From sle-container-updates at lists.suse.com Mon Jul 1 07:04:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 1 Jul 2024 09:04:11 +0200 (CEST) Subject: SUSE-CU-2024:2962-1: Security update of suse/sle15 Message-ID: <20240701070411.128E1FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2962-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.11 Container Release : 9.8.11 Severity : low Type : security References : 1224044 CVE-2024-34397 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2247-1 Released: Sun Jun 30 15:21:38 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.18.1 updated From sle-container-updates at lists.suse.com Mon Jul 1 07:04:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 1 Jul 2024 09:04:24 +0200 (CEST) Subject: SUSE-CU-2024:2963-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20240701070424.48804FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2963-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.4.70 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.4.70 Container Release : 4.70 Severity : low Type : security References : 1224044 CVE-2024-34397 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2247-1 Released: Sun Jun 30 15:21:38 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.18.1 updated From sle-container-updates at lists.suse.com Mon Jul 1 07:01:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 1 Jul 2024 09:01:28 +0200 (CEST) Subject: SUSE-IU-2024:588-1: Security update of suse-sles-15-sp5-chost-byos-v20240626-hvm-ssd-x86_64 Message-ID: <20240701070128.7C107FCBE@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240626-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:588-1 Image Tags : suse-sles-15-sp5-chost-byos-v20240626-hvm-ssd-x86_64:20240626 Image Release : Severity : important Type : security References : 1065729 1141539 1160293 1174585 1181674 1187716 1188441 1190569 1191949 1192107 1193983 1194288 1194869 1196956 1197915 1200465 1205205 1207284 1207361 1207948 1208149 1209627 1209657 1209799 1209834 1209980 1210335 1213551 1213863 1214852 1215322 1215702 1216358 1216702 1216717 1217169 1217339 1217515 1218447 1218668 1218722 1219680 1220021 1220082 1220267 1220363 1220783 1221044 1221081 1221361 1221400 1221615 1221777 1221816 1221829 1221940 1222011 1222021 1222086 1222261 1222343 1222348 1222374 1222385 1222413 1222464 1222513 1222559 1222561 1222608 1222619 1222627 1222721 1222765 1222770 1222783 1222793 1222870 1222893 1222960 1222961 1222974 1222975 1222976 1223011 1223023 1223027 1223031 1223043 1223046 1223048 1223049 1223084 1223113 1223119 1223137 1223138 1223140 1223188 1223203 1223207 1223278 1223315 1223360 1223384 1223390 1223423 1223424 1223425 1223430 1223432 1223469 1223489 1223505 1223532 1223575 1223595 1223626 1223627 1223628 1223631 1223633 1223638 1223650 1223653 1223666 1223670 1223671 1223675 1223677 1223678 1223679 1223698 1223712 1223715 1223717 1223718 1223737 1223738 1223741 1223744 1223747 1223748 1223750 1223752 1223754 1223756 1223757 1223762 1223766 1223769 1223770 1223779 1223780 1223781 1223788 1223802 1223819 1223823 1223826 1223828 1223829 1223837 1223842 1223843 1223844 1223847 1223858 1223875 1223879 1223895 1223959 1223961 1223980 1223991 1223996 1224020 1224076 1224096 1224098 1224099 1224137 1224166 1224174 1224177 1224180 1224181 1224187 1224242 1224320 1224323 1224331 1224346 1224423 1224432 1224437 1224438 1224442 1224443 1224445 1224449 1224479 1224482 1224487 1224488 1224492 1224494 1224495 1224502 1224508 1224509 1224511 1224519 1224524 1224525 1224530 1224531 1224534 1224535 1224537 1224541 1224543 1224549 1224550 1224558 1224559 1224566 1224567 1224571 1224575 1224576 1224579 1224580 1224581 1224582 1224586 1224587 1224592 1224598 1224601 1224607 1224608 1224611 1224615 1224617 1224618 1224621 1224622 1224624 1224627 1224628 1224629 1224632 1224636 1224637 1224638 1224640 1224643 1224644 1224645 1224647 1224648 1224649 1224650 1224651 1224657 1224659 1224660 1224663 1224664 1224665 1224666 1224667 1224668 1224671 1224672 1224676 1224678 1224679 1224680 1224681 1224682 1224685 1224686 1224692 1224697 1224699 1224701 1224703 1224705 1224707 1224717 1224718 1224721 1224722 1224723 1224725 1224727 1224728 1224729 1224730 1224731 1224732 1224733 1224736 1224738 1224739 1224740 1224747 1224749 1224759 1224763 1224764 1224765 1224766 1224788 1224794 1224795 1224796 1224803 1224816 1224877 1224895 1224898 1224900 1224901 1224902 1224903 1224904 1224905 1224907 1224909 1224910 1224911 1224912 1224913 1224914 1224915 1224920 1224928 1224929 1224930 1224931 1224932 1224936 1224937 1224941 1224942 1224944 1224945 1224947 1224956 1224988 1224992 1225000 1225003 1225005 1225008 1225009 1225022 1225031 1225032 1225036 1225041 1225044 1225053 1225076 1225077 1225082 1225085 1225086 1225092 1225095 1225096 1225097 1225106 1225108 1225109 1225114 1225118 1225121 1225122 1225123 1225125 1225126 1225127 1225129 1225131 1225132 1225138 1225139 1225145 1225151 1225153 1225156 1225158 1225160 1225161 1225164 1225167 1225180 1225183 1225184 1225186 1225187 1225189 1225190 1225191 1225192 1225193 1225195 1225198 1225201 1225203 1225205 1225206 1225207 1225208 1225209 1225210 1225214 1225222 1225223 1225224 1225225 1225227 1225228 1225229 1225230 1225232 1225233 1225235 1225236 1225237 1225238 1225239 1225240 1225241 1225242 1225243 1225244 1225245 1225246 1225247 1225248 1225249 1225250 1225251 1225252 1225253 1225254 1225255 1225256 1225257 1225258 1225259 1225260 1225261 1225262 1225263 1225268 1225301 1225303 1225304 1225306 1225316 1225318 1225320 1225321 1225322 1225323 1225326 1225327 1225328 1225329 1225330 1225331 1225332 1225333 1225334 1225335 1225336 1225337 1225338 1225339 1225341 1225342 1225344 1225346 1225347 1225351 1225353 1225354 1225355 1225357 1225358 1225360 1225361 1225366 1225367 1225368 1225369 1225370 1225372 1225373 1225374 1225375 1225376 1225377 1225379 1225380 1225382 1225383 1225384 1225386 1225387 1225388 1225390 1225392 1225393 1225396 1225400 1225404 1225405 1225408 1225409 1225410 1225411 1225424 1225425 1225427 1225431 1225435 1225436 1225437 1225438 1225439 1225441 1225442 1225443 1225444 1225445 1225446 1225447 1225450 1225453 1225455 1225461 1225463 1225464 1225466 1225467 1225468 1225471 1225472 1225478 1225479 1225480 1225482 1225483 1225486 1225488 1225490 1225492 1225495 1225499 1225500 1225501 1225502 1225506 1225508 1225510 1225513 1225515 1225529 1225530 1225532 1225534 1225535 1225548 1225549 1225550 1225551 1225553 1225554 1225555 1225556 1225557 1225559 1225560 1225565 1225566 1225568 1225569 1225570 1225571 1225572 1225577 1225583 1225584 1225587 1225588 1225589 1225590 1225591 1225592 1225593 1225595 1225599 1225616 1225640 1225642 1225705 1225708 1225715 1225720 1225722 1225734 1225735 1225747 1225748 1225756 1225761 1225766 1225775 1225810 1225820 1225829 1225835 1225842 1225912 1226419 CVE-2020-36788 CVE-2021-4148 CVE-2021-43527 CVE-2021-47358 CVE-2021-47359 CVE-2021-47360 CVE-2021-47361 CVE-2021-47362 CVE-2021-47363 CVE-2021-47364 CVE-2021-47365 CVE-2021-47366 CVE-2021-47367 CVE-2021-47368 CVE-2021-47369 CVE-2021-47370 CVE-2021-47371 CVE-2021-47372 CVE-2021-47373 CVE-2021-47374 CVE-2021-47375 CVE-2021-47376 CVE-2021-47378 CVE-2021-47379 CVE-2021-47380 CVE-2021-47381 CVE-2021-47382 CVE-2021-47383 CVE-2021-47384 CVE-2021-47385 CVE-2021-47386 CVE-2021-47387 CVE-2021-47388 CVE-2021-47389 CVE-2021-47390 CVE-2021-47391 CVE-2021-47392 CVE-2021-47393 CVE-2021-47394 CVE-2021-47395 CVE-2021-47396 CVE-2021-47397 CVE-2021-47398 CVE-2021-47399 CVE-2021-47400 CVE-2021-47401 CVE-2021-47402 CVE-2021-47403 CVE-2021-47404 CVE-2021-47405 CVE-2021-47406 CVE-2021-47407 CVE-2021-47408 CVE-2021-47409 CVE-2021-47410 CVE-2021-47412 CVE-2021-47413 CVE-2021-47414 CVE-2021-47415 CVE-2021-47416 CVE-2021-47417 CVE-2021-47418 CVE-2021-47419 CVE-2021-47420 CVE-2021-47421 CVE-2021-47422 CVE-2021-47423 CVE-2021-47424 CVE-2021-47425 CVE-2021-47426 CVE-2021-47427 CVE-2021-47428 CVE-2021-47429 CVE-2021-47430 CVE-2021-47431 CVE-2021-47433 CVE-2021-47434 CVE-2021-47435 CVE-2021-47436 CVE-2021-47437 CVE-2021-47438 CVE-2021-47439 CVE-2021-47440 CVE-2021-47441 CVE-2021-47442 CVE-2021-47443 CVE-2021-47444 CVE-2021-47445 CVE-2021-47446 CVE-2021-47447 CVE-2021-47448 CVE-2021-47449 CVE-2021-47450 CVE-2021-47451 CVE-2021-47452 CVE-2021-47453 CVE-2021-47454 CVE-2021-47455 CVE-2021-47456 CVE-2021-47457 CVE-2021-47458 CVE-2021-47459 CVE-2021-47460 CVE-2021-47461 CVE-2021-47462 CVE-2021-47463 CVE-2021-47464 CVE-2021-47465 CVE-2021-47466 CVE-2021-47467 CVE-2021-47468 CVE-2021-47469 CVE-2021-47470 CVE-2021-47471 CVE-2021-47472 CVE-2021-47473 CVE-2021-47474 CVE-2021-47475 CVE-2021-47476 CVE-2021-47477 CVE-2021-47478 CVE-2021-47479 CVE-2021-47480 CVE-2021-47481 CVE-2021-47482 CVE-2021-47483 CVE-2021-47484 CVE-2021-47485 CVE-2021-47486 CVE-2021-47488 CVE-2021-47489 CVE-2021-47490 CVE-2021-47491 CVE-2021-47492 CVE-2021-47493 CVE-2021-47494 CVE-2021-47495 CVE-2021-47496 CVE-2021-47497 CVE-2021-47498 CVE-2021-47499 CVE-2021-47500 CVE-2021-47501 CVE-2021-47502 CVE-2021-47503 CVE-2021-47504 CVE-2021-47505 CVE-2021-47506 CVE-2021-47507 CVE-2021-47508 CVE-2021-47509 CVE-2021-47510 CVE-2021-47511 CVE-2021-47512 CVE-2021-47513 CVE-2021-47514 CVE-2021-47516 CVE-2021-47518 CVE-2021-47520 CVE-2021-47521 CVE-2021-47522 CVE-2021-47523 CVE-2021-47524 CVE-2021-47525 CVE-2021-47526 CVE-2021-47528 CVE-2021-47529 CVE-2021-47530 CVE-2021-47531 CVE-2021-47532 CVE-2021-47533 CVE-2021-47534 CVE-2021-47535 CVE-2021-47536 CVE-2021-47537 CVE-2021-47540 CVE-2021-47541 CVE-2021-47542 CVE-2021-47544 CVE-2021-47548 CVE-2021-47549 CVE-2021-47550 CVE-2021-47551 CVE-2021-47552 CVE-2021-47553 CVE-2021-47554 CVE-2021-47555 CVE-2021-47556 CVE-2021-47557 CVE-2021-47558 CVE-2021-47559 CVE-2021-47560 CVE-2021-47562 CVE-2021-47563 CVE-2021-47564 CVE-2021-47565 CVE-2021-47569 CVE-2022-48633 CVE-2022-48662 CVE-2022-48669 CVE-2022-48689 CVE-2022-48691 CVE-2022-48699 CVE-2022-48705 CVE-2022-48708 CVE-2022-48709 CVE-2022-48710 CVE-2023-0160 CVE-2023-1829 CVE-2023-42755 CVE-2023-45288 CVE-2023-47233 CVE-2023-52586 CVE-2023-52591 CVE-2023-52618 CVE-2023-52642 CVE-2023-52643 CVE-2023-52644 CVE-2023-52646 CVE-2023-52650 CVE-2023-52653 CVE-2023-52654 CVE-2023-52655 CVE-2023-52656 CVE-2023-52657 CVE-2023-52659 CVE-2023-52660 CVE-2023-52661 CVE-2023-52662 CVE-2023-52664 CVE-2023-52669 CVE-2023-52671 CVE-2023-52674 CVE-2023-52676 CVE-2023-52678 CVE-2023-52679 CVE-2023-52680 CVE-2023-52683 CVE-2023-52685 CVE-2023-52686 CVE-2023-52690 CVE-2023-52691 CVE-2023-52692 CVE-2023-52693 CVE-2023-52694 CVE-2023-52696 CVE-2023-52698 CVE-2023-52699 CVE-2023-52702 CVE-2023-52703 CVE-2023-52705 CVE-2023-52707 CVE-2023-52708 CVE-2023-52730 CVE-2023-52731 CVE-2023-52732 CVE-2023-52733 CVE-2023-52736 CVE-2023-52738 CVE-2023-52739 CVE-2023-52740 CVE-2023-52741 CVE-2023-52742 CVE-2023-52743 CVE-2023-52744 CVE-2023-52745 CVE-2023-52746 CVE-2023-52747 CVE-2023-52753 CVE-2023-52754 CVE-2023-52756 CVE-2023-52757 CVE-2023-52759 CVE-2023-52763 CVE-2023-52764 CVE-2023-52766 CVE-2023-52773 CVE-2023-52774 CVE-2023-52777 CVE-2023-52781 CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52795 CVE-2023-52796 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800 CVE-2023-52803 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806 CVE-2023-52807 CVE-2023-52808 CVE-2023-52809 CVE-2023-52810 CVE-2023-52811 CVE-2023-52814 CVE-2023-52815 CVE-2023-52816 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52821 CVE-2023-52825 CVE-2023-52826 CVE-2023-52832 CVE-2023-52833 CVE-2023-52834 CVE-2023-52838 CVE-2023-52840 CVE-2023-52841 CVE-2023-52844 CVE-2023-52847 CVE-2023-52851 CVE-2023-52853 CVE-2023-52854 CVE-2023-52855 CVE-2023-52856 CVE-2023-52858 CVE-2023-52860 CVE-2023-52861 CVE-2023-52864 CVE-2023-52865 CVE-2023-52867 CVE-2023-52868 CVE-2023-52870 CVE-2023-52871 CVE-2023-52872 CVE-2023-52873 CVE-2023-52875 CVE-2023-52876 CVE-2023-52877 CVE-2023-52878 CVE-2023-52880 CVE-2023-6531 CVE-2024-2201 CVE-2024-22195 CVE-2024-26597 CVE-2024-26643 CVE-2024-26679 CVE-2024-26692 CVE-2024-26698 CVE-2024-26700 CVE-2024-26715 CVE-2024-26739 CVE-2024-26742 CVE-2024-26748 CVE-2024-26758 CVE-2024-26764 CVE-2024-26775 CVE-2024-26777 CVE-2024-26778 CVE-2024-26788 CVE-2024-26791 CVE-2024-26801 CVE-2024-26822 CVE-2024-26828 CVE-2024-26829 CVE-2024-26838 CVE-2024-26839 CVE-2024-26840 CVE-2024-26846 CVE-2024-26859 CVE-2024-26870 CVE-2024-26874 CVE-2024-26876 CVE-2024-26877 CVE-2024-26880 CVE-2024-26889 CVE-2024-26894 CVE-2024-26900 CVE-2024-26907 CVE-2024-26915 CVE-2024-26916 CVE-2024-26919 CVE-2024-26920 CVE-2024-26921 CVE-2024-26922 CVE-2024-26925 CVE-2024-26928 CVE-2024-26929 CVE-2024-26930 CVE-2024-26931 CVE-2024-26933 CVE-2024-26934 CVE-2024-26935 CVE-2024-26937 CVE-2024-26938 CVE-2024-26939 CVE-2024-26940 CVE-2024-26943 CVE-2024-26957 CVE-2024-26958 CVE-2024-26964 CVE-2024-26974 CVE-2024-26977 CVE-2024-26979 CVE-2024-26984 CVE-2024-26988 CVE-2024-26989 CVE-2024-26994 CVE-2024-26996 CVE-2024-26997 CVE-2024-26999 CVE-2024-27000 CVE-2024-27001 CVE-2024-27004 CVE-2024-27008 CVE-2024-27028 CVE-2024-27037 CVE-2024-27042 CVE-2024-27045 CVE-2024-27047 CVE-2024-27051 CVE-2024-27052 CVE-2024-27053 CVE-2024-27054 CVE-2024-27059 CVE-2024-27072 CVE-2024-27073 CVE-2024-27074 CVE-2024-27075 CVE-2024-27076 CVE-2024-27077 CVE-2024-27078 CVE-2024-27388 CVE-2024-27393 CVE-2024-27395 CVE-2024-27396 CVE-2024-27398 CVE-2024-27399 CVE-2024-27400 CVE-2024-27401 CVE-2024-27405 CVE-2024-27410 CVE-2024-27412 CVE-2024-27413 CVE-2024-27416 CVE-2024-27417 CVE-2024-27419 CVE-2024-27431 CVE-2024-27435 CVE-2024-27436 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2024-34064 CVE-2024-35195 CVE-2024-35789 CVE-2024-35791 CVE-2024-35796 CVE-2024-35799 CVE-2024-35801 CVE-2024-35804 CVE-2024-35806 CVE-2024-35809 CVE-2024-35811 CVE-2024-35812 CVE-2024-35813 CVE-2024-35815 CVE-2024-35817 CVE-2024-35821 CVE-2024-35822 CVE-2024-35823 CVE-2024-35825 CVE-2024-35828 CVE-2024-35829 CVE-2024-35830 CVE-2024-35833 CVE-2024-35845 CVE-2024-35847 CVE-2024-35849 CVE-2024-35851 CVE-2024-35852 CVE-2024-35854 CVE-2024-35860 CVE-2024-35861 CVE-2024-35862 CVE-2024-35863 CVE-2024-35864 CVE-2024-35865 CVE-2024-35866 CVE-2024-35867 CVE-2024-35868 CVE-2024-35869 CVE-2024-35870 CVE-2024-35872 CVE-2024-35875 CVE-2024-35877 CVE-2024-35878 CVE-2024-35879 CVE-2024-35885 CVE-2024-35887 CVE-2024-35895 CVE-2024-35901 CVE-2024-35904 CVE-2024-35905 CVE-2024-35907 CVE-2024-35912 CVE-2024-35914 CVE-2024-35915 CVE-2024-35922 CVE-2024-35924 CVE-2024-35930 CVE-2024-35932 CVE-2024-35933 CVE-2024-35935 CVE-2024-35936 CVE-2024-35938 CVE-2024-35939 CVE-2024-35940 CVE-2024-35943 CVE-2024-35944 CVE-2024-35947 CVE-2024-35950 CVE-2024-35951 CVE-2024-35952 CVE-2024-35955 CVE-2024-35959 CVE-2024-35963 CVE-2024-35964 CVE-2024-35965 CVE-2024-35966 CVE-2024-35967 CVE-2024-35969 CVE-2024-35973 CVE-2024-35976 CVE-2024-35978 CVE-2024-35982 CVE-2024-35984 CVE-2024-35989 CVE-2024-35990 CVE-2024-35998 CVE-2024-35999 CVE-2024-36006 CVE-2024-36007 CVE-2024-36012 CVE-2024-36014 CVE-2024-36015 CVE-2024-36016 CVE-2024-36026 CVE-2024-36029 CVE-2024-36032 CVE-2024-36880 CVE-2024-36893 CVE-2024-36896 CVE-2024-36897 CVE-2024-36906 CVE-2024-36918 CVE-2024-36924 CVE-2024-36926 CVE-2024-36928 CVE-2024-36931 CVE-2024-36938 CVE-2024-36940 CVE-2024-36941 CVE-2024-36942 CVE-2024-36944 CVE-2024-36947 CVE-2024-36950 CVE-2024-36952 CVE-2024-36955 CVE-2024-36959 CVE-2024-38428 CVE-2024-4741 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20240626-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1076-1 Released: Mon Apr 1 10:51:40 2024 Summary: Recommended update for Libreoffice Type: recommended Severity: moderate References: This update for Libreoffice fixes the following issue: libreoffice was updated from version 7.6.2.1 to 24.2.1.2 (jsc#PED-7496, jsc#PED-8096): - Highlights of changes up to version 24.2.1.2 are listed in the following release notes: * https://wiki.documentfoundation.org/ReleaseNotes/24.2 * https://wiki.documentfoundation.org/Releases/24.2.1/RC2 * https://wiki.documentfoundation.org/Releases/24.2.1/RC1 * https://wiki.documentfoundation.org/Releases/7.6.4/RC1 * https://wiki.documentfoundation.org/Releases/7.6.3/RC2 * https://wiki.documentfoundation.org/Releases/7.6.3/RC1 * https://wiki.documentfoundation.org/Releases/7.6.2/RC2 - Update bundled dependencies: * curl version update from 8.2.1 to 8.6.0 * gpgme version update from 1.18.0 to 1.20.0 * harfbuzz version update from 8.0.0 to 8.2.2 * libcmis version update from 0.5.2 to 0.6.1 * libgpg-error version update from 1.43 to 1.47 * pdfium version update from 5778 to 6179 * poppler version update from 23.06.0 to 23.09.0 * skia version from m111-a31e897fb3dcbc96b2b40999751611d029bf5404 to m116-2ddcf183eb260f63698aa74d1bb380f247ad7ccd - New bundled dependencies: * Java-WebSocket-1.5.4.tar.gz * fontconfig-2.14.2.tar.xz * freetype-2.13.0.tar.xz * phc-winner-argon2-20190702.tar.gz * tiff-4.6.0.tar.xz - New required dependencies: * zxcvbn - Build Libreoffice using OpenSSL instead of NSS, since the bundled curl does not support the NSS backend any more abseil-cpp was updated from version 20230802.1 to 20240116.1: * Added absl::NoDestructor to simplify defining static types that do not need to be destructed upon program exit. * Added configurable verbose logging (also known as VLOG). * Added absl::Overload(), which returns a functor that provides overloads based on the functors passed to it. Note that this functionality requires C++17 or newer. * Breaking Changes: + AbslHashValue() no longer accepts C-style arrays as a parameter, caller need to wrap C-string literals in absl::string_view. + absl::weak_equality and absl::strong_equality have been removed. The corresponding std types were removed before C++20 was finalized libixion was updated from version 0.18.1 to 0.19.0: - C++ API: * Added support for renaming sheets after they have been created. - Formula interpreter: * Added support for inline arrays. liborcus was updated from version 0.18.1 to 0.19.2: - Changes in version 0.19.2: * Fixed a build issue with gcc 14 due to a missing include for std::find_if and std::for_each. * Fixed a segmentation fault with the orcus-test-xml-mapped test which manifested on hppa hardware, as originally reported on https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054376. * Fixed a crash when loading a document that includes a style record referencing an unnamed style record as its parent. In Excel-generated documents, styles only reference named styles as their parents. But in 3rd-party generated documents, styles referencing unnamed styles as their parents can occur. * Fixed a crash when the document model returned a null pointer when a reference resolver interface was requested. - Changes in version 0.19.1: * Implemented orcus::create_filter() which instantiates a filter object of specified type. The returned object is of type orcus::iface::import_filter. * Moved test cases for format detection to the respective filter test files. * Fixed a bug where the import filter did not set the formula grammer prior to importing. - Changes in version 0.19.0: * Added support for allowing use of std::filesystem, std::experimental::filesystem or boost::filesystem per build configuration. * Refactored styles import to use style indices returned by the document model implementer rather than using the indices stored in the file. This allows the implementer to aggregate some style records and re-use the same index for records that are stored as different records in the original file. * Fixed a bug where column styles were not applied to the correct columns when the starting column index was not 0. * Overhauled the Gnumeric import filter to fix many bugs and support many missing features relative to the other filters included in orcus. Most notable mentions are: + cell styles + rich-text strings + named ranges + row heights and column widths + merged cells * Added partial support for Apache Parquet import filter. This is still heavily experimental. zxcvbn: - New RPM package zxcvbn implementation needed as dependency for Libreoffice ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1848-1 Released: Thu May 30 06:52:35 2024 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1220082,1222021 This update for supportutils fixes the following issues: - Suppress file descriptor leak warnings from lvm commands (bsc#1220082) - Add -V key:value pair option (bsc#1222021, PED-8211) - Avoid getting duplicate kernel verifications in boot.text - Include container log timestamps ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1863-1 Released: Thu May 30 14:18:27 2024 Summary: Security update for python-Jinja2 Type: security Severity: moderate References: 1218722,1223980,CVE-2024-22195,CVE-2024-34064 This update for python-Jinja2 fixes the following issues: - Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1876-1 Released: Fri May 31 06:47:32 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1221361 This update for aaa_base fixes the following issues: - Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1880-1 Released: Fri May 31 08:45:12 2024 Summary: Security update for python-requests Type: security Severity: moderate References: 1224788,CVE-2024-35195 This update for python-requests fixes the following issues: - CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1883-1 Released: Fri May 31 09:31:11 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: 1224877 This update for iputils fixes the following issue: - 'arping: Fix 1s delay on exit for unsolicited arpings', backport upstream fix (bsc#1224877) - Backport proposed fix for regression in upstream commit 4db1de6 (bsc#1224877) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1888-1 Released: Fri May 31 19:09:00 2024 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1216717,1223278,1224320 This update for suse-module-tools fixes the following issues: - Include unblacklist in initramfs (bsc#1224320) - regenerate-initrd-posttrans: run update-bootloader --refresh for XEN (bsc#1223278) - 60-io-scheduler.rules: test for 'scheduler' sysfs attribute (bsc#1216717) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1895-1 Released: Mon Jun 3 09:00:20 2024 Summary: Security update for glibc Type: security Severity: important References: 1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1994-1 Released: Tue Jun 11 15:03:55 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: This update for iputils fixes the following issue: - After upstream merged the fix, update git commit hashes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2022-1 Released: Thu Jun 13 16:13:20 2024 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1213551 This update for chrony fixes the following issues: - Use shorter NTS-KE retry interval when network is down (bsc#1213551) - Use make quickcheck instead of make check to avoid more than 1h build times and failures due to timeouts. This was the default before 3.2 but it changed to make tests more reliable ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2023-1 Released: Thu Jun 13 16:14:30 2024 Summary: Recommended update for socat Type: recommended Severity: moderate References: 1160293 This update for socat fixes the following issues: socat is updated to 1.8.0.0: Primary feature is enabling TLS 1.3 support. (jsc#PED-8413) * Support for network namespaces (option netns) * TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success * Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following) * New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL * New script socat-mux.sh allows n-to-1 / 1-to-n communications * New script socat-broker.sh allows group communications * Experimental socks5 client feature * Address ACCEPT-FD for systemd 'inetd' mode * UDP-Lite and DCCP address types * Addresses SOCKETPAIR and SHELL * New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes * New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets * Simple statistics output with Socat option --statistics and with SIGUSR1 * A couple of new options, many fixes and corrections, see file CHANGES Update to 1.7.4.4: * FIX: In error.c msg2() there was a stack overflow on long messages: The terminating \0 Byte was written behind the last position. * FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets arrived. * FIX: a couple of weaknesses and errors when accessing invalid or incompatible file system entries with UNIX domain, file, and generic addresses. * FIX: bad parser error message on 'socat /tmp/x\'x/x -' Update to 1.7.4.3: * fixes the TCP_INFO issue that broke building on non-Linux platforms. * building on AIX works again. * A few more corrections and improvements have been added Update to version 1.7.4.2: * Fixes a lot of bugs, e.g., for options -r and -R. * Further bugfixes, see the CHANGES file Update to 1.7.4.1: Security: * Buffer size option (-b) is internally doubled for CR-CRLF conversion, but not checked for integer overflow. This could lead to heap based buffer overflow, assuming the attacker could provide this parameter. * Many further bugfixes and new features, see the CHANGES file ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: 33664 Released: Thu Jun 13 21:03:09 2024 Summary: Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1222086,1223430,1223766,1224242 This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242) - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2051-1 Released: Tue Jun 18 09:16:01 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2085-1 Released: Wed Jun 19 11:36:00 2024 Summary: recommended update for python-requests Type: recommended Severity: moderate References: 1225912 This update for python-requests fixes the following issue: - Allow the usage of 'verify' parameter as a directory. (bsc#1225912) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2108-1 Released: Thu Jun 20 19:35:51 2024 Summary: Security update for containerd Type: security Severity: important References: 1221400,1224323,CVE-2023-45288 This update for containerd fixes the following issues: Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400). - Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2174-1 Released: Mon Jun 24 07:20:48 2024 Summary: Security update for wget Type: security Severity: moderate References: 1226419,CVE-2024-38428 This update for wget fixes the following issues: - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2176-1 Released: Mon Jun 24 08:55:56 2024 Summary: Recommended update for grpc, libzypp, protobuf, python-grpcio. re2, zypper Type: recommended Severity: moderate References: 1222261,1222343,1222348 This update for grpc, libzypp, protobuf, python-grpcio, re2, zypper fixes the following issues: - rebuild packages using protobuf against newer protobuf and abseil-cpp libraries. (bsc#1222261) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2190-1 Released: Tue Jun 25 10:50:51 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1141539,1174585,1181674,1187716,1190569,1191949,1192107,1193983,1194288,1194869,1196956,1197915,1200465,1205205,1207284,1207361,1207948,1208149,1209657,1209799,1209834,1209980,1210335,1213863,1214852,1215322,1215702,1216358,1216702,1217169,1217339,1217515,1218447,1220021,1220267,1220363,1220783,1221044,1221081,1221615,1221777,1221816,1221829,1222011,1222374,1222385,1222413,1222464,1222513,1222559,1222561,1222608,1222619,1222627,1222721,1222765,1222770,1222783,1222793,1222870,1222893,1222960,1222961,1222974,1222975,1222976,1223011,1223023,1223027,1223031,1223043,1223046,1223048,1223049,1223084,1223113,1223119,1223137,1223138,1223140,1223188,1223203,1223207,1223315,1223360,1223384,1223390,1223432,1223489,1223505,1223532,1223575,1223595,1223626,1223627,1223628,1223631,1223633,1223638,1223650,1223653,1223666,1223670,1223671,1223675,1223677,1223678,1223679,1223698,1223712,1223715,1223717,1223718,1223737,1223738,1223741,1223744,1223747,1223748,1223750,1223752,1223754,1 223756,1223757,1223762,1223769,1223770,1223779,1223780,1223781,1223788,1223802,1223819,1223823,1223826,1223828,1223829,1223837,1223842,1223843,1223844,1223847,1223858,1223875,1223879,1223895,1223959,1223961,1223991,1223996,1224020,1224076,1224096,1224098,1224099,1224137,1224166,1224174,1224177,1224180,1224181,1224187,1224331,1224346,1224423,1224432,1224437,1224438,1224442,1224443,1224445,1224449,1224479,1224482,1224487,1224488,1224492,1224494,1224495,1224502,1224508,1224509,1224511,1224519,1224524,1224525,1224530,1224531,1224534,1224535,1224537,1224541,1224543,1224549,1224550,1224558,1224559,1224566,1224567,1224571,1224575,1224576,1224579,1224580,1224581,1224582,1224586,1224587,1224592,1224598,1224601,1224607,1224608,1224611,1224615,1224617,1224618,1224621,1224622,1224624,1224627,1224628,1224629,1224632,1224636,1224637,1224638,1224640,1224643,1224644,1224645,1224647,1224648,1224649,1224650,1224651,1224657,1224659,1224660,1224663,1224664,1224665,1224666,1224667,1224668,1224671,122467 2,1224676,1224678,1224679,1224680,1224681,1224682,1224685,1224686,1224692,1224697,1224699,1224701,1224703,1224705,1224707,1224717,1224718,1224721,1224722,1224723,1224725,1224727,1224728,1224729,1224730,1224731,1224732,1224733,1224736,1224738,1224739,1224740,1224747,1224749,1224759,1224763,1224764,1224765,1224766,1224794,1224795,1224796,1224803,1224816,1224895,1224898,1224900,1224901,1224902,1224903,1224904,1224905,1224907,1224909,1224910,1224911,1224912,1224913,1224914,1224915,1224920,1224928,1224929,1224930,1224931,1224932,1224936,1224937,1224941,1224942,1224944,1224945,1224947,1224956,1224988,1224992,1225000,1225003,1225005,1225008,1225009,1225022,1225031,1225032,1225036,1225041,1225044,1225053,1225076,1225077,1225082,1225085,1225086,1225092,1225095,1225096,1225097,1225106,1225108,1225109,1225114,1225118,1225121,1225122,1225123,1225125,1225126,1225127,1225129,1225131,1225132,1225138,1225139,1225145,1225151,1225153,1225156,1225158,1225160,1225161,1225164,1225167,1225180,1225183,122 5184,1225186,1225187,1225189,1225190,1225191,1225192,1225193,1225195,1225198,1225201,1225203,1225205,1225206,1225207,1225208,1225209,1225210,1225214,1225222,1225223,1225224,1225225,1225227,1225228,1225229,1225230,1225232,1225233,1225235,1225236,1225237,1225238,1225239,1225240,1225241,1225242,1225243,1225244,1225245,1225246,1225247,1225248,1225249,1225250,1225251,1225252,1225253,1225254,1225255,1225256,1225257,1225258,1225259,1225260,1225261,1225262,1225263,1225268,1225301,1225303,1225304,1225306,1225316,1225318,1225320,1225321,1225322,1225323,1225326,1225327,1225328,1225329,1225330,1225331,1225332,1225333,1225334,1225335,1225336,1225337,1225338,1225339,1225341,1225342,1225344,1225346,1225347,1225351,1225353,1225354,1225355,1225357,1225358,1225360,1225361,1225366,1225367,1225368,1225369,1225370,1225372,1225373,1225374,1225375,1225376,1225377,1225379,1225380,1225382,1225383,1225384,1225386,1225387,1225388,1225390,1225392,1225393,1225396,1225400,1225404,1225405,1225408,1225409,1225410, 1225411,1225424,1225425,1225427,1225431,1225435,1225436,1225437,1225438,1225439,1225441,1225442,1225443,1225444,1225445,1225446,1225447,1225450,1225453,1225455,1225461,1225463,1225464,1225466,1225467,1225468,1225471,1225472,1225478,1225479,1225480,1225482,1225483,1225486,1225488,1225490,1225492,1225495,1225499,1225500,1225501,1225502,1225506,1225508,1225510,1225513,1225515,1225529,1225530,1225532,1225534,1225535,1225548,1225549,1225550,1225553,1225554,1225555,1225556,1225557,1225559,1225560,1225565,1225566,1225568,1225569,1225570,1225571,1225572,1225577,1225583,1225584,1225587,1225588,1225589,1225590,1225591,1225592,1225593,1225595,1225599,1225616,1225640,1225642,1225705,1225708,1225715,1225720,1225722,1225734,1225735,1225747,1225748,1225756,1225761,1225766,1225775,1225810,1225820,1225829,1225835,1225842,CVE-2020-36788,CVE-2021-4148,CVE-2021-43527,CVE-2021-47358,CVE-2021-47359,CVE-2021-47360,CVE-2021-47361,CVE-2021-47362,CVE-2021-47363,CVE-2021-47364,CVE-2021-47365,CVE-2021-47366,CV E-2021-47367,CVE-2021-47368,CVE-2021-47369,CVE-2021-47370,CVE-2021-47371,CVE-2021-47372,CVE-2021-47373,CVE-2021-47374,CVE-2021-47375,CVE-2021-47376,CVE-2021-47378,CVE-2021-47379,CVE-2021-47380,CVE-2021-47381,CVE-2021-47382,CVE-2021-47383,CVE-2021-47384,CVE-2021-47385,CVE-2021-47386,CVE-2021-47387,CVE-2021-47388,CVE-2021-47389,CVE-2021-47390,CVE-2021-47391,CVE-2021-47392,CVE-2021-47393,CVE-2021-47394,CVE-2021-47395,CVE-2021-47396,CVE-2021-47397,CVE-2021-47398,CVE-2021-47399,CVE-2021-47400,CVE-2021-47401,CVE-2021-47402,CVE-2021-47403,CVE-2021-47404,CVE-2021-47405,CVE-2021-47406,CVE-2021-47407,CVE-2021-47408,CVE-2021-47409,CVE-2021-47410,CVE-2021-47412,CVE-2021-47413,CVE-2021-47414,CVE-2021-47415,CVE-2021-47416,CVE-2021-47417,CVE-2021-47418,CVE-2021-47419,CVE-2021-47420,CVE-2021-47421,CVE-2021-47422,CVE-2021-47423,CVE-2021-47424,CVE-2021-47425,CVE-2021-47426,CVE-2021-47427,CVE-2021-47428,CVE-2021-47429,CVE-2021-47430,CVE-2021-47431,CVE-2021-47433,CVE-2021-47434,CVE-2021-47435,CVE-2021- 47436,CVE-2021-47437,CVE-2021-47438,CVE-2021-47439,CVE-2021-47440,CVE-2021-47441,CVE-2021-47442,CVE-2021-47443,CVE-2021-47444,CVE-2021-47445,CVE-2021-47446,CVE-2021-47447,CVE-2021-47448,CVE-2021-47449,CVE-2021-47450,CVE-2021-47451,CVE-2021-47452,CVE-2021-47453,CVE-2021-47454,CVE-2021-47455,CVE-2021-47456,CVE-2021-47457,CVE-2021-47458,CVE-2021-47459,CVE-2021-47460,CVE-2021-47461,CVE-2021-47462,CVE-2021-47463,CVE-2021-47464,CVE-2021-47465,CVE-2021-47466,CVE-2021-47467,CVE-2021-47468,CVE-2021-47469,CVE-2021-47470,CVE-2021-47471,CVE-2021-47472,CVE-2021-47473,CVE-2021-47474,CVE-2021-47475,CVE-2021-47476,CVE-2021-47477,CVE-2021-47478,CVE-2021-47479,CVE-2021-47480,CVE-2021-47481,CVE-2021-47482,CVE-2021-47483,CVE-2021-47484,CVE-2021-47485,CVE-2021-47486,CVE-2021-47488,CVE-2021-47489,CVE-2021-47490,CVE-2021-47491,CVE-2021-47492,CVE-2021-47493,CVE-2021-47494,CVE-2021-47495,CVE-2021-47496,CVE-2021-47497,CVE-2021-47498,CVE-2021-47499,CVE-2021-47500,CVE-2021-47501,CVE-2021-47502,CVE-2021-47503,C VE-2021-47504,CVE-2021-47505,CVE-2021-47506,CVE-2021-47507,CVE-2021-47508,CVE-2021-47509,CVE-2021-47510,CVE-2021-47511,CVE-2021-47512,CVE-2021-47513,CVE-2021-47514,CVE-2021-47516,CVE-2021-47518,CVE-2021-47520,CVE-2021-47521,CVE-2021-47522,CVE-2021-47523,CVE-2021-47524,CVE-2021-47525,CVE-2021-47526,CVE-2021-47528,CVE-2021-47529,CVE-2021-47530,CVE-2021-47531,CVE-2021-47532,CVE-2021-47533,CVE-2021-47534,CVE-2021-47535,CVE-2021-47536,CVE-2021-47537,CVE-2021-47540,CVE-2021-47541,CVE-2021-47542,CVE-2021-47544,CVE-2021-47548,CVE-2021-47549,CVE-2021-47550,CVE-2021-47551,CVE-2021-47552,CVE-2021-47553,CVE-2021-47554,CVE-2021-47555,CVE-2021-47556,CVE-2021-47557,CVE-2021-47558,CVE-2021-47559,CVE-2021-47560,CVE-2021-47562,CVE-2021-47563,CVE-2021-47564,CVE-2021-47565,CVE-2021-47569,CVE-2022-48633,CVE-2022-48662,CVE-2022-48669,CVE-2022-48689,CVE-2022-48691,CVE-2022-48699,CVE-2022-48705,CVE-2022-48708,CVE-2022-48709,CVE-2022-48710,CVE-2023-0160,CVE-2023-1829,CVE-2023-42755,CVE-2023-47233,CVE-2023-5 2586,CVE-2023-52591,CVE-2023-52618,CVE-2023-52642,CVE-2023-52643,CVE-2023-52644,CVE-2023-52646,CVE-2023-52650,CVE-2023-52653,CVE-2023-52654,CVE-2023-52655,CVE-2023-52656,CVE-2023-52657,CVE-2023-52659,CVE-2023-52660,CVE-2023-52661,CVE-2023-52662,CVE-2023-52664,CVE-2023-52669,CVE-2023-52671,CVE-2023-52674,CVE-2023-52676,CVE-2023-52678,CVE-2023-52679,CVE-2023-52680,CVE-2023-52683,CVE-2023-52685,CVE-2023-52686,CVE-2023-52690,CVE-2023-52691,CVE-2023-52692,CVE-2023-52693,CVE-2023-52694,CVE-2023-52696,CVE-2023-52698,CVE-2023-52699,CVE-2023-52702,CVE-2023-52703,CVE-2023-52705,CVE-2023-52707,CVE-2023-52708,CVE-2023-52730,CVE-2023-52731,CVE-2023-52732,CVE-2023-52733,CVE-2023-52736,CVE-2023-52738,CVE-2023-52739,CVE-2023-52740,CVE-2023-52741,CVE-2023-52742,CVE-2023-52743,CVE-2023-52744,CVE-2023-52745,CVE-2023-52746,CVE-2023-52747,CVE-2023-52753,CVE-2023-52754,CVE-2023-52756,CVE-2023-52757,CVE-2023-52759,CVE-2023-52763,CVE-2023-52764,CVE-2023-52766,CVE-2023-52773,CVE-2023-52774,CVE-2023-52777,CV