED flag setting (git-fixes).
- rbd: move rbd_dev_refresh() definition (git-fixes).
- rbd: prevent busy loop when requesting exclusive lock (git-fixes).
- rbd: retrieve and check lock owner twice before blocklisting (git-fixes).
- rbd: take header_rwsem in rbd_dev_refresh() only when updating (git-fixes).
- sched/isolation: add cpu_is_isolated() API (bsc#1217895).
- scsi: ibmvfc: Implement channel queue depth and event buffer accounting (bsc#1209834 ltc#202097).
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (bsc#1209834 ltc#202097).
- trace,smp: Add tracepoints around remotelly called functions (bsc#1217895).
- vmstat: skip periodic vmstat update for isolated CPUs (bsc#1217895).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:597-1
Released: Thu Feb 22 20:07:11 2024
Summary: Security update for mozilla-nss
Type: security
Severity: important
References: 1216198,CVE-2023-5388
This update for mozilla-nss fixes the following issues:
Update to NSS 3.90.2:
- CVE-2023-5388: Fixed timing attack against RSA decryption in TLS (bsc#1216198)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:613-1
Released: Mon Feb 26 11:21:43 2024
Summary: Security update for libxml2
Type: security
Severity: moderate
References: 1219576,CVE-2024-25062
This update for libxml2 fixes the following issues:
- CVE-2024-25062: Fixed use-after-free in XMLReader (bsc#1219576).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:615-1
Released: Mon Feb 26 11:32:32 2024
Summary: Recommended update for netcfg
Type: recommended
Severity: moderate
References: 1211886
This update for netcfg fixes the following issues:
- Add krb-prop entry (bsc#1211886)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:766-1
Released: Tue Mar 5 13:50:28 2024
Summary: Recommended update for libssh
Type: recommended
Severity: important
References: 1220385
This update for libssh fixes the following issues:
- Fix regression parsing IPv6 addresses provided as hostname (bsc#1220385)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:792-1
Released: Thu Mar 7 09:55:23 2024
Summary: Recommended update for timezone
Type: recommended
Severity: moderate
References:
This update for timezone fixes the following issues:
- Update to version 2024a
- Kazakhstan unifies on UTC+5
- Palestine springs forward a week later than previously predicted in 2024 and 2025
- Asia/Ho_Chi_Minh's 1955-07-01 transition occurred at 01:00 not 00:00
- From 1947 through 1949, Toronto's transitions occurred at 02:00 not 00:00
- In 1911 Miquelon adopted standard time on June 15, not May 15
- The FROM and TO columns of Rule lines can no longer be 'minimum'
- localtime no longer mishandle some timestamps
- strftime %s now uses tm_gmtoff if available
- Ittoqqortoormiit, Greenland changes time zones on 2024-03-31
- Vostok, Antarctica changed time zones on 2023-12-18
- Casey, Antarctica changed time zones five times since 2020
- Code and data fixes for Palestine timestamps starting in 2072
- A new data file zonenow.tab for timestamps starting now
- Much of Greenland changed its standard time from -03 to -02 on 2023-03-25
- localtime.c no longer mishandles TZif files that contain a single transition into a DST regime
- tzselect no longer creates temporary files
- tzselect no longer mishandles the following:
* Spaces and most other special characters in BUGEMAIL, PACKAGE, TZDIR, and VERSION.