E-2023-52781,CVE-2023-52788,CVE-2023-52789,CVE-2023-52791,CVE-2023-52795,CVE-2023-52796,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52803,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52807,CVE-2023-52808,CVE-2023-52809,CVE-2023-52810,CVE-2023-52811,CVE-2023-52814,CVE-2023-52815,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52844,CVE-2023-52847,CVE-2023-52851,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-2023-52856,CVE-2023-52858,CVE-2023-52860,CVE-2023-52861,CVE-2023-52864,CVE-2023-52865,CVE-2023-52867,CVE-2023-52868,CVE-2023-52870,CVE-2023-52871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52880,CVE-2023-6531,CVE-2024-2201,CVE-2024-26597,CVE-2024-26643,CVE-2024-26679,CVE-2024-26692,CVE-2024-26698,CVE-2024-26700,CVE-2024-26715,CVE-2024-26739,CVE-2024-26 742,CVE-2024-26748,CVE-2024-26758,CVE-2024-26764,CVE-2024-26775,CVE-2024-26777,CVE-2024-26778,CVE-2024-26788,CVE-2024-26791,CVE-2024-26801,CVE-2024-26822,CVE-2024-26828,CVE-2024-26829,CVE-2024-26838,CVE-2024-26839,CVE-2024-26840,CVE-2024-26846,CVE-2024-26859,CVE-2024-26870,CVE-2024-26874,CVE-2024-26876,CVE-2024-26877,CVE-2024-26880,CVE-2024-26889,CVE-2024-26894,CVE-2024-26900,CVE-2024-26907,CVE-2024-26915,CVE-2024-26916,CVE-2024-26919,CVE-2024-26920,CVE-2024-26921,CVE-2024-26922,CVE-2024-26925,CVE-2024-26928,CVE-2024-26929,CVE-2024-26930,CVE-2024-26931,CVE-2024-26933,CVE-2024-26934,CVE-2024-26935,CVE-2024-26937,CVE-2024-26938,CVE-2024-26939,CVE-2024-26940,CVE-2024-26943,CVE-2024-26957,CVE-2024-26958,CVE-2024-26964,CVE-2024-26974,CVE-2024-26977,CVE-2024-26979,CVE-2024-26984,CVE-2024-26988,CVE-2024-26989,CVE-2024-26994,CVE-2024-26996,CVE-2024-26997,CVE-2024-26999,CVE-2024-27000,CVE-2024-27001,CVE-2024-27004,CVE-2024-27008,CVE-2024-27028,CVE-2024-27037,CVE-2024-27042,CVE-2024-27045,CVE -2024-27047,CVE-2024-27051,CVE-2024-27052,CVE-2024-27053,CVE-2024-27054,CVE-2024-27059,CVE-2024-27072,CVE-2024-27073,CVE-2024-27074,CVE-2024-27075,CVE-2024-27076,CVE-2024-27077,CVE-2024-27078,CVE-2024-27388,CVE-2024-27393,CVE-2024-27395,CVE-2024-27396,CVE-2024-27398,CVE-2024-27399,CVE-2024-27400,CVE-2024-27401,CVE-2024-27405,CVE-2024-27410,CVE-2024-27412,CVE-2024-27413,CVE-2024-27416,CVE-2024-27417,CVE-2024-27419,CVE-2024-27431,CVE-2024-27435,CVE-2024-27436,CVE-2024-35789,CVE-2024-35791,CVE-2024-35796,CVE-2024-35799,CVE-2024-35801,CVE-2024-35804,CVE-2024-35806,CVE-2024-35809,CVE-2024-35811,CVE-2024-35812,CVE-2024-35813,CVE-2024-35815,CVE-2024-35817,CVE-2024-35821,CVE-2024-35822,CVE-2024-35823,CVE-2024-35825,CVE-2024-35828,CVE-2024-35829,CVE-2024-35830,CVE-2024-35833,CVE-2024-35845,CVE-2024-35847,CVE-2024-35849,CVE-2024-35851,CVE-2024-35852,CVE-2024-35854,CVE-2024-35860,CVE-2024-35861,CVE-2024-35862,CVE-2024-35863,CVE-2024-35864,CVE-2024-35865,CVE-2024-35866,CVE-2024-35867,CVE-2024-3 5868,CVE-2024-35869,CVE-2024-35870,CVE-2024-35872,CVE-2024-35875,CVE-2024-35877,CVE-2024-35878,CVE-2024-35879,CVE-2024-35885,CVE-2024-35887,CVE-2024-35895,CVE-2024-35901,CVE-2024-35904,CVE-2024-35905,CVE-2024-35907,CVE-2024-35912,CVE-2024-35914,CVE-2024-35915,CVE-2024-35922,CVE-2024-35924,CVE-2024-35930,CVE-2024-35932,CVE-2024-35933,CVE-2024-35935,CVE-2024-35936,CVE-2024-35938,CVE-2024-35939,CVE-2024-35940,CVE-2024-35943,CVE-2024-35944,CVE-2024-35947,CVE-2024-35950,CVE-2024-35951,CVE-2024-35952,CVE-2024-35955,CVE-2024-35959,CVE-2024-35963,CVE-2024-35964,CVE-2024-35965,CVE-2024-35966,CVE-2024-35967,CVE-2024-35969,CVE-2024-35973,CVE-2024-35976,CVE-2024-35978,CVE-2024-35982,CVE-2024-35984,CVE-2024-35989,CVE-2024-35990,CVE-2024-35998,CVE-2024-35999,CVE-2024-36006,CVE-2024-36007,CVE-2024-36012,CVE-2024-36014,CVE-2024-36015,CVE-2024-36016,CVE-2024-36026,CVE-2024-36029,CVE-2024-36032,CVE-2024-36880,CVE-2024-36893,CVE-2024-36896,CVE-2024-36897,CVE-2024-36906,CVE-2024-36918,CVE-2024-36924,CV E-2024-36926,CVE-2024-36928,CVE-2024-36931,CVE-2024-36938,CVE-2024-36940,CVE-2024-36941,CVE-2024-36942,CVE-2024-36944,CVE-2024-36947,CVE-2024-36950,CVE-2024-36952,CVE-2024-36955,CVE-2024-36959 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47548: Fixed a possible array out-of=bounds (bsc#1225506) - CVE-2022-48689: Fixed data-race in lru_add_fn (bsc#1223959) - CVE-2022-48691: Fixed memory leak in netfilter (bsc#1223961) - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-42755: Check user supplied offsets (bsc#1215702). - CVE-2023-52586: Fixed mutex lock in control vblank irq (bsc#1221081). - CVE-2023-52618: Fixed string overflow in block/rnbd-srv (bsc#1221615). - CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169). - CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187). - CVE-2023-52660: Fiedx IRQ handling due to shared interrupts (bsc#1224443). - CVE-2023-52664: Eliminate double free in error handling logic (bsc#1224747). - CVE-2023-52671: Fixed hang/underflow when transitioning to ODM4:1 (bsc#1224729). - CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put() (bsc#1224727). - CVE-2023-52680: Fixed missing error checks to *_ctl_get() (bsc#1224608). - CVE-2023-52692: Fixed missing error check to scarlett2_usb_set_config() (bsc#1224628). - CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (bsc#1224621) - CVE-2023-52746: Prevent potential spectre v1 gadget in xfrm_xlate32_attr() (bsc#1225114) - CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548). - CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085). - CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930). - CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097). - CVE-2023-52860: Fixed null pointer dereference in hisi_hns3 (bsc#1224936). - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385). - CVE-2024-26692: Fixed regression in writes when non-standard maximum write size negotiated (bsc#1222464). - CVE-2024-26700: Fixed drm/amd/display: Fix MST Null Ptr for RV (bsc#1222870) - CVE-2024-26715: Fixed NULL pointer dereference in dwc3_gadget_suspend (bsc#1222561). - CVE-2024-26742: Fixed disable_managed_interrupts (git-fixes bsc#1222608). - CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627). - CVE-2024-26777: Error out if pixclock equals zero in fbdev/sis (bsc#1222765) - CVE-2024-26778: Error out if pixclock equals zero in fbdev/savage (bsc#1222770) - CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793) - CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011). - CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084). - CVE-2024-26839: Fixed a memleak in init_credit_return() (bsc#1222975) - CVE-2024-26876: Fixed crash on irq during probe (bsc#1223119). - CVE-2024-26900: Fixed kmemleak of rdev->serial (bsc#1223046). - CVE-2024-26907: Fixed a fortify source warning while accessing Eth segment in mlx5 (bsc#1223203). - CVE-2024-26915: Reset IH OVERFLOW_CLEAR bit (bsc#1223207) - CVE-2024-26919: Fixed debugfs directory leak (bsc#1223847). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390). - CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532). - CVE-2024-26939: Fixed UAF on destroy against retire race (bsc#1223679). - CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653). - CVE-2024-27042: Fixed potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' (bsc#1223823). - CVE-2024-27395: Fixed Use-After-Free in ovs_ct_exit (bsc#1224098). - CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181). - CVE-2024-27413: Fixed incorrect allocation size (bsc#1224438). - CVE-2024-27417: Fixed potential 'struct net' leak in inet6_rtm_getaddr() (bsc#1224721) - CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759) - CVE-2024-27431: Zero-initialise xdp_rxq_info struct before running XDP program (bsc#1224718). - CVE-2024-35791: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (bsc#1224725). - CVE-2024-35799: Prevent crash when disable stream (bsc#1224740). - CVE-2024-35804: Mark target gfn of emulated atomic instruction as dirty (bsc#1224638). - CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736). - CVE-2024-35852: Fixed memory leak when canceling rehash work (bsc#1224502). - CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636). - CVE-2024-35860: Struct bpf_link and bpf_link_ops kABI workaround (bsc#1224531). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765,). - CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668). - CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key() (bsc#1224667). - CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664). - CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678). - CVE-2024-35869: Guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224020, bsc#1224672). - CVE-2024-35872: Fixed GUP-fast succeeding on secretmem folios (bsc#1224530). - CVE-2024-35875: Require seeding RNG with RDRAND on CoCo systems (bsc#1224665). - CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525). - CVE-2024-35878: Prevent NULL pointer dereference in vsnprintf() (bsc#1224671). - CVE-2024-35879: kABI workaround for drivers/of/dynamic.c (bsc#1224524). - CVE-2024-35885: Stop interface during shutdown (bsc#1224519). - CVE-2024-35904: Fixed dereference of garbage after mount failure (bsc#1224494). - CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488). - CVE-2024-35907: Call request_irq() after NAPI initialized (bsc#1224492). - CVE-2024-35924: Limit read size on v1.2 (bsc#1224657). - CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535). - CVE-2024-35943: Fixed a null pointer dereference in omap_prm_domain_init (bsc#1224649). - CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host() (bsc#1224648). - CVE-2024-35951: Fixed the error path in panfrost_mmu_map_fault_addr() (bsc#1224701). - CVE-2024-35959: Fixed mlx5e_priv_init() cleanup flow (bsc#1224666). - CVE-2024-35964: Fixed not validating setsockopt user input (bsc#1224581). - CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580). - CVE-2024-35973: Fixed header validation in geneve[6]_xmit_skb (bsc#1224586). - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575). - CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549). - CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550). - CVE-2024-36006: Fixed incorrect list API usage (bsc#1224541). - CVE-2024-36007: Fixed warning during rehash (bsc#1224543). - CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761). The following non-security bugs were fixed: - 9p: explicitly deny setlease attempts (git-fixes). - ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes). - ACPI: disable -Wstringop-truncation (git-fixes). - ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes). - ACPI: LPSS: Advertise number of chip selects via property (git-fixes). - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (git-fixes). - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - ALSA: core: Fix NULL module pointer assignment at card init (git-fixes). - ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup (git-fixes). - ALSA: line6: Zero-initialize message buffers (stable-fixes). - ARM: 9381/1: kasan: clear stale stack poison (git-fixes). - ASoC: Intel: avs: Fix ASRC module initialization (git-fixes). - ASoC: Intel: avs: Fix potential integer overflow (git-fixes). - ASoC: Intel: avs: ssm4567: Do not ignore route checks (git-fixes). - ASoC: Intel: Disable route checks for Skylake boards (git-fixes). - ASoC: kirkwood: Fix potential NULL dereference (git-fixes). - ASoC: mediatek: mt8192: fix register configuration for tdm (git-fixes). - ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes). - ASoC: meson: axg-fifo: use threaded irq to check periods (git-fixes). - ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (git-fixes). - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes). - ata: pata_legacy: make legacy_exit() work again (git-fixes). - ata: sata_gemini: Check clk_enable() result (stable-fixes). - autofs: use wake_up() instead of wake_up_interruptible(() (bsc#1224166). - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (git-fixes). - Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() (git-fixes). - Bluetooth: hci_sync: Do not double print name in add/remove adv_monitor (bsc#1216358). - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (git-fixes). - Bluetooth: msft: fix slab-use-after-free in msft_do_close() (git-fixes). - Bluetooth: qca: add missing firmware sanity checks (git-fixes). - Bluetooth: qca: Fix error code in qca_read_fw_build_info() (git-fixes). - Bluetooth: qca: fix firmware check error path (git-fixes). - Bluetooth: qca: fix info leak when fetching fw build id (git-fixes). - Bluetooth: qca: fix NVM configuration parsing (git-fixes). - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes) - bpf: decouple prune and jump points (bsc#1225756). - bpf: fix precision backtracking instruction iteration (bsc#1225756). - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (git-fixes). - bpf: handle ldimm64 properly in check_cfg() (bsc#1225756). - bpf: mostly decouple jump history management from is_state_visited() (bsc#1225756). - bpf: remove unnecessary prune and jump points (bsc#1225756). - btrfs: add error messages to all unrecognized mount options (git-fixes) - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes) - btrfs: extend locking to all space_info members accesses (git-fixes) - btrfs: fix btrfs_submit_compressed_write cgroup attribution (git-fixes) - btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes) - btrfs: fix missing blkdev_put() call in btrfs_scan_one_device() (git-fixes) - btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes) - btrfs: fix qgroup reserve overflow the qgroup limit (git-fixes) - btrfs: fix silent failure when deleting root reference (git-fixes) - btrfs: fix use-after-free after failure to create a snapshot (git-fixes) - btrfs: free exchange changeset on failures (git-fixes) - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: make search_csum_tree return 0 if we get -EFBIG (git-fixes) - btrfs: prevent copying too big compressed lzo segment (git-fixes) - btrfs: remove BUG_ON(!eie) in find_parent_nodes (git-fixes) - btrfs: remove BUG_ON() in find_parent_nodes() (git-fixes) - btrfs: repair super block num_devices automatically (git-fixes) - btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling (git-fixes) - btrfs: send: ensure send_fd is writable (git-fixes) - btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes) - btrfs: send: in case of IO error log it (git-fixes) - btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes) - btrfs: tree-checker: check item_size for dev_item (git-fixes) - btrfs: tree-checker: check item_size for inode_item (git-fixes) - cifs: account for primary channel in the interface list (bsc#1224020). - cifs: cifs_chan_is_iface_active should be called with chan_lock held (bsc#1224020). - cifs: distribute channels across interfaces based on speed (bsc#1224020). - cifs: do not pass cifs_sb when trying to add channels (bsc#1224020). - cifs: failure to add channel on iface should bump up weight (git-fixes, bsc#1224020). - cifs: fix charset issue in reconnection (bsc#1224020). - cifs: fix leak of iface for primary channel (git-fixes, bsc#1224020). - cifs: handle cases where a channel is closed (bsc#1224020). - cifs: handle cases where multiple sessions share connection (bsc#1224020). - cifs: reconnect work should have reference on server struct (bsc#1224020). - clk: Do not hold prepare_lock when calling kref_put() (stable-fixes). - clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes). - counter: stm32-lptimer-cnt: Provide defines for clock polarities (git-fixes). - counter: stm32-timer-cnt: Provide defines for slave mode selection (git-fixes). - cppc_cpufreq: Fix possible null pointer dereference (git-fixes). - cpu/hotplug: Remove the 'cpu' member of cpuhp_cpu_state (git-fixes). - cpumask: Add for_each_cpu_from() (bsc#1225053). - crypto: bcm - Fix pointer arithmetic (git-fixes). - crypto: ccp - drop platform ifdef checks (git-fixes). - crypto: ecdsa - Fix module auto-load on add-key (git-fixes). - crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes). - dmaengine: axi-dmac: fix possible race in remove() (git-fixes). - dmaengine: idma64: Add check for dma_set_max_seg_size (git-fixes). - dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users (git-fixes). - dm-multipath: dont't attempt SG_IO on non-SCSI-disks (bsc#1223575). - docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes). - drivers/nvme: Add quirks for device 126f:2262 (git-fixes). - drm/amd/display: Atom Integrated System Info v2_2 for DCN35 (stable-fixes). - drm/amd/display: Fix division by zero in setup_dsc_config (stable-fixes). - drm/amd/display: Fix potential index out of bounds in color transformation function (git-fixes). - drm/amd/display: Handle Y carry-over in VCP X.Y calculation (stable-fixes). - drm/amd: Flush GFXOFF requests in prepare stage (git-fixes). - drm/amdgpu: Refine IB schedule error logging (stable-fixes). - drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (git-fixes). - drm/arm/malidp: fix a possible null pointer dereference (git-fixes). - drm/bridge: anx7625: Do not log an error when DSI host can't be found (git-fixes). - drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (git-fixes). - drm/bridge: dpc3433: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: icn6211: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt8912b: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt9611: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (git-fixes). - drm/connector: Add \n to message about demoting connector force-probes (git-fixes). - drm/i915/bios: Fix parsing backlight BDB data (git-fixes). - drm/lcdif: Do not disable clocks on already suspended hardware (git-fixes). - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes). - drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes). - drm/meson: dw-hdmi: power up phy on device init (git-fixes). - drm/meson: vclk: fix calculation of 59.94 fractional rates (git-fixes). - drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes). - drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes). - drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (git-fixes). - drm/nouveau/dp: Do not probe eDP ports twice harder (stable-fixes). - drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD does not assert (git-fixes). - drm/panel: novatek-nt35950: Do not log an error when DSI host can't be found (git-fixes). - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (git-fixes). - drm: vc4: Fix possible null pointer dereference (git-fixes). - dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes) - dyndbg: fix old BUG_ON in >control parser (stable-fixes). - efi: libstub: only free priv.runtime_map when allocated (git-fixes). - extcon: max8997: select IRQ_DOMAIN instead of depending on it (git-fixes). - fail_function: fix wrong use of fei_attr_remove(). - fbdev: savage: Handle err return when savagefb_check_var failed (git-fixes). - fbdev: shmobile: fix snprintf truncation (git-fixes). - fbdev: sisfb: hide unused variables (git-fixes). - firewire: ohci: mask bus reset interrupts between ISR and bottom half (stable-fixes). - firmware: dmi-id: add a release callback function (git-fixes). - firmware: raspberrypi: Use correct device for DMA mappings (git-fixes). - fs/9p: drop inodes immediately on non-.L too (git-fixes). - fs/9p: only translate RWX permissions for plain 9P2000 (git-fixes). - fs/9p: translate O_TRUNC into OTRUNC (git-fixes). - gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes). - gpio: wcove: Use -ENOTSUPP consistently (stable-fixes). - gpu: host1x: Do not setup DMA for virtual devices (stable-fixes). - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (git-fixes). - hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock (git-fixes). - hwmon: (corsair-cpro) Use a separate buffer for sending commands (git-fixes). - hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() (git-fixes). - hwmon: (lm70) fix links in doc and comments (git-fixes). - hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us (git-fixes). - i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame (git-fixes). - i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (git-fixes). - IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes) - idpf: extend tx watchdog timeout (bsc#1224137). - iio: core: Leave private pointer NULL when no private data supplied (git-fixes). - iio: pressure: dps310: support negative temperature values (git-fixes). - Input: cyapa - add missing input core locking to suspend/resume functions (git-fixes). - Input: ims-pcu - fix printf string overflow (git-fixes). - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (git-fixes). - iomap: Fix inline extent handling in iomap_readpage (git-fixes) - iomap: iomap: fix memory corruption when recording errors during writeback (git-fixes) - iomap: Support partial direct I/O on user copy failures (git-fixes) - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331) - io_uring/unix: drop usage of io_uring socket (git-fixes). - irqchip/gic-v3-its: Prevent double free on error (git-fixes). - jffs2: prevent xattr node from overflowing the eraseblock (git-fixes). - kABI: bpf: struct bpf_insn_aux_data kABI workaround (bsc#1225756). - kcm: do not sense pfmemalloc status in kcm_sendpage() (git-fixes bsc#1223959) - KEYS: trusted: Do not use WARN when encode fails (git-fixes). - KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes). - KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1224794). - leds: pwm: Disable PWM when going to suspend (git-fixes). - libsubcmd: Fix parse-options memory leak (git-fixes). - locking/atomic: Make test_and_*_bit() ordered on failure (git-fixes). - media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (git-fixes). - media: dt-bindings: ovti,ov2680: Fix the power supply names (git-fixes). - media: mc: mark the media devnode as registered from the, start (git-fixes). - media: ngene: Add dvb_ca_en50221_init return value check (git-fixes). - media: stk1160: fix bounds checking in stk1160_copy_video() (git-fixes). - mei: me: add lunar lake point M DID (stable-fixes). - mfd: intel-lpss: Revert 'Add missing check for platform_get_resource' (git-fixes). - mfd: ti_am335x_tscadc: Support the correctly spelled DT property (git-fixes). - mfd: tqmx86: Specify IO port register range more precisely (git-fixes). - mlxbf_gige: Enable the GigE port in mlxbf_gige_open (git-fixes). - mlxbf_gige: Fix intermittent no ip issue (git-fixes). - mlxbf_gige: stop PHY during open() error paths (git-fixes). - mmc: sdhci_am654: Add tuning algorithm for delay chain (git-fixes). - mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes). - Move upstreamed patches into sorted section - mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (git-fixes). - mtd: rawnand: hynix: fixed typo (git-fixes). - net: do not sense pfmemalloc status in skb_append_pagefrags() (git-fixes bsc#1223959) - netfilter: nf_tables: bail out early if hardware offload is not supported (git-fixes bsc#1223961) - net: introduce __skb_fill_page_desc_noacc (git-fixes bsc#1223959) - net: nfc: remove inappropriate attrs check (stable-fixes). - net: qualcomm: rmnet: fix global oob in rmnet_policy (git-fixes). - net: usb: ax88179_178a: fix link status when link is set to down/up (git-fixes). - net:usb:qmi_wwan: support Rolling modules (stable-fixes). - net: usb: smsc95xx: stop lying about skb->truesize (git-fixes). - net: usb: sr9700: stop lying about skb->truesize (git-fixes). - net: vmxnet3: Fix NULL pointer dereference in vmxnet3_rq_rx_complete() (bsc#1223360). - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes). - nfc: nci: Fix uninit-value in nci_rx_work (git-fixes). - nilfs2: fix out-of-range warning (git-fixes). - nilfs2: fix unexpected freezing of nilfs_segctor_sync() (git-fixes). - nilfs2: fix use-after-free of timer for log writer thread (git-fixes). - nilfs2: make superblock data array index computation sparse friendly (git-fixes). - nvme: ensure disabling pairs with unquiesce (bsc#1224534). - nvme: fix miss command type check (git-fixes). - nvme: fix multipath batched completion accounting (git-fixes). - nvme-multipath: fix io accounting on failover (git-fixes). - nvmet: fix ns enable/disable possible hang (git-fixes). - PCI: dwc: Detect iATU settings after getting 'addr_space' resource (git-fixes). - PCI: dwc: ep: Fix DBI access failure for drivers requiring refclk from host (git-fixes). - PCI: dwc: Use the bitmap API to allocate bitmaps (git-fixes). - PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (git-fixes). - PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (git-fixes). - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (git-fixes). - PCI: tegra194: Fix probe path for Endpoint mode (git-fixes). - pinctrl: armada-37xx: remove an unused variable (git-fixes). - pinctrl: core: delete incorrect free in pinctrl_enable() (git-fixes). - pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() (stable-fixes). - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (git-fixes). - pinctrl/meson: fix typo in PDM's pin name (git-fixes). - pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T (git-fixes). - platform/x86/intel-uncore-freq: Do not present root domain on error (git-fixes). - platform/x86: xiaomi-wmi: Fix race condition when reporting key events (git-fixes). - powerpc/eeh: Permanently disable the removed device (bsc#1223991 ltc#205740). - powerpc/eeh: Small refactor of eeh_handle_normal_event() (bsc#1223991 ltc#205740). - powerpc/eeh: Use a goto for recovery failures (bsc#1223991 ltc#205740). - powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729). - powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes). - powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783). - powerpc/uaccess: Fix build errors seen with GCC 13/14 (bsc#1194869). - powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869). - power: rt9455: hide unused rt9455_boost_voltage_values (git-fixes). - ppdev: Add an error check in register_device (git-fixes). - printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1225616). - qibfs: fix dentry leak (git-fixes) - RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes) - RDMA/hns: Fix deadlock on SRQ async events. (git-fixes) - RDMA/hns: Fix GMV table pagesize (git-fixes) - RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes) - RDMA/hns: Fix UAF for cq async event (git-fixes) - RDMA/hns: Modify the print level of CQE error (git-fixes) - RDMA/hns: Use complete parentheses in macros (git-fixes) - RDMA/IPoIB: Fix format truncation compilation errors (git-fixes) - RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes) - RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes) - RDMA/rxe: Add ibdev_dbg macros for rxe (git-fixes) - RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes) - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes) - RDMA/rxe: Fix the problem 'mutex_destroy missing' (git-fixes) - RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c (git-fixes) - RDMA/rxe: Split rxe_run_task() into two subroutines (git-fixes) - regulator: bd71828: Do not overwrite runtime voltages (git-fixes). - regulator: core: fix debugfs creation regression (git-fixes). - regulator: mt6360: De-capitalize devicetree regulator subnodes (git-fixes). - remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (git-fixes). - Revert 'cifs: reconnect work should have reference on server struct' (git-fixes, bsc#1224020). - Revert 'drm/bridge: ti-sn65dsi83: Fix enable error path' (git-fixes). - ring-buffer: Fix a race between readers and resize checks (git-fixes). - s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes bsc#1224795). - s390/cio: fix tracepoint subchannel type field (git-fixes bsc#1224796). - s390/cpum_cf: make crypto counters upward compatible across machine types (bsc#1224346). - s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (git-fixes bsc#1225139). - s390/ipl: Fix incorrect initialization of nvme dump block (git-fixes bsc#1225138). - sched/topology: Optimize topology_span_sane() (bsc#1225053). - scsi: arcmsr: Support new PCI device IDs 1883 and 1886 (git-fixes). - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes). - scsi: core: Consult supported VPD page list prior to fetching page (git-fixes). - scsi: core: Fix unremoved procfs host directory regression (git-fixes). - scsi: csiostor: Avoid function pointer casts (git-fixes). - scsi: libfc: Do not schedule abort twice (git-fixes). - scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (git-fixes). - scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842). - scsi: lpfc: Change default logging level for unsolicited CT MIB commands (bsc#1225842). - scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask (bsc#1225842). - scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (bsc#1225842). - scsi: lpfc: Copyright updates for 14.4.0.2 patches (bsc#1225842). - scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (bsc#1225842). - scsi: lpfc: Update logging of protection type for T10 DIF I/O (bsc#1225842). - scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842). - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (git-fixes). - scsi: mylex: Fix sysfs buffer lengths (git-fixes). - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (git-fixes). - scsi: sd: Unregister device if device_add_disk() failed in sd_probe() (git-fixes). - selftests/pidfd: Fix config for pidfd_setns_test (git-fixes). - serial: 8250_bcm7271: use default_mux_rate if possible (git-fixes). - serial: kgdboc: Fix NMI-safety problems from keyboard reset code (stable-fixes). - serial: max3100: Fix bitwise types (git-fixes). - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (git-fixes). - serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (git-fixes). - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (git-fixes). - serial: sh-sci: protect invalidating RXDMA on shutdown (git-fixes). - smb3: show beginning time for per share stats (bsc#1224020). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - smb: client: fix mount when dns_resolver key is not available (git-fixes, bsc#1224020). - smb: client: get rid of dfs code dep in namespace.c (bsc#1224020). - smb: client: get rid of dfs naming in automount code (bsc#1224020). - smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1224020). - smb: client: reduce stack usage in cifs_try_adding_channels() (bsc#1224020). - smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (bsc#1224020). - smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1224020). - soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes). - soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (git-fixes). - Sort recent BHI patches - speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes). - spmi: Add a check for remove callback when removing a SPMI driver (git-fixes). - spmi: hisi-spmi-controller: Do not override device identifier (git-fixes). - swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331). - swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331) - swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331) - swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331) - sysv: do not call sb_bread() with pointers_lock held (git-fixes). - thermal/drivers/tsens: Fix null pointer dereference (git-fixes). - tools/latency-collector: Fix -Wformat-security compile warns (git-fixes). - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer (bsc#1225535) - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (git-fixes). - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (git-fixes). - tracing: hide unused ftrace_event_id_fops (git-fixes). - tty: n_gsm: fix missing receive state reset after mode switch (git-fixes). - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (git-fixes). - usb: aqc111: stop lying about skb->truesize (git-fixes). - USB: core: Add hub_get() and hub_put() routines (git-fixes). - USB: core: Fix access violation during port device removal (git-fixes). - USB: core: Fix deadlock in port 'disable' sysfs attribute (git-fixes). - usb: dwc3: core: Prevent phy suspend during init (Git-fixes). - usb: gadget: u_audio: Clear uac pointer when freed (git-fixes). - usb: typec: tipd: fix event checking for tps6598x (git-fixes). - usb: typec: ucsi: displayport: Fix potential deadlock (git-fixes). - VMCI: Fix an error handling path in vmci_guest_probe_device() (git-fixes). - VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (stable-fixes). - vmci: prevent speculation leaks by sanitizing event in event_deliver() (git-fixes). - watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (git-fixes). - watchdog: ixp4xx: Make sure restart always works (git-fixes). - watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (git-fixes). - wifi: ar5523: enable proper endpoint verification (git-fixes). - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes). - wifi: ath10k: poll service ready message before failing (git-fixes). - wifi: ath10k: populate board data for WCN3990 (git-fixes). - wifi: ath11k: do not force enable power save on non-running vdevs (git-fixes). - wifi: carl9170: add a proper sanity check for endpoints (git-fixes). - wifi: carl9170: re-fix fortified-memset warning (git-fixes). - wifi: cfg80211: fix rdev_dump_mpp() arguments order (stable-fixes). - wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (stable-fixes). - wifi: mwl8k: initialize cmd->addr[] properly (git-fixes). - x86/boot: Ignore NMIs during very early boot (git-fixes). - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes). - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (git-fixes). - x86/bugs: Fix BHI documentation (git-fixes). - x86/bugs: Fix BHI handling of RRSBA (git-fixes). - x86/bugs: Fix BHI retpoline check (git-fixes). - x86/bugs: Fix return type of spectre_bhi_state() (git-fixes). - x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes). - x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes). - x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes). - x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (git-fixes). - x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes). - x86/lib: Fix overflow when counting digits (git-fixes). - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes). - x86/nmi: Drop unused declaration of proc_nmi_enabled() (git-fixes). - x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes). - x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes). - x86/sme: Fix memory encryption setting if enabled by default and not overridden (git-fixes). - x86/tdx: Preserve shared bit on mprotect() (git-fixes). - xfs: fix exception caused by unexpected illegal bestcount in leaf dir (git-fixes). - xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork (git-fixes). - xfs: fix imprecise logic in xchk_btree_check_block_owner (git-fixes). - xfs: fix inode reservation space for removing transaction (git-fixes). - xfs: shrink failure needs to hold AGI buffer (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2222-1 Released: Tue Jun 25 18:10:29 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1219680,1223469 This update for cloud-init fixes the following issues: - Brute force approach to skip renames if the device is already present (bsc#1219680) - Handle the existence of /usr/etc/sudoers to search for the expected include location (bsc#1223469) - Do not enable cloud-init on systems where there is no DMI just because no data source has been found. No data source means cloud-init will not run. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2242-1 Released: Wed Jun 26 15:42:01 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1218668 This update for wicked fixes the following issues: - Fix VLANs/bonds randomly not coming up after reboot or wicked restart. [bsc#1218668] The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.20.1 updated - chrony-pool-suse-4.1-150400.21.5.7 updated - chrony-4.1-150400.21.5.7 updated - cloud-init-config-suse-23.3-150100.8.82.3 updated - cloud-init-23.3-150100.8.82.3 updated - containerd-ctr-1.7.17-150000.111.3 updated - containerd-1.7.17-150000.111.3 updated - glibc-locale-base-2.31-150300.83.1 updated - glibc-locale-2.31-150300.83.1 updated - glibc-2.31-150300.83.1 updated - iputils-20221126-150500.3.8.2 updated - kernel-default-5.14.21-150500.55.68.1 updated - libabsl2401_0_0-20240116.1-150500.13.7.8 added - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libjitterentropy3-3.4.1-150000.1.12.1 updated - libopenssl1_1-1.1.1l-150500.17.31.1 updated - libprotobuf-lite25_1_0-25.1-150500.12.2.2 updated - libsolv-tools-base-0.7.29-150400.3.22.4 added - libsolv-tools-0.7.29-150400.3.22.4 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libzypp-17.34.1-150500.6.2.1 updated - openssl-1_1-1.1.1l-150500.17.31.1 updated - python3-Jinja2-2.10.1-150000.3.13.1 updated - python3-requests-2.25.1-150300.3.12.2 updated - socat-1.8.0.0-150400.14.3.1 updated - supportutils-3.1.30-150300.7.35.30.1 updated - suse-module-tools-15.5.5-150500.3.12.2 updated - wget-1.20.3-150000.3.20.1 updated - wicked-service-0.6.75-150500.3.29.1 updated - wicked-0.6.75-150500.3.29.1 updated - zypper-1.14.73-150500.6.2.1 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 removed From sle-container-updates at lists.suse.com Mon Jul 1 07:01:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 1 Jul 2024 09:01:43 +0200 (CEST) Subject: SUSE-IU-2024:589-1: Security update of sles-15-sp5-chost-byos-v20240626-arm64 Message-ID: <20240701070143.B1501FCBE@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20240626-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:589-1 Image Tags : sles-15-sp5-chost-byos-v20240626-arm64:20240626 Image Release : Severity : important Type : security References : 1065729 1141539 1160293 1174585 1181674 1187716 1188441 1190569 1191949 1192107 1193983 1194288 1194869 1196956 1197915 1200465 1205205 1207284 1207361 1207948 1208149 1209627 1209657 1209799 1209834 1209980 1210335 1213551 1213863 1214852 1215322 1215702 1216358 1216702 1216717 1217169 1217339 1217515 1218447 1218668 1220021 1220082 1220267 1220363 1220783 1221044 1221081 1221361 1221400 1221615 1221777 1221816 1221829 1221940 1222011 1222021 1222086 1222261 1222343 1222348 1222374 1222385 1222413 1222464 1222513 1222559 1222561 1222608 1222619 1222627 1222721 1222765 1222770 1222783 1222793 1222870 1222893 1222960 1222961 1222974 1222975 1222976 1223011 1223023 1223027 1223031 1223043 1223046 1223048 1223049 1223084 1223113 1223119 1223137 1223138 1223140 1223188 1223203 1223207 1223278 1223315 1223360 1223384 1223390 1223423 1223424 1223425 1223430 1223432 1223489 1223505 1223532 1223575 1223595 1223626 1223627 1223628 1223631 1223633 1223638 1223650 1223653 1223666 1223670 1223671 1223675 1223677 1223678 1223679 1223698 1223712 1223715 1223717 1223718 1223737 1223738 1223741 1223744 1223747 1223748 1223750 1223752 1223754 1223756 1223757 1223762 1223766 1223769 1223770 1223779 1223780 1223781 1223788 1223802 1223819 1223823 1223826 1223828 1223829 1223837 1223842 1223843 1223844 1223847 1223858 1223875 1223879 1223895 1223959 1223961 1223991 1223996 1224020 1224076 1224096 1224098 1224099 1224137 1224166 1224174 1224177 1224180 1224181 1224187 1224242 1224320 1224323 1224331 1224346 1224423 1224432 1224437 1224438 1224442 1224443 1224445 1224449 1224479 1224482 1224487 1224488 1224492 1224494 1224495 1224502 1224508 1224509 1224511 1224519 1224524 1224525 1224530 1224531 1224534 1224535 1224537 1224541 1224543 1224549 1224550 1224558 1224559 1224566 1224567 1224571 1224575 1224576 1224579 1224580 1224581 1224582 1224586 1224587 1224592 1224598 1224601 1224607 1224608 1224611 1224615 1224617 1224618 1224621 1224622 1224624 1224627 1224628 1224629 1224632 1224636 1224637 1224638 1224640 1224643 1224644 1224645 1224647 1224648 1224649 1224650 1224651 1224657 1224659 1224660 1224663 1224664 1224665 1224666 1224667 1224668 1224671 1224672 1224676 1224678 1224679 1224680 1224681 1224682 1224685 1224686 1224692 1224697 1224699 1224701 1224703 1224705 1224707 1224717 1224718 1224721 1224722 1224723 1224725 1224727 1224728 1224729 1224730 1224731 1224732 1224733 1224736 1224738 1224739 1224740 1224747 1224749 1224759 1224763 1224764 1224765 1224766 1224788 1224794 1224795 1224796 1224803 1224816 1224877 1224895 1224898 1224900 1224901 1224902 1224903 1224904 1224905 1224907 1224909 1224910 1224911 1224912 1224913 1224914 1224915 1224920 1224928 1224929 1224930 1224931 1224932 1224936 1224937 1224941 1224942 1224944 1224945 1224947 1224956 1224988 1224992 1225000 1225003 1225005 1225008 1225009 1225022 1225031 1225032 1225036 1225041 1225044 1225053 1225076 1225077 1225082 1225085 1225086 1225092 1225095 1225096 1225097 1225106 1225108 1225109 1225114 1225118 1225121 1225122 1225123 1225125 1225126 1225127 1225129 1225131 1225132 1225138 1225139 1225145 1225151 1225153 1225156 1225158 1225160 1225161 1225164 1225167 1225180 1225183 1225184 1225186 1225187 1225189 1225190 1225191 1225192 1225193 1225195 1225198 1225201 1225203 1225205 1225206 1225207 1225208 1225209 1225210 1225214 1225222 1225223 1225224 1225225 1225227 1225228 1225229 1225230 1225232 1225233 1225235 1225236 1225237 1225238 1225239 1225240 1225241 1225242 1225243 1225244 1225245 1225246 1225247 1225248 1225249 1225250 1225251 1225252 1225253 1225254 1225255 1225256 1225257 1225258 1225259 1225260 1225261 1225262 1225263 1225268 1225301 1225303 1225304 1225306 1225316 1225318 1225320 1225321 1225322 1225323 1225326 1225327 1225328 1225329 1225330 1225331 1225332 1225333 1225334 1225335 1225336 1225337 1225338 1225339 1225341 1225342 1225344 1225346 1225347 1225351 1225353 1225354 1225355 1225357 1225358 1225360 1225361 1225366 1225367 1225368 1225369 1225370 1225372 1225373 1225374 1225375 1225376 1225377 1225379 1225380 1225382 1225383 1225384 1225386 1225387 1225388 1225390 1225392 1225393 1225396 1225400 1225404 1225405 1225408 1225409 1225410 1225411 1225424 1225425 1225427 1225431 1225435 1225436 1225437 1225438 1225439 1225441 1225442 1225443 1225444 1225445 1225446 1225447 1225450 1225453 1225455 1225461 1225463 1225464 1225466 1225467 1225468 1225471 1225472 1225478 1225479 1225480 1225482 1225483 1225486 1225488 1225490 1225492 1225495 1225499 1225500 1225501 1225502 1225506 1225508 1225510 1225513 1225515 1225529 1225530 1225532 1225534 1225535 1225548 1225549 1225550 1225551 1225553 1225554 1225555 1225556 1225557 1225559 1225560 1225565 1225566 1225568 1225569 1225570 1225571 1225572 1225577 1225583 1225584 1225587 1225588 1225589 1225590 1225591 1225592 1225593 1225595 1225599 1225616 1225640 1225642 1225705 1225708 1225715 1225720 1225722 1225734 1225735 1225747 1225748 1225756 1225761 1225766 1225775 1225810 1225820 1225829 1225835 1225842 1225912 1226419 CVE-2020-36788 CVE-2021-4148 CVE-2021-43527 CVE-2021-47358 CVE-2021-47359 CVE-2021-47360 CVE-2021-47361 CVE-2021-47362 CVE-2021-47363 CVE-2021-47364 CVE-2021-47365 CVE-2021-47366 CVE-2021-47367 CVE-2021-47368 CVE-2021-47369 CVE-2021-47370 CVE-2021-47371 CVE-2021-47372 CVE-2021-47373 CVE-2021-47374 CVE-2021-47375 CVE-2021-47376 CVE-2021-47378 CVE-2021-47379 CVE-2021-47380 CVE-2021-47381 CVE-2021-47382 CVE-2021-47383 CVE-2021-47384 CVE-2021-47385 CVE-2021-47386 CVE-2021-47387 CVE-2021-47388 CVE-2021-47389 CVE-2021-47390 CVE-2021-47391 CVE-2021-47392 CVE-2021-47393 CVE-2021-47394 CVE-2021-47395 CVE-2021-47396 CVE-2021-47397 CVE-2021-47398 CVE-2021-47399 CVE-2021-47400 CVE-2021-47401 CVE-2021-47402 CVE-2021-47403 CVE-2021-47404 CVE-2021-47405 CVE-2021-47406 CVE-2021-47407 CVE-2021-47408 CVE-2021-47409 CVE-2021-47410 CVE-2021-47412 CVE-2021-47413 CVE-2021-47414 CVE-2021-47415 CVE-2021-47416 CVE-2021-47417 CVE-2021-47418 CVE-2021-47419 CVE-2021-47420 CVE-2021-47421 CVE-2021-47422 CVE-2021-47423 CVE-2021-47424 CVE-2021-47425 CVE-2021-47426 CVE-2021-47427 CVE-2021-47428 CVE-2021-47429 CVE-2021-47430 CVE-2021-47431 CVE-2021-47433 CVE-2021-47434 CVE-2021-47435 CVE-2021-47436 CVE-2021-47437 CVE-2021-47438 CVE-2021-47439 CVE-2021-47440 CVE-2021-47441 CVE-2021-47442 CVE-2021-47443 CVE-2021-47444 CVE-2021-47445 CVE-2021-47446 CVE-2021-47447 CVE-2021-47448 CVE-2021-47449 CVE-2021-47450 CVE-2021-47451 CVE-2021-47452 CVE-2021-47453 CVE-2021-47454 CVE-2021-47455 CVE-2021-47456 CVE-2021-47457 CVE-2021-47458 CVE-2021-47459 CVE-2021-47460 CVE-2021-47461 CVE-2021-47462 CVE-2021-47463 CVE-2021-47464 CVE-2021-47465 CVE-2021-47466 CVE-2021-47467 CVE-2021-47468 CVE-2021-47469 CVE-2021-47470 CVE-2021-47471 CVE-2021-47472 CVE-2021-47473 CVE-2021-47474 CVE-2021-47475 CVE-2021-47476 CVE-2021-47477 CVE-2021-47478 CVE-2021-47479 CVE-2021-47480 CVE-2021-47481 CVE-2021-47482 CVE-2021-47483 CVE-2021-47484 CVE-2021-47485 CVE-2021-47486 CVE-2021-47488 CVE-2021-47489 CVE-2021-47490 CVE-2021-47491 CVE-2021-47492 CVE-2021-47493 CVE-2021-47494 CVE-2021-47495 CVE-2021-47496 CVE-2021-47497 CVE-2021-47498 CVE-2021-47499 CVE-2021-47500 CVE-2021-47501 CVE-2021-47502 CVE-2021-47503 CVE-2021-47504 CVE-2021-47505 CVE-2021-47506 CVE-2021-47507 CVE-2021-47508 CVE-2021-47509 CVE-2021-47510 CVE-2021-47511 CVE-2021-47512 CVE-2021-47513 CVE-2021-47514 CVE-2021-47516 CVE-2021-47518 CVE-2021-47520 CVE-2021-47521 CVE-2021-47522 CVE-2021-47523 CVE-2021-47524 CVE-2021-47525 CVE-2021-47526 CVE-2021-47528 CVE-2021-47529 CVE-2021-47530 CVE-2021-47531 CVE-2021-47532 CVE-2021-47533 CVE-2021-47534 CVE-2021-47535 CVE-2021-47536 CVE-2021-47537 CVE-2021-47540 CVE-2021-47541 CVE-2021-47542 CVE-2021-47544 CVE-2021-47548 CVE-2021-47549 CVE-2021-47550 CVE-2021-47551 CVE-2021-47552 CVE-2021-47553 CVE-2021-47554 CVE-2021-47555 CVE-2021-47556 CVE-2021-47557 CVE-2021-47558 CVE-2021-47559 CVE-2021-47560 CVE-2021-47562 CVE-2021-47563 CVE-2021-47564 CVE-2021-47565 CVE-2021-47569 CVE-2022-48633 CVE-2022-48662 CVE-2022-48669 CVE-2022-48689 CVE-2022-48691 CVE-2022-48699 CVE-2022-48705 CVE-2022-48708 CVE-2022-48709 CVE-2022-48710 CVE-2023-0160 CVE-2023-1829 CVE-2023-42755 CVE-2023-45288 CVE-2023-47233 CVE-2023-52586 CVE-2023-52591 CVE-2023-52618 CVE-2023-52642 CVE-2023-52643 CVE-2023-52644 CVE-2023-52646 CVE-2023-52650 CVE-2023-52653 CVE-2023-52654 CVE-2023-52655 CVE-2023-52656 CVE-2023-52657 CVE-2023-52659 CVE-2023-52660 CVE-2023-52661 CVE-2023-52662 CVE-2023-52664 CVE-2023-52669 CVE-2023-52671 CVE-2023-52674 CVE-2023-52676 CVE-2023-52678 CVE-2023-52679 CVE-2023-52680 CVE-2023-52683 CVE-2023-52685 CVE-2023-52686 CVE-2023-52690 CVE-2023-52691 CVE-2023-52692 CVE-2023-52693 CVE-2023-52694 CVE-2023-52696 CVE-2023-52698 CVE-2023-52699 CVE-2023-52702 CVE-2023-52703 CVE-2023-52705 CVE-2023-52707 CVE-2023-52708 CVE-2023-52730 CVE-2023-52731 CVE-2023-52732 CVE-2023-52733 CVE-2023-52736 CVE-2023-52738 CVE-2023-52739 CVE-2023-52740 CVE-2023-52741 CVE-2023-52742 CVE-2023-52743 CVE-2023-52744 CVE-2023-52745 CVE-2023-52746 CVE-2023-52747 CVE-2023-52753 CVE-2023-52754 CVE-2023-52756 CVE-2023-52757 CVE-2023-52759 CVE-2023-52763 CVE-2023-52764 CVE-2023-52766 CVE-2023-52773 CVE-2023-52774 CVE-2023-52777 CVE-2023-52781 CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52795 CVE-2023-52796 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800 CVE-2023-52803 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806 CVE-2023-52807 CVE-2023-52808 CVE-2023-52809 CVE-2023-52810 CVE-2023-52811 CVE-2023-52814 CVE-2023-52815 CVE-2023-52816 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52821 CVE-2023-52825 CVE-2023-52826 CVE-2023-52832 CVE-2023-52833 CVE-2023-52834 CVE-2023-52838 CVE-2023-52840 CVE-2023-52841 CVE-2023-52844 CVE-2023-52847 CVE-2023-52851 CVE-2023-52853 CVE-2023-52854 CVE-2023-52855 CVE-2023-52856 CVE-2023-52858 CVE-2023-52860 CVE-2023-52861 CVE-2023-52864 CVE-2023-52865 CVE-2023-52867 CVE-2023-52868 CVE-2023-52870 CVE-2023-52871 CVE-2023-52872 CVE-2023-52873 CVE-2023-52875 CVE-2023-52876 CVE-2023-52877 CVE-2023-52878 CVE-2023-52880 CVE-2023-6531 CVE-2024-2201 CVE-2024-26597 CVE-2024-26643 CVE-2024-26679 CVE-2024-26692 CVE-2024-26698 CVE-2024-26700 CVE-2024-26715 CVE-2024-26739 CVE-2024-26742 CVE-2024-26748 CVE-2024-26758 CVE-2024-26764 CVE-2024-26775 CVE-2024-26777 CVE-2024-26778 CVE-2024-26788 CVE-2024-26791 CVE-2024-26801 CVE-2024-26822 CVE-2024-26828 CVE-2024-26829 CVE-2024-26838 CVE-2024-26839 CVE-2024-26840 CVE-2024-26846 CVE-2024-26859 CVE-2024-26870 CVE-2024-26874 CVE-2024-26876 CVE-2024-26877 CVE-2024-26880 CVE-2024-26889 CVE-2024-26894 CVE-2024-26900 CVE-2024-26907 CVE-2024-26915 CVE-2024-26916 CVE-2024-26919 CVE-2024-26920 CVE-2024-26921 CVE-2024-26922 CVE-2024-26925 CVE-2024-26928 CVE-2024-26929 CVE-2024-26930 CVE-2024-26931 CVE-2024-26933 CVE-2024-26934 CVE-2024-26935 CVE-2024-26937 CVE-2024-26938 CVE-2024-26939 CVE-2024-26940 CVE-2024-26943 CVE-2024-26957 CVE-2024-26958 CVE-2024-26964 CVE-2024-26974 CVE-2024-26977 CVE-2024-26979 CVE-2024-26984 CVE-2024-26988 CVE-2024-26989 CVE-2024-26994 CVE-2024-26996 CVE-2024-26997 CVE-2024-26999 CVE-2024-27000 CVE-2024-27001 CVE-2024-27004 CVE-2024-27008 CVE-2024-27028 CVE-2024-27037 CVE-2024-27042 CVE-2024-27045 CVE-2024-27047 CVE-2024-27051 CVE-2024-27052 CVE-2024-27053 CVE-2024-27054 CVE-2024-27059 CVE-2024-27072 CVE-2024-27073 CVE-2024-27074 CVE-2024-27075 CVE-2024-27076 CVE-2024-27077 CVE-2024-27078 CVE-2024-27388 CVE-2024-27393 CVE-2024-27395 CVE-2024-27396 CVE-2024-27398 CVE-2024-27399 CVE-2024-27400 CVE-2024-27401 CVE-2024-27405 CVE-2024-27410 CVE-2024-27412 CVE-2024-27413 CVE-2024-27416 CVE-2024-27417 CVE-2024-27419 CVE-2024-27431 CVE-2024-27435 CVE-2024-27436 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2024-35195 CVE-2024-35789 CVE-2024-35791 CVE-2024-35796 CVE-2024-35799 CVE-2024-35801 CVE-2024-35804 CVE-2024-35806 CVE-2024-35809 CVE-2024-35811 CVE-2024-35812 CVE-2024-35813 CVE-2024-35815 CVE-2024-35817 CVE-2024-35821 CVE-2024-35822 CVE-2024-35823 CVE-2024-35825 CVE-2024-35828 CVE-2024-35829 CVE-2024-35830 CVE-2024-35833 CVE-2024-35845 CVE-2024-35847 CVE-2024-35849 CVE-2024-35851 CVE-2024-35852 CVE-2024-35854 CVE-2024-35860 CVE-2024-35861 CVE-2024-35862 CVE-2024-35863 CVE-2024-35864 CVE-2024-35865 CVE-2024-35866 CVE-2024-35867 CVE-2024-35868 CVE-2024-35869 CVE-2024-35870 CVE-2024-35872 CVE-2024-35875 CVE-2024-35877 CVE-2024-35878 CVE-2024-35879 CVE-2024-35885 CVE-2024-35887 CVE-2024-35895 CVE-2024-35901 CVE-2024-35904 CVE-2024-35905 CVE-2024-35907 CVE-2024-35912 CVE-2024-35914 CVE-2024-35915 CVE-2024-35922 CVE-2024-35924 CVE-2024-35930 CVE-2024-35932 CVE-2024-35933 CVE-2024-35935 CVE-2024-35936 CVE-2024-35938 CVE-2024-35939 CVE-2024-35940 CVE-2024-35943 CVE-2024-35944 CVE-2024-35947 CVE-2024-35950 CVE-2024-35951 CVE-2024-35952 CVE-2024-35955 CVE-2024-35959 CVE-2024-35963 CVE-2024-35964 CVE-2024-35965 CVE-2024-35966 CVE-2024-35967 CVE-2024-35969 CVE-2024-35973 CVE-2024-35976 CVE-2024-35978 CVE-2024-35982 CVE-2024-35984 CVE-2024-35989 CVE-2024-35990 CVE-2024-35998 CVE-2024-35999 CVE-2024-36006 CVE-2024-36007 CVE-2024-36012 CVE-2024-36014 CVE-2024-36015 CVE-2024-36016 CVE-2024-36026 CVE-2024-36029 CVE-2024-36032 CVE-2024-36880 CVE-2024-36893 CVE-2024-36896 CVE-2024-36897 CVE-2024-36906 CVE-2024-36918 CVE-2024-36924 CVE-2024-36926 CVE-2024-36928 CVE-2024-36931 CVE-2024-36938 CVE-2024-36940 CVE-2024-36941 CVE-2024-36942 CVE-2024-36944 CVE-2024-36947 CVE-2024-36950 CVE-2024-36952 CVE-2024-36955 CVE-2024-36959 CVE-2024-38428 CVE-2024-4741 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20240626-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1076-1 Released: Mon Apr 1 10:51:40 2024 Summary: Recommended update for Libreoffice Type: recommended Severity: moderate References: This update for Libreoffice fixes the following issue: libreoffice was updated from version 7.6.2.1 to 24.2.1.2 (jsc#PED-7496, jsc#PED-8096): - Highlights of changes up to version 24.2.1.2 are listed in the following release notes: * https://wiki.documentfoundation.org/ReleaseNotes/24.2 * https://wiki.documentfoundation.org/Releases/24.2.1/RC2 * https://wiki.documentfoundation.org/Releases/24.2.1/RC1 * https://wiki.documentfoundation.org/Releases/7.6.4/RC1 * https://wiki.documentfoundation.org/Releases/7.6.3/RC2 * https://wiki.documentfoundation.org/Releases/7.6.3/RC1 * https://wiki.documentfoundation.org/Releases/7.6.2/RC2 - Update bundled dependencies: * curl version update from 8.2.1 to 8.6.0 * gpgme version update from 1.18.0 to 1.20.0 * harfbuzz version update from 8.0.0 to 8.2.2 * libcmis version update from 0.5.2 to 0.6.1 * libgpg-error version update from 1.43 to 1.47 * pdfium version update from 5778 to 6179 * poppler version update from 23.06.0 to 23.09.0 * skia version from m111-a31e897fb3dcbc96b2b40999751611d029bf5404 to m116-2ddcf183eb260f63698aa74d1bb380f247ad7ccd - New bundled dependencies: * Java-WebSocket-1.5.4.tar.gz * fontconfig-2.14.2.tar.xz * freetype-2.13.0.tar.xz * phc-winner-argon2-20190702.tar.gz * tiff-4.6.0.tar.xz - New required dependencies: * zxcvbn - Build Libreoffice using OpenSSL instead of NSS, since the bundled curl does not support the NSS backend any more abseil-cpp was updated from version 20230802.1 to 20240116.1: * Added absl::NoDestructor to simplify defining static types that do not need to be destructed upon program exit. * Added configurable verbose logging (also known as VLOG). * Added absl::Overload(), which returns a functor that provides overloads based on the functors passed to it. Note that this functionality requires C++17 or newer. * Breaking Changes: + AbslHashValue() no longer accepts C-style arrays as a parameter, caller need to wrap C-string literals in absl::string_view. + absl::weak_equality and absl::strong_equality have been removed. The corresponding std types were removed before C++20 was finalized libixion was updated from version 0.18.1 to 0.19.0: - C++ API: * Added support for renaming sheets after they have been created. - Formula interpreter: * Added support for inline arrays. liborcus was updated from version 0.18.1 to 0.19.2: - Changes in version 0.19.2: * Fixed a build issue with gcc 14 due to a missing include for std::find_if and std::for_each. * Fixed a segmentation fault with the orcus-test-xml-mapped test which manifested on hppa hardware, as originally reported on https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054376. * Fixed a crash when loading a document that includes a style record referencing an unnamed style record as its parent. In Excel-generated documents, styles only reference named styles as their parents. But in 3rd-party generated documents, styles referencing unnamed styles as their parents can occur. * Fixed a crash when the document model returned a null pointer when a reference resolver interface was requested. - Changes in version 0.19.1: * Implemented orcus::create_filter() which instantiates a filter object of specified type. The returned object is of type orcus::iface::import_filter. * Moved test cases for format detection to the respective filter test files. * Fixed a bug where the import filter did not set the formula grammer prior to importing. - Changes in version 0.19.0: * Added support for allowing use of std::filesystem, std::experimental::filesystem or boost::filesystem per build configuration. * Refactored styles import to use style indices returned by the document model implementer rather than using the indices stored in the file. This allows the implementer to aggregate some style records and re-use the same index for records that are stored as different records in the original file. * Fixed a bug where column styles were not applied to the correct columns when the starting column index was not 0. * Overhauled the Gnumeric import filter to fix many bugs and support many missing features relative to the other filters included in orcus. Most notable mentions are: + cell styles + rich-text strings + named ranges + row heights and column widths + merged cells * Added partial support for Apache Parquet import filter. This is still heavily experimental. zxcvbn: - New RPM package zxcvbn implementation needed as dependency for Libreoffice ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1848-1 Released: Thu May 30 06:52:35 2024 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1220082,1222021 This update for supportutils fixes the following issues: - Suppress file descriptor leak warnings from lvm commands (bsc#1220082) - Add -V key:value pair option (bsc#1222021, PED-8211) - Avoid getting duplicate kernel verifications in boot.text - Include container log timestamps ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1876-1 Released: Fri May 31 06:47:32 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1221361 This update for aaa_base fixes the following issues: - Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1880-1 Released: Fri May 31 08:45:12 2024 Summary: Security update for python-requests Type: security Severity: moderate References: 1224788,CVE-2024-35195 This update for python-requests fixes the following issues: - CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1883-1 Released: Fri May 31 09:31:11 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: 1224877 This update for iputils fixes the following issue: - 'arping: Fix 1s delay on exit for unsolicited arpings', backport upstream fix (bsc#1224877) - Backport proposed fix for regression in upstream commit 4db1de6 (bsc#1224877) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1888-1 Released: Fri May 31 19:09:00 2024 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1216717,1223278,1224320 This update for suse-module-tools fixes the following issues: - Include unblacklist in initramfs (bsc#1224320) - regenerate-initrd-posttrans: run update-bootloader --refresh for XEN (bsc#1223278) - 60-io-scheduler.rules: test for 'scheduler' sysfs attribute (bsc#1216717) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1895-1 Released: Mon Jun 3 09:00:20 2024 Summary: Security update for glibc Type: security Severity: important References: 1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1994-1 Released: Tue Jun 11 15:03:55 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: This update for iputils fixes the following issue: - After upstream merged the fix, update git commit hashes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2022-1 Released: Thu Jun 13 16:13:20 2024 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1213551 This update for chrony fixes the following issues: - Use shorter NTS-KE retry interval when network is down (bsc#1213551) - Use make quickcheck instead of make check to avoid more than 1h build times and failures due to timeouts. This was the default before 3.2 but it changed to make tests more reliable ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2023-1 Released: Thu Jun 13 16:14:30 2024 Summary: Recommended update for socat Type: recommended Severity: moderate References: 1160293 This update for socat fixes the following issues: socat is updated to 1.8.0.0: Primary feature is enabling TLS 1.3 support. (jsc#PED-8413) * Support for network namespaces (option netns) * TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success * Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following) * New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL * New script socat-mux.sh allows n-to-1 / 1-to-n communications * New script socat-broker.sh allows group communications * Experimental socks5 client feature * Address ACCEPT-FD for systemd 'inetd' mode * UDP-Lite and DCCP address types * Addresses SOCKETPAIR and SHELL * New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes * New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets * Simple statistics output with Socat option --statistics and with SIGUSR1 * A couple of new options, many fixes and corrections, see file CHANGES Update to 1.7.4.4: * FIX: In error.c msg2() there was a stack overflow on long messages: The terminating \0 Byte was written behind the last position. * FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets arrived. * FIX: a couple of weaknesses and errors when accessing invalid or incompatible file system entries with UNIX domain, file, and generic addresses. * FIX: bad parser error message on 'socat /tmp/x\'x/x -' Update to 1.7.4.3: * fixes the TCP_INFO issue that broke building on non-Linux platforms. * building on AIX works again. * A few more corrections and improvements have been added Update to version 1.7.4.2: * Fixes a lot of bugs, e.g., for options -r and -R. * Further bugfixes, see the CHANGES file Update to 1.7.4.1: Security: * Buffer size option (-b) is internally doubled for CR-CRLF conversion, but not checked for integer overflow. This could lead to heap based buffer overflow, assuming the attacker could provide this parameter. * Many further bugfixes and new features, see the CHANGES file ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: 33664 Released: Thu Jun 13 21:03:09 2024 Summary: Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1222086,1223430,1223766,1224242 This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242) - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2051-1 Released: Tue Jun 18 09:16:01 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2085-1 Released: Wed Jun 19 11:36:00 2024 Summary: recommended update for python-requests Type: recommended Severity: moderate References: 1225912 This update for python-requests fixes the following issue: - Allow the usage of 'verify' parameter as a directory. (bsc#1225912) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2108-1 Released: Thu Jun 20 19:35:51 2024 Summary: Security update for containerd Type: security Severity: important References: 1221400,1224323,CVE-2023-45288 This update for containerd fixes the following issues: Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400). - Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2174-1 Released: Mon Jun 24 07:20:48 2024 Summary: Security update for wget Type: security Severity: moderate References: 1226419,CVE-2024-38428 This update for wget fixes the following issues: - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2176-1 Released: Mon Jun 24 08:55:56 2024 Summary: Recommended update for grpc, libzypp, protobuf, python-grpcio. re2, zypper Type: recommended Severity: moderate References: 1222261,1222343,1222348 This update for grpc, libzypp, protobuf, python-grpcio, re2, zypper fixes the following issues: - rebuild packages using protobuf against newer protobuf and abseil-cpp libraries. (bsc#1222261) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2190-1 Released: Tue Jun 25 10:50:51 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1141539,1174585,1181674,1187716,1190569,1191949,1192107,1193983,1194288,1194869,1196956,1197915,1200465,1205205,1207284,1207361,1207948,1208149,1209657,1209799,1209834,1209980,1210335,1213863,1214852,1215322,1215702,1216358,1216702,1217169,1217339,1217515,1218447,1220021,1220267,1220363,1220783,1221044,1221081,1221615,1221777,1221816,1221829,1222011,1222374,1222385,1222413,1222464,1222513,1222559,1222561,1222608,1222619,1222627,1222721,1222765,1222770,1222783,1222793,1222870,1222893,1222960,1222961,1222974,1222975,1222976,1223011,1223023,1223027,1223031,1223043,1223046,1223048,1223049,1223084,1223113,1223119,1223137,1223138,1223140,1223188,1223203,1223207,1223315,1223360,1223384,1223390,1223432,1223489,1223505,1223532,1223575,1223595,1223626,1223627,1223628,1223631,1223633,1223638,1223650,1223653,1223666,1223670,1223671,1223675,1223677,1223678,1223679,1223698,1223712,1223715,1223717,1223718,1223737,1223738,1223741,1223744,1223747,1223748,1223750,1223752,1223754,1 223756,1223757,1223762,1223769,1223770,1223779,1223780,1223781,1223788,1223802,1223819,1223823,1223826,1223828,1223829,1223837,1223842,1223843,1223844,1223847,1223858,1223875,1223879,1223895,1223959,1223961,1223991,1223996,1224020,1224076,1224096,1224098,1224099,1224137,1224166,1224174,1224177,1224180,1224181,1224187,1224331,1224346,1224423,1224432,1224437,1224438,1224442,1224443,1224445,1224449,1224479,1224482,1224487,1224488,1224492,1224494,1224495,1224502,1224508,1224509,1224511,1224519,1224524,1224525,1224530,1224531,1224534,1224535,1224537,1224541,1224543,1224549,1224550,1224558,1224559,1224566,1224567,1224571,1224575,1224576,1224579,1224580,1224581,1224582,1224586,1224587,1224592,1224598,1224601,1224607,1224608,1224611,1224615,1224617,1224618,1224621,1224622,1224624,1224627,1224628,1224629,1224632,1224636,1224637,1224638,1224640,1224643,1224644,1224645,1224647,1224648,1224649,1224650,1224651,1224657,1224659,1224660,1224663,1224664,1224665,1224666,1224667,1224668,1224671,122467 2,1224676,1224678,1224679,1224680,1224681,1224682,1224685,1224686,1224692,1224697,1224699,1224701,1224703,1224705,1224707,1224717,1224718,1224721,1224722,1224723,1224725,1224727,1224728,1224729,1224730,1224731,1224732,1224733,1224736,1224738,1224739,1224740,1224747,1224749,1224759,1224763,1224764,1224765,1224766,1224794,1224795,1224796,1224803,1224816,1224895,1224898,1224900,1224901,1224902,1224903,1224904,1224905,1224907,1224909,1224910,1224911,1224912,1224913,1224914,1224915,1224920,1224928,1224929,1224930,1224931,1224932,1224936,1224937,1224941,1224942,1224944,1224945,1224947,1224956,1224988,1224992,1225000,1225003,1225005,1225008,1225009,1225022,1225031,1225032,1225036,1225041,1225044,1225053,1225076,1225077,1225082,1225085,1225086,1225092,1225095,1225096,1225097,1225106,1225108,1225109,1225114,1225118,1225121,1225122,1225123,1225125,1225126,1225127,1225129,1225131,1225132,1225138,1225139,1225145,1225151,1225153,1225156,1225158,1225160,1225161,1225164,1225167,1225180,1225183,122 5184,1225186,1225187,1225189,1225190,1225191,1225192,1225193,1225195,1225198,1225201,1225203,1225205,1225206,1225207,1225208,1225209,1225210,1225214,1225222,1225223,1225224,1225225,1225227,1225228,1225229,1225230,1225232,1225233,1225235,1225236,1225237,1225238,1225239,1225240,1225241,1225242,1225243,1225244,1225245,1225246,1225247,1225248,1225249,1225250,1225251,1225252,1225253,1225254,1225255,1225256,1225257,1225258,1225259,1225260,1225261,1225262,1225263,1225268,1225301,1225303,1225304,1225306,1225316,1225318,1225320,1225321,1225322,1225323,1225326,1225327,1225328,1225329,1225330,1225331,1225332,1225333,1225334,1225335,1225336,1225337,1225338,1225339,1225341,1225342,1225344,1225346,1225347,1225351,1225353,1225354,1225355,1225357,1225358,1225360,1225361,1225366,1225367,1225368,1225369,1225370,1225372,1225373,1225374,1225375,1225376,1225377,1225379,1225380,1225382,1225383,1225384,1225386,1225387,1225388,1225390,1225392,1225393,1225396,1225400,1225404,1225405,1225408,1225409,1225410, 1225411,1225424,1225425,1225427,1225431,1225435,1225436,1225437,1225438,1225439,1225441,1225442,1225443,1225444,1225445,1225446,1225447,1225450,1225453,1225455,1225461,1225463,1225464,1225466,1225467,1225468,1225471,1225472,1225478,1225479,1225480,1225482,1225483,1225486,1225488,1225490,1225492,1225495,1225499,1225500,1225501,1225502,1225506,1225508,1225510,1225513,1225515,1225529,1225530,1225532,1225534,1225535,1225548,1225549,1225550,1225553,1225554,1225555,1225556,1225557,1225559,1225560,1225565,1225566,1225568,1225569,1225570,1225571,1225572,1225577,1225583,1225584,1225587,1225588,1225589,1225590,1225591,1225592,1225593,1225595,1225599,1225616,1225640,1225642,1225705,1225708,1225715,1225720,1225722,1225734,1225735,1225747,1225748,1225756,1225761,1225766,1225775,1225810,1225820,1225829,1225835,1225842,CVE-2020-36788,CVE-2021-4148,CVE-2021-43527,CVE-2021-47358,CVE-2021-47359,CVE-2021-47360,CVE-2021-47361,CVE-2021-47362,CVE-2021-47363,CVE-2021-47364,CVE-2021-47365,CVE-2021-47366,CV E-2021-47367,CVE-2021-47368,CVE-2021-47369,CVE-2021-47370,CVE-2021-47371,CVE-2021-47372,CVE-2021-47373,CVE-2021-47374,CVE-2021-47375,CVE-2021-47376,CVE-2021-47378,CVE-2021-47379,CVE-2021-47380,CVE-2021-47381,CVE-2021-47382,CVE-2021-47383,CVE-2021-47384,CVE-2021-47385,CVE-2021-47386,CVE-2021-47387,CVE-2021-47388,CVE-2021-47389,CVE-2021-47390,CVE-2021-47391,CVE-2021-47392,CVE-2021-47393,CVE-2021-47394,CVE-2021-47395,CVE-2021-47396,CVE-2021-47397,CVE-2021-47398,CVE-2021-47399,CVE-2021-47400,CVE-2021-47401,CVE-2021-47402,CVE-2021-47403,CVE-2021-47404,CVE-2021-47405,CVE-2021-47406,CVE-2021-47407,CVE-2021-47408,CVE-2021-47409,CVE-2021-47410,CVE-2021-47412,CVE-2021-47413,CVE-2021-47414,CVE-2021-47415,CVE-2021-47416,CVE-2021-47417,CVE-2021-47418,CVE-2021-47419,CVE-2021-47420,CVE-2021-47421,CVE-2021-47422,CVE-2021-47423,CVE-2021-47424,CVE-2021-47425,CVE-2021-47426,CVE-2021-47427,CVE-2021-47428,CVE-2021-47429,CVE-2021-47430,CVE-2021-47431,CVE-2021-47433,CVE-2021-47434,CVE-2021-47435,CVE-2021- 47436,CVE-2021-47437,CVE-2021-47438,CVE-2021-47439,CVE-2021-47440,CVE-2021-47441,CVE-2021-47442,CVE-2021-47443,CVE-2021-47444,CVE-2021-47445,CVE-2021-47446,CVE-2021-47447,CVE-2021-47448,CVE-2021-47449,CVE-2021-47450,CVE-2021-47451,CVE-2021-47452,CVE-2021-47453,CVE-2021-47454,CVE-2021-47455,CVE-2021-47456,CVE-2021-47457,CVE-2021-47458,CVE-2021-47459,CVE-2021-47460,CVE-2021-47461,CVE-2021-47462,CVE-2021-47463,CVE-2021-47464,CVE-2021-47465,CVE-2021-47466,CVE-2021-47467,CVE-2021-47468,CVE-2021-47469,CVE-2021-47470,CVE-2021-47471,CVE-2021-47472,CVE-2021-47473,CVE-2021-47474,CVE-2021-47475,CVE-2021-47476,CVE-2021-47477,CVE-2021-47478,CVE-2021-47479,CVE-2021-47480,CVE-2021-47481,CVE-2021-47482,CVE-2021-47483,CVE-2021-47484,CVE-2021-47485,CVE-2021-47486,CVE-2021-47488,CVE-2021-47489,CVE-2021-47490,CVE-2021-47491,CVE-2021-47492,CVE-2021-47493,CVE-2021-47494,CVE-2021-47495,CVE-2021-47496,CVE-2021-47497,CVE-2021-47498,CVE-2021-47499,CVE-2021-47500,CVE-2021-47501,CVE-2021-47502,CVE-2021-47503,C VE-2021-47504,CVE-2021-47505,CVE-2021-47506,CVE-2021-47507,CVE-2021-47508,CVE-2021-47509,CVE-2021-47510,CVE-2021-47511,CVE-2021-47512,CVE-2021-47513,CVE-2021-47514,CVE-2021-47516,CVE-2021-47518,CVE-2021-47520,CVE-2021-47521,CVE-2021-47522,CVE-2021-47523,CVE-2021-47524,CVE-2021-47525,CVE-2021-47526,CVE-2021-47528,CVE-2021-47529,CVE-2021-47530,CVE-2021-47531,CVE-2021-47532,CVE-2021-47533,CVE-2021-47534,CVE-2021-47535,CVE-2021-47536,CVE-2021-47537,CVE-2021-47540,CVE-2021-47541,CVE-2021-47542,CVE-2021-47544,CVE-2021-47548,CVE-2021-47549,CVE-2021-47550,CVE-2021-47551,CVE-2021-47552,CVE-2021-47553,CVE-2021-47554,CVE-2021-47555,CVE-2021-47556,CVE-2021-47557,CVE-2021-47558,CVE-2021-47559,CVE-2021-47560,CVE-2021-47562,CVE-2021-47563,CVE-2021-47564,CVE-2021-47565,CVE-2021-47569,CVE-2022-48633,CVE-2022-48662,CVE-2022-48669,CVE-2022-48689,CVE-2022-48691,CVE-2022-48699,CVE-2022-48705,CVE-2022-48708,CVE-2022-48709,CVE-2022-48710,CVE-2023-0160,CVE-2023-1829,CVE-2023-42755,CVE-2023-47233,CVE-2023-5 2586,CVE-2023-52591,CVE-2023-52618,CVE-2023-52642,CVE-2023-52643,CVE-2023-52644,CVE-2023-52646,CVE-2023-52650,CVE-2023-52653,CVE-2023-52654,CVE-2023-52655,CVE-2023-52656,CVE-2023-52657,CVE-2023-52659,CVE-2023-52660,CVE-2023-52661,CVE-2023-52662,CVE-2023-52664,CVE-2023-52669,CVE-2023-52671,CVE-2023-52674,CVE-2023-52676,CVE-2023-52678,CVE-2023-52679,CVE-2023-52680,CVE-2023-52683,CVE-2023-52685,CVE-2023-52686,CVE-2023-52690,CVE-2023-52691,CVE-2023-52692,CVE-2023-52693,CVE-2023-52694,CVE-2023-52696,CVE-2023-52698,CVE-2023-52699,CVE-2023-52702,CVE-2023-52703,CVE-2023-52705,CVE-2023-52707,CVE-2023-52708,CVE-2023-52730,CVE-2023-52731,CVE-2023-52732,CVE-2023-52733,CVE-2023-52736,CVE-2023-52738,CVE-2023-52739,CVE-2023-52740,CVE-2023-52741,CVE-2023-52742,CVE-2023-52743,CVE-2023-52744,CVE-2023-52745,CVE-2023-52746,CVE-2023-52747,CVE-2023-52753,CVE-2023-52754,CVE-2023-52756,CVE-2023-52757,CVE-2023-52759,CVE-2023-52763,CVE-2023-52764,CVE-2023-52766,CVE-2023-52773,CVE-2023-52774,CVE-2023-52777,CV E-2023-52781,CVE-2023-52788,CVE-2023-52789,CVE-2023-52791,CVE-2023-52795,CVE-2023-52796,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52803,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52807,CVE-2023-52808,CVE-2023-52809,CVE-2023-52810,CVE-2023-52811,CVE-2023-52814,CVE-2023-52815,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52844,CVE-2023-52847,CVE-2023-52851,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-2023-52856,CVE-2023-52858,CVE-2023-52860,CVE-2023-52861,CVE-2023-52864,CVE-2023-52865,CVE-2023-52867,CVE-2023-52868,CVE-2023-52870,CVE-2023-52871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52880,CVE-2023-6531,CVE-2024-2201,CVE-2024-26597,CVE-2024-26643,CVE-2024-26679,CVE-2024-26692,CVE-2024-26698,CVE-2024-26700,CVE-2024-26715,CVE-2024-26739,CVE-2024-26 