* TZ strings when using mawk 1.4.3, which mishandles regular expressions of the form /X{2,}/
* ISO 6709 coordinates when using an awk that lacks the GNU extension of newlines in -v option-arguments
* Non UTF-8 locales when using an iconv command that lacks the GNU //TRANSLIT extension
* zic no longer mishandles data for Palestine after the year 2075
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:819-1
Released: Fri Mar 8 12:05:12 2024
Summary: Security update for wpa_supplicant
Type: security
Severity: important
References: 1219975,CVE-2023-52160
This update for wpa_supplicant fixes the following issues:
- CVE-2023-52160: Bypassing WiFi Authentication (bsc#1219975).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:833-1
Released: Mon Mar 11 10:31:14 2024
Summary: Security update for openssl-1_1
Type: security
Severity: moderate
References: 1219243,CVE-2024-0727
This update for openssl-1_1 fixes the following issues:
- CVE-2024-0727: Denial of service when processing a maliciously formatted PKCS12 file (bsc#1219243).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:305-1
Released: Mon Mar 11 14:15:37 2024
Summary: Security update for cpio
Type: security
Severity: moderate
References: 1218571,1219238,CVE-2023-7207
This update for cpio fixes the following issues:
- Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:838-1
Released: Tue Mar 12 06:46:28 2024
Summary: Recommended update for util-linux
Type: recommended
Severity: moderate
References: 1220117
This update for util-linux fixes the following issues:
- Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:861-1
Released: Wed Mar 13 09:12:30 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1218232
This update for aaa_base fixes the following issues:
- Silence the output in the case of broken symlinks (bsc#1218232)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:870-1
Released: Wed Mar 13 13:05:14 2024
Summary: Security update for glibc
Type: security
Severity: moderate
References: 1217445,1217589,1218866
This update for glibc fixes the following issues:
Security issues fixed:
- qsort: harden handling of degenerated / non transient compare function (bsc#1218866)
Other issues fixed:
- getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163)
- aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:907-1
Released: Fri Mar 15 08:57:38 2024
Summary: Recommended update for audit
Type: recommended
Severity: moderate
References: 1215377
This update for audit fixes the following issue:
- Fix plugin termination when using systemd service units (bsc#1215377)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:929-1
Released: Tue Mar 19 06:36:24 2024
Summary: Recommended update for coreutils
Type: recommended
Severity: moderate
References: 1219321
This update for coreutils fixes the following issues:
- tail: fix tailing sysfs files where PAGE_SIZE > BUFSIZ (bsc#1219321)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:939-1
Released: Wed Mar 20 09:03:37 2024
Summary: Security update for shadow
Type: security
Severity: moderate
References: 1144060,1176006,1188307,1203823,1205502,1206627,1210507,1213189,CVE-2023-29383
This update for shadow fixes the following issues:
- CVE-2023-29383: Fixed apparent /etc/shadow manipulation via chfn (bsc#1210507).
The following non-security bugs were fixed:
- bsc#1176006: Fix chage date miscalculation
- bsc#1188307: Fix passwd segfault
- bsc#1203823: Remove pam_keyinit from PAM config files
- bsc#1213189: Change lock mechanism to file locking to prevent
lock files after power interruptions
- bsc#1206627: Add --prefix support to passwd, chpasswd and chage
- bsc#1205502: useradd audit event user id field cannot be interpretedd
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:977-1
Released: Fri Mar 22 15:33:40 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1211515,1213456,1214064,1218195,1218216,1218562,1218915,1219073,1219126,1219127,1219146,1219295,1219633,1219653,1219827,1219835,1220009,1220140,1220187,1220238,1220240,1220241,1220243,1220250,1220251,1220253,1220254,1220255,1220257,1220326,1220328,1220330,1220335,1220344,1220350,1220364,1220398,1220409,1220433,1220444,1220457,1220459,1220469,1220649,1220735,1220736,1220796,1220797,1220825,1220845,1220917,1220930,1220931,1220933,CVE-2019-25162,CVE-2021-46923,CVE-2021-46924,CVE-2021-46932,CVE-2021-46934,CVE-2021-47083,CVE-2022-48627,CVE-2023-28746,CVE-2023-5197,CVE-2023-52340,CVE-2023-52429,CVE-2023-52439,CVE-2023-52443,CVE-2023-52445,CVE-2023-52447,CVE-2023-52448,CVE-2023-52449,CVE-2023-52451,CVE-2023-52452,CVE-2023-52456,CVE-2023-52457,CVE-2023-52463,CVE-2023-52464,CVE-2023-52467,CVE-2023-52475,CVE-2023-52478,CVE-2023-52482,CVE-2023-52484,CVE-2023-52530,CVE-2023-52531,CVE-2023-52559,CVE-2023-6270,CVE-2023-6817,CVE-2024-0607,CVE-2024-1151,CVE-2024-23849,CVE-2024-23850,CVE
-2024-23851,CVE-2024-26585,CVE-2024-26586,CVE-2024-26589,CVE-2024-26591,CVE-2024-26593,CVE-2024-26595,CVE-2024-26598,CVE-2024-26602,CVE-2024-26603,CVE-2024-26607,CVE-2024-26622
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2019-25162: Fixed a potential use after free (bsc#1220409).
- CVE-2021-46923: Fixed reference leakage in fs/mount_setattr (bsc#1220457).
- CVE-2021-46924: Fixed fix memory leak in device probe and remove (bsc#1220459)
- CVE-2021-46932: Fixed missing work initialization before device registration (bsc#1220444)
- CVE-2021-46934: Fixed a bug by validating user data in compat ioctl (bsc#1220469).
- CVE-2021-47083: Fixed a global-out-of-bounds issue in mediatek: (bsc#1220917).