742,CVE-2024-26748,CVE-2024-26758,CVE-2024-26764,CVE-2024-26775,CVE-2024-26777,CVE-2024-26778,CVE-2024-26788,CVE-2024-26791,CVE-2024-26801,CVE-2024-26822,CVE-2024-26828,CVE-2024-26829,CVE-2024-26838,CVE-2024-26839,CVE-2024-26840,CVE-2024-26846,CVE-2024-26859,CVE-2024-26870,CVE-2024-26874,CVE-2024-26876,CVE-2024-26877,CVE-2024-26880,CVE-2024-26889,CVE-2024-26894,CVE-2024-26900,CVE-2024-26907,CVE-2024-26915,CVE-2024-26916,CVE-2024-26919,CVE-2024-26920,CVE-2024-26921,CVE-2024-26922,CVE-2024-26925,CVE-2024-26928,CVE-2024-26929,CVE-2024-26930,CVE-2024-26931,CVE-2024-26933,CVE-2024-26934,CVE-2024-26935,CVE-2024-26937,CVE-2024-26938,CVE-2024-26939,CVE-2024-26940,CVE-2024-26943,CVE-2024-26957,CVE-2024-26958,CVE-2024-26964,CVE-2024-26974,CVE-2024-26977,CVE-2024-26979,CVE-2024-26984,CVE-2024-26988,CVE-2024-26989,CVE-2024-26994,CVE-2024-26996,CVE-2024-26997,CVE-2024-26999,CVE-2024-27000,CVE-2024-27001,CVE-2024-27004,CVE-2024-27008,CVE-2024-27028,CVE-2024-27037,CVE-2024-27042,CVE-2024-27045,CVE -2024-27047,CVE-2024-27051,CVE-2024-27052,CVE-2024-27053,CVE-2024-27054,CVE-2024-27059,CVE-2024-27072,CVE-2024-27073,CVE-2024-27074,CVE-2024-27075,CVE-2024-27076,CVE-2024-27077,CVE-2024-27078,CVE-2024-27388,CVE-2024-27393,CVE-2024-27395,CVE-2024-27396,CVE-2024-27398,CVE-2024-27399,CVE-2024-27400,CVE-2024-27401,CVE-2024-27405,CVE-2024-27410,CVE-2024-27412,CVE-2024-27413,CVE-2024-27416,CVE-2024-27417,CVE-2024-27419,CVE-2024-27431,CVE-2024-27435,CVE-2024-27436,CVE-2024-35789,CVE-2024-35791,CVE-2024-35796,CVE-2024-35799,CVE-2024-35801,CVE-2024-35804,CVE-2024-35806,CVE-2024-35809,CVE-2024-35811,CVE-2024-35812,CVE-2024-35813,CVE-2024-35815,CVE-2024-35817,CVE-2024-35821,CVE-2024-35822,CVE-2024-35823,CVE-2024-35825,CVE-2024-35828,CVE-2024-35829,CVE-2024-35830,CVE-2024-35833,CVE-2024-35845,CVE-2024-35847,CVE-2024-35849,CVE-2024-35851,CVE-2024-35852,CVE-2024-35854,CVE-2024-35860,CVE-2024-35861,CVE-2024-35862,CVE-2024-35863,CVE-2024-35864,CVE-2024-35865,CVE-2024-35866,CVE-2024-35867,CVE-2024-3 5868,CVE-2024-35869,CVE-2024-35870,CVE-2024-35872,CVE-2024-35875,CVE-2024-35877,CVE-2024-35878,CVE-2024-35879,CVE-2024-35885,CVE-2024-35887,CVE-2024-35895,CVE-2024-35901,CVE-2024-35904,CVE-2024-35905,CVE-2024-35907,CVE-2024-35912,CVE-2024-35914,CVE-2024-35915,CVE-2024-35922,CVE-2024-35924,CVE-2024-35930,CVE-2024-35932,CVE-2024-35933,CVE-2024-35935,CVE-2024-35936,CVE-2024-35938,CVE-2024-35939,CVE-2024-35940,CVE-2024-35943,CVE-2024-35944,CVE-2024-35947,CVE-2024-35950,CVE-2024-35951,CVE-2024-35952,CVE-2024-35955,CVE-2024-35959,CVE-2024-35963,CVE-2024-35964,CVE-2024-35965,CVE-2024-35966,CVE-2024-35967,CVE-2024-35969,CVE-2024-35973,CVE-2024-35976,CVE-2024-35978,CVE-2024-35982,CVE-2024-35984,CVE-2024-35989,CVE-2024-35990,CVE-2024-35998,CVE-2024-35999,CVE-2024-36006,CVE-2024-36007,CVE-2024-36012,CVE-2024-36014,CVE-2024-36015,CVE-2024-36016,CVE-2024-36026,CVE-2024-36029,CVE-2024-36032,CVE-2024-36880,CVE-2024-36893,CVE-2024-36896,CVE-2024-36897,CVE-2024-36906,CVE-2024-36918,CVE-2024-36924,CV E-2024-36926,CVE-2024-36928,CVE-2024-36931,CVE-2024-36938,CVE-2024-36940,CVE-2024-36941,CVE-2024-36942,CVE-2024-36944,CVE-2024-36947,CVE-2024-36950,CVE-2024-36952,CVE-2024-36955,CVE-2024-36959 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47548: Fixed a possible array out-of=bounds (bsc#1225506) - CVE-2022-48689: Fixed data-race in lru_add_fn (bsc#1223959) - CVE-2022-48691: Fixed memory leak in netfilter (bsc#1223961) - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-42755: Check user supplied offsets (bsc#1215702). - CVE-2023-52586: Fixed mutex lock in control vblank irq (bsc#1221081). - CVE-2023-52618: Fixed string overflow in block/rnbd-srv (bsc#1221615). - CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169). - CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187). - CVE-2023-52660: Fiedx IRQ handling due to shared interrupts (bsc#1224443). - CVE-2023-52664: Eliminate double free in error handling logic (bsc#1224747). - CVE-2023-52671: Fixed hang/underflow when transitioning to ODM4:1 (bsc#1224729). - CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put() (bsc#1224727). - CVE-2023-52680: Fixed missing error checks to *_ctl_get() (bsc#1224608). - CVE-2023-52692: Fixed missing error check to scarlett2_usb_set_config() (bsc#1224628). - CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (bsc#1224621) - CVE-2023-52746: Prevent potential spectre v1 gadget in xfrm_xlate32_attr() (bsc#1225114) - CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548). - CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085). - CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930). - CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097). - CVE-2023-52860: Fixed null pointer dereference in hisi_hns3 (bsc#1224936). - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385). - CVE-2024-26692: Fixed regression in writes when non-standard maximum write size negotiated (bsc#1222464). - CVE-2024-26700: Fixed drm/amd/display: Fix MST Null Ptr for RV (bsc#1222870) - CVE-2024-26715: Fixed NULL pointer dereference in dwc3_gadget_suspend (bsc#1222561). - CVE-2024-26742: Fixed disable_managed_interrupts (git-fixes bsc#1222608). - CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627). - CVE-2024-26777: Error out if pixclock equals zero in fbdev/sis (bsc#1222765) - CVE-2024-26778: Error out if pixclock equals zero in fbdev/savage (bsc#1222770) - CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793) - CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011). - CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084). - CVE-2024-26839: Fixed a memleak in init_credit_return() (bsc#1222975) - CVE-2024-26876: Fixed crash on irq during probe (bsc#1223119). - CVE-2024-26900: Fixed kmemleak of rdev->serial (bsc#1223046). - CVE-2024-26907: Fixed a fortify source warning while accessing Eth segment in mlx5 (bsc#1223203). - CVE-2024-26915: Reset IH OVERFLOW_CLEAR bit (bsc#1223207) - CVE-2024-26919: Fixed debugfs directory leak (bsc#1223847). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390). - CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532). - CVE-2024-26939: Fixed UAF on destroy against retire race (bsc#1223679). - CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653). - CVE-2024-27042: Fixed potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' (bsc#1223823). - CVE-2024-27395: Fixed Use-After-Free in ovs_ct_exit (bsc#1224098). - CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181). - CVE-2024-27413: Fixed incorrect allocation size (bsc#1224438). - CVE-2024-27417: Fixed potential 'struct net' leak in inet6_rtm_getaddr() (bsc#1224721) - CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759) - CVE-2024-27431: Zero-initialise xdp_rxq_info struct before running XDP program (bsc#1224718). - CVE-2024-35791: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (bsc#1224725). - CVE-2024-35799: Prevent crash when disable stream (bsc#1224740). - CVE-2024-35804: Mark target gfn of emulated atomic instruction as dirty (bsc#1224638). - CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736). - CVE-2024-35852: Fixed memory leak when canceling rehash work (bsc#1224502). - CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636). - CVE-2024-35860: Struct bpf_link and bpf_link_ops kABI workaround (bsc#1224531). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765,). - CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668). - CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key() (bsc#1224667). - CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664). - CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678). - CVE-2024-35869: Guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224020, bsc#1224672). - CVE-2024-35872: Fixed GUP-fast succeeding on secretmem folios (bsc#1224530). - CVE-2024-35875: Require seeding RNG with RDRAND on CoCo systems (bsc#1224665). - CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525). - CVE-2024-35878: Prevent NULL pointer dereference in vsnprintf() (bsc#1224671). - CVE-2024-35879: kABI workaround for drivers/of/dynamic.c (bsc#1224524). - CVE-2024-35885: Stop interface during shutdown (bsc#1224519). - CVE-2024-35904: Fixed dereference of garbage after mount failure (bsc#1224494). - CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488). - CVE-2024-35907: Call request_irq() after NAPI initialized (bsc#1224492). - CVE-2024-35924: Limit read size on v1.2 (bsc#1224657). - CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535). - CVE-2024-35943: Fixed a null pointer dereference in omap_prm_domain_init (bsc#1224649). - CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host() (bsc#1224648). - CVE-2024-35951: Fixed the error path in panfrost_mmu_map_fault_addr() (bsc#1224701). - CVE-2024-35959: Fixed mlx5e_priv_init() cleanup flow (bsc#1224666). - CVE-2024-35964: Fixed not validating setsockopt user input (bsc#1224581). - CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580). - CVE-2024-35973: Fixed header validation in geneve[6]_xmit_skb (bsc#1224586). - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575). - CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549). - CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550). - CVE-2024-36006: Fixed incorrect list API usage (bsc#1224541). - CVE-2024-36007: Fixed warning during rehash (bsc#1224543). - CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761). The following non-security bugs were fixed: - 9p: explicitly deny setlease attempts (git-fixes). - ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes). - ACPI: disable -Wstringop-truncation (git-fixes). - ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes). - ACPI: LPSS: Advertise number of chip selects via property (git-fixes). - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (git-fixes). - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - ALSA: core: Fix NULL module pointer assignment at card init (git-fixes). - ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup (git-fixes). - ALSA: line6: Zero-initialize message buffers (stable-fixes). - ARM: 9381/1: kasan: clear stale stack poison (git-fixes). - ASoC: Intel: avs: Fix ASRC module initialization (git-fixes). - ASoC: Intel: avs: Fix potential integer overflow (git-fixes). - ASoC: Intel: avs: ssm4567: Do not ignore route checks (git-fixes). - ASoC: Intel: Disable route checks for Skylake boards (git-fixes). - ASoC: kirkwood: Fix potential NULL dereference (git-fixes). - ASoC: mediatek: mt8192: fix register configuration for tdm (git-fixes). - ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes). - ASoC: meson: axg-fifo: use threaded irq to check periods (git-fixes). - ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (git-fixes). - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes). - ata: pata_legacy: make legacy_exit() work again (git-fixes). - ata: sata_gemini: Check clk_enable() result (stable-fixes). - autofs: use wake_up() instead of wake_up_interruptible(() (bsc#1224166). - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (git-fixes). - Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() (git-fixes). - Bluetooth: hci_sync: Do not double print name in add/remove adv_monitor (bsc#1216358). - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (git-fixes). - Bluetooth: msft: fix slab-use-after-free in msft_do_close() (git-fixes). - Bluetooth: qca: add missing firmware sanity checks (git-fixes). - Bluetooth: qca: Fix error code in qca_read_fw_build_info() (git-fixes). - Bluetooth: qca: fix firmware check error path (git-fixes). - Bluetooth: qca: fix info leak when fetching fw build id (git-fixes). - Bluetooth: qca: fix NVM configuration parsing (git-fixes). - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes) - bpf: decouple prune and jump points (bsc#1225756). - bpf: fix precision backtracking instruction iteration (bsc#1225756). - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (git-fixes). - bpf: handle ldimm64 properly in check_cfg() (bsc#1225756). - bpf: mostly decouple jump history management from is_state_visited() (bsc#1225756). - bpf: remove unnecessary prune and jump points (bsc#1225756). - btrfs: add error messages to all unrecognized mount options (git-fixes) - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes) - btrfs: extend locking to all space_info members accesses (git-fixes) - btrfs: fix btrfs_submit_compressed_write cgroup attribution (git-fixes) - btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes) - btrfs: fix missing blkdev_put() call in btrfs_scan_one_device() (git-fixes) - btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes) - btrfs: fix qgroup reserve overflow the qgroup limit (git-fixes) - btrfs: fix silent failure when deleting root reference (git-fixes) - btrfs: fix use-after-free after failure to create a snapshot (git-fixes) - btrfs: free exchange changeset on failures (git-fixes) - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: make search_csum_tree return 0 if we get -EFBIG (git-fixes) - btrfs: prevent copying too big compressed lzo segment (git-fixes) - btrfs: remove BUG_ON(!eie) in find_parent_nodes (git-fixes) - btrfs: remove BUG_ON() in find_parent_nodes() (git-fixes) - btrfs: repair super block num_devices automatically (git-fixes) - btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling (git-fixes) - btrfs: send: ensure send_fd is writable (git-fixes) - btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes) - btrfs: send: in case of IO error log it (git-fixes) - btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes) - btrfs: tree-checker: check item_size for dev_item (git-fixes) - btrfs: tree-checker: check item_size for inode_item (git-fixes) - cifs: account for primary channel in the interface list (bsc#1224020). - cifs: cifs_chan_is_iface_active should be called with chan_lock held (bsc#1224020). - cifs: distribute channels across interfaces based on speed (bsc#1224020). - cifs: do not pass cifs_sb when trying to add channels (bsc#1224020). - cifs: failure to add channel on iface should bump up weight (git-fixes, bsc#1224020). - cifs: fix charset issue in reconnection (bsc#1224020). - cifs: fix leak of iface for primary channel (git-fixes, bsc#1224020). - cifs: handle cases where a channel is closed (bsc#1224020). - cifs: handle cases where multiple sessions share connection (bsc#1224020). - cifs: reconnect work should have reference on server struct (bsc#1224020). - clk: Do not hold prepare_lock when calling kref_put() (stable-fixes). - clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes). - counter: stm32-lptimer-cnt: Provide defines for clock polarities (git-fixes). - counter: stm32-timer-cnt: Provide defines for slave mode selection (git-fixes). - cppc_cpufreq: Fix possible null pointer dereference (git-fixes). - cpu/hotplug: Remove the 'cpu' member of cpuhp_cpu_state (git-fixes). - cpumask: Add for_each_cpu_from() (bsc#1225053). - crypto: bcm - Fix pointer arithmetic (git-fixes). - crypto: ccp - drop platform ifdef checks (git-fixes). - crypto: ecdsa - Fix module auto-load on add-key (git-fixes). - crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes). - dmaengine: axi-dmac: fix possible race in remove() (git-fixes). - dmaengine: idma64: Add check for dma_set_max_seg_size (git-fixes). - dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users (git-fixes). - dm-multipath: dont't attempt SG_IO on non-SCSI-disks (bsc#1223575). - docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes). - drivers/nvme: Add quirks for device 126f:2262 (git-fixes). - drm/amd/display: Atom Integrated System Info v2_2 for DCN35 (stable-fixes). - drm/amd/display: Fix division by zero in setup_dsc_config (stable-fixes). - drm/amd/display: Fix potential index out of bounds in color transformation function (git-fixes). - drm/amd/display: Handle Y carry-over in VCP X.Y calculation (stable-fixes). - drm/amd: Flush GFXOFF requests in prepare stage (git-fixes). - drm/amdgpu: Refine IB schedule error logging (stable-fixes). - drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (git-fixes). - drm/arm/malidp: fix a possible null pointer dereference (git-fixes). - drm/bridge: anx7625: Do not log an error when DSI host can't be found (git-fixes). - drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (git-fixes). - drm/bridge: dpc3433: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: icn6211: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt8912b: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt9611: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (git-fixes). - drm/connector: Add \n to message about demoting connector force-probes (git-fixes). - drm/i915/bios: Fix parsing backlight BDB data (git-fixes). - drm/lcdif: Do not disable clocks on already suspended hardware (git-fixes). - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes). - drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes). - drm/meson: dw-hdmi: power up phy on device init (git-fixes). - drm/meson: vclk: fix calculation of 59.94 fractional rates (git-fixes). - drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes). - drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes). - drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (git-fixes). - drm/nouveau/dp: Do not probe eDP ports twice harder (stable-fixes). - drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD does not assert (git-fixes). - drm/panel: novatek-nt35950: Do not log an error when DSI host can't be found (git-fixes). - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (git-fixes). - drm: vc4: Fix possible null pointer dereference (git-fixes). - dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes) - dyndbg: fix old BUG_ON in >control parser (stable-fixes). - efi: libstub: only free priv.runtime_map when allocated (git-fixes). - extcon: max8997: select IRQ_DOMAIN instead of depending on it (git-fixes). - fail_function: fix wrong use of fei_attr_remove(). - fbdev: savage: Handle err return when savagefb_check_var failed (git-fixes). - fbdev: shmobile: fix snprintf truncation (git-fixes). - fbdev: sisfb: hide unused variables (git-fixes). - firewire: ohci: mask bus reset interrupts between ISR and bottom half (stable-fixes). - firmware: dmi-id: add a release callback function (git-fixes). - firmware: raspberrypi: Use correct device for DMA mappings (git-fixes). - fs/9p: drop inodes immediately on non-.L too (git-fixes). - fs/9p: only translate RWX permissions for plain 9P2000 (git-fixes). - fs/9p: translate O_TRUNC into OTRUNC (git-fixes). - gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes). - gpio: wcove: Use -ENOTSUPP consistently (stable-fixes). - gpu: host1x: Do not setup DMA for virtual devices (stable-fixes). - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (git-fixes). - hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock (git-fixes). - hwmon: (corsair-cpro) Use a separate buffer for sending commands (git-fixes). - hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() (git-fixes). - hwmon: (lm70) fix links in doc and comments (git-fixes). - hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us (git-fixes). - i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame (git-fixes). - i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (git-fixes). - IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes) - idpf: extend tx watchdog timeout (bsc#1224137). - iio: core: Leave private pointer NULL when no private data supplied (git-fixes). - iio: pressure: dps310: support negative temperature values (git-fixes). - Input: cyapa - add missing input core locking to suspend/resume functions (git-fixes). - Input: ims-pcu - fix printf string overflow (git-fixes). - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (git-fixes). - iomap: Fix inline extent handling in iomap_readpage (git-fixes) - iomap: iomap: fix memory corruption when recording errors during writeback (git-fixes) - iomap: Support partial direct I/O on user copy failures (git-fixes) - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331) - io_uring/unix: drop usage of io_uring socket (git-fixes). - irqchip/gic-v3-its: Prevent double free on error (git-fixes). - jffs2: prevent xattr node from overflowing the eraseblock (git-fixes). - kABI: bpf: struct bpf_insn_aux_data kABI workaround (bsc#1225756). - kcm: do not sense pfmemalloc status in kcm_sendpage() (git-fixes bsc#1223959) - KEYS: trusted: Do not use WARN when encode fails (git-fixes). - KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes). - KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1224794). - leds: pwm: Disable PWM when going to suspend (git-fixes). - libsubcmd: Fix parse-options memory leak (git-fixes). - locking/atomic: Make test_and_*_bit() ordered on failure (git-fixes). - media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (git-fixes). - media: dt-bindings: ovti,ov2680: Fix the power supply names (git-fixes). - media: mc: mark the media devnode as registered from the, start (git-fixes). - media: ngene: Add dvb_ca_en50221_init return value check (git-fixes). - media: stk1160: fix bounds checking in stk1160_copy_video() (git-fixes). - mei: me: add lunar lake point M DID (stable-fixes). - mfd: intel-lpss: Revert 'Add missing check for platform_get_resource' (git-fixes). - mfd: ti_am335x_tscadc: Support the correctly spelled DT property (git-fixes). - mfd: tqmx86: Specify IO port register range more precisely (git-fixes). - mlxbf_gige: Enable the GigE port in mlxbf_gige_open (git-fixes). - mlxbf_gige: Fix intermittent no ip issue (git-fixes). - mlxbf_gige: stop PHY during open() error paths (git-fixes). - mmc: sdhci_am654: Add tuning algorithm for delay chain (git-fixes). - mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes). - Move upstreamed patches into sorted section - mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (git-fixes). - mtd: rawnand: hynix: fixed typo (git-fixes). - net: do not sense pfmemalloc status in skb_append_pagefrags() (git-fixes bsc#1223959) - netfilter: nf_tables: bail out early if hardware offload is not supported (git-fixes bsc#1223961) - net: introduce __skb_fill_page_desc_noacc (git-fixes bsc#1223959) - net: nfc: remove inappropriate attrs check (stable-fixes). - net: qualcomm: rmnet: fix global oob in rmnet_policy (git-fixes). - net: usb: ax88179_178a: fix link status when link is set to down/up (git-fixes). - net:usb:qmi_wwan: support Rolling modules (stable-fixes). - net: usb: smsc95xx: stop lying about skb->truesize (git-fixes). - net: usb: sr9700: stop lying about skb->truesize (git-fixes). - net: vmxnet3: Fix NULL pointer dereference in vmxnet3_rq_rx_complete() (bsc#1223360). - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes). - nfc: nci: Fix uninit-value in nci_rx_work (git-fixes). - nilfs2: fix out-of-range warning (git-fixes). - nilfs2: fix unexpected freezing of nilfs_segctor_sync() (git-fixes). - nilfs2: fix use-after-free of timer for log writer thread (git-fixes). - nilfs2: make superblock data array index computation sparse friendly (git-fixes). - nvme: ensure disabling pairs with unquiesce (bsc#1224534). - nvme: fix miss command type check (git-fixes). - nvme: fix multipath batched completion accounting (git-fixes). - nvme-multipath: fix io accounting on failover (git-fixes). - nvmet: fix ns enable/disable possible hang (git-fixes). - PCI: dwc: Detect iATU settings after getting 'addr_space' resource (git-fixes). - PCI: dwc: ep: Fix DBI access failure for drivers requiring refclk from host (git-fixes). - PCI: dwc: Use the bitmap API to allocate bitmaps (git-fixes). - PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (git-fixes). - PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (git-fixes). - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (git-fixes). - PCI: tegra194: Fix probe path for Endpoint mode (git-fixes). - pinctrl: armada-37xx: remove an unused variable (git-fixes). - pinctrl: core: delete incorrect free in pinctrl_enable() (git-fixes). - pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() (stable-fixes). - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (git-fixes). - pinctrl/meson: fix typo in PDM's pin name (git-fixes). - pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T (git-fixes). - platform/x86/intel-uncore-freq: Do not present root domain on error (git-fixes). - platform/x86: xiaomi-wmi: Fix race condition when reporting key events (git-fixes). - powerpc/eeh: Permanently disable the removed device (bsc#1223991 ltc#205740). - powerpc/eeh: Small refactor of eeh_handle_normal_event() (bsc#1223991 ltc#205740). - powerpc/eeh: Use a goto for recovery failures (bsc#1223991 ltc#205740). - powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729). - powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes). - powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783). - powerpc/uaccess: Fix build errors seen with GCC 13/14 (bsc#1194869). - powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869). - power: rt9455: hide unused rt9455_boost_voltage_values (git-fixes). - ppdev: Add an error check in register_device (git-fixes). - printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1225616). - qibfs: fix dentry leak (git-fixes) - RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes) - RDMA/hns: Fix deadlock on SRQ async events. (git-fixes) - RDMA/hns: Fix GMV table pagesize (git-fixes) - RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes) - RDMA/hns: Fix UAF for cq async event (git-fixes) - RDMA/hns: Modify the print level of CQE error (git-fixes) - RDMA/hns: Use complete parentheses in macros (git-fixes) - RDMA/IPoIB: Fix format truncation compilation errors (git-fixes) - RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes) - RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes) - RDMA/rxe: Add ibdev_dbg macros for rxe (git-fixes) - RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes) - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes) - RDMA/rxe: Fix the problem 'mutex_destroy missing' (git-fixes) - RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c (git-fixes) - RDMA/rxe: Split rxe_run_task() into two subroutines (git-fixes) - regulator: bd71828: Do not overwrite runtime voltages (git-fixes). - regulator: core: fix debugfs creation regression (git-fixes). - regulator: mt6360: De-capitalize devicetree regulator subnodes (git-fixes). - remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (git-fixes). - Revert 'cifs: reconnect work should have reference on server struct' (git-fixes, bsc#1224020). - Revert 'drm/bridge: ti-sn65dsi83: Fix enable error path' (git-fixes). - ring-buffer: Fix a race between readers and resize checks (git-fixes). - s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes bsc#1224795). - s390/cio: fix tracepoint subchannel type field (git-fixes bsc#1224796). - s390/cpum_cf: make crypto counters upward compatible across machine types (bsc#1224346). - s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (git-fixes bsc#1225139). - s390/ipl: Fix incorrect initialization of nvme dump block (git-fixes bsc#1225138). - sched/topology: Optimize topology_span_sane() (bsc#1225053). - scsi: arcmsr: Support new PCI device IDs 1883 and 1886 (git-fixes). - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes). - scsi: core: Consult supported VPD page list prior to fetching page (git-fixes). - scsi: core: Fix unremoved procfs host directory regression (git-fixes). - scsi: csiostor: Avoid function pointer casts (git-fixes). - scsi: libfc: Do not schedule abort twice (git-fixes). - scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (git-fixes). - scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842). - scsi: lpfc: Change default logging level for unsolicited CT MIB commands (bsc#1225842). - scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask (bsc#1225842). - scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (bsc#1225842). - scsi: lpfc: Copyright updates for 14.4.0.2 patches (bsc#1225842). - scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (bsc#1225842). - scsi: lpfc: Update logging of protection type for T10 DIF I/O (bsc#1225842). - scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842). - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (git-fixes). - scsi: mylex: Fix sysfs buffer lengths (git-fixes). - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (git-fixes). - scsi: sd: Unregister device if device_add_disk() failed in sd_probe() (git-fixes). - selftests/pidfd: Fix config for pidfd_setns_test (git-fixes). - serial: 8250_bcm7271: use default_mux_rate if possible (git-fixes). - serial: kgdboc: Fix NMI-safety problems from keyboard reset code (stable-fixes). - serial: max3100: Fix bitwise types (git-fixes). - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (git-fixes). - serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (git-fixes). - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (git-fixes). - serial: sh-sci: protect invalidating RXDMA on shutdown (git-fixes). - smb3: show beginning time for per share stats (bsc#1224020). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - smb: client: fix mount when dns_resolver key is not available (git-fixes, bsc#1224020). - smb: client: get rid of dfs code dep in namespace.c (bsc#1224020). - smb: client: get rid of dfs naming in automount code (bsc#1224020). - smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1224020). - smb: client: reduce stack usage in cifs_try_adding_channels() (bsc#1224020). - smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (bsc#1224020). - smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1224020). - soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes). - soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (git-fixes). - Sort recent BHI patches - speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes). - spmi: Add a check for remove callback when removing a SPMI driver (git-fixes). - spmi: hisi-spmi-controller: Do not override device identifier (git-fixes). - swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331). - swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331) - swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331) - swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331) - sysv: do not call sb_bread() with pointers_lock held (git-fixes). - thermal/drivers/tsens: Fix null pointer dereference (git-fixes). - tools/latency-collector: Fix -Wformat-security compile warns (git-fixes). - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer (bsc#1225535) - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (git-fixes). - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (git-fixes). - tracing: hide unused ftrace_event_id_fops (git-fixes). - tty: n_gsm: fix missing receive state reset after mode switch (git-fixes). - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (git-fixes). - usb: aqc111: stop lying about skb->truesize (git-fixes). - USB: core: Add hub_get() and hub_put() routines (git-fixes). - USB: core: Fix access violation during port device removal (git-fixes). - USB: core: Fix deadlock in port 'disable' sysfs attribute (git-fixes). - usb: dwc3: core: Prevent phy suspend during init (Git-fixes). - usb: gadget: u_audio: Clear uac pointer when freed (git-fixes). - usb: typec: tipd: fix event checking for tps6598x (git-fixes). - usb: typec: ucsi: displayport: Fix potential deadlock (git-fixes). - VMCI: Fix an error handling path in vmci_guest_probe_device() (git-fixes). - VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (stable-fixes). - vmci: prevent speculation leaks by sanitizing event in event_deliver() (git-fixes). - watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (git-fixes). - watchdog: ixp4xx: Make sure restart always works (git-fixes). - watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (git-fixes). - wifi: ar5523: enable proper endpoint verification (git-fixes). - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes). - wifi: ath10k: poll service ready message before failing (git-fixes). - wifi: ath10k: populate board data for WCN3990 (git-fixes). - wifi: ath11k: do not force enable power save on non-running vdevs (git-fixes). - wifi: carl9170: add a proper sanity check for endpoints (git-fixes). - wifi: carl9170: re-fix fortified-memset warning (git-fixes). - wifi: cfg80211: fix rdev_dump_mpp() arguments order (stable-fixes). - wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (stable-fixes). - wifi: mwl8k: initialize cmd->addr[] properly (git-fixes). - x86/boot: Ignore NMIs during very early boot (git-fixes). - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes). - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (git-fixes). - x86/bugs: Fix BHI documentation (git-fixes). - x86/bugs: Fix BHI handling of RRSBA (git-fixes). - x86/bugs: Fix BHI retpoline check (git-fixes). - x86/bugs: Fix return type of spectre_bhi_state() (git-fixes). - x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes). - x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes). - x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes). - x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (git-fixes). - x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes). - x86/lib: Fix overflow when counting digits (git-fixes). - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes). - x86/nmi: Drop unused declaration of proc_nmi_enabled() (git-fixes). - x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes). - x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes). - x86/sme: Fix memory encryption setting if enabled by default and not overridden (git-fixes). - x86/tdx: Preserve shared bit on mprotect() (git-fixes). - xfs: fix exception caused by unexpected illegal bestcount in leaf dir (git-fixes). - xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork (git-fixes). - xfs: fix imprecise logic in xchk_btree_check_block_owner (git-fixes). - xfs: fix inode reservation space for removing transaction (git-fixes). - xfs: shrink failure needs to hold AGI buffer (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2242-1 Released: Wed Jun 26 15:42:01 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1218668 This update for wicked fixes the following issues: - Fix VLANs/bonds randomly not coming up after reboot or wicked restart. [bsc#1218668] The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.20.1 updated - chrony-pool-suse-4.1-150400.21.5.7 updated - chrony-4.1-150400.21.5.7 updated - containerd-ctr-1.7.17-150000.111.3 updated - containerd-1.7.17-150000.111.3 updated - glibc-locale-base-2.31-150300.83.1 updated - glibc-locale-2.31-150300.83.1 updated - glibc-2.31-150300.83.1 updated - iputils-20221126-150500.3.8.2 updated - kernel-default-5.14.21-150500.55.68.1 updated - libabsl2401_0_0-20240116.1-150500.13.7.8 added - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libjitterentropy3-3.4.1-150000.1.12.1 updated - libopenssl1_1-1.1.1l-150500.17.31.1 updated - libprotobuf-lite25_1_0-25.1-150500.12.2.2 updated - libsolv-tools-base-0.7.29-150400.3.22.4 added - libsolv-tools-0.7.29-150400.3.22.4 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libzypp-17.34.1-150500.6.2.1 updated - openssl-1_1-1.1.1l-150500.17.31.1 updated - python3-requests-2.25.1-150300.3.12.2 updated - socat-1.8.0.0-150400.14.3.1 updated - supportutils-3.1.30-150300.7.35.30.1 updated - suse-module-tools-15.5.5-150500.3.12.2 updated - wget-1.20.3-150000.3.20.1 updated - wicked-service-0.6.75-150500.3.29.1 updated - wicked-0.6.75-150500.3.29.1 updated - zypper-1.14.73-150500.6.2.1 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 removed From sle-container-updates at lists.suse.com Mon Jul 1 07:01:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 1 Jul 2024 09:01:20 +0200 (CEST) Subject: SUSE-IU-2024:587-1: Security update of suse-sles-15-sp5-chost-byos-v20240626-x86_64-gen2 Message-ID: <20240701070120.92449FBA1@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240626-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:587-1 Image Tags : suse-sles-15-sp5-chost-byos-v20240626-x86_64-gen2:20240626 Image Release : Severity : important Type : security References : 1065729 1141539 1160293 1174585 1181674 1187716 1188441 1190569 1191949 1192107 1193983 1194288 1194869 1196956 1197915 1200465 1205205 1207284 1207361 1207948 1208149 1209627 1209657 1209799 1209834 1209980 1210335 1213551 1213863 1214852 1215322 1215702 1216358 1216702 1216717 1217169 1217339 1217515 1218447 1218668 1218722 1219680 1220021 1220082 1220267 1220363 1220783 1221044 1221081 1221361 1221400 1221615 1221777 1221816 1221829 1221940 1222011 1222021 1222086 1222261 1222343 1222348 1222374 1222385 1222413 1222464 1222513 1222559 1222561 1222608 1222619 1222627 1222721 1222765 1222770 1222783 1222793 1222870 1222893 1222960 1222961 1222974 1222975 1222976 1223011 1223023 1223027 1223031 1223043 1223046 1223048 1223049 1223084 1223113 1223119 1223137 1223138 1223140 1223188 1223203 1223207 1223278 1223315 1223360 1223384 1223390 1223423 1223424 1223425 1223430 1223432 1223469 1223489 1223505 1223532 1223575 1223595 1223626 1223627 1223628 1223631 1223633 1223638 1223650 1223653 1223666 1223670 1223671 1223675 1223677 1223678 1223679 1223698 1223712 1223715 1223717 1223718 1223737 1223738 1223741 1223744 1223747 1223748 1223750 1223752 1223754 1223756 1223757 1223762 1223766 1223769 1223770 1223779 1223780 1223781 1223788 1223802 1223819 1223823 1223826 1223828 1223829 1223837 1223842 1223843 1223844 1223847 1223858 1223875 1223879 1223895 1223959 1223961 1223980 1223991 1223996 1224020 1224076 1224096 1224098 1224099 1224137 1224166 1224174 1224177 1224180 1224181 1224187 1224242 1224320 1224323 1224331 1224346 1224423 1224432 1224437 1224438 1224442 1224443 1224445 1224449 1224479 1224482 1224487 1224488 1224492 1224494 1224495 1224502 1224508 1224509 1224511 1224519 1224524 1224525 1224530 1224531 1224534 1224535 1224537 1224541 1224543 1224549 1224550 1224558 1224559 1224566 1224567 1224571 1224575 1224576 1224579 1224580 1224581 1224582 1224586 1224587 1224592 1224598 1224601 1224607 1224608 1224611 1224615 1224617 1224618 1224621 1224622 1224624 1224627 1224628 1224629 1224632 1224636 1224637 1224638 1224640 1224643 1224644 1224645 1224647 1224648 1224649 1224650 1224651 1224657 1224659 1224660 1224663 1224664 1224665 1224666 1224667 1224668 1224671 1224672 1224676 1224678 1224679 1224680 1224681 1224682 1224685 1224686 1224692 1224697 1224699 1224701 1224703 1224705 1224707 1224717 1224718 1224721 1224722 1224723 1224725 1224727 1224728 1224729 1224730 1224731 1224732 1224733 1224736 1224738 1224739 1224740 1224747 1224749 1224759 1224763 1224764 1224765 1224766 1224788 1224794 1224795 1224796 1224803 1224816 1224877 1224895 1224898 1224900 1224901 1224902 1224903 1224904 1224905 1224907 1224909 1224910 1224911 1224912 1224913 1224914 1224915 1224920 1224928 1224929 1224930 1224931 1224932 1224936 1224937 1224941 1224942 1224944 1224945 1224947 1224956 1224988 1224992 1225000 1225003 1225005 1225008 1225009 1225022 1225031 1225032 1225036 1225041 1225044 1225053 1225076 1225077 1225082 1225085 1225086 1225092 1225095 1225096 1225097 1225106 1225108 1225109 1225114 1225118 1225121 1225122 1225123 1225125 1225126 1225127 1225129 1225131 1225132 1225138 1225139 1225145 1225151 1225153 1225156 1225158 1225160 1225161 1225164 1225167 1225180 1225183 1225184 1225186 1225187 1225189 1225190 1225191 1225192 1225193 1225195 1225198 1225201 1225203 1225205 1225206 1225207 1225208 1225209 1225210 1225214 1225222 1225223 1225224 1225225 1225227 1225228 1225229 1225230 1225232 1225233 1225235 1225236 1225237 1225238 1225239 1225240 1225241 1225242 1225243 1225244 1225245 1225246 1225247 1225248 1225249 1225250 1225251 1225252 1225253 1225254 1225255 1225256 1225257 1225258 1225259 1225260 1225261 1225262 1225263 1225268 1225301 1225303 1225304 1225306 1225316 1225318 1225320 1225321 1225322 1225323 1225326 1225327 1225328 1225329 1225330 1225331 1225332 1225333 1225334 1225335 1225336 1225337 1225338 1225339 1225341 1225342 1225344 1225346 1225347 1225351 1225353 1225354 1225355 1225357 1225358 1225360 1225361 1225366 1225367 1225368 1225369 1225370 1225372 1225373 1225374 1225375 1225376 1225377 1225379 1225380 1225382 1225383 1225384 1225386 1225387 1225388 1225390 1225392 1225393 1225396 1225400 1225404 1225405 1225408 1225409 1225410 1225411 1225424 1225425 1225427 1225431 1225435 1225436 1225437 1225438 1225439 1225441 1225442 1225443 1225444 1225445 1225446 1225447 1225450 1225453 1225455 1225461 1225463 1225464 1225466 1225467 1225468 1225471 1225472 1225478 1225479 1225480 1225482 1225483 1225486 1225488 1225490 1225492 1225495 1225499 1225500 1225501 1225502 1225506 1225508 1225510 1225513 1225515 1225529 1225530 1225532 1225534 1225535 1225548 1225549 1225550 1225551 1225553 1225554 1225555 1225556 1225557 1225559 1225560 1225565 1225566 1225568 1225569 1225570 1225571 1225572 1225577 1225583 1225584 1225587 1225588 1225589 1225590 1225591 1225592 1225593 1225595 1225599 1225616 1225640 1225642 1225705 1225708 1225715 1225720 1225722 1225734 1225735 1225747 1225748 1225756 1225761 1225766 1225775 1225810 1225820 1225829 1225835 1225842 1225912 1225946 1226419 CVE-2020-36788 CVE-2021-4148 CVE-2021-43527 CVE-2021-47358 CVE-2021-47359 CVE-2021-47360 CVE-2021-47361 CVE-2021-47362 CVE-2021-47363 CVE-2021-47364 CVE-2021-47365 CVE-2021-47366 CVE-2021-47367 CVE-2021-47368 CVE-2021-47369 CVE-2021-47370 CVE-2021-47371 CVE-2021-47372 CVE-2021-47373 CVE-2021-47374 CVE-2021-47375 CVE-2021-47376 CVE-2021-47378 CVE-2021-47379 CVE-2021-47380 CVE-2021-47381 CVE-2021-47382 CVE-2021-47383 CVE-2021-47384 CVE-2021-47385 CVE-2021-47386 CVE-2021-47387 CVE-2021-47388 CVE-2021-47389 CVE-2021-47390 CVE-2021-47391 CVE-2021-47392 CVE-2021-47393 CVE-2021-47394 CVE-2021-47395 CVE-2021-47396 CVE-2021-47397 CVE-2021-47398 CVE-2021-47399 CVE-2021-47400 CVE-2021-47401 CVE-2021-47402 CVE-2021-47403 CVE-2021-47404 CVE-2021-47405 CVE-2021-47406 CVE-2021-47407 CVE-2021-47408 CVE-2021-47409 CVE-2021-47410 CVE-2021-47412 CVE-2021-47413 CVE-2021-47414 CVE-2021-47415 CVE-2021-47416 CVE-2021-47417 CVE-2021-47418 CVE-2021-47419 CVE-2021-47420 CVE-2021-47421 CVE-2021-47422 CVE-2021-47423 CVE-2021-47424 CVE-2021-47425 CVE-2021-47426 CVE-2021-47427 CVE-2021-47428 CVE-2021-47429 CVE-2021-47430 CVE-2021-47431 CVE-2021-47433 CVE-2021-47434 CVE-2021-47435 CVE-2021-47436 CVE-2021-47437 CVE-2021-47438 CVE-2021-47439 CVE-2021-47440 CVE-2021-47441 CVE-2021-47442 CVE-2021-47443 CVE-2021-47444 CVE-2021-47445 CVE-2021-47446 CVE-2021-47447 CVE-2021-47448 CVE-2021-47449 CVE-2021-47450 CVE-2021-47451 CVE-2021-47452 CVE-2021-47453 CVE-2021-47454 CVE-2021-47455 CVE-2021-47456 CVE-2021-47457 CVE-2021-47458 CVE-2021-47459 CVE-2021-47460 CVE-2021-47461 CVE-2021-47462 CVE-2021-47463 CVE-2021-47464 CVE-2021-47465 CVE-2021-47466 CVE-2021-47467 CVE-2021-47468 CVE-2021-47469 CVE-2021-47470 CVE-2021-47471 CVE-2021-47472 CVE-2021-47473 CVE-2021-47474 CVE-2021-47475 CVE-2021-47476 CVE-2021-47477 CVE-2021-47478 CVE-2021-47479 CVE-2021-47480 CVE-2021-47481 CVE-2021-47482 CVE-2021-47483 CVE-2021-47484 CVE-2021-47485 CVE-2021-47486 CVE-2021-47488 CVE-2021-47489 CVE-2021-47490 CVE-2021-47491 CVE-2021-47492 CVE-2021-47493 CVE-2021-47494 CVE-2021-47495 CVE-2021-47496 CVE-2021-47497 CVE-2021-47498 CVE-2021-47499 CVE-2021-47500 CVE-2021-47501 CVE-2021-47502 CVE-2021-47503 CVE-2021-47504 CVE-2021-47505 CVE-2021-47506 CVE-2021-47507 CVE-2021-47508 CVE-2021-47509 CVE-2021-47510 CVE-2021-47511 CVE-2021-47512 CVE-2021-47513 CVE-2021-47514 CVE-2021-47516 CVE-2021-47518 CVE-2021-47520 CVE-2021-47521 CVE-2021-47522 CVE-2021-47523 CVE-2021-47524 CVE-2021-47525 CVE-2021-47526 CVE-2021-47528 CVE-2021-47529 CVE-2021-47530 CVE-2021-47531 CVE-2021-47532 CVE-2021-47533 CVE-2021-47534 CVE-2021-47535 CVE-2021-47536 CVE-2021-47537 CVE-2021-47540 CVE-2021-47541 CVE-2021-47542 CVE-2021-47544 CVE-2021-47548 CVE-2021-47549 CVE-2021-47550 CVE-2021-47551 CVE-2021-47552 CVE-2021-47553 CVE-2021-47554 CVE-2021-47555 CVE-2021-47556 CVE-2021-47557 CVE-2021-47558 CVE-2021-47559 CVE-2021-47560 CVE-2021-47562 CVE-2021-47563 CVE-2021-47564 CVE-2021-47565 CVE-2021-47569 CVE-2022-48633 CVE-2022-48662 CVE-2022-48669 CVE-2022-48689 CVE-2022-48691 CVE-2022-48699 CVE-2022-48705 CVE-2022-48708 CVE-2022-48709 CVE-2022-48710 CVE-2023-0160 CVE-2023-1829 CVE-2023-42755 CVE-2023-45288 CVE-2023-47233 CVE-2023-52586 CVE-2023-52591 CVE-2023-52618 CVE-2023-52642 CVE-2023-52643 CVE-2023-52644 CVE-2023-52646 CVE-2023-52650 CVE-2023-52653 CVE-2023-52654 CVE-2023-52655 CVE-2023-52656 CVE-2023-52657 CVE-2023-52659 CVE-2023-52660 CVE-2023-52661 CVE-2023-52662 CVE-2023-52664 CVE-2023-52669 CVE-2023-52671 CVE-2023-52674 CVE-2023-52676 CVE-2023-52678 CVE-2023-52679 CVE-2023-52680 CVE-2023-52683 CVE-2023-52685 CVE-2023-52686 CVE-2023-52690 CVE-2023-52691 CVE-2023-52692 CVE-2023-52693 CVE-2023-52694 CVE-2023-52696 CVE-2023-52698 CVE-2023-52699 CVE-2023-52702 CVE-2023-52703 CVE-2023-52705 CVE-2023-52707 CVE-2023-52708 CVE-2023-52730 CVE-2023-52731 CVE-2023-52732 CVE-2023-52733 CVE-2023-52736 CVE-2023-52738 CVE-2023-52739 CVE-2023-52740 CVE-2023-52741 CVE-2023-52742 CVE-2023-52743 CVE-2023-52744 CVE-2023-52745 CVE-2023-52746 CVE-2023-52747 CVE-2023-52753 CVE-2023-52754 CVE-2023-52756 CVE-2023-52757 CVE-2023-52759 CVE-2023-52763 CVE-2023-52764 CVE-2023-52766 CVE-2023-52773 CVE-2023-52774 CVE-2023-52777 CVE-2023-52781 CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52795 CVE-2023-52796 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800 CVE-2023-52803 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806 CVE-2023-52807 CVE-2023-52808 CVE-2023-52809 CVE-2023-52810 CVE-2023-52811 CVE-2023-52814 CVE-2023-52815 CVE-2023-52816 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52821 CVE-2023-52825 CVE-2023-52826 CVE-2023-52832 CVE-2023-52833 CVE-2023-52834 CVE-2023-52838 CVE-2023-52840 CVE-2023-52841 CVE-2023-52844 CVE-2023-52847 CVE-2023-52851 CVE-2023-52853 CVE-2023-52854 CVE-2023-52855 CVE-2023-52856 CVE-2023-52858 CVE-2023-52860 CVE-2023-52861 CVE-2023-52864 CVE-2023-52865 CVE-2023-52867 CVE-2023-52868 CVE-2023-52870 CVE-2023-52871 CVE-2023-52872 CVE-2023-52873 CVE-2023-52875 CVE-2023-52876 CVE-2023-52877 CVE-2023-52878 CVE-2023-52880 CVE-2023-6531 CVE-2024-2201 CVE-2024-22195 CVE-2024-26597 CVE-2024-26643 CVE-2024-26679 CVE-2024-26692 CVE-2024-26698 CVE-2024-26700 CVE-2024-26715 CVE-2024-26739 CVE-2024-26742 CVE-2024-26748 CVE-2024-26758 CVE-2024-26764 CVE-2024-26775 CVE-2024-26777 CVE-2024-26778 CVE-2024-26788 CVE-2024-26791 CVE-2024-26801 CVE-2024-26822 CVE-2024-26828 CVE-2024-26829 CVE-2024-26838 CVE-2024-26839 CVE-2024-26840 CVE-2024-26846 CVE-2024-26859 CVE-2024-26870 CVE-2024-26874 CVE-2024-26876 CVE-2024-26877 CVE-2024-26880 CVE-2024-26889 CVE-2024-26894 CVE-2024-26900 CVE-2024-26907 CVE-2024-26915 CVE-2024-26916 CVE-2024-26919 CVE-2024-26920 CVE-2024-26921 CVE-2024-26922 CVE-2024-26925 CVE-2024-26928 CVE-2024-26929 CVE-2024-26930 CVE-2024-26931 CVE-2024-26933 CVE-2024-26934 CVE-2024-26935 CVE-2024-26937 CVE-2024-26938 CVE-2024-26939 CVE-2024-26940 CVE-2024-26943 CVE-2024-26957 CVE-2024-26958 CVE-2024-26964 CVE-2024-26974 CVE-2024-26977 CVE-2024-26979 CVE-2024-26984 CVE-2024-26988 CVE-2024-26989 CVE-2024-26994 CVE-2024-26996 CVE-2024-26997 CVE-2024-26999 CVE-2024-27000 CVE-2024-27001 CVE-2024-27004 CVE-2024-27008 CVE-2024-27028 CVE-2024-27037 CVE-2024-27042 CVE-2024-27045 CVE-2024-27047 CVE-2024-27051 CVE-2024-27052 CVE-2024-27053 CVE-2024-27054 CVE-2024-27059 CVE-2024-27072 CVE-2024-27073 CVE-2024-27074 CVE-2024-27075 CVE-2024-27076 CVE-2024-27077 CVE-2024-27078 CVE-2024-27388 CVE-2024-27393 CVE-2024-27395 CVE-2024-27396 CVE-2024-27398 CVE-2024-27399 CVE-2024-27400 CVE-2024-27401 CVE-2024-27405 CVE-2024-27410 CVE-2024-27412 CVE-2024-27413 CVE-2024-27416 CVE-2024-27417 CVE-2024-27419 CVE-2024-27431 CVE-2024-27435 CVE-2024-27436 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2024-34064 CVE-2024-35195 CVE-2024-35789 CVE-2024-35791 CVE-2024-35796 CVE-2024-35799 CVE-2024-35801 CVE-2024-35804 CVE-2024-35806 CVE-2024-35809 CVE-2024-35811 CVE-2024-35812 CVE-2024-35813 CVE-2024-35815 CVE-2024-35817 CVE-2024-35821 CVE-2024-35822 CVE-2024-35823 CVE-2024-35825 CVE-2024-35828 CVE-2024-35829 CVE-2024-35830 CVE-2024-35833 CVE-2024-35845 CVE-2024-35847 CVE-2024-35849 CVE-2024-35851 CVE-2024-35852 CVE-2024-35854 CVE-2024-35860 CVE-2024-35861 CVE-2024-35862 CVE-2024-35863 CVE-2024-35864 CVE-2024-35865 CVE-2024-35866 CVE-2024-35867 CVE-2024-35868 CVE-2024-35869 CVE-2024-35870 CVE-2024-35872 CVE-2024-35875 CVE-2024-35877 CVE-2024-35878 CVE-2024-35879 CVE-2024-35885 CVE-2024-35887 CVE-2024-35895 CVE-2024-35901 CVE-2024-35904 CVE-2024-35905 CVE-2024-35907 CVE-2024-35912 CVE-2024-35914 CVE-2024-35915 CVE-2024-35922 CVE-2024-35924 CVE-2024-35930 CVE-2024-35932 CVE-2024-35933 CVE-2024-35935 CVE-2024-35936 CVE-2024-35938 CVE-2024-35939 CVE-2024-35940 CVE-2024-35943 CVE-2024-35944 CVE-2024-35947 CVE-2024-35950 CVE-2024-35951 CVE-2024-35952 CVE-2024-35955 CVE-2024-35959 CVE-2024-35963 CVE-2024-35964 CVE-2024-35965 CVE-2024-35966 CVE-2024-35967 CVE-2024-35969 CVE-2024-35973 CVE-2024-35976 CVE-2024-35978 CVE-2024-35982 CVE-2024-35984 CVE-2024-35989 CVE-2024-35990 CVE-2024-35998 CVE-2024-35999 CVE-2024-36006 CVE-2024-36007 CVE-2024-36012 CVE-2024-36014 CVE-2024-36015 CVE-2024-36016 CVE-2024-36026 CVE-2024-36029 CVE-2024-36032 CVE-2024-36880 CVE-2024-36893 CVE-2024-36896 CVE-2024-36897 CVE-2024-36906 CVE-2024-36918 CVE-2024-36924 CVE-2024-36926 CVE-2024-36928 CVE-2024-36931 CVE-2024-36938 CVE-2024-36940 CVE-2024-36941 CVE-2024-36942 CVE-2024-36944 CVE-2024-36947 CVE-2024-36950 CVE-2024-36952 CVE-2024-36955 CVE-2024-36959 CVE-2024-38428 CVE-2024-4741 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20240626-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1076-1 Released: Mon Apr 1 10:51:40 2024 Summary: Recommended update for Libreoffice Type: recommended Severity: moderate References: This update for Libreoffice fixes the following issue: libreoffice was updated from version 7.6.2.1 to 24.2.1.2 (jsc#PED-7496, jsc#PED-8096): - Highlights of changes up to version 24.2.1.2 are listed in the following release notes: * https://wiki.documentfoundation.org/ReleaseNotes/24.2 * https://wiki.documentfoundation.org/Releases/24.2.1/RC2 * https://wiki.documentfoundation.org/Releases/24.2.1/RC1 * https://wiki.documentfoundation.org/Releases/7.6.4/RC1 * https://wiki.documentfoundation.org/Releases/7.6.3/RC2 * https://wiki.documentfoundation.org/Releases/7.6.3/RC1 * https://wiki.documentfoundation.org/Releases/7.6.2/RC2 - Update bundled dependencies: * curl version update from 8.2.1 to 8.6.0 * gpgme version update from 1.18.0 to 1.20.0 * harfbuzz version update from 8.0.0 to 8.2.2 * libcmis version update from 0.5.2 to 0.6.1 * libgpg-error version update from 1.43 to 1.47 * pdfium version update from 5778 to 6179 * poppler version update from 23.06.0 to 23.09.0 * skia version from m111-a31e897fb3dcbc96b2b40999751611d029bf5404 to m116-2ddcf183eb260f63698aa74d1bb380f247ad7ccd - New bundled dependencies: * Java-WebSocket-1.5.4.tar.gz * fontconfig-2.14.2.tar.xz * freetype-2.13.0.tar.xz * phc-winner-argon2-20190702.tar.gz * tiff-4.6.0.tar.xz - New required dependencies: * zxcvbn - Build Libreoffice using OpenSSL instead of NSS, since the bundled curl does not support the NSS backend any more abseil-cpp was updated from version 20230802.1 to 20240116.1: * Added absl::NoDestructor to simplify defining static types that do not need to be destructed upon program exit. * Added configurable verbose logging (also known as VLOG). * Added absl::Overload(), which returns a functor that provides overloads based on the functors passed to it. Note that this functionality requires C++17 or newer. * Breaking Changes: + AbslHashValue() no longer accepts C-style arrays as a parameter, caller need to wrap C-string literals in absl::string_view. + absl::weak_equality and absl::strong_equality have been removed. The corresponding std types were removed before C++20 was finalized libixion was updated from version 0.18.1 to 0.19.0: - C++ API: * Added support for renaming sheets after they have been created. - Formula interpreter: * Added support for inline arrays. liborcus was updated from version 0.18.1 to 0.19.2: - Changes in version 0.19.2: * Fixed a build issue with gcc 14 due to a missing include for std::find_if and std::for_each. * Fixed a segmentation fault with the orcus-test-xml-mapped test which manifested on hppa hardware, as originally reported on https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054376. * Fixed a crash when loading a document that includes a style record referencing an unnamed style record as its parent. In Excel-generated documents, styles only reference named styles as their parents. But in 3rd-party generated documents, styles referencing unnamed styles as their parents can occur. * Fixed a crash when the document model returned a null pointer when a reference resolver interface was requested. - Changes in version 0.19.1: * Implemented orcus::create_filter() which instantiates a filter object of specified type. The returned object is of type orcus::iface::import_filter. * Moved test cases for format detection to the respective filter test files. * Fixed a bug where the import filter did not set the formula grammer prior to importing. - Changes in version 0.19.0: * Added support for allowing use of std::filesystem, std::experimental::filesystem or boost::filesystem per build configuration. * Refactored styles import to use style indices returned by the document model implementer rather than using the indices stored in the file. This allows the implementer to aggregate some style records and re-use the same index for records that are stored as different records in the original file. * Fixed a bug where column styles were not applied to the correct columns when the starting column index was not 0. * Overhauled the Gnumeric import filter to fix many bugs and support many missing features relative to the other filters included in orcus. Most notable mentions are: + cell styles + rich-text strings + named ranges + row heights and column widths + merged cells * Added partial support for Apache Parquet import filter. This is still heavily experimental. zxcvbn: - New RPM package zxcvbn implementation needed as dependency for Libreoffice ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1848-1 Released: Thu May 30 06:52:35 2024 Summary: Recommended update for supportutils Type: recommended Severity: important References: 1220082,1222021 This update for supportutils fixes the following issues: - Suppress file descriptor leak warnings from lvm commands (bsc#1220082) - Add -V key:value pair option (bsc#1222021, PED-8211) - Avoid getting duplicate kernel verifications in boot.text - Include container log timestamps ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1863-1 Released: Thu May 30 14:18:27 2024 Summary: Security update for python-Jinja2 Type: security Severity: moderate References: 1218722,1223980,CVE-2024-22195,CVE-2024-34064 This update for python-Jinja2 fixes the following issues: - Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1876-1 Released: Fri May 31 06:47:32 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1221361 This update for aaa_base fixes the following issues: - Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1880-1 Released: Fri May 31 08:45:12 2024 Summary: Security update for python-requests Type: security Severity: moderate References: 1224788,CVE-2024-35195 This update for python-requests fixes the following issues: - CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1883-1 Released: Fri May 31 09:31:11 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: 1224877 This update for iputils fixes the following issue: - 'arping: Fix 1s delay on exit for unsolicited arpings', backport upstream fix (bsc#1224877) - Backport proposed fix for regression in upstream commit 4db1de6 (bsc#1224877) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1888-1 Released: Fri May 31 19:09:00 2024 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1216717,1223278,1224320 This update for suse-module-tools fixes the following issues: - Include unblacklist in initramfs (bsc#1224320) - regenerate-initrd-posttrans: run update-bootloader --refresh for XEN (bsc#1223278) - 60-io-scheduler.rules: test for 'scheduler' sysfs attribute (bsc#1216717) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1895-1 Released: Mon Jun 3 09:00:20 2024 Summary: Security update for glibc Type: security Severity: important References: 1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1994-1 Released: Tue Jun 11 15:03:55 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: This update for iputils fixes the following issue: - After upstream merged the fix, update git commit hashes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2022-1 Released: Thu Jun 13 16:13:20 2024 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1213551 This update for chrony fixes the following issues: - Use shorter NTS-KE retry interval when network is down (bsc#1213551) - Use make quickcheck instead of make check to avoid more than 1h build times and failures due to timeouts. This was the default before 3.2 but it changed to make tests more reliable ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2023-1 Released: Thu Jun 13 16:14:30 2024 Summary: Recommended update for socat Type: recommended Severity: moderate References: 1160293 This update for socat fixes the following issues: socat is updated to 1.8.0.0: Primary feature is enabling TLS 1.3 support. (jsc#PED-8413) * Support for network namespaces (option netns) * TCP client now automatically tries all addresses (IPv4 and IPv6) provided by nameserver until success * Implementation of POSIX message queue (mq) control and access on Linux (addresses POSIXMQ-READ and following) * New wrapper script socat-chain.sh allows to stack two addresses, e.g.HTTP proxy connect over SSL * New script socat-mux.sh allows n-to-1 / 1-to-n communications * New script socat-broker.sh allows group communications * Experimental socks5 client feature * Address ACCEPT-FD for systemd 'inetd' mode * UDP-Lite and DCCP address types * Addresses SOCKETPAIR and SHELL * New option bind-tmpname allows forked off children to bind UNIX domain client sockets to random unique pathes * New option retrieve-vlan (with INTERFACE addresses) now makes kernel keep VLAN tags in incoming packets * Simple statistics output with Socat option --statistics and with SIGUSR1 * A couple of new options, many fixes and corrections, see file CHANGES Update to 1.7.4.4: * FIX: In error.c msg2() there was a stack overflow on long messages: The terminating \0 Byte was written behind the last position. * FIX: UDP-RECVFROM with fork sometimes terminated when multiple packets arrived. * FIX: a couple of weaknesses and errors when accessing invalid or incompatible file system entries with UNIX domain, file, and generic addresses. * FIX: bad parser error message on 'socat /tmp/x\'x/x -' Update to 1.7.4.3: * fixes the TCP_INFO issue that broke building on non-Linux platforms. * building on AIX works again. * A few more corrections and improvements have been added Update to version 1.7.4.2: * Fixes a lot of bugs, e.g., for options -r and -R. * Further bugfixes, see the CHANGES file Update to 1.7.4.1: Security: * Buffer size option (-b) is internally doubled for CR-CRLF conversion, but not checked for integer overflow. This could lead to heap based buffer overflow, assuming the attacker could provide this parameter. * Many further bugfixes and new features, see the CHANGES file ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: 33664 Released: Thu Jun 13 21:03:09 2024 Summary: Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1222086,1223430,1223766,1224242 This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242) - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2051-1 Released: Tue Jun 18 09:16:01 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2085-1 Released: Wed Jun 19 11:36:00 2024 Summary: recommended update for python-requests Type: recommended Severity: moderate References: 1225912 This update for python-requests fixes the following issue: - Allow the usage of 'verify' parameter as a directory. (bsc#1225912) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2108-1 Released: Thu Jun 20 19:35:51 2024 Summary: Security update for containerd Type: security Severity: important References: 1221400,1224323,CVE-2023-45288 This update for containerd fixes the following issues: Update to containerd v1.7.17. - CVE-2023-45288: Fixed the limit of CONTINUATION frames read for an HTTP/2 request (bsc#1221400). - Fixed /sys/devices/virtual/powercap accessibility by default containers to mitigate power-based side channel attacks (bsc#1224323). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2174-1 Released: Mon Jun 24 07:20:48 2024 Summary: Security update for wget Type: security Severity: moderate References: 1226419,CVE-2024-38428 This update for wget fixes the following issues: - CVE-2024-38428: Fix mishandled semicolons in the userinfo subcomponent of a URI. (bsc#1226419) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2176-1 Released: Mon Jun 24 08:55:56 2024 Summary: Recommended update for grpc, libzypp, protobuf, python-grpcio. re2, zypper Type: recommended Severity: moderate References: 1222261,1222343,1222348 This update for grpc, libzypp, protobuf, python-grpcio, re2, zypper fixes the following issues: - rebuild packages using protobuf against newer protobuf and abseil-cpp libraries. (bsc#1222261) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2190-1 Released: Tue Jun 25 10:50:51 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1141539,1174585,1181674,1187716,1190569,1191949,1192107,1193983,1194288,1194869,1196956,1197915,1200465,1205205,1207284,1207361,1207948,1208149,1209657,1209799,1209834,1209980,1210335,1213863,1214852,1215322,1215702,1216358,1216702,1217169,1217339,1217515,1218447,1220021,1220267,1220363,1220783,1221044,1221081,1221615,1221777,1221816,1221829,1222011,1222374,1222385,1222413,1222464,1222513,1222559,1222561,1222608,1222619,1222627,1222721,1222765,1222770,1222783,1222793,1222870,1222893,1222960,1222961,1222974,1222975,1222976,1223011,1223023,1223027,1223031,1223043,1223046,1223048,1223049,1223084,1223113,1223119,1223137,1223138,1223140,1223188,1223203,1223207,1223315,1223360,1223384,1223390,1223432,1223489,1223505,1223532,1223575,1223595,1223626,1223627,1223628,1223631,1223633,1223638,1223650,1223653,1223666,1223670,1223671,1223675,1223677,1223678,1223679,1223698,1223712,1223715,1223717,1223718,1223737,1223738,1223741,1223744,1223747,1223748,1223750,1223752,1223754,1 223756,1223757,1223762,1223769,1223770,1223779,1223780,1223781,1223788,1223802,1223819,1223823,1223826,1223828,1223829,1223837,1223842,1223843,1223844,1223847,1223858,1223875,1223879,1223895,1223959,1223961,1223991,1223996,1224020,1224076,1224096,1224098,1224099,1224137,1224166,1224174,1224177,1224180,1224181,1224187,1224331,1224346,1224423,1224432,1224437,1224438,1224442,1224443,1224445,1224449,1224479,1224482,1224487,1224488,1224492,1224494,1224495,1224502,1224508,1224509,1224511,1224519,1224524,1224525,1224530,1224531,1224534,1224535,1224537,1224541,1224543,1224549,1224550,1224558,1224559,1224566,1224567,1224571,1224575,1224576,1224579,1224580,1224581,1224582,1224586,1224587,1224592,1224598,1224601,1224607,1224608,1224611,1224615,1224617,1224618,1224621,1224622,1224624,1224627,1224628,1224629,1224632,1224636,1224637,1224638,1224640,1224643,1224644,1224645,1224647,1224648,1224649,1224650,1224651,1224657,1224659,1224660,1224663,1224664,1224665,1224666,1224667,1224668,1224671,122467 2,1224676,1224678,1224679,1224680,1224681,1224682,1224685,1224686,1224692,1224697,1224699,1224701,1224703,1224705,1224707,1224717,1224718,1224721,1224722,1224723,1224725,1224727,1224728,1224729,1224730,1224731,1224732,1224733,1224736,1224738,1224739,1224740,1224747,1224749,1224759,1224763,1224764,1224765,1224766,1224794,1224795,1224796,1224803,1224816,1224895,1224898,1224900,1224901,1224902,1224903,1224904,1224905,1224907,1224909,1224910,1224911,1224912,1224913,1224914,1224915,1224920,1224928,1224929,1224930,1224931,1224932,1224936,1224937,1224941,1224942,1224944,1224945,1224947,1224956,1224988,1224992,1225000,1225003,1225005,1225008,1225009,1225022,1225031,1225032,1225036,1225041,1225044,1225053,1225076,1225077,1225082,1225085,1225086,1225092,1225095,1225096,1225097,1225106,1225108,1225109,1225114,1225118,1225121,1225122,1225123,1225125,1225126,1225127,1225129,1225131,1225132,1225138,1225139,1225145,1225151,1225153,1225156,1225158,1225160,1225161,1225164,1225167,1225180,1225183,122 5184,1225186,1225187,1225189,1225190,1225191,1225192,1225193,1225195,1225198,1225201,1225203,1225205,1225206,1225207,1225208,1225209,1225210,1225214,1225222,1225223,1225224,1225225,1225227,1225228,1225229,1225230,1225232,1225233,1225235,1225236,1225237,1225238,1225239,1225240,1225241,1225242,1225243,1225244,1225245,1225246,1225247,1225248,1225249,1225250,1225251,1225252,1225253,1225254,1225255,1225256,1225257,1225258,1225259,1225260,1225261,1225262,1225263,1225268,1225301,1225303,1225304,1225306,1225316,1225318,1225320,1225321,1225322,1225323,1225326,1225327,1225328,1225329,1225330,1225331,1225332,1225333,1225334,1225335,1225336,1225337,1225338,1225339,1225341,1225342,1225344,1225346,1225347,1225351,1225353,1225354,1225355,1225357,1225358,1225360,1225361,1225366,1225367,1225368,1225369,1225370,1225372,1225373,1225374,1225375,1225376,1225377,1225379,1225380,1225382,1225383,1225384,1225386,1225387,1225388,1225390,1225392,1225393,1225396,1225400,1225404,1225405,1225408,1225409,1225410, 1225411,1225424,1225425,1225427,1225431,1225435,1225436,1225437,1225438,1225439,1225441,1225442,1225443,1225444,1225445,1225446,1225447,1225450,1225453,1225455,1225461,1225463,1225464,1225466,1225467,1225468,1225471,1225472,1225478,1225479,1225480,1225482,1225483,1225486,1225488,1225490,1225492,1225495,1225499,1225500,1225501,1225502,1225506,1225508,1225510,1225513,1225515,1225529,1225530,1225532,1225534,1225535,1225548,1225549,1225550,1225553,1225554,1225555,1225556,1225557,1225559,1225560,1225565,1225566,1225568,1225569,1225570,1225571,1225572,1225577,1225583,1225584,1225587,1225588,1225589,1225590,1225591,1225592,1225593,1225595,1225599,1225616,1225640,1225642,1225705,1225708,1225715,1225720,1225722,1225734,1225735,1225747,1225748,1225756,1225761,1225766,1225775,1225810,1225820,1225829,1225835,1225842,CVE-2020-36788,CVE-2021-4148,CVE-2021-43527,CVE-2021-47358,CVE-2021-47359,CVE-2021-47360,CVE-2021-47361,CVE-2021-47362,CVE-2021-47363,CVE-2021-47364,CVE-2021-47365,CVE-2021-47366,CV E-2021-47367,CVE-2021-47368,CVE-2021-47369,CVE-2021-47370,CVE-2021-47371,CVE-2021-47372,CVE-2021-47373,CVE-2021-47374,CVE-2021-47375,CVE-2021-47376,CVE-2021-47378,CVE-2021-47379,CVE-2021-47380,CVE-2021-47381,CVE-2021-47382,CVE-2021-47383,CVE-2021-47384,CVE-2021-47385,CVE-2021-47386,CVE-2021-47387,CVE-2021-47388,CVE-2021-47389,CVE-2021-47390,CVE-2021-47391,CVE-2021-47392,CVE-2021-47393,CVE-2021-47394,CVE-2021-47395,CVE-2021-47396,CVE-2021-47397,CVE-2021-47398,CVE-2021-47399,CVE-2021-47400,CVE-2021-47401,CVE-2021-47402,CVE-2021-47403,CVE-2021-47404,CVE-2021-47405,CVE-2021-47406,CVE-2021-47407,CVE-2021-47408,CVE-2021-47409,CVE-2021-47410,CVE-2021-47412,CVE-2021-47413,CVE-2021-47414,CVE-2021-47415,CVE-2021-47416,CVE-2021-47417,CVE-2021-47418,CVE-2021-47419,CVE-2021-47420,CVE-2021-47421,CVE-2021-47422,CVE-2021-47423,CVE-2021-47424,CVE-2021-47425,CVE-2021-47426,CVE-2021-47427,CVE-2021-47428,CVE-2021-47429,CVE-2021-47430,CVE-2021-47431,CVE-2021-47433,CVE-2021-47434,CVE-2021-47435,CVE-2021- 47436,CVE-2021-47437,CVE-2021-47438,CVE-2021-47439,CVE-2021-47440,CVE-2021-47441,CVE-2021-47442,CVE-2021-47443,CVE-2021-47444,CVE-2021-47445,CVE-2021-47446,CVE-2021-47447,CVE-2021-47448,CVE-2021-47449,CVE-2021-47450,CVE-2021-47451,CVE-2021-47452,CVE-2021-47453,CVE-2021-47454,CVE-2021-47455,CVE-2021-47456,CVE-2021-47457,CVE-2021-47458,CVE-2021-47459,CVE-2021-47460,CVE-2021-47461,CVE-2021-47462,CVE-2021-47463,CVE-2021-47464,CVE-2021-47465,CVE-2021-47466,CVE-2021-47467,CVE-2021-47468,CVE-2021-47469,CVE-2021-47470,CVE-2021-47471,CVE-2021-47472,CVE-2021-47473,CVE-2021-47474,CVE-2021-47475,CVE-2021-47476,CVE-2021-47477,CVE-2021-47478,CVE-2021-47479,CVE-2021-47480,CVE-2021-47481,CVE-2021-47482,CVE-2021-47483,CVE-2021-47484,CVE-2021-47485,CVE-2021-47486,CVE-2021-47488,CVE-2021-47489,CVE-2021-47490,CVE-2021-47491,CVE-2021-47492,CVE-2021-47493,CVE-2021-47494,CVE-2021-47495,CVE-2021-47496,CVE-2021-47497,CVE-2021-47498,CVE-2021-47499,CVE-2021-47500,CVE-2021-47501,CVE-2021-47502,CVE-2021-47503,C VE-2021-47504,CVE-2021-47505,CVE-2021-47506,CVE-2021-47507,CVE-2021-47508,CVE-2021-47509,CVE-2021-47510,CVE-2021-47511,CVE-2021-47512,CVE-2021-47513,CVE-2021-47514,CVE-2021-47516,CVE-2021-47518,CVE-2021-47520,CVE-2021-47521,CVE-2021-47522,CVE-2021-47523,CVE-2021-47524,CVE-2021-47525,CVE-2021-47526,CVE-2021-47528,CVE-2021-47529,CVE-2021-47530,CVE-2021-47531,CVE-2021-47532,CVE-2021-47533,CVE-2021-47534,CVE-2021-47535,CVE-2021-47536,CVE-2021-47537,CVE-2021-47540,CVE-2021-47541,CVE-2021-47542,CVE-2021-47544,CVE-2021-47548,CVE-2021-47549,CVE-2021-47550,CVE-2021-47551,CVE-2021-47552,CVE-2021-47553,CVE-2021-47554,CVE-2021-47555,CVE-2021-47556,CVE-2021-47557,CVE-2021-47558,CVE-2021-47559,CVE-2021-47560,CVE-2021-47562,CVE-2021-47563,CVE-2021-47564,CVE-2021-47565,CVE-2021-47569,CVE-2022-48633,CVE-2022-48662,CVE-2022-48669,CVE-2022-48689,CVE-2022-48691,CVE-2022-48699,CVE-2022-48705,CVE-2022-48708,CVE-2022-48709,CVE-2022-48710,CVE-2023-0160,CVE-2023-1829,CVE-2023-42755,CVE-2023-47233,CVE-2023-5 2586,CVE-2023-52591,CVE-2023-52618,CVE-2023-52642,CVE-2023-52643,CVE-2023-52644,CVE-2023-52646,CVE-2023-52650,CVE-2023-52653,CVE-2023-52654,CVE-2023-52655,CVE-2023-52656,CVE-2023-52657,CVE-2023-52659,CVE-2023-52660,CVE-2023-52661,CVE-2023-52662,CVE-2023-52664,CVE-2023-52669,CVE-2023-52671,CVE-2023-52674,CVE-2023-52676,CVE-2023-52678,CVE-2023-52679,CVE-2023-52680,CVE-2023-52683,CVE-2023-52685,CVE-2023-52686,CVE-2023-52690,CVE-2023-52691,CVE-2023-52692,CVE-2023-52693,CVE-2023-52694,CVE-2023-52696,CVE-2023-52698,CVE-2023-52699,CVE-2023-52702,CVE-2023-52703,CVE-2023-52705,CVE-2023-52707,CVE-2023-52708,CVE-2023-52730,CVE-2023-52731,CVE-2023-52732,CVE-2023-52733,CVE-2023-52736,CVE-2023-52738,CVE-2023-52739,CVE-2023-52740,CVE-2023-52741,CVE-2023-52742,CVE-2023-52743,CVE-2023-52744,CVE-2023-52745,CVE-2023-52746,CVE-2023-52747,CVE-2023-52753,CVE-2023-52754,CVE-2023-52756,CVE-2023-52757,CVE-2023-52759,CVE-2023-52763,CVE-2023-52764,CVE-2023-52766,CVE-2023-52773,CVE-2023-52774,CVE-2023-52777,CV E-2023-52781,CVE-2023-52788,CVE-2023-52789,CVE-2023-52791,CVE-2023-52795,CVE-2023-52796,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52803,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52807,CVE-2023-52808,CVE-2023-52809,CVE-2023-52810,CVE-2023-52811,CVE-2023-52814,CVE-2023-52815,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52844,CVE-2023-52847,CVE-2023-52851,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-2023-52856,CVE-2023-52858,CVE-2023-52860,CVE-2023-52861,CVE-2023-52864,CVE-2023-52865,CVE-2023-52867,CVE-2023-52868,CVE-2023-52870,CVE-2023-52871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52880,CVE-2023-6531,CVE-2024-2201,CVE-2024-26597,CVE-2024-26643,CVE-2024-26679,CVE-2024-26692,CVE-2024-26698,CVE-2024-26700,CVE-2024-26715,CVE-2024-26739,CVE-2024-26 742,CVE-2024-26748,CVE-2024-26758,CVE-2024-26764,CVE-2024-26775,CVE-2024-26777,CVE-2024-26778,CVE-2024-26788,CVE-2024-26791,CVE-2024-26801,CVE-2024-26822,CVE-2024-26828,CVE-2024-26829,CVE-2024-26838,CVE-2024-26839,CVE-2024-26840,CVE-2024-26846,CVE-2024-26859,CVE-2024-26870,CVE-2024-26874,CVE-2024-26876,CVE-2024-26877,CVE-2024-26880,CVE-2024-26889,CVE-2024-26894,CVE-2024-26900,CVE-2024-26907,CVE-2024-26915,CVE-2024-26916,CVE-2024-26919,CVE-2024-26920,CVE-2024-26921,CVE-2024-26922,CVE-2024-26925,CVE-2024-26928,CVE-2024-26929,CVE-2024-26930,CVE-2024-26931,CVE-2024-26933,CVE-2024-26934,CVE-2024-26935,CVE-2024-26937,CVE-2024-26938,CVE-2024-26939,CVE-2024-26940,CVE-2024-26943,CVE-2024-26957,CVE-2024-26958,CVE-2024-26964,CVE-2024-26974,CVE-2024-26977,CVE-2024-26979,CVE-2024-26984,CVE-2024-26988,CVE-2024-26989,CVE-2024-26994,CVE-2024-26996,CVE-2024-26997,CVE-2024-26999,CVE-2024-27000,CVE-2024-27001,CVE-2024-27004,CVE-2024-27008,CVE-2024-27028,CVE-2024-27037,CVE-2024-27042,CVE-2024-27045,CVE -2024-27047,CVE-2024-27051,CVE-2024-27052,CVE-2024-27053,CVE-2024-27054,CVE-2024-27059,CVE-2024-27072,CVE-2024-27073,CVE-2024-27074,CVE-2024-27075,CVE-2024-27076,CVE-2024-27077,CVE-2024-27078,CVE-2024-27388,CVE-2024-27393,CVE-2024-27395,CVE-2024-27396,CVE-2024-27398,CVE-2024-27399,CVE-2024-27400,CVE-2024-27401,CVE-2024-27405,CVE-2024-27410,CVE-2024-27412,CVE-2024-27413,CVE-2024-27416,CVE-2024-27417,CVE-2024-27419,CVE-2024-27431,CVE-2024-27435,CVE-2024-27436,CVE-2024-35789,CVE-2024-35791,CVE-2024-35796,CVE-2024-35799,CVE-2024-35801,CVE-2024-35804,CVE-2024-35806,CVE-2024-35809,CVE-2024-35811,CVE-2024-35812,CVE-2024-35813,CVE-2024-35815,CVE-2024-35817,CVE-2024-35821,CVE-2024-35822,CVE-2024-35823,CVE-2024-35825,CVE-2024-35828,CVE-2024-35829,CVE-2024-35830,CVE-2024-35833,CVE-2024-35845,CVE-2024-35847,CVE-2024-35849,CVE-2024-35851,CVE-2024-35852,CVE-2024-35854,CVE-2024-35860,CVE-2024-35861,CVE-2024-35862,CVE-2024-35863,CVE-2024-35864,CVE-2024-35865,CVE-2024-35866,CVE-2024-35867,CVE-2024-3 5868,CVE-2024-35869,CVE-2024-35870,CVE-2024-35872,CVE-2024-35875,CVE-2024-35877,CVE-2024-35878,CVE-2024-35879,CVE-2024-35885,CVE-2024-35887,CVE-2024-35895,CVE-2024-35901,CVE-2024-35904,CVE-2024-35905,CVE-2024-35907,CVE-2024-35912,CVE-2024-35914,CVE-2024-35915,CVE-2024-35922,CVE-2024-35924,CVE-2024-35930,CVE-2024-35932,CVE-2024-35933,CVE-2024-35935,CVE-2024-35936,CVE-2024-35938,CVE-2024-35939,CVE-2024-35940,CVE-2024-35943,CVE-2024-35944,CVE-2024-35947,CVE-2024-35950,CVE-2024-35951,CVE-2024-35952,CVE-2024-35955,CVE-2024-35959,CVE-2024-35963,CVE-2024-35964,CVE-2024-35965,CVE-2024-35966,CVE-2024-35967,CVE-2024-35969,CVE-2024-35973,CVE-2024-35976,CVE-2024-35978,CVE-2024-35982,CVE-2024-35984,CVE-2024-35989,CVE-2024-35990,CVE-2024-35998,CVE-2024-35999,CVE-2024-36006,CVE-2024-36007,CVE-2024-36012,CVE-2024-36014,CVE-2024-36015,CVE-2024-36016,CVE-2024-36026,CVE-2024-36029,CVE-2024-36032,CVE-2024-36880,CVE-2024-36893,CVE-2024-36896,CVE-2024-36897,CVE-2024-36906,CVE-2024-36918,CVE-2024-36924,CV E-2024-36926,CVE-2024-36928,CVE-2024-36931,CVE-2024-36938,CVE-2024-36940,CVE-2024-36941,CVE-2024-36942,CVE-2024-36944,CVE-2024-36947,CVE-2024-36950,CVE-2024-36952,CVE-2024-36955,CVE-2024-36959 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47548: Fixed a possible array out-of=bounds (bsc#1225506) - CVE-2022-48689: Fixed data-race in lru_add_fn (bsc#1223959) - CVE-2022-48691: Fixed memory leak in netfilter (bsc#1223961) - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-42755: Check user supplied offsets (bsc#1215702). - CVE-2023-52586: Fixed mutex lock in control vblank irq (bsc#1221081). - CVE-2023-52618: Fixed string overflow in block/rnbd-srv (bsc#1221615). - CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169). - CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187). - CVE-2023-52660: Fiedx IRQ handling due to shared interrupts (bsc#1224443). - CVE-2023-52664: Eliminate double free in error handling logic (bsc#1224747). - CVE-2023-52671: Fixed hang/underflow when transitioning to ODM4:1 (bsc#1224729). - CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put() (bsc#1224727). - CVE-2023-52680: Fixed missing error checks to *_ctl_get() (bsc#1224608). - CVE-2023-52692: Fixed missing error check to scarlett2_usb_set_config() (bsc#1224628). - CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (bsc#1224621) - CVE-2023-52746: Prevent potential spectre v1 gadget in xfrm_xlate32_attr() (bsc#1225114) - CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548). - CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085). - CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930). - CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097). - CVE-2023-52860: Fixed null pointer dereference in hisi_hns3 (bsc#1224936). - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385). - CVE-2024-26692: Fixed regression in writes when non-standard maximum write size negotiated (bsc#1222464). - CVE-2024-26700: Fixed drm/amd/display: Fix MST Null Ptr for RV (bsc#1222870) - CVE-2024-26715: Fixed NULL pointer dereference in dwc3_gadget_suspend (bsc#1222561). - CVE-2024-26742: Fixed disable_managed_interrupts (git-fixes bsc#1222608). - CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627). - CVE-2024-26777: Error out if pixclock equals zero in fbdev/sis (bsc#1222765) - CVE-2024-26778: Error out if pixclock equals zero in fbdev/savage (bsc#1222770) - CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793) - CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011). - CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084). - CVE-2024-26839: Fixed a memleak in init_credit_return() (bsc#1222975) - CVE-2024-26876: Fixed crash on irq during probe (bsc#1223119). - CVE-2024-26900: Fixed kmemleak of rdev->serial (bsc#1223046). - CVE-2024-26907: Fixed a fortify source warning while accessing Eth segment in mlx5 (bsc#1223203). - CVE-2024-26915: Reset IH OVERFLOW_CLEAR bit (bsc#1223207) - CVE-2024-26919: Fixed debugfs directory leak (bsc#1223847). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390). - CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532). - CVE-2024-26939: Fixed UAF on destroy against retire race (bsc#1223679). - CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653). - CVE-2024-27042: Fixed potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' (bsc#1223823). - CVE-2024-27395: Fixed Use-After-Free in ovs_ct_exit (bsc#1224098). - CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181). - CVE-2024-27413: Fixed incorrect allocation size (bsc#1224438). - CVE-2024-27417: Fixed potential 'struct net' leak in inet6_rtm_getaddr() (bsc#1224721) - CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759) - CVE-2024-27431: Zero-initialise xdp_rxq_info struct before running XDP program (bsc#1224718). - CVE-2024-35791: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (bsc#1224725). - CVE-2024-35799: Prevent crash when disable stream (bsc#1224740). - CVE-2024-35804: Mark target gfn of emulated atomic instruction as dirty (bsc#1224638). - CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736). - CVE-2024-35852: Fixed memory leak when canceling rehash work (bsc#1224502). - CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636). - CVE-2024-35860: Struct bpf_link and bpf_link_ops kABI workaround (bsc#1224531). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765,). - CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668). - CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key() (bsc#1224667). - CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664). - CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678). - CVE-2024-35869: Guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224020, bsc#1224672). - CVE-2024-35872: Fixed GUP-fast succeeding on secretmem folios (bsc#1224530). - CVE-2024-35875: Require seeding RNG with RDRAND on CoCo systems (bsc#1224665). - CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525). - CVE-2024-35878: Prevent NULL pointer dereference in vsnprintf() (bsc#1224671). - CVE-2024-35879: kABI workaround for drivers/of/dynamic.c (bsc#1224524). - CVE-2024-35885: Stop interface during shutdown (bsc#1224519). - CVE-2024-35904: Fixed dereference of garbage after mount failure (bsc#1224494). - CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488). - CVE-2024-35907: Call request_irq() after NAPI initialized (bsc#1224492). - CVE-2024-35924: Limit read size on v1.2 (bsc#1224657). - CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535). - CVE-2024-35943: Fixed a null pointer dereference in omap_prm_domain_init (bsc#1224649). - CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host() (bsc#1224648). - CVE-2024-35951: Fixed the error path in panfrost_mmu_map_fault_addr() (bsc#1224701). - CVE-2024-35959: Fixed mlx5e_priv_init() cleanup flow (bsc#1224666). - CVE-2024-35964: Fixed not validating setsockopt user input (bsc#1224581). - CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580). - CVE-2024-35973: Fixed header validation in geneve[6]_xmit_skb (bsc#1224586). - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575). - CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549). - CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550). - CVE-2024-36006: Fixed incorrect list API usage (bsc#1224541). - CVE-2024-36007: Fixed warning during rehash (bsc#1224543). - CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761). The following non-security bugs were fixed: - 9p: explicitly deny setlease attempts (git-fixes). - ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes). - ACPI: disable -Wstringop-truncation (git-fixes). - ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes). - ACPI: LPSS: Advertise number of chip selects via property (git-fixes). - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (git-fixes). - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - ALSA: core: Fix NULL module pointer assignment at card init (git-fixes). - ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup (git-fixes). - ALSA: line6: Zero-initialize message buffers (stable-fixes). - ARM: 9381/1: kasan: clear stale stack poison (git-fixes). - ASoC: Intel: avs: Fix ASRC module initialization (git-fixes). - ASoC: Intel: avs: Fix potential integer overflow (git-fixes). - ASoC: Intel: avs: ssm4567: Do not ignore route checks (git-fixes). - ASoC: Intel: Disable route checks for Skylake boards (git-fixes). - ASoC: kirkwood: Fix potential NULL dereference (git-fixes). - ASoC: mediatek: mt8192: fix register configuration for tdm (git-fixes). - ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes). - ASoC: meson: axg-fifo: use threaded irq to check periods (git-fixes). - ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (git-fixes). - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes). - ata: pata_legacy: make legacy_exit() work again (git-fixes). - ata: sata_gemini: Check clk_enable() result (stable-fixes). - autofs: use wake_up() instead of wake_up_interruptible(() (bsc#1224166). - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (git-fixes). - Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() (git-fixes). - Bluetooth: hci_sync: Do not double print name in add/remove adv_monitor (bsc#1216358). - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (git-fixes). - Bluetooth: msft: fix slab-use-after-free in msft_do_close() (git-fixes). - Bluetooth: qca: add missing firmware sanity checks (git-fixes). - Bluetooth: qca: Fix error code in qca_read_fw_build_info() (git-fixes). - Bluetooth: qca: fix firmware check error path (git-fixes). - Bluetooth: qca: fix info leak when fetching fw build id (git-fixes). - Bluetooth: qca: fix NVM configuration parsing (git-fixes). - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes) - bpf: decouple prune and jump points (bsc#1225756). - bpf: fix precision backtracking instruction iteration (bsc#1225756). - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (git-fixes). - bpf: handle ldimm64 properly in check_cfg() (bsc#1225756). - bpf: mostly decouple jump history management from is_state_visited() (bsc#1225756). - bpf: remove unnecessary prune and jump points (bsc#1225756). - btrfs: add error messages to all unrecognized mount options (git-fixes) - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes) - btrfs: extend locking to all space_info members accesses (git-fixes) - btrfs: fix btrfs_submit_compressed_write cgroup attribution (git-fixes) - btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes) - btrfs: fix missing blkdev_put() call in btrfs_scan_one_device() (git-fixes) - btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes) - btrfs: fix qgroup reserve overflow the qgroup limit (git-fixes) - btrfs: fix silent failure when deleting root reference (git-fixes) - btrfs: fix use-after-free after failure to create a snapshot (git-fixes) - btrfs: free exchange changeset on failures (git-fixes) - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: make search_csum_tree return 0 if we get -EFBIG (git-fixes) - btrfs: prevent copying too big compressed lzo segment (git-fixes) - btrfs: remove BUG_ON(!eie) in find_parent_nodes (git-fixes) - btrfs: remove BUG_ON() in find_parent_nodes() (git-fixes) - btrfs: repair super block num_devices automatically (git-fixes) - btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling (git-fixes) - btrfs: send: ensure send_fd is writable (git-fixes) - btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes) - btrfs: send: in case of IO error log it (git-fixes) - btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes) - btrfs: tree-checker: check item_size for dev_item (git-fixes) - btrfs: tree-checker: check item_size for inode_item (git-fixes) - cifs: account for primary channel in the interface list (bsc#1224020). - cifs: cifs_chan_is_iface_active should be called with chan_lock held (bsc#1224020). - cifs: distribute channels across interfaces based on speed (bsc#1224020). - cifs: do not pass cifs_sb when trying to add channels (bsc#1224020). - cifs: failure to add channel on iface should bump up weight (git-fixes, bsc#1224020). - cifs: fix charset issue in reconnection (bsc#1224020). - cifs: fix leak of iface for primary channel (git-fixes, bsc#1224020). - cifs: handle cases where a channel is closed (bsc#1224020). - cifs: handle cases where multiple sessions share connection (bsc#1224020). - cifs: reconnect work should have reference on server struct (bsc#1224020). - clk: Do not hold prepare_lock when calling kref_put() (stable-fixes). - clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes). - counter: stm32-lptimer-cnt: Provide defines for clock polarities (git-fixes). - counter: stm32-timer-cnt: Provide defines for slave mode selection (git-fixes). - cppc_cpufreq: Fix possible null pointer dereference (git-fixes). - cpu/hotplug: Remove the 'cpu' member of cpuhp_cpu_state (git-fixes). - cpumask: Add for_each_cpu_from() (bsc#1225053). - crypto: bcm - Fix pointer arithmetic (git-fixes). - crypto: ccp - drop platform ifdef checks (git-fixes). - crypto: ecdsa - Fix module auto-load on add-key (git-fixes). - crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes). - dmaengine: axi-dmac: fix possible race in remove() (git-fixes). - dmaengine: idma64: Add check for dma_set_max_seg_size (git-fixes). - dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users (git-fixes). - dm-multipath: dont't attempt SG_IO on non-SCSI-disks (bsc#1223575). - docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes). - drivers/nvme: Add quirks for device 126f:2262 (git-fixes). - drm/amd/display: Atom Integrated System Info v2_2 for DCN35 (stable-fixes). - drm/amd/display: Fix division by zero in setup_dsc_config (stable-fixes). - drm/amd/display: Fix potential index out of bounds in color transformation function (git-fixes). - drm/amd/display: Handle Y carry-over in VCP X.Y calculation (stable-fixes). - drm/amd: Flush GFXOFF requests in prepare stage (git-fixes). - drm/amdgpu: Refine IB schedule error logging (stable-fixes). - drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (git-fixes). - drm/arm/malidp: fix a possible null pointer dereference (git-fixes). - drm/bridge: anx7625: Do not log an error when DSI host can't be found (git-fixes). - drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (git-fixes). - drm/bridge: dpc3433: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: icn6211: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt8912b: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt9611: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (git-fixes). - drm/connector: Add \n to message about demoting connector force-probes (git-fixes). - drm/i915/bios: Fix parsing backlight BDB data (git-fixes). - drm/lcdif: Do not disable clocks on already suspended hardware (git-fixes). - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes). - drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes). - drm/meson: dw-hdmi: power up phy on device init (git-fixes). - drm/meson: vclk: fix calculation of 59.94 fractional rates (git-fixes). - drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes). - drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes). - drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (git-fixes). - drm/nouveau/dp: Do not probe eDP ports twice harder (stable-fixes). - drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD does not assert (git-fixes). - drm/panel: novatek-nt35950: Do not log an error when DSI host can't be found (git-fixes). - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (git-fixes). - drm: vc4: Fix possible null pointer dereference (git-fixes). - dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes) - dyndbg: fix old BUG_ON in >control parser (stable-fixes). - efi: libstub: only free priv.runtime_map when allocated (git-fixes). - extcon: max8997: select IRQ_DOMAIN instead of depending on it (git-fixes). - fail_function: fix wrong use of fei_attr_remove(). - fbdev: savage: Handle err return when savagefb_check_var failed (git-fixes). - fbdev: shmobile: fix snprintf truncation (git-fixes). - fbdev: sisfb: hide unused variables (git-fixes). - firewire: ohci: mask bus reset interrupts between ISR and bottom half (stable-fixes). - firmware: dmi-id: add a release callback function (git-fixes). - firmware: raspberrypi: Use correct device for DMA mappings (git-fixes). - fs/9p: drop inodes immediately on non-.L too (git-fixes). - fs/9p: only translate RWX permissions for plain 9P2000 (git-fixes). - fs/9p: translate O_TRUNC into OTRUNC (git-fixes). - gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes). - gpio: wcove: Use -ENOTSUPP consistently (stable-fixes). - gpu: host1x: Do not setup DMA for virtual devices (stable-fixes). - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (git-fixes). - hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock (git-fixes). - hwmon: (corsair-cpro) Use a separate buffer for sending commands (git-fixes). - hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() (git-fixes). - hwmon: (lm70) fix links in doc and comments (git-fixes). - hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us (git-fixes). - i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame (git-fixes). - i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (git-fixes). - IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes) - idpf: extend tx watchdog timeout (bsc#1224137). - iio: core: Leave private pointer NULL when no private data supplied (git-fixes). - iio: pressure: dps310: support negative temperature values (git-fixes). - Input: cyapa - add missing input core locking to suspend/resume functions (git-fixes). - Input: ims-pcu - fix printf string overflow (git-fixes). - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (git-fixes). - iomap: Fix inline extent handling in iomap_readpage (git-fixes) - iomap: iomap: fix memory corruption when recording errors during writeback (git-fixes) - iomap: Support partial direct I/O on user copy failures (git-fixes) - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331) - io_uring/unix: drop usage of io_uring socket (git-fixes). - irqchip/gic-v3-its: Prevent double free on error (git-fixes). - jffs2: prevent xattr node from overflowing the eraseblock (git-fixes). - kABI: bpf: struct bpf_insn_aux_data kABI workaround (bsc#1225756). - kcm: do not sense pfmemalloc status in kcm_sendpage() (git-fixes bsc#1223959) - KEYS: trusted: Do not use WARN when encode fails (git-fixes). - KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes). - KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1224794). - leds: pwm: Disable PWM when going to suspend (git-fixes). - libsubcmd: Fix parse-options memory leak (git-fixes). - locking/atomic: Make test_and_*_bit() ordered on failure (git-fixes). - media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (git-fixes). - media: dt-bindings: ovti,ov2680: Fix the power supply names (git-fixes). - media: mc: mark the media devnode as registered from the, start (git-fixes). - media: ngene: Add dvb_ca_en50221_init return value check (git-fixes). - media: stk1160: fix bounds checking in stk1160_copy_video() (git-fixes). - mei: me: add lunar lake point M DID (stable-fixes). - mfd: intel-lpss: Revert 'Add missing check for platform_get_resource' (git-fixes). - mfd: ti_am335x_tscadc: Support the correctly spelled DT property (git-fixes). - mfd: tqmx86: Specify IO port register range more precisely (git-fixes). - mlxbf_gige: Enable the GigE port in mlxbf_gige_open (git-fixes). - mlxbf_gige: Fix intermittent no ip issue (git-fixes). - mlxbf_gige: stop PHY during open() error paths (git-fixes). - mmc: sdhci_am654: Add tuning algorithm for delay chain (git-fixes). - mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes). - Move upstreamed patches into sorted section - mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (git-fixes). - mtd: rawnand: hynix: fixed typo (git-fixes). - net: do not sense pfmemalloc status in skb_append_pagefrags() (git-fixes bsc#1223959) - netfilter: nf_tables: bail out early if hardware offload is not supported (git-fixes bsc#1223961) - net: introduce __skb_fill_page_desc_noacc (git-fixes bsc#1223959) - net: nfc: remove inappropriate attrs check (stable-fixes). - net: qualcomm: rmnet: fix global oob in rmnet_policy (git-fixes). - net: usb: ax88179_178a: fix link status when link is set to down/up (git-fixes). - net:usb:qmi_wwan: support Rolling modules (stable-fixes). - net: usb: smsc95xx: stop lying about skb->truesize (git-fixes). - net: usb: sr9700: stop lying about skb->truesize (git-fixes). - net: vmxnet3: Fix NULL pointer dereference in vmxnet3_rq_rx_complete() (bsc#1223360). - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes). - nfc: nci: Fix uninit-value in nci_rx_work (git-fixes). - nilfs2: fix out-of-range warning (git-fixes). - nilfs2: fix unexpected freezing of nilfs_segctor_sync() (git-fixes). - nilfs2: fix use-after-free of timer for log writer thread (git-fixes). - nilfs2: make superblock data array index computation sparse friendly (git-fixes). - nvme: ensure disabling pairs with unquiesce (bsc#1224534). - nvme: fix miss command type check (git-fixes). - nvme: fix multipath batched completion accounting (git-fixes). - nvme-multipath: fix io accounting on failover (git-fixes). - nvmet: fix ns enable/disable possible hang (git-fixes). - PCI: dwc: Detect iATU settings after getting 'addr_space' resource (git-fixes). - PCI: dwc: ep: Fix DBI access failure for drivers requiring refclk from host (git-fixes). - PCI: dwc: Use the bitmap API to allocate bitmaps (git-fixes). - PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (git-fixes). - PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (git-fixes). - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (git-fixes). - PCI: tegra194: Fix probe path for Endpoint mode (git-fixes). - pinctrl: armada-37xx: remove an unused variable (git-fixes). - pinctrl: core: delete incorrect free in pinctrl_enable() (git-fixes). - pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() (stable-fixes). - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (git-fixes). - pinctrl/meson: fix typo in PDM's pin name (git-fixes). - pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T (git-fixes). - platform/x86/intel-uncore-freq: Do not present root domain on error (git-fixes). - platform/x86: xiaomi-wmi: Fix race condition when reporting key events (git-fixes). - powerpc/eeh: Permanently disable the removed device (bsc#1223991 ltc#205740). - powerpc/eeh: Small refactor of eeh_handle_normal_event() (bsc#1223991 ltc#205740). - powerpc/eeh: Use a goto for recovery failures (bsc#1223991 ltc#205740). - powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729). - powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes). - powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783). - powerpc/uaccess: Fix build errors seen with GCC 13/14 (bsc#1194869). - powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869). - power: rt9455: hide unused rt9455_boost_voltage_values (git-fixes). - ppdev: Add an error check in register_device (git-fixes). - printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1225616). - qibfs: fix dentry leak (git-fixes) - RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes) - RDMA/hns: Fix deadlock on SRQ async events. (git-fixes) - RDMA/hns: Fix GMV table pagesize (git-fixes) - RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes) - RDMA/hns: Fix UAF for cq async event (git-fixes) - RDMA/hns: Modify the print level of CQE error (git-fixes) - RDMA/hns: Use complete parentheses in macros (git-fixes) - RDMA/IPoIB: Fix format truncation compilation errors (git-fixes) - RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes) - RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes) - RDMA/rxe: Add ibdev_dbg macros for rxe (git-fixes) - RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes) - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes) - RDMA/rxe: Fix the problem 'mutex_destroy missing' (git-fixes) - RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c (git-fixes) - RDMA/rxe: Split rxe_run_task() into two subroutines (git-fixes) - regulator: bd71828: Do not overwrite runtime voltages (git-fixes). - regulator: core: fix debugfs creation regression (git-fixes). - regulator: mt6360: De-capitalize devicetree regulator subnodes (git-fixes). - remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (git-fixes). - Revert 'cifs: reconnect work should have reference on server struct' (git-fixes, bsc#1224020). - Revert 'drm/bridge: ti-sn65dsi83: Fix enable error path' (git-fixes). - ring-buffer: Fix a race between readers and resize checks (git-fixes). - s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes bsc#1224795). - s390/cio: fix tracepoint subchannel type field (git-fixes bsc#1224796). - s390/cpum_cf: make crypto counters upward compatible across machine types (bsc#1224346). - s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (git-fixes bsc#1225139). - s390/ipl: Fix incorrect initialization of nvme dump block (git-fixes bsc#1225138). - sched/topology: Optimize topology_span_sane() (bsc#1225053). - scsi: arcmsr: Support new PCI device IDs 1883 and 1886 (git-fixes). - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes). - scsi: core: Consult supported VPD page list prior to fetching page (git-fixes). - scsi: core: Fix unremoved procfs host directory regression (git-fixes). - scsi: csiostor: Avoid function pointer casts (git-fixes). - scsi: libfc: Do not schedule abort twice (git-fixes). - scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (git-fixes). - scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842). - scsi: lpfc: Change default logging level for unsolicited CT MIB commands (bsc#1225842). - scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask (bsc#1225842). - scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (bsc#1225842). - scsi: lpfc: Copyright updates for 14.4.0.2 patches (bsc#1225842). - scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (bsc#1225842). - scsi: lpfc: Update logging of protection type for T10 DIF I/O (bsc#1225842). - scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842). - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (git-fixes). - scsi: mylex: Fix sysfs buffer lengths (git-fixes). - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (git-fixes). - scsi: sd: Unregister device if device_add_disk() failed in sd_probe() (git-fixes). - selftests/pidfd: Fix config for pidfd_setns_test (git-fixes). - serial: 8250_bcm7271: use default_mux_rate if possible (git-fixes). - serial: kgdboc: Fix NMI-safety problems from keyboard reset code (stable-fixes). - serial: max3100: Fix bitwise types (git-fixes). - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (git-fixes). - serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (git-fixes). - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (git-fixes). - serial: sh-sci: protect invalidating RXDMA on shutdown (git-fixes). - smb3: show beginning time for per share stats (bsc#1224020). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - smb: client: fix mount when dns_resolver key is not available (git-fixes, bsc#1224020). - smb: client: get rid of dfs code dep in namespace.c (bsc#1224020). - smb: client: get rid of dfs naming in automount code (bsc#1224020). - smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1224020). - smb: client: reduce stack usage in cifs_try_adding_channels() (bsc#1224020). - smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (bsc#1224020). - smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1224020). - soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes). - soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (git-fixes). - Sort recent BHI patches - speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes). - spmi: Add a check for remove callback when removing a SPMI driver (git-fixes). - spmi: hisi-spmi-controller: Do not override device identifier (git-fixes). - swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331). - swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331) - swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331) - swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331) - sysv: do not call sb_bread() with pointers_lock held (git-fixes). - thermal/drivers/tsens: Fix null pointer dereference (git-fixes). - tools/latency-collector: Fix -Wformat-security compile warns (git-fixes). - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer (bsc#1225535) - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (git-fixes). - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (git-fixes). - tracing: hide unused ftrace_event_id_fops (git-fixes). - tty: n_gsm: fix missing receive state reset after mode switch (git-fixes). - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (git-fixes). - usb: aqc111: stop lying about skb->truesize (git-fixes). - USB: core: Add hub_get() and hub_put() routines (git-fixes). - USB: core: Fix access violation during port device removal (git-fixes). - USB: core: Fix deadlock in port 'disable' sysfs attribute (git-fixes). - usb: dwc3: core: Prevent phy suspend during init (Git-fixes). - usb: gadget: u_audio: Clear uac pointer when freed (git-fixes). - usb: typec: tipd: fix event checking for tps6598x (git-fixes). - usb: typec: ucsi: displayport: Fix potential deadlock (git-fixes). - VMCI: Fix an error handling path in vmci_guest_probe_device() (git-fixes). - VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (stable-fixes). - vmci: prevent speculation leaks by sanitizing event in event_deliver() (git-fixes). - watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (git-fixes). - watchdog: ixp4xx: Make sure restart always works (git-fixes). - watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (git-fixes). - wifi: ar5523: enable proper endpoint verification (git-fixes). - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes). - wifi: ath10k: poll service ready message before failing (git-fixes). - wifi: ath10k: populate board data for WCN3990 (git-fixes). - wifi: ath11k: do not force enable power save on non-running vdevs (git-fixes). - wifi: carl9170: add a proper sanity check for endpoints (git-fixes). - wifi: carl9170: re-fix fortified-memset warning (git-fixes). - wifi: cfg80211: fix rdev_dump_mpp() arguments order (stable-fixes). - wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (stable-fixes). - wifi: mwl8k: initialize cmd->addr[] properly (git-fixes). - x86/boot: Ignore NMIs during very early boot (git-fixes). - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes). - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (git-fixes). - x86/bugs: Fix BHI documentation (git-fixes). - x86/bugs: Fix BHI handling of RRSBA (git-fixes). - x86/bugs: Fix BHI retpoline check (git-fixes). - x86/bugs: Fix return type of spectre_bhi_state() (git-fixes). - x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes). - x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes). - x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes). - x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (git-fixes). - x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes). - x86/lib: Fix overflow when counting digits (git-fixes). - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes). - x86/nmi: Drop unused declaration of proc_nmi_enabled() (git-fixes). - x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes). - x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes). - x86/sme: Fix memory encryption setting if enabled by default and not overridden (git-fixes). - x86/tdx: Preserve shared bit on mprotect() (git-fixes). - xfs: fix exception caused by unexpected illegal bestcount in leaf dir (git-fixes). - xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork (git-fixes). - xfs: fix imprecise logic in xchk_btree_check_block_owner (git-fixes). - xfs: fix inode reservation space for removing transaction (git-fixes). - xfs: shrink failure needs to hold AGI buffer (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2215-1 Released: Tue Jun 25 17:15:25 2024 Summary: Recommended update for python-azure-agent Type: recommended Severity: moderate References: 1225946 This update for python-azure-agent fixes the following issue: - Use the -Z option for mv and cp in the posttrans to properly handle SELinux context (bsc#1225946) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2222-1 Released: Tue Jun 25 18:10:29 2024 Summary: Recommended update for cloud-init Type: recommended Severity: important References: 1219680,1223469 This update for cloud-init fixes the following issues: - Brute force approach to skip renames if the device is already present (bsc#1219680) - Handle the existence of /usr/etc/sudoers to search for the expected include location (bsc#1223469) - Do not enable cloud-init on systems where there is no DMI just because no data source has been found. No data source means cloud-init will not run. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2242-1 Released: Wed Jun 26 15:42:01 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1218668 This update for wicked fixes the following issues: - Fix VLANs/bonds randomly not coming up after reboot or wicked restart. [bsc#1218668] The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-150300.10.20.1 updated - chrony-pool-suse-4.1-150400.21.5.7 updated - chrony-4.1-150400.21.5.7 updated - cloud-init-config-suse-23.3-150100.8.82.3 updated - cloud-init-23.3-150100.8.82.3 updated - containerd-ctr-1.7.17-150000.111.3 updated - containerd-1.7.17-150000.111.3 updated - glibc-locale-base-2.31-150300.83.1 updated - glibc-locale-2.31-150300.83.1 updated - glibc-2.31-150300.83.1 updated - iputils-20221126-150500.3.8.2 updated - kernel-default-5.14.21-150500.55.68.1 updated - libabsl2401_0_0-20240116.1-150500.13.7.8 added - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libjitterentropy3-3.4.1-150000.1.12.1 updated - libopenssl1_1-1.1.1l-150500.17.31.1 updated - libprotobuf-lite25_1_0-25.1-150500.12.2.2 updated - libsolv-tools-base-0.7.29-150400.3.22.4 added - libsolv-tools-0.7.29-150400.3.22.4 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libzypp-17.34.1-150500.6.2.1 updated - openssl-1_1-1.1.1l-150500.17.31.1 updated - python-azure-agent-config-server-2.9.1.1-150100.3.37.3 updated - python-azure-agent-2.9.1.1-150100.3.37.3 updated - python3-Jinja2-2.10.1-150000.3.13.1 updated - python3-requests-2.25.1-150300.3.12.2 updated - socat-1.8.0.0-150400.14.3.1 updated - supportutils-3.1.30-150300.7.35.30.1 updated - suse-module-tools-15.5.5-150500.3.12.2 updated - wget-1.20.3-150000.3.20.1 updated - wicked-service-0.6.75-150500.3.29.1 updated - wicked-0.6.75-150500.3.29.1 updated - zypper-1.14.73-150500.6.2.1 updated - libabsl2308_0_0-20230802.1-150400.10.4.1 removed From sle-container-updates at lists.suse.com Tue Jul 2 10:49:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Jul 2024 12:49:26 +0200 (CEST) Subject: SUSE-CU-2024:2967-1: Security update of bci/openjdk-devel Message-ID: <20240702104926.656ECFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2967-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-23.2 Container Release : 23.2 Severity : important Type : security References : 1029961 1092100 1121753 1158830 1158830 1158830 1181475 1181976 1185417 1195468 1206412 1206798 1209122 1209122 1214025 1214290 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2023-4016 CVE-2023-4156 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2730-1 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Type: security Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:225-1 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:11-1 Released: Tue Jan 2 13:24:52 2024 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1029961,1158830,1206798,1209122 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-? as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2255-1 Released: Tue Jul 2 05:25:54 2024 Summary: Recommended update for Java Type: recommended Severity: moderate References: This update for Java fixes the following issues: maven-file-management: - Use sisu-plexus instead of plexus-containers-container-default - Added dependency on plexus-xml where relevant - Removed unnecessary dependency on xmvn tools and parent pom maven-shared-io: - Do not add PROVIDED dependency on plexus-container-default - Use sisu-plexus instead of plexus-containers-container-default - Removed unnecessary dependency on xmvn tools and parent pom maven2: - Use sisu-plexus instead of plexus-containers-container-default - Fixed build with both sisu-plexus and plexus-containers-container-default - Require the new plexus-xml package to fix build maven-shared-utils was updated to version 3.3.4: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact in order to avoid conflict/choise of providers - Checked exception converted to raw runtime - PrettyPrintXmlWriter output is platform dependent - Deprecated StringUtils.unifyLineSeparator - Fixed environment variable with null value - Dependencies upgraded: * Upgraded Jansi to 2.0.1 * Upgraded Jansi to 2.2.0 plexus-ant-factory: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default - Fixed the code to build both with sisu-plexus and plexus-containers-container-default. plexus-bsh-factory: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default plexus-cli: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid conflict/choise of providers plexus-i18n: - Use sisu-plexus instead of plexus-containers-container-default plexus-resources: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default plexus-sec-dispatcher: - Removed unnecessary dependency on plexus-containers-container-default - Add dependency on plexus-xml where relevant - Build with source and target levels 8 plexus-velocity: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default tesla-polyglot: - Fixed build with maven-plugin-plugin - Fixed build with snakeyaml 2.2 The following package changes have been done: - libgpg-error0-1.42-150400.1.101 added - libgcrypt20-1.9.4-150500.10.19 added - libgcrypt20-hmac-1.9.4-150500.10.19 added - curl-8.0.1-150400.5.44.1 added - liblz4-1-1.9.3-150400.1.7 added - libsystemd0-249.17-150400.8.40.1 added - libprocps8-3.3.17-150000.7.37.1 added - procps-3.3.17-150000.7.37.1 added - gawk-4.2.1-150000.3.3.1 added - maven-shared-utils-3.3.4-150200.3.7.2 updated - plexus-sec-dispatcher-2.0-150200.3.7.3 updated From sle-container-updates at lists.suse.com Tue Jul 2 10:48:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 2 Jul 2024 12:48:27 +0200 (CEST) Subject: SUSE-CU-2024:2966-1: Security update of bci/openjdk-devel Message-ID: <20240702104827.8B714FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2966-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-21.2 Container Release : 21.2 Severity : important Type : security References : 1029961 1092100 1121753 1158830 1158830 1158830 1181475 1181976 1185417 1195468 1206412 1206798 1209122 1209122 1214025 1214290 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2023-4016 CVE-2023-4156 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2730-1 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Type: security Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:225-1 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:11-1 Released: Tue Jan 2 13:24:52 2024 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1029961,1158830,1206798,1209122 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-? as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2255-1 Released: Tue Jul 2 05:25:54 2024 Summary: Recommended update for Java Type: recommended Severity: moderate References: This update for Java fixes the following issues: maven-file-management: - Use sisu-plexus instead of plexus-containers-container-default - Added dependency on plexus-xml where relevant - Removed unnecessary dependency on xmvn tools and parent pom maven-shared-io: - Do not add PROVIDED dependency on plexus-container-default - Use sisu-plexus instead of plexus-containers-container-default - Removed unnecessary dependency on xmvn tools and parent pom maven2: - Use sisu-plexus instead of plexus-containers-container-default - Fixed build with both sisu-plexus and plexus-containers-container-default - Require the new plexus-xml package to fix build maven-shared-utils was updated to version 3.3.4: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact in order to avoid conflict/choise of providers - Checked exception converted to raw runtime - PrettyPrintXmlWriter output is platform dependent - Deprecated StringUtils.unifyLineSeparator - Fixed environment variable with null value - Dependencies upgraded: * Upgraded Jansi to 2.0.1 * Upgraded Jansi to 2.2.0 plexus-ant-factory: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default - Fixed the code to build both with sisu-plexus and plexus-containers-container-default. plexus-bsh-factory: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default plexus-cli: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid conflict/choise of providers plexus-i18n: - Use sisu-plexus instead of plexus-containers-container-default plexus-resources: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default plexus-sec-dispatcher: - Removed unnecessary dependency on plexus-containers-container-default - Add dependency on plexus-xml where relevant - Build with source and target levels 8 plexus-velocity: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default tesla-polyglot: - Fixed build with maven-plugin-plugin - Fixed build with snakeyaml 2.2 The following package changes have been done: - libgpg-error0-1.42-150400.1.101 added - libgcrypt20-1.9.4-150500.10.19 added - libgcrypt20-hmac-1.9.4-150500.10.19 added - curl-8.0.1-150400.5.44.1 added - liblz4-1-1.9.3-150400.1.7 added - libsystemd0-249.17-150400.8.40.1 added - libprocps8-3.3.17-150000.7.37.1 added - procps-3.3.17-150000.7.37.1 added - gawk-4.2.1-150000.3.3.1 added - maven-shared-utils-3.3.4-150200.3.7.2 updated - plexus-sec-dispatcher-2.0-150200.3.7.3 updated From sle-container-updates at lists.suse.com Wed Jul 3 07:04:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 3 Jul 2024 09:04:03 +0200 (CEST) Subject: SUSE-CU-2024:2968-1: Security update of suse/sle15 Message-ID: <20240703070403.70344FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2968-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.12 Container Release : 9.8.12 Severity : low Type : security References : 1224282 CVE-2024-34459 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2267-1 Released: Tue Jul 2 10:33:36 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). The following package changes have been done: - libxml2-2-2.9.7-150000.3.70.1 updated From sle-container-updates at lists.suse.com Wed Jul 3 07:04:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 3 Jul 2024 09:04:19 +0200 (CEST) Subject: SUSE-CU-2024:2969-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20240703070419.E1E26FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2969-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.4.71 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.4.71 Container Release : 4.71 Severity : low Type : security References : 1224282 CVE-2024-34459 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2267-1 Released: Tue Jul 2 10:33:36 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). The following package changes have been done: - libxml2-2-2.9.7-150000.3.70.1 updated From sle-container-updates at lists.suse.com Wed Jul 3 07:04:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 3 Jul 2024 09:04:40 +0200 (CEST) Subject: SUSE-CU-2024:2970-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20240703070440.88A3CFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2970-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.44 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.44 Container Release : 3.44 Severity : low Type : security References : 1224282 CVE-2024-34459 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2279-1 Released: Tue Jul 2 18:33:22 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). The following package changes have been done: - libxml2-2-2.9.14-150400.5.32.1 updated From sle-container-updates at lists.suse.com Wed Jul 3 07:05:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 3 Jul 2024 09:05:16 +0200 (CEST) Subject: SUSE-CU-2024:2972-1: Security update of suse/git Message-ID: <20240703070516.4F13BFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2972-1 Container Tags : suse/git:2.43 , suse/git:2.43-17.8 , suse/git:latest Container Release : 17.8 Severity : important Type : security References : 1224168 1224170 1224171 1224172 1224173 1226642 CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 CVE-2024-6387 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2275-1 Released: Tue Jul 2 16:33:30 2024 Summary: Security update for openssh Type: security Severity: important References: 1226642,CVE-2024-6387 This update for openssh fixes the following issues: - CVE-2024-6387: Fixed race condition in a signal handler (bsc#1226642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2277-1 Released: Tue Jul 2 17:03:49 2024 Summary: Security update for git Type: security Severity: important References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465 This update for git fixes the following issues: - CVE-2024-32002: Fix recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion. (bsc#1224168) - CVE-2024-32004: Fixed arbitrary code execution during local clones. (bsc#1224170) - CVE-2024-32020: Fix file overwriting vulnerability during local clones. (bsc#1224171) - CVE-2024-32021: Git may create hardlinks to arbitrary user-readable files. (bsc#1224172) - CVE-2024-32465: Fixed arbitrary code execution during clone operations. (bsc#1224173) The following package changes have been done: - git-core-2.43.0-150600.3.3.1 updated - openssh-clients-9.6p1-150600.6.3.1 updated - openssh-common-9.6p1-150600.6.3.1 updated From sle-container-updates at lists.suse.com Wed Jul 3 07:06:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 3 Jul 2024 09:06:00 +0200 (CEST) Subject: SUSE-CU-2024:2974-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20240703070600.43A37FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2974-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.20 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.52.20 Severity : low Type : security References : 1224282 CVE-2024-34459 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2279-1 Released: Tue Jul 2 18:33:22 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). The following package changes have been done: - python3-libxml2-2.9.14-150400.5.32.1 updated From sle-container-updates at lists.suse.com Wed Jul 3 07:05:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 3 Jul 2024 09:05:12 +0200 (CEST) Subject: SUSE-CU-2024:2971-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240703070512.CAE32FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2971-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.17.2 Container Release : 17.2 Severity : important Type : security References : 1065729 1141539 1174585 1181674 1187716 1190569 1191949 1192107 1193983 1194288 1194869 1196956 1197915 1200465 1205205 1207284 1207361 1207948 1208149 1209657 1209799 1209834 1209980 1210335 1213863 1214852 1215322 1215702 1216358 1216702 1217169 1217339 1217515 1218447 1220021 1220267 1220363 1220783 1221044 1221081 1221615 1221777 1221816 1221829 1222011 1222374 1222385 1222413 1222464 1222513 1222559 1222561 1222608 1222619 1222627 1222721 1222765 1222770 1222783 1222793 1222870 1222893 1222960 1222961 1222974 1222975 1222976 1223011 1223023 1223027 1223031 1223043 1223046 1223048 1223049 1223084 1223113 1223119 1223137 1223138 1223140 1223188 1223203 1223207 1223315 1223360 1223384 1223390 1223432 1223489 1223505 1223532 1223575 1223595 1223626 1223627 1223628 1223631 1223633 1223638 1223650 1223653 1223666 1223670 1223671 1223675 1223677 1223678 1223679 1223698 1223712 1223715 1223717 1223718 1223737 1223738 1223741 1223744 1223747 1223748 1223750 1223752 1223754 1223756 1223757 1223762 1223769 1223770 1223779 1223780 1223781 1223788 1223802 1223819 1223823 1223826 1223828 1223829 1223837 1223842 1223843 1223844 1223847 1223858 1223875 1223879 1223895 1223959 1223961 1223991 1223996 1224020 1224076 1224096 1224098 1224099 1224137 1224166 1224174 1224177 1224180 1224181 1224187 1224331 1224346 1224423 1224432 1224437 1224438 1224442 1224443 1224445 1224449 1224479 1224482 1224487 1224488 1224492 1224494 1224495 1224502 1224508 1224509 1224511 1224519 1224524 1224525 1224530 1224531 1224534 1224535 1224537 1224541 1224543 1224549 1224550 1224558 1224559 1224566 1224567 1224571 1224575 1224576 1224579 1224580 1224581 1224582 1224586 1224587 1224592 1224598 1224601 1224607 1224608 1224611 1224615 1224617 1224618 1224621 1224622 1224624 1224627 1224628 1224629 1224632 1224636 1224637 1224638 1224640 1224643 1224644 1224645 1224647 1224648 1224649 1224650 1224651 1224657 1224659 1224660 1224663 1224664 1224665 1224666 1224667 1224668 1224671 1224672 1224676 1224678 1224679 1224680 1224681 1224682 1224685 1224686 1224692 1224697 1224699 1224701 1224703 1224705 1224707 1224717 1224718 1224721 1224722 1224723 1224725 1224727 1224728 1224729 1224730 1224731 1224732 1224733 1224736 1224738 1224739 1224740 1224747 1224749 1224759 1224763 1224764 1224765 1224766 1224794 1224795 1224796 1224803 1224816 1224895 1224898 1224900 1224901 1224902 1224903 1224904 1224905 1224907 1224909 1224910 1224911 1224912 1224913 1224914 1224915 1224920 1224928 1224929 1224930 1224931 1224932 1224936 1224937 1224941 1224942 1224944 1224945 1224947 1224956 1224988 1224992 1225000 1225003 1225005 1225008 1225009 1225022 1225031 1225032 1225036 1225041 1225044 1225053 1225076 1225077 1225082 1225085 1225086 1225092 1225095 1225096 1225097 1225106 1225108 1225109 1225114 1225118 1225121 1225122 1225123 1225125 1225126 1225127 1225129 1225131 1225132 1225138 1225139 1225145 1225151 1225153 1225156 1225158 1225160 1225161 1225164 1225167 1225180 1225183 1225184 1225186 1225187 1225189 1225190 1225191 1225192 1225193 1225195 1225198 1225201 1225203 1225205 1225206 1225207 1225208 1225209 1225210 1225214 1225222 1225223 1225224 1225225 1225227 1225228 1225229 1225230 1225232 1225233 1225235 1225236 1225237 1225238 1225239 1225240 1225241 1225242 1225243 1225244 1225245 1225246 1225247 1225248 1225249 1225250 1225251 1225252 1225253 1225254 1225255 1225256 1225257 1225258 1225259 1225260 1225261 1225262 1225263 1225268 1225301 1225303 1225304 1225306 1225316 1225318 1225320 1225321 1225322 1225323 1225326 1225327 1225328 1225329 1225330 1225331 1225332 1225333 1225334 1225335 1225336 1225337 1225338 1225339 1225341 1225342 1225344 1225346 1225347 1225351 1225353 1225354 1225355 1225357 1225358 1225360 1225361 1225366 1225367 1225368 1225369 1225370 1225372 1225373 1225374 1225375 1225376 1225377 1225379 1225380 1225382 1225383 1225384 1225386 1225387 1225388 1225390 1225392 1225393 1225396 1225400 1225404 1225405 1225408 1225409 1225410 1225411 1225424 1225425 1225427 1225431 1225435 1225436 1225437 1225438 1225439 1225441 1225442 1225443 1225444 1225445 1225446 1225447 1225450 1225453 1225455 1225461 1225463 1225464 1225466 1225467 1225468 1225471 1225472 1225478 1225479 1225480 1225482 1225483 1225486 1225488 1225490 1225492 1225495 1225499 1225500 1225501 1225502 1225506 1225508 1225510 1225513 1225515 1225529 1225530 1225532 1225534 1225535 1225548 1225549 1225550 1225553 1225554 1225555 1225556 1225557 1225559 1225560 1225565 1225566 1225568 1225569 1225570 1225571 1225572 1225577 1225583 1225584 1225587 1225588 1225589 1225590 1225591 1225592 1225593 1225595 1225599 1225616 1225640 1225642 1225705 1225708 1225715 1225720 1225722 1225734 1225735 1225747 1225748 1225756 1225761 1225766 1225775 1225810 1225820 1225829 1225835 1225842 CVE-2020-36788 CVE-2021-4148 CVE-2021-43527 CVE-2021-47358 CVE-2021-47359 CVE-2021-47360 CVE-2021-47361 CVE-2021-47362 CVE-2021-47363 CVE-2021-47364 CVE-2021-47365 CVE-2021-47366 CVE-2021-47367 CVE-2021-47368 CVE-2021-47369 CVE-2021-47370 CVE-2021-47371 CVE-2021-47372 CVE-2021-47373 CVE-2021-47374 CVE-2021-47375 CVE-2021-47376 CVE-2021-47378 CVE-2021-47379 CVE-2021-47380 CVE-2021-47381 CVE-2021-47382 CVE-2021-47383 CVE-2021-47384 CVE-2021-47385 CVE-2021-47386 CVE-2021-47387 CVE-2021-47388 CVE-2021-47389 CVE-2021-47390 CVE-2021-47391 CVE-2021-47392 CVE-2021-47393 CVE-2021-47394 CVE-2021-47395 CVE-2021-47396 CVE-2021-47397 CVE-2021-47398 CVE-2021-47399 CVE-2021-47400 CVE-2021-47401 CVE-2021-47402 CVE-2021-47403 CVE-2021-47404 CVE-2021-47405 CVE-2021-47406 CVE-2021-47407 CVE-2021-47408 CVE-2021-47409 CVE-2021-47410 CVE-2021-47412 CVE-2021-47413 CVE-2021-47414 CVE-2021-47415 CVE-2021-47416 CVE-2021-47417 CVE-2021-47418 CVE-2021-47419 CVE-2021-47420 CVE-2021-47421 CVE-2021-47422 CVE-2021-47423 CVE-2021-47424 CVE-2021-47425 CVE-2021-47426 CVE-2021-47427 CVE-2021-47428 CVE-2021-47429 CVE-2021-47430 CVE-2021-47431 CVE-2021-47433 CVE-2021-47434 CVE-2021-47435 CVE-2021-47436 CVE-2021-47437 CVE-2021-47438 CVE-2021-47439 CVE-2021-47440 CVE-2021-47441 CVE-2021-47442 CVE-2021-47443 CVE-2021-47444 CVE-2021-47445 CVE-2021-47446 CVE-2021-47447 CVE-2021-47448 CVE-2021-47449 CVE-2021-47450 CVE-2021-47451 CVE-2021-47452 CVE-2021-47453 CVE-2021-47454 CVE-2021-47455 CVE-2021-47456 CVE-2021-47457 CVE-2021-47458 CVE-2021-47459 CVE-2021-47460 CVE-2021-47461 CVE-2021-47462 CVE-2021-47463 CVE-2021-47464 CVE-2021-47465 CVE-2021-47466 CVE-2021-47467 CVE-2021-47468 CVE-2021-47469 CVE-2021-47470 CVE-2021-47471 CVE-2021-47472 CVE-2021-47473 CVE-2021-47474 CVE-2021-47475 CVE-2021-47476 CVE-2021-47477 CVE-2021-47478 CVE-2021-47479 CVE-2021-47480 CVE-2021-47481 CVE-2021-47482 CVE-2021-47483 CVE-2021-47484 CVE-2021-47485 CVE-2021-47486 CVE-2021-47488 CVE-2021-47489 CVE-2021-47490 CVE-2021-47491 CVE-2021-47492 CVE-2021-47493 CVE-2021-47494 CVE-2021-47495 CVE-2021-47496 CVE-2021-47497 CVE-2021-47498 CVE-2021-47499 CVE-2021-47500 CVE-2021-47501 CVE-2021-47502 CVE-2021-47503 CVE-2021-47504 CVE-2021-47505 CVE-2021-47506 CVE-2021-47507 CVE-2021-47508 CVE-2021-47509 CVE-2021-47510 CVE-2021-47511 CVE-2021-47512 CVE-2021-47513 CVE-2021-47514 CVE-2021-47516 CVE-2021-47518 CVE-2021-47520 CVE-2021-47521 CVE-2021-47522 CVE-2021-47523 CVE-2021-47524 CVE-2021-47525 CVE-2021-47526 CVE-2021-47528 CVE-2021-47529 CVE-2021-47530 CVE-2021-47531 CVE-2021-47532 CVE-2021-47533 CVE-2021-47534 CVE-2021-47535 CVE-2021-47536 CVE-2021-47537 CVE-2021-47540 CVE-2021-47541 CVE-2021-47542 CVE-2021-47544 CVE-2021-47548 CVE-2021-47549 CVE-2021-47550 CVE-2021-47551 CVE-2021-47552 CVE-2021-47553 CVE-2021-47554 CVE-2021-47555 CVE-2021-47556 CVE-2021-47557 CVE-2021-47558 CVE-2021-47559 CVE-2021-47560 CVE-2021-47562 CVE-2021-47563 CVE-2021-47564 CVE-2021-47565 CVE-2021-47569 CVE-2022-48633 CVE-2022-48662 CVE-2022-48669 CVE-2022-48689 CVE-2022-48691 CVE-2022-48699 CVE-2022-48705 CVE-2022-48708 CVE-2022-48709 CVE-2022-48710 CVE-2023-0160 CVE-2023-1829 CVE-2023-42755 CVE-2023-47233 CVE-2023-52586 CVE-2023-52591 CVE-2023-52618 CVE-2023-52642 CVE-2023-52643 CVE-2023-52644 CVE-2023-52646 CVE-2023-52650 CVE-2023-52653 CVE-2023-52654 CVE-2023-52655 CVE-2023-52656 CVE-2023-52657 CVE-2023-52659 CVE-2023-52660 CVE-2023-52661 CVE-2023-52662 CVE-2023-52664 CVE-2023-52669 CVE-2023-52671 CVE-2023-52674 CVE-2023-52676 CVE-2023-52678 CVE-2023-52679 CVE-2023-52680 CVE-2023-52683 CVE-2023-52685 CVE-2023-52686 CVE-2023-52690 CVE-2023-52691 CVE-2023-52692 CVE-2023-52693 CVE-2023-52694 CVE-2023-52696 CVE-2023-52698 CVE-2023-52699 CVE-2023-52702 CVE-2023-52703 CVE-2023-52705 CVE-2023-52707 CVE-2023-52708 CVE-2023-52730 CVE-2023-52731 CVE-2023-52732 CVE-2023-52733 CVE-2023-52736 CVE-2023-52738 CVE-2023-52739 CVE-2023-52740 CVE-2023-52741 CVE-2023-52742 CVE-2023-52743 CVE-2023-52744 CVE-2023-52745 CVE-2023-52746 CVE-2023-52747 CVE-2023-52753 CVE-2023-52754 CVE-2023-52756 CVE-2023-52757 CVE-2023-52759 CVE-2023-52763 CVE-2023-52764 CVE-2023-52766 CVE-2023-52773 CVE-2023-52774 CVE-2023-52777 CVE-2023-52781 CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52795 CVE-2023-52796 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800 CVE-2023-52803 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806 CVE-2023-52807 CVE-2023-52808 CVE-2023-52809 CVE-2023-52810 CVE-2023-52811 CVE-2023-52814 CVE-2023-52815 CVE-2023-52816 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52821 CVE-2023-52825 CVE-2023-52826 CVE-2023-52832 CVE-2023-52833 CVE-2023-52834 CVE-2023-52838 CVE-2023-52840 CVE-2023-52841 CVE-2023-52844 CVE-2023-52847 CVE-2023-52851 CVE-2023-52853 CVE-2023-52854 CVE-2023-52855 CVE-2023-52856 CVE-2023-52858 CVE-2023-52860 CVE-2023-52861 CVE-2023-52864 CVE-2023-52865 CVE-2023-52867 CVE-2023-52868 CVE-2023-52870 CVE-2023-52871 CVE-2023-52872 CVE-2023-52873 CVE-2023-52875 CVE-2023-52876 CVE-2023-52877 CVE-2023-52878 CVE-2023-52880 CVE-2023-6531 CVE-2024-2201 CVE-2024-26597 CVE-2024-26643 CVE-2024-26679 CVE-2024-26692 CVE-2024-26698 CVE-2024-26700 CVE-2024-26715 CVE-2024-26739 CVE-2024-26742 CVE-2024-26748 CVE-2024-26758 CVE-2024-26764 CVE-2024-26775 CVE-2024-26777 CVE-2024-26778 CVE-2024-26788 CVE-2024-26791 CVE-2024-26801 CVE-2024-26822 CVE-2024-26828 CVE-2024-26829 CVE-2024-26838 CVE-2024-26839 CVE-2024-26840 CVE-2024-26846 CVE-2024-26859 CVE-2024-26870 CVE-2024-26874 CVE-2024-26876 CVE-2024-26877 CVE-2024-26880 CVE-2024-26889 CVE-2024-26894 CVE-2024-26900 CVE-2024-26907 CVE-2024-26915 CVE-2024-26916 CVE-2024-26919 CVE-2024-26920 CVE-2024-26921 CVE-2024-26922 CVE-2024-26925 CVE-2024-26928 CVE-2024-26929 CVE-2024-26930 CVE-2024-26931 CVE-2024-26933 CVE-2024-26934 CVE-2024-26935 CVE-2024-26937 CVE-2024-26938 CVE-2024-26939 CVE-2024-26940 CVE-2024-26943 CVE-2024-26957 CVE-2024-26958 CVE-2024-26964 CVE-2024-26974 CVE-2024-26977 CVE-2024-26979 CVE-2024-26984 CVE-2024-26988 CVE-2024-26989 CVE-2024-26994 CVE-2024-26996 CVE-2024-26997 CVE-2024-26999 CVE-2024-27000 CVE-2024-27001 CVE-2024-27004 CVE-2024-27008 CVE-2024-27028 CVE-2024-27037 CVE-2024-27042 CVE-2024-27045 CVE-2024-27047 CVE-2024-27051 CVE-2024-27052 CVE-2024-27053 CVE-2024-27054 CVE-2024-27059 CVE-2024-27072 CVE-2024-27073 CVE-2024-27074 CVE-2024-27075 CVE-2024-27076 CVE-2024-27077 CVE-2024-27078 CVE-2024-27388 CVE-2024-27393 CVE-2024-27395 CVE-2024-27396 CVE-2024-27398 CVE-2024-27399 CVE-2024-27400 CVE-2024-27401 CVE-2024-27405 CVE-2024-27410 CVE-2024-27412 CVE-2024-27413 CVE-2024-27416 CVE-2024-27417 CVE-2024-27419 CVE-2024-27431 CVE-2024-27435 CVE-2024-27436 CVE-2024-35789 CVE-2024-35791 CVE-2024-35796 CVE-2024-35799 CVE-2024-35801 CVE-2024-35804 CVE-2024-35806 CVE-2024-35809 CVE-2024-35811 CVE-2024-35812 CVE-2024-35813 CVE-2024-35815 CVE-2024-35817 CVE-2024-35821 CVE-2024-35822 CVE-2024-35823 CVE-2024-35825 CVE-2024-35828 CVE-2024-35829 CVE-2024-35830 CVE-2024-35833 CVE-2024-35845 CVE-2024-35847 CVE-2024-35849 CVE-2024-35851 CVE-2024-35852 CVE-2024-35854 CVE-2024-35860 CVE-2024-35861 CVE-2024-35862 CVE-2024-35863 CVE-2024-35864 CVE-2024-35865 CVE-2024-35866 CVE-2024-35867 CVE-2024-35868 CVE-2024-35869 CVE-2024-35870 CVE-2024-35872 CVE-2024-35875 CVE-2024-35877 CVE-2024-35878 CVE-2024-35879 CVE-2024-35885 CVE-2024-35887 CVE-2024-35895 CVE-2024-35901 CVE-2024-35904 CVE-2024-35905 CVE-2024-35907 CVE-2024-35912 CVE-2024-35914 CVE-2024-35915 CVE-2024-35922 CVE-2024-35924 CVE-2024-35930 CVE-2024-35932 CVE-2024-35933 CVE-2024-35935 CVE-2024-35936 CVE-2024-35938 CVE-2024-35939 CVE-2024-35940 CVE-2024-35943 CVE-2024-35944 CVE-2024-35947 CVE-2024-35950 CVE-2024-35951 CVE-2024-35952 CVE-2024-35955 CVE-2024-35959 CVE-2024-35963 CVE-2024-35964 CVE-2024-35965 CVE-2024-35966 CVE-2024-35967 CVE-2024-35969 CVE-2024-35973 CVE-2024-35976 CVE-2024-35978 CVE-2024-35982 CVE-2024-35984 CVE-2024-35989 CVE-2024-35990 CVE-2024-35998 CVE-2024-35999 CVE-2024-36006 CVE-2024-36007 CVE-2024-36012 CVE-2024-36014 CVE-2024-36015 CVE-2024-36016 CVE-2024-36026 CVE-2024-36029 CVE-2024-36032 CVE-2024-36880 CVE-2024-36893 CVE-2024-36896 CVE-2024-36897 CVE-2024-36906 CVE-2024-36918 CVE-2024-36924 CVE-2024-36926 CVE-2024-36928 CVE-2024-36931 CVE-2024-36938 CVE-2024-36940 CVE-2024-36941 CVE-2024-36942 CVE-2024-36944 CVE-2024-36947 CVE-2024-36950 CVE-2024-36952 CVE-2024-36955 CVE-2024-36959 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2190-1 Released: Tue Jun 25 10:50:51 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1141539,1174585,1181674,1187716,1190569,1191949,1192107,1193983,1194288,1194869,1196956,1197915,1200465,1205205,1207284,1207361,1207948,1208149,1209657,1209799,1209834,1209980,1210335,1213863,1214852,1215322,1215702,1216358,1216702,1217169,1217339,1217515,1218447,1220021,1220267,1220363,1220783,1221044,1221081,1221615,1221777,1221816,1221829,1222011,1222374,1222385,1222413,1222464,1222513,1222559,1222561,1222608,1222619,1222627,1222721,1222765,1222770,1222783,1222793,1222870,1222893,1222960,1222961,1222974,1222975,1222976,1223011,1223023,1223027,1223031,1223043,1223046,1223048,1223049,1223084,1223113,1223119,1223137,1223138,1223140,1223188,1223203,1223207,1223315,1223360,1223384,1223390,1223432,1223489,1223505,1223532,1223575,1223595,1223626,1223627,1223628,1223631,1223633,1223638,1223650,1223653,1223666,1223670,1223671,1223675,1223677,1223678,1223679,1223698,1223712,1223715,1223717,1223718,1223737,1223738,1223741,1223744,1223747,1223748,1223750,1223752,1223754,1 223756,1223757,1223762,1223769,1223770,1223779,1223780,1223781,1223788,1223802,1223819,1223823,1223826,1223828,1223829,1223837,1223842,1223843,1223844,1223847,1223858,1223875,1223879,1223895,1223959,1223961,1223991,1223996,1224020,1224076,1224096,1224098,1224099,1224137,1224166,1224174,1224177,1224180,1224181,1224187,1224331,1224346,1224423,1224432,1224437,1224438,1224442,1224443,1224445,1224449,1224479,1224482,1224487,1224488,1224492,1224494,1224495,1224502,1224508,1224509,1224511,1224519,1224524,1224525,1224530,1224531,1224534,1224535,1224537,1224541,1224543,1224549,1224550,1224558,1224559,1224566,1224567,1224571,1224575,1224576,1224579,1224580,1224581,1224582,1224586,1224587,1224592,1224598,1224601,1224607,1224608,1224611,1224615,1224617,1224618,1224621,1224622,1224624,1224627,1224628,1224629,1224632,1224636,1224637,1224638,1224640,1224643,1224644,1224645,1224647,1224648,1224649,1224650,1224651,1224657,1224659,1224660,1224663,1224664,1224665,1224666,1224667,1224668,1224671,122467 2,1224676,1224678,1224679,1224680,1224681,1224682,1224685,1224686,1224692,1224697,1224699,1224701,1224703,1224705,1224707,1224717,1224718,1224721,1224722,1224723,1224725,1224727,1224728,1224729,1224730,1224731,1224732,1224733,1224736,1224738,1224739,1224740,1224747,1224749,1224759,1224763,1224764,1224765,1224766,1224794,1224795,1224796,1224803,1224816,1224895,1224898,1224900,1224901,1224902,1224903,1224904,1224905,1224907,1224909,1224910,1224911,1224912,1224913,1224914,1224915,1224920,1224928,1224929,1224930,1224931,1224932,1224936,1224937,1224941,1224942,1224944,1224945,1224947,1224956,1224988,1224992,1225000,1225003,1225005,1225008,1225009,1225022,1225031,1225032,1225036,1225041,1225044,1225053,1225076,1225077,1225082,1225085,1225086,1225092,1225095,1225096,1225097,1225106,1225108,1225109,1225114,1225118,1225121,1225122,1225123,1225125,1225126,1225127,1225129,1225131,1225132,1225138,1225139,1225145,1225151,1225153,1225156,1225158,1225160,1225161,1225164,1225167,1225180,1225183,122 5184,1225186,1225187,1225189,1225190,1225191,1225192,1225193,1225195,1225198,1225201,1225203,1225205,1225206,1225207,1225208,1225209,1225210,1225214,1225222,1225223,1225224,1225225,1225227,1225228,1225229,1225230,1225232,1225233,1225235,1225236,1225237,1225238,1225239,1225240,1225241,1225242,1225243,1225244,1225245,1225246,1225247,1225248,1225249,1225250,1225251,1225252,1225253,1225254,1225255,1225256,1225257,1225258,1225259,1225260,1225261,1225262,1225263,1225268,1225301,1225303,1225304,1225306,1225316,1225318,1225320,1225321,1225322,1225323,1225326,1225327,1225328,1225329,1225330,1225331,1225332,1225333,1225334,1225335,1225336,1225337,1225338,1225339,1225341,1225342,1225344,1225346,1225347,1225351,1225353,1225354,1225355,1225357,1225358,1225360,1225361,1225366,1225367,1225368,1225369,1225370,1225372,1225373,1225374,1225375,1225376,1225377,1225379,1225380,1225382,1225383,1225384,1225386,1225387,1225388,1225390,1225392,1225393,1225396,1225400,1225404,1225405,1225408,1225409,1225410, 1225411,1225424,1225425,1225427,1225431,1225435,1225436,1225437,1225438,1225439,1225441,1225442,1225443,1225444,1225445,1225446,1225447,1225450,1225453,1225455,1225461,1225463,1225464,1225466,1225467,1225468,1225471,1225472,1225478,1225479,1225480,1225482,1225483,1225486,1225488,1225490,1225492,1225495,1225499,1225500,1225501,1225502,1225506,1225508,1225510,1225513,1225515,1225529,1225530,1225532,1225534,1225535,1225548,1225549,1225550,1225553,1225554,1225555,1225556,1225557,1225559,1225560,1225565,1225566,1225568,1225569,1225570,1225571,1225572,1225577,1225583,1225584,1225587,1225588,1225589,1225590,1225591,1225592,1225593,1225595,1225599,1225616,1225640,1225642,1225705,1225708,1225715,1225720,1225722,1225734,1225735,1225747,1225748,1225756,1225761,1225766,1225775,1225810,1225820,1225829,1225835,1225842,CVE-2020-36788,CVE-2021-4148,CVE-2021-43527,CVE-2021-47358,CVE-2021-47359,CVE-2021-47360,CVE-2021-47361,CVE-2021-47362,CVE-2021-47363,CVE-2021-47364,CVE-2021-47365,CVE-2021-47366,CV E-2021-47367,CVE-2021-47368,CVE-2021-47369,CVE-2021-47370,CVE-2021-47371,CVE-2021-47372,CVE-2021-47373,CVE-2021-47374,CVE-2021-47375,CVE-2021-47376,CVE-2021-47378,CVE-2021-47379,CVE-2021-47380,CVE-2021-47381,CVE-2021-47382,CVE-2021-47383,CVE-2021-47384,CVE-2021-47385,CVE-2021-47386,CVE-2021-47387,CVE-2021-47388,CVE-2021-47389,CVE-2021-47390,CVE-2021-47391,CVE-2021-47392,CVE-2021-47393,CVE-2021-47394,CVE-2021-47395,CVE-2021-47396,CVE-2021-47397,CVE-2021-47398,CVE-2021-47399,CVE-2021-47400,CVE-2021-47401,CVE-2021-47402,CVE-2021-47403,CVE-2021-47404,CVE-2021-47405,CVE-2021-47406,CVE-2021-47407,CVE-2021-47408,CVE-2021-47409,CVE-2021-47410,CVE-2021-47412,CVE-2021-47413,CVE-2021-47414,CVE-2021-47415,CVE-2021-47416,CVE-2021-47417,CVE-2021-47418,CVE-2021-47419,CVE-2021-47420,CVE-2021-47421,CVE-2021-47422,CVE-2021-47423,CVE-2021-47424,CVE-2021-47425,CVE-2021-47426,CVE-2021-47427,CVE-2021-47428,CVE-2021-47429,CVE-2021-47430,CVE-2021-47431,CVE-2021-47433,CVE-2021-47434,CVE-2021-47435,CVE-2021- 47436,CVE-2021-47437,CVE-2021-47438,CVE-2021-47439,CVE-2021-47440,CVE-2021-47441,CVE-2021-47442,CVE-2021-47443,CVE-2021-47444,CVE-2021-47445,CVE-2021-47446,CVE-2021-47447,CVE-2021-47448,CVE-2021-47449,CVE-2021-47450,CVE-2021-47451,CVE-2021-47452,CVE-2021-47453,CVE-2021-47454,CVE-2021-47455,CVE-2021-47456,CVE-2021-47457,CVE-2021-47458,CVE-2021-47459,CVE-2021-47460,CVE-2021-47461,CVE-2021-47462,CVE-2021-47463,CVE-2021-47464,CVE-2021-47465,CVE-2021-47466,CVE-2021-47467,CVE-2021-47468,CVE-2021-47469,CVE-2021-47470,CVE-2021-47471,CVE-2021-47472,CVE-2021-47473,CVE-2021-47474,CVE-2021-47475,CVE-2021-47476,CVE-2021-47477,CVE-2021-47478,CVE-2021-47479,CVE-2021-47480,CVE-2021-47481,CVE-2021-47482,CVE-2021-47483,CVE-2021-47484,CVE-2021-47485,CVE-2021-47486,CVE-2021-47488,CVE-2021-47489,CVE-2021-47490,CVE-2021-47491,CVE-2021-47492,CVE-2021-47493,CVE-2021-47494,CVE-2021-47495,CVE-2021-47496,CVE-2021-47497,CVE-2021-47498,CVE-2021-47499,CVE-2021-47500,CVE-2021-47501,CVE-2021-47502,CVE-2021-47503,C VE-2021-47504,CVE-2021-47505,CVE-2021-47506,CVE-2021-47507,CVE-2021-47508,CVE-2021-47509,CVE-2021-47510,CVE-2021-47511,CVE-2021-47512,CVE-2021-47513,CVE-2021-47514,CVE-2021-47516,CVE-2021-47518,CVE-2021-47520,CVE-2021-47521,CVE-2021-47522,CVE-2021-47523,CVE-2021-47524,CVE-2021-47525,CVE-2021-47526,CVE-2021-47528,CVE-2021-47529,CVE-2021-47530,CVE-2021-47531,CVE-2021-47532,CVE-2021-47533,CVE-2021-47534,CVE-2021-47535,CVE-2021-47536,CVE-2021-47537,CVE-2021-47540,CVE-2021-47541,CVE-2021-47542,CVE-2021-47544,CVE-2021-47548,CVE-2021-47549,CVE-2021-47550,CVE-2021-47551,CVE-2021-47552,CVE-2021-47553,CVE-2021-47554,CVE-2021-47555,CVE-2021-47556,CVE-2021-47557,CVE-2021-47558,CVE-2021-47559,CVE-2021-47560,CVE-2021-47562,CVE-2021-47563,CVE-2021-47564,CVE-2021-47565,CVE-2021-47569,CVE-2022-48633,CVE-2022-48662,CVE-2022-48669,CVE-2022-48689,CVE-2022-48691,CVE-2022-48699,CVE-2022-48705,CVE-2022-48708,CVE-2022-48709,CVE-2022-48710,CVE-2023-0160,CVE-2023-1829,CVE-2023-42755,CVE-2023-47233,CVE-2023-5 2586,CVE-2023-52591,CVE-2023-52618,CVE-2023-52642,CVE-2023-52643,CVE-2023-52644,CVE-2023-52646,CVE-2023-52650,CVE-2023-52653,CVE-2023-52654,CVE-2023-52655,CVE-2023-52656,CVE-2023-52657,CVE-2023-52659,CVE-2023-52660,CVE-2023-52661,CVE-2023-52662,CVE-2023-52664,CVE-2023-52669,CVE-2023-52671,CVE-2023-52674,CVE-2023-52676,CVE-2023-52678,CVE-2023-52679,CVE-2023-52680,CVE-2023-52683,CVE-2023-52685,CVE-2023-52686,CVE-2023-52690,CVE-2023-52691,CVE-2023-52692,CVE-2023-52693,CVE-2023-52694,CVE-2023-52696,CVE-2023-52698,CVE-2023-52699,CVE-2023-52702,CVE-2023-52703,CVE-2023-52705,CVE-2023-52707,CVE-2023-52708,CVE-2023-52730,CVE-2023-52731,CVE-2023-52732,CVE-2023-52733,CVE-2023-52736,CVE-2023-52738,CVE-2023-52739,CVE-2023-52740,CVE-2023-52741,CVE-2023-52742,CVE-2023-52743,CVE-2023-52744,CVE-2023-52745,CVE-2023-52746,CVE-2023-52747,CVE-2023-52753,CVE-2023-52754,CVE-2023-52756,CVE-2023-52757,CVE-2023-52759,CVE-2023-52763,CVE-2023-52764,CVE-2023-52766,CVE-2023-52773,CVE-2023-52774,CVE-2023-52777,CV E-2023-52781,CVE-2023-52788,CVE-2023-52789,CVE-2023-52791,CVE-2023-52795,CVE-2023-52796,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52803,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52807,CVE-2023-52808,CVE-2023-52809,CVE-2023-52810,CVE-2023-52811,CVE-2023-52814,CVE-2023-52815,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52844,CVE-2023-52847,CVE-2023-52851,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-2023-52856,CVE-2023-52858,CVE-2023-52860,CVE-2023-52861,CVE-2023-52864,CVE-2023-52865,CVE-2023-52867,CVE-2023-52868,CVE-2023-52870,CVE-2023-52871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52880,CVE-2023-6531,CVE-2024-2201,CVE-2024-26597,CVE-2024-26643,CVE-2024-26679,CVE-2024-26692,CVE-2024-26698,CVE-2024-26700,CVE-2024-26715,CVE-2024-26739,CVE-2024-26 