- CVE-2022-48627: Fixed a memory overlapping when deleting chars in the buffer (bsc#1220845).
- CVE-2023-28746: Fixed Register File Data Sampling (bsc#1213456).
- CVE-2023-5197: Fixed se-after-free due to addition and removal of rules from chain bindings within the same transaction (bsc#1218216).
- CVE-2023-52340: Fixed ICMPv6 “Packet Too Big†packets force a DoS of the Linux kernel by forcing 100% CPU (bsc#1219295).
- CVE-2023-52429: Fixed potential DoS in dm_table_create in drivers/md/dm-table.c (bsc#1219827).
- CVE-2023-52439: Fixed use-after-free in uio_open (bsc#1220140).
- CVE-2023-52443: Fixed crash when parsed profile name is empty (bsc#1220240).
- CVE-2023-52445: Fixed use after free on context disconnection (bsc#1220241).
- CVE-2023-52447: Fixed map_fd_put_ptr() signature kABI workaround (bsc#1220251).
- CVE-2023-52448: Fixed kernel NULL pointer dereference in gfs2_rgrp_dump (bsc#1220253).
- CVE-2023-52449: Fixed gluebi NULL pointer dereference caused by ftl notifier (bsc#1220238).
- CVE-2023-52451: Fixed access beyond end of drmem array (bsc#1220250).
- CVE-2023-52452: Fixed Fix accesses to uninit stack slots (bsc#1220257).
- CVE-2023-52456: Fixed tx statemachine deadlock (bsc#1220364).
- CVE-2023-52457: Fixed skipped resource freeing if pm_runtime_resume_and_get() failed (bsc#1220350).
- CVE-2023-52463: Fixed null pointer dereference in efivarfs (bsc#1220328).
- CVE-2023-52464: Fixed possible out-of-bounds string access (bsc#1220330)
- CVE-2023-52467: Fixed a null pointer dereference in of_syscon_register (bsc#1220433).
- CVE-2023-52475: Fixed use-after-free in powermate_config_complete (bsc#1220649)
- CVE-2023-52478: Fixed kernel crash on receiver USB disconnect (bsc#1220796)
- CVE-2023-52482: Fixed a bug by adding SRSO mitigation for Hygon processors (bsc#1220735).
- CVE-2023-52484: Fixed a soft lockup triggered by arm_smmu_mm_invalidate_range (bsc#1220797).
- CVE-2023-52530: Fixed a potential key use-after-free in wifi mac80211 (bsc#1220930).
- CVE-2023-52531: Fixed a memory corruption issue in iwlwifi (bsc#1220931).
- CVE-2023-52559: Fixed a bug by avoiding memory allocation in iommu_suspend (bsc#1220933).
- CVE-2023-6270: Fixed a use-after-free issue in aoecmd_cfg_pkts (bsc#1218562).
- CVE-2023-6817: Fixed use-after-free in nft_pipapo_walk (bsc#1218195).
- CVE-2024-0607: Fixed 64-bit load issue in nft_byteorder_eval() (bsc#1218915).
- CVE-2024-1151: Fixed unlimited number of recursions from action sets (bsc#1219835).
- CVE-2024-23849: Fixed array-index-out-of-bounds in rds_cmsg_recv (bsc#1219127).
- CVE-2024-23850: Fixed double free of anonymous device after snapshot creation failure (bsc#1219126).
- CVE-2024-23851: Fixed crash in copy_params in drivers/md/dm-ioctl.c (bsc#1219146).
- CVE-2024-26585: Fixed race between tx work scheduling and socket close (bsc#1220187).
- CVE-2024-26586: Fixed stack corruption (bsc#1220243).
- CVE-2024-26589: Fixed out of bounds read due to variable offset alu on PTR_TO_FLOW_KEYS (bsc#1220255).
- CVE-2024-26591: Fixed re-attachment branch in bpf_tracing_prog_attach (bsc#1220254).
- CVE-2024-26593: Fixed block process call transactions (bsc#1220009).
- CVE-2024-26595: Fixed NULL pointer dereference in error path (bsc#1220344).
- CVE-2024-26598: Fixed potential UAF in LPI translation cache (bsc#1220326).
- CVE-2024-26602: Fixed overall slowdowns with sys_membarrier (bsc1220398).
- CVE-2024-26603: Fixed infinite loop via #PF handling (bsc#1220335).
- CVE-2024-26607: Fixed a probing race issue in sii902x: (bsc#1220736).
- CVE-2024-26622: Fixed UAF write bug in tomoyo_write_control() (bsc#1220825).
The following non-security bugs were fixed:
- bpf: fix verification of indirect var-off stack access (git-fixes).
- bpf: guard stack limits against 32bit overflow (git-fixes).
- drop 2 git-fixes patches which are suspicious to introduce regression reported in bsc#1219073
- fix unresolved hunks in readme.branch
- kvm: vmx: move verw closer to vmentry for mds mitigation (git-fixes).
- kvm: vmx: use bt+jnc, i.e. eflags.cf to select vmresume vs. vmlaunch (git-fixes).
- nfs: avoid infinite loop in pnfs_update_layout (bsc#1219633).
- nvme: move nvme_stop_keep_alive() back to original position (bsc#1211515).
- nvme: remove nvme_alloc_request and nvme_alloc_request_qid (bsc#1214064).
- nvme: start keep-alive after admin queue setup (bsc#1211515).
- readme.branch: use correct mail for roy
- rpm/kernel-binary.spec.in: install scripts/gdb when enabled in config (bsc#1219653) they are put into -devel subpackage. and a proper link to /usr/share/gdb/auto-load/ is created.
- x86/asm: add _asm_rip() macro for x86-64 (%rip) suffix (git-fixes).
- x86/bugs: add asm helpers for executing verw (git-fixes).
- x86/bugs: use alternative() instead of mds_user_clear static key (git-fixes). also add the removed mds_user_clear symbol to kabi severities as it is exposed just for kvm module and is generally a core kernel component so removing it is low risk.
- x86/entry_32: add verw just before userspace transition (git-fixes).
- x86/entry_64: Add VERW just before userspace transition (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:980-1
Released: Mon Mar 25 06:18:28 2024
Summary: Recommended update for pam-config
Type: recommended
Severity: moderate
References: 1219767
This update for pam-config fixes the following issues:
- Fix pam_gnome_keyring module for AUTH (bsc#1219767)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:982-1
Released: Mon Mar 25 12:56:33 2024
Summary: Recommended update for systemd-rpm-macros
Type: recommended
Severity: moderate
References: 1217964
This update for systemd-rpm-macros fixes the following issue:
- Order packages that requires systemd after systemd-sysvcompat if needed. (bsc#1217964)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:984-1
Released: Mon Mar 25 16:04:44 2024
Summary: Recommended update for runc
Type: recommended
Severity: important
References: 1192051,1221050
This update for runc fixes the following issues:
- Add upstream patch <https://github.com/opencontainers/runc/pull/4219> to
properly fix -ENOSYS stub on ppc64le. bsc#1192051 bsc#1221050
This allows running 15 SP6 containers on older distributions.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1006-1
Released: Wed Mar 27 10:48:38 2024
Summary: Security update for krb5
Type: security
Severity: important
References: 1220770,1220771,CVE-2024-26458,CVE-2024-26461
This update for krb5 fixes the following issues:
- CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770).
- CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1010-1
Released: Wed Mar 27 16:07:37 2024
Summary: Recommended update for perl-Bootloader
Type: recommended
Severity: important
References: 1218842,1221470
This update for perl-Bootloader fixes the following issues:
- Log grub2-install errors correctly (bsc#1221470)
- Update to version 0.947
- Support old grub versions that used /usr/lib (bsc#1218842)
- Create EFI boot fallback directory if necessary
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1015-1
Released: Thu Mar 28 06:08:11 2024
Summary: Recommended update for sed
Type: recommended
Severity: important
References: 1221218
This update for sed fixes the following issues:
- 'sed -i' now creates temporary files with correct umask (bsc#1221218)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1058-1
Released: Thu Mar 28 14:50:41 2024
Summary: Security update for podman
Type: security
Severity: important
References: 1221677,CVE-2024-1753
This update for podman fixes the following issues:
- CVE-2024-1753: Fixed full container escape at build time (bsc#1221677).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1080-1
Released: Tue Apr 2 06:50:10 2024
Summary: Recommended update for xfsprogs-scrub
Type: recommended
Severity: low
References: 1190495
This update for xfsprogs-scrub fixes the following issues:
- Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 and SLE-15-SP4 (bsc#1190495)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1104-1
Released: Wed Apr 3 14:29:58 2024
Summary: Recommended update for docker, containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs
Type: recommended
Severity: important
References:
This update for docker fixes the following issues:
- Overlay files are world-writable (bsc#1220339)
- Allow disabling apparmor support (some products only support SELinux)
The other packages in the update (containerd, rootlesskit, catatonit, slirp4netns, fuse-overlayfs)
are no-change rebuilds required because the corresponding binary packages were missing in a number
of repositories, thus making docker not installable on some products.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1129-1
Released: Mon Apr 8 09:12:08 2024
Summary: Security update for expat
Type: security
Severity: important
References: 1219559,1221289,CVE-2023-52425,CVE-2024-28757
This update for expat fixes the following issues:
- CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559)
- CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1133-1
Released: Mon Apr 8 11:29:02 2024
Summary: Security update for ncurses
Type: security
Severity: moderate
References: 1220061,CVE-2023-45918
This update for ncurses fixes the following issues:
- CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1144-1
Released: Mon Apr 8 11:33:47 2024
Summary: Security update for buildah
Type: security
Severity: important
References: 1219563,1220568,1221677,CVE-2024-1753
This update for buildah fixes the following issues:
- CVE-2024-1753: Fixed an issue to prevent a full container escape at build time. (bsc#1221677)
- Update to version 1.34.1 for compatibility with Docker 25.0
(which is not in SLES yet, but will eventually be) (bsc#1219563).
See the corresponding release notes:
* https://github.com/containers/buildah/releases/tag/v1.34.1
* https://github.com/containers/buildah/releases/tag/v1.34.0
* https://github.com/containers/buildah/releases/tag/v1.33.0
* https://github.com/containers/buildah/releases/tag/v1.32.0
* https://github.com/containers/buildah/releases/tag/v1.31.0
* https://github.com/containers/buildah/releases/tag/v1.30.0
- Require cni-plugins (bsc#1220568)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1151-1
Released: Mon Apr 8 11:36:23 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398
This update for curl fixes the following issues:
- CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665)
- CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1167-1
Released: Mon Apr 8 15:11:11 2024
Summary: Security update for nghttp2
Type: security
Severity: important
References: 1221399,CVE-2024-28182
This update for nghttp2 fixes the following issues:
- CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1169-1
Released: Tue Apr 9 09:50:32 2024
Summary: Security update for util-linux
Type: security
Severity: important
References: 1207987,1220117,1221831,CVE-2024-28085
This update for util-linux fixes the following issues:
- CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1201-1
Released: Thu Apr 11 10:47:59 2024
Summary: Recommended update for xfsprogs-scrub and jctools
Type: recommended
Severity: low
References: 1190495,1213418
This update for xfsprogs-scrub fixes the following issues:
- Added missing xfsprogs-scrub to Package Hub for SLE-15-SP5 (bsc#1190495)
- Added missing jctools to Package Hub for SLE-15-SP5 (bsc#1213418)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1231-1
Released: Thu Apr 11 15:20:40 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1220441
This update for glibc fixes the following issues:
- duplocale: protect use of global locale (bsc#1220441, BZ #23970)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:1253-1
Released: Fri Apr 12 08:15:18 2024
Summary: Recommended update for gcc13
Type: recommended
Severity: moderate
References: 1210959,1214934,1217450,1217667,1218492,1219031,1219520,1220724,1221239
This update for gcc13 fixes the following issues:
- Fix unwinding for JIT code. [bsc#1221239]
- Revert libgccjit dependency change. [bsc#1220724]
- Remove crypt and crypt_r interceptors. The crypt API change in SLE15 SP3
breaks them. [bsc#1219520]
- Add support for -fmin-function-alignment. [bsc#1214934]
- Use %{_target_cpu} to determine host and build.
- Fix for building TVM. [bsc#1218492]
- Add cross-X-newlib-devel requires to newlib cross compilers.
[bsc#1219031]
- Package m2rte.so plugin in the gcc13-m2 sub-package rather than in gcc13-devel. [bsc#1210959]
- Require libstdc++6-devel-gcc13 from gcc13-m2 as m2 programs are linked against libstdc++6.
- Fixed building mariadb on i686. [bsc#1217667]
- Avoid update-alternatives dependency for accelerator crosses.
- Package tool links to llvm in cross-amdgcn-gcc13 rather than in
cross-amdgcn-newlib13-devel since that also has the dependence.
- Depend on llvmVER instead of llvm with VER equal to
%product_libs_llvm_ver where available and adjust tool discovery
accordingly. This should also properly trigger re-builds when
the patchlevel version of llvmVER changes, possibly changing
the binary names we link to. [bsc#1217450]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1320-1
Released: Tue Apr 16 18:04:04 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1212514,1220237,1220320,1220340,1220366,1220411,1220413,1220439,1220443,1220445,1220466,1220478,1220482,1220484,1220486,1220487,1220790,1220831,1220833,1220836,1220839,1220840,1220843,1220870,1220871,1220872,1220878,1220879,1220885,1220898,1220918,1220920,1220921,1220926,1220927,1220929,1220932,1220938,1220940,1220954,1220955,1220959,1220960,1220961,1220965,1220969,1220978,1220979,1220981,1220982,1220983,1220985,1220986,1220987,1220989,1220990,1221009,1221012,1221015,1221022,1221039,1221040,1221048,1221055,1221058,1221077,1221276,1221551,1221553,1221725,1222073,1222619,CVE-2021-46925,CVE-2021-46926,CVE-2021-46927,CVE-2021-46929,CVE-2021-46930,CVE-2021-46931,CVE-2021-46933,CVE-2021-46936,CVE-2021-47082,CVE-2021-47087,CVE-2021-47091,CVE-2021-47093,CVE-2021-47094,CVE-2021-47095,CVE-2021-47096,CVE-2021-47097,CVE-2021-47098,CVE-2021-47099,CVE-2021-47100,CVE-2021-47101,CVE-2021-47102,CVE-2021-47104,CVE-2021-47105,CVE-2021-47107,CVE-2021-47108,CVE-2022-48626,CVE-2022-48629,CVE-
2022-48630,CVE-2023-35827,CVE-2023-52450,CVE-2023-52454,CVE-2023-52469,CVE-2023-52470,CVE-2023-52474,CVE-2023-52477,CVE-2023-52492,CVE-2023-52497,CVE-2023-52501,CVE-2023-52502,CVE-2023-52504,CVE-2023-52507,CVE-2023-52508,CVE-2023-52509,CVE-2023-52510,CVE-2023-52511,CVE-2023-52513,CVE-2023-52515,CVE-2023-52517,CVE-2023-52519,CVE-2023-52520,CVE-2023-52523,CVE-2023-52524,CVE-2023-52525,CVE-2023-52528,CVE-2023-52529,CVE-2023-52532,CVE-2023-52564,CVE-2023-52566,CVE-2023-52567,CVE-2023-52569,CVE-2023-52574,CVE-2023-52575,CVE-2023-52576,CVE-2023-52582,CVE-2023-52583,CVE-2023-52597,CVE-2023-52605,CVE-2023-52621,CVE-2024-25742,CVE-2024-26600
The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-46925: Fixed kernel panic caused by race of smc_sock (bsc#1220466).
- CVE-2021-46926: Fixed bug when detecting controllers in ALSA/hda/intel-sdw-acpi (bsc#1220478).
- CVE-2021-46927: Fixed assertion bug in nitro_enclaves: Use get_user_pages_unlocked() (bsc#1220443).
- CVE-2021-46929: Fixed use-after-free issue in sctp_sock_dump() (bsc#1220482).
- CVE-2021-46930: Fixed usb/mtu3 list_head check warning (bsc#1220484).
- CVE-2021-46931: Fixed wrong type casting in mlx5e_tx_reporter_dump_sq() (bsc#1220486).
- CVE-2021-46933: Fixed possible underflow in ffs_data_clear() (bsc#1220487).
- CVE-2021-46936: Fixed use-after-free in tw_timer_handler() (bsc#1220439).
- CVE-2021-47082: Fixed ouble free in tun_free_netdev() (bsc#1220969).
- CVE-2021-47087: Fixed incorrect page free bug in tee/optee (bsc#1220954).
- CVE-2021-47091: Fixed locking in ieee80211_start_ap()) error path (bsc#1220959).
- CVE-2021-47093: Fixed memleak on registration failure in intel_pmc_core (bsc#1220978).
- CVE-2021-47094: Fixed possible memory leak in KVM x86/mmu (bsc#1221551).
- CVE-2021-47095: Fixed missing initialization in ipmi/ssif (bsc#1220979).
- CVE-2021-47096: Fixed uninitalized user_pversion in ALSA rawmidi (bsc#1220981).
- CVE-2021-47097: Fixed stack out of bound access in elantech_change_report_id() (bsc#1220982).
- CVE-2021-47098: Fixed integer overflow/underflow in hysteresis calculations hwmon: (lm90) (bsc#1220983).
- CVE-2021-47099: Fixed BUG_ON assertion in veth when skb entering GRO are cloned (bsc#1220955).
- CVE-2021-47100: Fixed UAF when uninstall in ipmi (bsc#1220985).
- CVE-2021-47101: Fixed uninit-value in asix_mdio_read() (bsc#1220987).
- CVE-2021-47102: Fixed incorrect structure access In line: upper = info->upper_dev in net/marvell/prestera (bsc#1221009).
- CVE-2021-47104: Fixed memory leak in qib_user_sdma_queue_pkts() (bsc#1220960).
- CVE-2021-47105: Fixed potential memory leak in ice/xsk (bsc#1220961).
- CVE-2021-47107: Fixed READDIR buffer overflow in NFSD (bsc#1220965).
- CVE-2021-47108: Fixed possible NULL pointer dereference for mtk_hdmi_conf in drm/mediatek (bsc#1220986).
- CVE-2022-48626: Fixed a potential use-after-free on remove path moxart (bsc#1220366).
- CVE-2022-48629: Fixed possible memory leak in qcom-rng (bsc#1220989).
- CVE-2022-48630: Fixed infinite loop on requests not multiple of WORD_SZ in crypto: qcom-rng (bsc#1220990).
- CVE-2023-35827: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1212514).
- CVE-2023-52450: Fixed NULL pointer dereference issue in upi_fill_topology() (bsc#1220237).
- CVE-2023-52454: Fixed a kernel panic when host sends an invalid H2C PDU length (bsc#1220320).
- CVE-2023-52469: Fixed a use-after-free in kv_parse_power_table (bsc#1220411).
- CVE-2023-52470: Fixed null-ptr-deref in radeon_crtc_init() (bsc#1220413).
- CVE-2023-52474: Fixed a vulnerability with non-PAGE_SIZE-end multi-iovec user SDMA requests (bsc#1220445).
- CVE-2023-52477: Fixed USB Hub accesses to uninitialized BOS descriptors (bsc#1220790).
- CVE-2023-52492: Fixed a null-pointer-dereference in channel unregistration function __dma_async_device_channel_register() (bsc#1221276).
- CVE-2023-52497: Fixed data corruption in erofs (bsc#1220879).
- CVE-2023-52501: Fixed possible memory corruption in ring-buffer (bsc#1220885).
- CVE-2023-52502: Fixed a race condition in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() (bsc#1220831).
- CVE-2023-52504: Fixed possible out-of bounds in apply_alternatives() on a 5-level paging machine (bsc#1221553).
- CVE-2023-52507: Fixed possible shift-out-of-bounds in nfc/nci (bsc#1220833).
- CVE-2023-52508: Fixed null pointer dereference in nvme_fc_io_getuuid() (bsc#1221015).
- CVE-2023-52509: Fixed a use-after-free issue in ravb_tx_timeout_work() (bsc#1220836).
- CVE-2023-52510: Fixed a potential UAF in ca8210_probe() (bsc#1220898).
- CVE-2023-52511: Fixed possible memory corruption in spi/sun6i (bsc#1221012).
- CVE-2023-52513: Fixed connection failure handling in RDMA/siw (bsc#1221022).
- CVE-2023-52515: Fixed possible use-after-free in RDMA/srp (bsc#1221048).
- CVE-2023-52517: Fixed race between DMA RX transfer completion and RX FIFO drain in spi/sun6i (bsc#1221055).
- CVE-2023-52519: Fixed possible overflow in HID/intel-ish-hid/ipc (bsc#1220920).
- CVE-2023-52520: Fixed reference leak in platform/x86/think-lmi (bsc#1220921).
- CVE-2023-52523: Fixed wrong redirects to non-TCP sockets in bpf (bsc#1220926).
- CVE-2023-52524: Fixed possible corruption in nfc/llcp (bsc#1220927).
- CVE-2023-52525: Fixed out of bounds check mwifiex_process_rx_packet() (bsc#1220840).
- CVE-2023-52528: Fixed uninit-value access in __smsc75xx_read_reg() (bsc#1220843).
- CVE-2023-52529: Fixed a potential memory leak in sony_probe() (bsc#1220929).
- CVE-2023-52532: Fixed a bug in TX CQE error handling (bsc#1220932).
- CVE-2023-52564: Reverted invalid fix for UAF in gsm_cleanup_mux() (bsc#1220938).
- CVE-2023-52566: Fixed potential use after free in nilfs_gccache_submit_read_data() (bsc#1220940).
- CVE-2023-52567: Fixed possible Oops in serial/8250_port: when using IRQ polling (irq = 0) (bsc#1220839).
- CVE-2023-52569: Fixed a bug in btrfs by remoning BUG() after failure to insert delayed dir index item (bsc#1220918).
- CVE-2023-52574: Fixed a bug by hiding new member header_ops (bsc#1220870).
- CVE-2023-52575: Fixed SBPB enablement for spec_rstack_overflow=off (bsc#1220871).
- CVE-2023-52576: Fixed potential use after free in memblock_isolate_range() (bsc#1220872).
- CVE-2023-52582: Fixed possible oops in netfs (bsc#1220878).
- CVE-2023-52583: Fixed deadlock or deadcode of misusing dget() inside ceph (bsc#1221058).
- CVE-2023-52597: Fixed a setting of fpc register in KVM (bsc#1221040).
- CVE-2023-52605: Fixed a NULL pointer dereference check (bsc#1221039)
- CVE-2023-52621: Fixed missing asserion in bpf (bsc#1222073).
- CVE-2024-25742: Fixed insufficient validation during #VC instruction emulation in x86/sev (bsc#1221725).
- CVE-2024-26600: Fixed NULL pointer dereference for SRP in phy-omap-usb2 (bsc#1220340).
The following non-security bugs were fixed:
- doc/README.SUSE: Update information about module support status (jsc#PED-5759)
- group-source-files.pl: Quote filenames (boo#1221077).
- tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc (bsc#1222619).
The following package changes have been done:
- libssh-config-0.9.8-150400.3.6.1 updated
- glibc-2.31-150300.71.1 updated
- libnghttp2-14-1.40.0-150200.17.1 updated
- libuuid1-2.37.2-150400.8.29.1 updated
- libsmartcols1-2.37.2-150400.8.29.1 updated
- libexpat1-2.4.4-150400.3.17.1 updated
- libblkid1-2.37.2-150400.8.29.1 updated
- libaudit1-3.0.6-150400.4.16.1 updated
- libfdisk1-2.37.2-150400.8.29.1 updated
- libgcc_s1-13.2.1+git8285-150000.1.9.1 updated
- catatonit-0.1.7-150300.10.5.2 updated
- mozilla-nss-certs-3.90.2-150400.3.39.1 updated
- libxml2-2-2.9.14-150400.5.28.1 updated
- libfreebl3-3.90.2-150400.3.39.1 updated
- libmount1-2.37.2-150400.8.29.1 updated
- libsoftokn3-3.90.2-150400.3.39.1 updated
- mozilla-nss-3.90.2-150400.3.39.1 updated
- libstdc++6-13.2.1+git8285-150000.1.9.1 updated
- libncurses6-6.1-150000.5.24.1 updated
- terminfo-base-6.1-150000.5.24.1 updated
- coreutils-8.32-150400.9.3.1 updated
- timezone-2024a-150000.75.28.1 updated
- systemd-rpm-macros-15-150000.7.39.1 updated
- netcfg-11.6-150000.3.6.1 updated
- ncurses-utils-6.1-150000.5.24.1 updated
- glibc-locale-base-2.31-150300.71.1 updated
- login_defs-4.8.1-150400.3.6.1 updated
- perl-Bootloader-0.947-150400.3.12.1 updated
- cpio-2.13-150400.3.6.1 updated
- sed-4.4-150300.13.3.1 updated
- libopenssl1_1-1.1.1l-150400.7.63.1 updated
- krb5-1.19.2-150400.3.9.1 updated
- libssh4-0.9.8-150400.3.6.1 updated
- libcurl4-8.0.1-150400.5.44.1 updated
- pam-config-1.1-150200.3.6.1 updated
- shadow-4.8.1-150400.3.6.1 updated
- util-linux-2.37.2-150400.8.29.1 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.12.1 updated
- util-linux-systemd-2.37.2-150400.8.29.1 updated
- runc-1.1.12-150000.64.1 updated
- cni-0.7.1-150100.3.18.1 updated
- cni-plugins-0.8.6-150100.3.22.3 updated
- fuse-overlayfs-1.1.2-150100.3.11.1 updated
- xfsprogs-5.13.0-150400.3.7.1 updated
- slirp4netns-1.2.0-150300.8.7.1 updated
- podman-4.4.4-150400.4.22.1 updated
- wpa_supplicant-2.9-150000.4.39.1 updated
- kernel-rt-5.14.21-150400.15.76.1 updated
- hostname-3.16-2.22 removed
- iproute2-5.14-150400.1.8 removed
- libltdl7-2.4.6-3.4.1 removed
- libmspack0-0.6-3.14.1 removed
- libxslt1-1.1.34-150400.3.3.1 removed
- system-user-nobody-20170617-150400.24.2.1 removed
- tar-1.34-150000.3.34.1 removed
- which-2.21-2.20 removed
More information about the sle-container-updates
mailing list