742,CVE-2024-26748,CVE-2024-26758,CVE-2024-26764,CVE-2024-26775,CVE-2024-26777,CVE-2024-26778,CVE-2024-26788,CVE-2024-26791,CVE-2024-26801,CVE-2024-26822,CVE-2024-26828,CVE-2024-26829,CVE-2024-26838,CVE-2024-26839,CVE-2024-26840,CVE-2024-26846,CVE-2024-26859,CVE-2024-26870,CVE-2024-26874,CVE-2024-26876,CVE-2024-26877,CVE-2024-26880,CVE-2024-26889,CVE-2024-26894,CVE-2024-26900,CVE-2024-26907,CVE-2024-26915,CVE-2024-26916,CVE-2024-26919,CVE-2024-26920,CVE-2024-26921,CVE-2024-26922,CVE-2024-26925,CVE-2024-26928,CVE-2024-26929,CVE-2024-26930,CVE-2024-26931,CVE-2024-26933,CVE-2024-26934,CVE-2024-26935,CVE-2024-26937,CVE-2024-26938,CVE-2024-26939,CVE-2024-26940,CVE-2024-26943,CVE-2024-26957,CVE-2024-26958,CVE-2024-26964,CVE-2024-26974,CVE-2024-26977,CVE-2024-26979,CVE-2024-26984,CVE-2024-26988,CVE-2024-26989,CVE-2024-26994,CVE-2024-26996,CVE-2024-26997,CVE-2024-26999,CVE-2024-27000,CVE-2024-27001,CVE-2024-27004,CVE-2024-27008,CVE-2024-27028,CVE-2024-27037,CVE-2024-27042,CVE-2024-27045,CVE -2024-27047,CVE-2024-27051,CVE-2024-27052,CVE-2024-27053,CVE-2024-27054,CVE-2024-27059,CVE-2024-27072,CVE-2024-27073,CVE-2024-27074,CVE-2024-27075,CVE-2024-27076,CVE-2024-27077,CVE-2024-27078,CVE-2024-27388,CVE-2024-27393,CVE-2024-27395,CVE-2024-27396,CVE-2024-27398,CVE-2024-27399,CVE-2024-27400,CVE-2024-27401,CVE-2024-27405,CVE-2024-27410,CVE-2024-27412,CVE-2024-27413,CVE-2024-27416,CVE-2024-27417,CVE-2024-27419,CVE-2024-27431,CVE-2024-27435,CVE-2024-27436,CVE-2024-35789,CVE-2024-35791,CVE-2024-35796,CVE-2024-35799,CVE-2024-35801,CVE-2024-35804,CVE-2024-35806,CVE-2024-35809,CVE-2024-35811,CVE-2024-35812,CVE-2024-35813,CVE-2024-35815,CVE-2024-35817,CVE-2024-35821,CVE-2024-35822,CVE-2024-35823,CVE-2024-35825,CVE-2024-35828,CVE-2024-35829,CVE-2024-35830,CVE-2024-35833,CVE-2024-35845,CVE-2024-35847,CVE-2024-35849,CVE-2024-35851,CVE-2024-35852,CVE-2024-35854,CVE-2024-35860,CVE-2024-35861,CVE-2024-35862,CVE-2024-35863,CVE-2024-35864,CVE-2024-35865,CVE-2024-35866,CVE-2024-35867,CVE-2024-3 5868,CVE-2024-35869,CVE-2024-35870,CVE-2024-35872,CVE-2024-35875,CVE-2024-35877,CVE-2024-35878,CVE-2024-35879,CVE-2024-35885,CVE-2024-35887,CVE-2024-35895,CVE-2024-35901,CVE-2024-35904,CVE-2024-35905,CVE-2024-35907,CVE-2024-35912,CVE-2024-35914,CVE-2024-35915,CVE-2024-35922,CVE-2024-35924,CVE-2024-35930,CVE-2024-35932,CVE-2024-35933,CVE-2024-35935,CVE-2024-35936,CVE-2024-35938,CVE-2024-35939,CVE-2024-35940,CVE-2024-35943,CVE-2024-35944,CVE-2024-35947,CVE-2024-35950,CVE-2024-35951,CVE-2024-35952,CVE-2024-35955,CVE-2024-35959,CVE-2024-35963,CVE-2024-35964,CVE-2024-35965,CVE-2024-35966,CVE-2024-35967,CVE-2024-35969,CVE-2024-35973,CVE-2024-35976,CVE-2024-35978,CVE-2024-35982,CVE-2024-35984,CVE-2024-35989,CVE-2024-35990,CVE-2024-35998,CVE-2024-35999,CVE-2024-36006,CVE-2024-36007,CVE-2024-36012,CVE-2024-36014,CVE-2024-36015,CVE-2024-36016,CVE-2024-36026,CVE-2024-36029,CVE-2024-36032,CVE-2024-36880,CVE-2024-36893,CVE-2024-36896,CVE-2024-36897,CVE-2024-36906,CVE-2024-36918,CVE-2024-36924,CV E-2024-36926,CVE-2024-36928,CVE-2024-36931,CVE-2024-36938,CVE-2024-36940,CVE-2024-36941,CVE-2024-36942,CVE-2024-36944,CVE-2024-36947,CVE-2024-36950,CVE-2024-36952,CVE-2024-36955,CVE-2024-36959 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47548: Fixed a possible array out-of=bounds (bsc#1225506) - CVE-2022-48689: Fixed data-race in lru_add_fn (bsc#1223959) - CVE-2022-48691: Fixed memory leak in netfilter (bsc#1223961) - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-42755: Check user supplied offsets (bsc#1215702). - CVE-2023-52586: Fixed mutex lock in control vblank irq (bsc#1221081). - CVE-2023-52618: Fixed string overflow in block/rnbd-srv (bsc#1221615). - CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169). - CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187). - CVE-2023-52660: Fiedx IRQ handling due to shared interrupts (bsc#1224443). - CVE-2023-52664: Eliminate double free in error handling logic (bsc#1224747). - CVE-2023-52671: Fixed hang/underflow when transitioning to ODM4:1 (bsc#1224729). - CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put() (bsc#1224727). - CVE-2023-52680: Fixed missing error checks to *_ctl_get() (bsc#1224608). - CVE-2023-52692: Fixed missing error check to scarlett2_usb_set_config() (bsc#1224628). - CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (bsc#1224621) - CVE-2023-52746: Prevent potential spectre v1 gadget in xfrm_xlate32_attr() (bsc#1225114) - CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548). - CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085). - CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930). - CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097). - CVE-2023-52860: Fixed null pointer dereference in hisi_hns3 (bsc#1224936). - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385). - CVE-2024-26692: Fixed regression in writes when non-standard maximum write size negotiated (bsc#1222464). - CVE-2024-26700: Fixed drm/amd/display: Fix MST Null Ptr for RV (bsc#1222870) - CVE-2024-26715: Fixed NULL pointer dereference in dwc3_gadget_suspend (bsc#1222561). - CVE-2024-26742: Fixed disable_managed_interrupts (git-fixes bsc#1222608). - CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627). - CVE-2024-26777: Error out if pixclock equals zero in fbdev/sis (bsc#1222765) - CVE-2024-26778: Error out if pixclock equals zero in fbdev/savage (bsc#1222770) - CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793) - CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011). - CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084). - CVE-2024-26839: Fixed a memleak in init_credit_return() (bsc#1222975) - CVE-2024-26876: Fixed crash on irq during probe (bsc#1223119). - CVE-2024-26900: Fixed kmemleak of rdev->serial (bsc#1223046). - CVE-2024-26907: Fixed a fortify source warning while accessing Eth segment in mlx5 (bsc#1223203). - CVE-2024-26915: Reset IH OVERFLOW_CLEAR bit (bsc#1223207) - CVE-2024-26919: Fixed debugfs directory leak (bsc#1223847). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390). - CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532). - CVE-2024-26939: Fixed UAF on destroy against retire race (bsc#1223679). - CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653). - CVE-2024-27042: Fixed potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' (bsc#1223823). - CVE-2024-27395: Fixed Use-After-Free in ovs_ct_exit (bsc#1224098). - CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181). - CVE-2024-27413: Fixed incorrect allocation size (bsc#1224438). - CVE-2024-27417: Fixed potential 'struct net' leak in inet6_rtm_getaddr() (bsc#1224721) - CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759) - CVE-2024-27431: Zero-initialise xdp_rxq_info struct before running XDP program (bsc#1224718). - CVE-2024-35791: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (bsc#1224725). - CVE-2024-35799: Prevent crash when disable stream (bsc#1224740). - CVE-2024-35804: Mark target gfn of emulated atomic instruction as dirty (bsc#1224638). - CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736). - CVE-2024-35852: Fixed memory leak when canceling rehash work (bsc#1224502). - CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636). - CVE-2024-35860: Struct bpf_link and bpf_link_ops kABI workaround (bsc#1224531). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765,). - CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668). - CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key() (bsc#1224667). - CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664). - CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678). - CVE-2024-35869: Guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224020, bsc#1224672). - CVE-2024-35872: Fixed GUP-fast succeeding on secretmem folios (bsc#1224530). - CVE-2024-35875: Require seeding RNG with RDRAND on CoCo systems (bsc#1224665). - CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525). - CVE-2024-35878: Prevent NULL pointer dereference in vsnprintf() (bsc#1224671). - CVE-2024-35879: kABI workaround for drivers/of/dynamic.c (bsc#1224524). - CVE-2024-35885: Stop interface during shutdown (bsc#1224519). - CVE-2024-35904: Fixed dereference of garbage after mount failure (bsc#1224494). - CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488). - CVE-2024-35907: Call request_irq() after NAPI initialized (bsc#1224492). - CVE-2024-35924: Limit read size on v1.2 (bsc#1224657). - CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535). - CVE-2024-35943: Fixed a null pointer dereference in omap_prm_domain_init (bsc#1224649). - CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host() (bsc#1224648). - CVE-2024-35951: Fixed the error path in panfrost_mmu_map_fault_addr() (bsc#1224701). - CVE-2024-35959: Fixed mlx5e_priv_init() cleanup flow (bsc#1224666). - CVE-2024-35964: Fixed not validating setsockopt user input (bsc#1224581). - CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580). - CVE-2024-35973: Fixed header validation in geneve[6]_xmit_skb (bsc#1224586). - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575). - CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549). - CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550). - CVE-2024-36006: Fixed incorrect list API usage (bsc#1224541). - CVE-2024-36007: Fixed warning during rehash (bsc#1224543). - CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761). The following non-security bugs were fixed: - 9p: explicitly deny setlease attempts (git-fixes). - ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes). - ACPI: disable -Wstringop-truncation (git-fixes). - ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes). - ACPI: LPSS: Advertise number of chip selects via property (git-fixes). - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (git-fixes). - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - ALSA: core: Fix NULL module pointer assignment at card init (git-fixes). - ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup (git-fixes). - ALSA: line6: Zero-initialize message buffers (stable-fixes). - ARM: 9381/1: kasan: clear stale stack poison (git-fixes). - ASoC: Intel: avs: Fix ASRC module initialization (git-fixes). - ASoC: Intel: avs: Fix potential integer overflow (git-fixes). - ASoC: Intel: avs: ssm4567: Do not ignore route checks (git-fixes). - ASoC: Intel: Disable route checks for Skylake boards (git-fixes). - ASoC: kirkwood: Fix potential NULL dereference (git-fixes). - ASoC: mediatek: mt8192: fix register configuration for tdm (git-fixes). - ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes). - ASoC: meson: axg-fifo: use threaded irq to check periods (git-fixes). - ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (git-fixes). - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes). - ata: pata_legacy: make legacy_exit() work again (git-fixes). - ata: sata_gemini: Check clk_enable() result (stable-fixes). - autofs: use wake_up() instead of wake_up_interruptible(() (bsc#1224166). - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (git-fixes). - Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() (git-fixes). - Bluetooth: hci_sync: Do not double print name in add/remove adv_monitor (bsc#1216358). - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (git-fixes). - Bluetooth: msft: fix slab-use-after-free in msft_do_close() (git-fixes). - Bluetooth: qca: add missing firmware sanity checks (git-fixes). - Bluetooth: qca: Fix error code in qca_read_fw_build_info() (git-fixes). - Bluetooth: qca: fix firmware check error path (git-fixes). - Bluetooth: qca: fix info leak when fetching fw build id (git-fixes). - Bluetooth: qca: fix NVM configuration parsing (git-fixes). - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes) - bpf: decouple prune and jump points (bsc#1225756). - bpf: fix precision backtracking instruction iteration (bsc#1225756). - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (git-fixes). - bpf: handle ldimm64 properly in check_cfg() (bsc#1225756). - bpf: mostly decouple jump history management from is_state_visited() (bsc#1225756). - bpf: remove unnecessary prune and jump points (bsc#1225756). - btrfs: add error messages to all unrecognized mount options (git-fixes) - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes) - btrfs: extend locking to all space_info members accesses (git-fixes) - btrfs: fix btrfs_submit_compressed_write cgroup attribution (git-fixes) - btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes) - btrfs: fix missing blkdev_put() call in btrfs_scan_one_device() (git-fixes) - btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes) - btrfs: fix qgroup reserve overflow the qgroup limit (git-fixes) - btrfs: fix silent failure when deleting root reference (git-fixes) - btrfs: fix use-after-free after failure to create a snapshot (git-fixes) - btrfs: free exchange changeset on failures (git-fixes) - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: make search_csum_tree return 0 if we get -EFBIG (git-fixes) - btrfs: prevent copying too big compressed lzo segment (git-fixes) - btrfs: remove BUG_ON(!eie) in find_parent_nodes (git-fixes) - btrfs: remove BUG_ON() in find_parent_nodes() (git-fixes) - btrfs: repair super block num_devices automatically (git-fixes) - btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling (git-fixes) - btrfs: send: ensure send_fd is writable (git-fixes) - btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes) - btrfs: send: in case of IO error log it (git-fixes) - btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes) - btrfs: tree-checker: check item_size for dev_item (git-fixes) - btrfs: tree-checker: check item_size for inode_item (git-fixes) - cifs: account for primary channel in the interface list (bsc#1224020). - cifs: cifs_chan_is_iface_active should be called with chan_lock held (bsc#1224020). - cifs: distribute channels across interfaces based on speed (bsc#1224020). - cifs: do not pass cifs_sb when trying to add channels (bsc#1224020). - cifs: failure to add channel on iface should bump up weight (git-fixes, bsc#1224020). - cifs: fix charset issue in reconnection (bsc#1224020). - cifs: fix leak of iface for primary channel (git-fixes, bsc#1224020). - cifs: handle cases where a channel is closed (bsc#1224020). - cifs: handle cases where multiple sessions share connection (bsc#1224020). - cifs: reconnect work should have reference on server struct (bsc#1224020). - clk: Do not hold prepare_lock when calling kref_put() (stable-fixes). - clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes). - counter: stm32-lptimer-cnt: Provide defines for clock polarities (git-fixes). - counter: stm32-timer-cnt: Provide defines for slave mode selection (git-fixes). - cppc_cpufreq: Fix possible null pointer dereference (git-fixes). - cpu/hotplug: Remove the 'cpu' member of cpuhp_cpu_state (git-fixes). - cpumask: Add for_each_cpu_from() (bsc#1225053). - crypto: bcm - Fix pointer arithmetic (git-fixes). - crypto: ccp - drop platform ifdef checks (git-fixes). - crypto: ecdsa - Fix module auto-load on add-key (git-fixes). - crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes). - dmaengine: axi-dmac: fix possible race in remove() (git-fixes). - dmaengine: idma64: Add check for dma_set_max_seg_size (git-fixes). - dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users (git-fixes). - dm-multipath: dont't attempt SG_IO on non-SCSI-disks (bsc#1223575). - docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes). - drivers/nvme: Add quirks for device 126f:2262 (git-fixes). - drm/amd/display: Atom Integrated System Info v2_2 for DCN35 (stable-fixes). - drm/amd/display: Fix division by zero in setup_dsc_config (stable-fixes). - drm/amd/display: Fix potential index out of bounds in color transformation function (git-fixes). - drm/amd/display: Handle Y carry-over in VCP X.Y calculation (stable-fixes). - drm/amd: Flush GFXOFF requests in prepare stage (git-fixes). - drm/amdgpu: Refine IB schedule error logging (stable-fixes). - drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (git-fixes). - drm/arm/malidp: fix a possible null pointer dereference (git-fixes). - drm/bridge: anx7625: Do not log an error when DSI host can't be found (git-fixes). - drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (git-fixes). - drm/bridge: dpc3433: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: icn6211: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt8912b: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt9611: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (git-fixes). - drm/connector: Add \n to message about demoting connector force-probes (git-fixes). - drm/i915/bios: Fix parsing backlight BDB data (git-fixes). - drm/lcdif: Do not disable clocks on already suspended hardware (git-fixes). - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes). - drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes). - drm/meson: dw-hdmi: power up phy on device init (git-fixes). - drm/meson: vclk: fix calculation of 59.94 fractional rates (git-fixes). - drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes). - drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes). - drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (git-fixes). - drm/nouveau/dp: Do not probe eDP ports twice harder (stable-fixes). - drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD does not assert (git-fixes). - drm/panel: novatek-nt35950: Do not log an error when DSI host can't be found (git-fixes). - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (git-fixes). - drm: vc4: Fix possible null pointer dereference (git-fixes). - dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes) - dyndbg: fix old BUG_ON in >control parser (stable-fixes). - efi: libstub: only free priv.runtime_map when allocated (git-fixes). - extcon: max8997: select IRQ_DOMAIN instead of depending on it (git-fixes). - fail_function: fix wrong use of fei_attr_remove(). - fbdev: savage: Handle err return when savagefb_check_var failed (git-fixes). - fbdev: shmobile: fix snprintf truncation (git-fixes). - fbdev: sisfb: hide unused variables (git-fixes). - firewire: ohci: mask bus reset interrupts between ISR and bottom half (stable-fixes). - firmware: dmi-id: add a release callback function (git-fixes). - firmware: raspberrypi: Use correct device for DMA mappings (git-fixes). - fs/9p: drop inodes immediately on non-.L too (git-fixes). - fs/9p: only translate RWX permissions for plain 9P2000 (git-fixes). - fs/9p: translate O_TRUNC into OTRUNC (git-fixes). - gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes). - gpio: wcove: Use -ENOTSUPP consistently (stable-fixes). - gpu: host1x: Do not setup DMA for virtual devices (stable-fixes). - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (git-fixes). - hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock (git-fixes). - hwmon: (corsair-cpro) Use a separate buffer for sending commands (git-fixes). - hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() (git-fixes). - hwmon: (lm70) fix links in doc and comments (git-fixes). - hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us (git-fixes). - i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame (git-fixes). - i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (git-fixes). - IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes) - idpf: extend tx watchdog timeout (bsc#1224137). - iio: core: Leave private pointer NULL when no private data supplied (git-fixes). - iio: pressure: dps310: support negative temperature values (git-fixes). - Input: cyapa - add missing input core locking to suspend/resume functions (git-fixes). - Input: ims-pcu - fix printf string overflow (git-fixes). - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (git-fixes). - iomap: Fix inline extent handling in iomap_readpage (git-fixes) - iomap: iomap: fix memory corruption when recording errors during writeback (git-fixes) - iomap: Support partial direct I/O on user copy failures (git-fixes) - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331) - io_uring/unix: drop usage of io_uring socket (git-fixes). - irqchip/gic-v3-its: Prevent double free on error (git-fixes). - jffs2: prevent xattr node from overflowing the eraseblock (git-fixes). - kABI: bpf: struct bpf_insn_aux_data kABI workaround (bsc#1225756). - kcm: do not sense pfmemalloc status in kcm_sendpage() (git-fixes bsc#1223959) - KEYS: trusted: Do not use WARN when encode fails (git-fixes). - KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes). - KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1224794). - leds: pwm: Disable PWM when going to suspend (git-fixes). - libsubcmd: Fix parse-options memory leak (git-fixes). - locking/atomic: Make test_and_*_bit() ordered on failure (git-fixes). - media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (git-fixes). - media: dt-bindings: ovti,ov2680: Fix the power supply names (git-fixes). - media: mc: mark the media devnode as registered from the, start (git-fixes). - media: ngene: Add dvb_ca_en50221_init return value check (git-fixes). - media: stk1160: fix bounds checking in stk1160_copy_video() (git-fixes). - mei: me: add lunar lake point M DID (stable-fixes). - mfd: intel-lpss: Revert 'Add missing check for platform_get_resource' (git-fixes). - mfd: ti_am335x_tscadc: Support the correctly spelled DT property (git-fixes). - mfd: tqmx86: Specify IO port register range more precisely (git-fixes). - mlxbf_gige: Enable the GigE port in mlxbf_gige_open (git-fixes). - mlxbf_gige: Fix intermittent no ip issue (git-fixes). - mlxbf_gige: stop PHY during open() error paths (git-fixes). - mmc: sdhci_am654: Add tuning algorithm for delay chain (git-fixes). - mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes). - Move upstreamed patches into sorted section - mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (git-fixes). - mtd: rawnand: hynix: fixed typo (git-fixes). - net: do not sense pfmemalloc status in skb_append_pagefrags() (git-fixes bsc#1223959) - netfilter: nf_tables: bail out early if hardware offload is not supported (git-fixes bsc#1223961) - net: introduce __skb_fill_page_desc_noacc (git-fixes bsc#1223959) - net: nfc: remove inappropriate attrs check (stable-fixes). - net: qualcomm: rmnet: fix global oob in rmnet_policy (git-fixes). - net: usb: ax88179_178a: fix link status when link is set to down/up (git-fixes). - net:usb:qmi_wwan: support Rolling modules (stable-fixes). - net: usb: smsc95xx: stop lying about skb->truesize (git-fixes). - net: usb: sr9700: stop lying about skb->truesize (git-fixes). - net: vmxnet3: Fix NULL pointer dereference in vmxnet3_rq_rx_complete() (bsc#1223360). - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes). - nfc: nci: Fix uninit-value in nci_rx_work (git-fixes). - nilfs2: fix out-of-range warning (git-fixes). - nilfs2: fix unexpected freezing of nilfs_segctor_sync() (git-fixes). - nilfs2: fix use-after-free of timer for log writer thread (git-fixes). - nilfs2: make superblock data array index computation sparse friendly (git-fixes). - nvme: ensure disabling pairs with unquiesce (bsc#1224534). - nvme: fix miss command type check (git-fixes). - nvme: fix multipath batched completion accounting (git-fixes). - nvme-multipath: fix io accounting on failover (git-fixes). - nvmet: fix ns enable/disable possible hang (git-fixes). - PCI: dwc: Detect iATU settings after getting 'addr_space' resource (git-fixes). - PCI: dwc: ep: Fix DBI access failure for drivers requiring refclk from host (git-fixes). - PCI: dwc: Use the bitmap API to allocate bitmaps (git-fixes). - PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (git-fixes). - PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (git-fixes). - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (git-fixes). - PCI: tegra194: Fix probe path for Endpoint mode (git-fixes). - pinctrl: armada-37xx: remove an unused variable (git-fixes). - pinctrl: core: delete incorrect free in pinctrl_enable() (git-fixes). - pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() (stable-fixes). - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (git-fixes). - pinctrl/meson: fix typo in PDM's pin name (git-fixes). - pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T (git-fixes). - platform/x86/intel-uncore-freq: Do not present root domain on error (git-fixes). - platform/x86: xiaomi-wmi: Fix race condition when reporting key events (git-fixes). - powerpc/eeh: Permanently disable the removed device (bsc#1223991 ltc#205740). - powerpc/eeh: Small refactor of eeh_handle_normal_event() (bsc#1223991 ltc#205740). - powerpc/eeh: Use a goto for recovery failures (bsc#1223991 ltc#205740). - powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729). - powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes). - powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783). - powerpc/uaccess: Fix build errors seen with GCC 13/14 (bsc#1194869). - powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869). - power: rt9455: hide unused rt9455_boost_voltage_values (git-fixes). - ppdev: Add an error check in register_device (git-fixes). - printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1225616). - qibfs: fix dentry leak (git-fixes) - RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes) - RDMA/hns: Fix deadlock on SRQ async events. (git-fixes) - RDMA/hns: Fix GMV table pagesize (git-fixes) - RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes) - RDMA/hns: Fix UAF for cq async event (git-fixes) - RDMA/hns: Modify the print level of CQE error (git-fixes) - RDMA/hns: Use complete parentheses in macros (git-fixes) - RDMA/IPoIB: Fix format truncation compilation errors (git-fixes) - RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes) - RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes) - RDMA/rxe: Add ibdev_dbg macros for rxe (git-fixes) - RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes) - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes) - RDMA/rxe: Fix the problem 'mutex_destroy missing' (git-fixes) - RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c (git-fixes) - RDMA/rxe: Split rxe_run_task() into two subroutines (git-fixes) - regulator: bd71828: Do not overwrite runtime voltages (git-fixes). - regulator: core: fix debugfs creation regression (git-fixes). - regulator: mt6360: De-capitalize devicetree regulator subnodes (git-fixes). - remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (git-fixes). - Revert 'cifs: reconnect work should have reference on server struct' (git-fixes, bsc#1224020). - Revert 'drm/bridge: ti-sn65dsi83: Fix enable error path' (git-fixes). - ring-buffer: Fix a race between readers and resize checks (git-fixes). - s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes bsc#1224795). - s390/cio: fix tracepoint subchannel type field (git-fixes bsc#1224796). - s390/cpum_cf: make crypto counters upward compatible across machine types (bsc#1224346). - s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (git-fixes bsc#1225139). - s390/ipl: Fix incorrect initialization of nvme dump block (git-fixes bsc#1225138). - sched/topology: Optimize topology_span_sane() (bsc#1225053). - scsi: arcmsr: Support new PCI device IDs 1883 and 1886 (git-fixes). - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes). - scsi: core: Consult supported VPD page list prior to fetching page (git-fixes). - scsi: core: Fix unremoved procfs host directory regression (git-fixes). - scsi: csiostor: Avoid function pointer casts (git-fixes). - scsi: libfc: Do not schedule abort twice (git-fixes). - scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (git-fixes). - scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842). - scsi: lpfc: Change default logging level for unsolicited CT MIB commands (bsc#1225842). - scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask (bsc#1225842). - scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (bsc#1225842). - scsi: lpfc: Copyright updates for 14.4.0.2 patches (bsc#1225842). - scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (bsc#1225842). - scsi: lpfc: Update logging of protection type for T10 DIF I/O (bsc#1225842). - scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842). - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (git-fixes). - scsi: mylex: Fix sysfs buffer lengths (git-fixes). - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (git-fixes). - scsi: sd: Unregister device if device_add_disk() failed in sd_probe() (git-fixes). - selftests/pidfd: Fix config for pidfd_setns_test (git-fixes). - serial: 8250_bcm7271: use default_mux_rate if possible (git-fixes). - serial: kgdboc: Fix NMI-safety problems from keyboard reset code (stable-fixes). - serial: max3100: Fix bitwise types (git-fixes). - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (git-fixes). - serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (git-fixes). - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (git-fixes). - serial: sh-sci: protect invalidating RXDMA on shutdown (git-fixes). - smb3: show beginning time for per share stats (bsc#1224020). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - smb: client: fix mount when dns_resolver key is not available (git-fixes, bsc#1224020). - smb: client: get rid of dfs code dep in namespace.c (bsc#1224020). - smb: client: get rid of dfs naming in automount code (bsc#1224020). - smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1224020). - smb: client: reduce stack usage in cifs_try_adding_channels() (bsc#1224020). - smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (bsc#1224020). - smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1224020). - soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes). - soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (git-fixes). - Sort recent BHI patches - speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes). - spmi: Add a check for remove callback when removing a SPMI driver (git-fixes). - spmi: hisi-spmi-controller: Do not override device identifier (git-fixes). - swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331). - swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331) - swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331) - swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331) - sysv: do not call sb_bread() with pointers_lock held (git-fixes). - thermal/drivers/tsens: Fix null pointer dereference (git-fixes). - tools/latency-collector: Fix -Wformat-security compile warns (git-fixes). - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer (bsc#1225535) - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (git-fixes). - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (git-fixes). - tracing: hide unused ftrace_event_id_fops (git-fixes). - tty: n_gsm: fix missing receive state reset after mode switch (git-fixes). - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (git-fixes). - usb: aqc111: stop lying about skb->truesize (git-fixes). - USB: core: Add hub_get() and hub_put() routines (git-fixes). - USB: core: Fix access violation during port device removal (git-fixes). - USB: core: Fix deadlock in port 'disable' sysfs attribute (git-fixes). - usb: dwc3: core: Prevent phy suspend during init (Git-fixes). - usb: gadget: u_audio: Clear uac pointer when freed (git-fixes). - usb: typec: tipd: fix event checking for tps6598x (git-fixes). - usb: typec: ucsi: displayport: Fix potential deadlock (git-fixes). - VMCI: Fix an error handling path in vmci_guest_probe_device() (git-fixes). - VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (stable-fixes). - vmci: prevent speculation leaks by sanitizing event in event_deliver() (git-fixes). - watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (git-fixes). - watchdog: ixp4xx: Make sure restart always works (git-fixes). - watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (git-fixes). - wifi: ar5523: enable proper endpoint verification (git-fixes). - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes). - wifi: ath10k: poll service ready message before failing (git-fixes). - wifi: ath10k: populate board data for WCN3990 (git-fixes). - wifi: ath11k: do not force enable power save on non-running vdevs (git-fixes). - wifi: carl9170: add a proper sanity check for endpoints (git-fixes). - wifi: carl9170: re-fix fortified-memset warning (git-fixes). - wifi: cfg80211: fix rdev_dump_mpp() arguments order (stable-fixes). - wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (stable-fixes). - wifi: mwl8k: initialize cmd->addr[] properly (git-fixes). - x86/boot: Ignore NMIs during very early boot (git-fixes). - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes). - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (git-fixes). - x86/bugs: Fix BHI documentation (git-fixes). - x86/bugs: Fix BHI handling of RRSBA (git-fixes). - x86/bugs: Fix BHI retpoline check (git-fixes). - x86/bugs: Fix return type of spectre_bhi_state() (git-fixes). - x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes). - x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes). - x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes). - x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (git-fixes). - x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes). - x86/lib: Fix overflow when counting digits (git-fixes). - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes). - x86/nmi: Drop unused declaration of proc_nmi_enabled() (git-fixes). - x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes). - x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes). - x86/sme: Fix memory encryption setting if enabled by default and not overridden (git-fixes). - x86/tdx: Preserve shared bit on mprotect() (git-fixes). - xfs: fix exception caused by unexpected illegal bestcount in leaf dir (git-fixes). - xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork (git-fixes). - xfs: fix imprecise logic in xchk_btree_check_block_owner (git-fixes). - xfs: fix inode reservation space for removing transaction (git-fixes). - xfs: shrink failure needs to hold AGI buffer (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2264-1 Released: Tue Jul 2 10:14:25 2024 Summary: Recommended update for python-rpm-macros Type: recommended Severity: moderate References: This update for python-rpm-macros fixes the following issues: - Update to version 20240618.1e386da: * Fix python_clone sed regex - Update to version 20240614.02920b8: * Make sure that RPM_BUILD_ROOT env is set * don't eliminate any cmdline arguments in the shebang line * Create python313 macros - Update to version 20240415.c664b45: * Fix typo 310 -> 312 in default-prjconf - Update to version 20240202.501440e: * SPEC0: Drop python39, add python312 to buildset (#169) - Update to version 20231220.98427f3: * fix python2_compile macro - Update to version 20231207.46c2ec3: * make FLAVOR_compile compatible with python2 - Update to version 20231204.dd64e74: * Combine fix_shebang in one line * New macro FLAVOR_fix_shebang_path * Use realpath in %python_clone macro shebang replacement * Compile and fix_shebang in %python_install macros - Update to version 20231010.0a1f0d9: * Revert 'Compile and fix_shebang in %python_install macros' - Update to version 20231010.a32e110: * Compile and fix_shebang in %python_install macros - Update to version 20231005.bf2d3ab: * Fix shebang also in sbin with macro _fix_shebang - Update to version 20230609.6fe8111: * move compile loop to python * remove python38 The following package changes have been done: - kernel-macros-5.14.21-150500.55.68.1 updated - python-rpm-macros-20240618.1e386da-150400.3.13.1 updated - kernel-devel-5.14.21-150500.55.68.1 updated - kernel-default-devel-5.14.21-150500.55.68.1 updated - kernel-syms-5.14.21-150500.55.68.1 updated From sle-container-updates at lists.suse.com Wed Jul 3 07:05:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 3 Jul 2024 09:05:22 +0200 (CEST) Subject: SUSE-CU-2024:2973-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240703070522.B066EFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2973-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.17.6 , bci/bci-sle15-kernel-module-devel:latest Container Release : 17.6 Severity : important Type : security References : 1012628 1065729 1181674 1187716 1188441 1193599 1194869 1207948 1208593 1209657 1213573 1214852 1215199 1216196 1216358 1216702 1217169 1217384 1217408 1217489 1217750 1217959 1218205 1218336 1218447 1218779 1218917 1219104 1219170 1219596 1219623 1219834 1220021 1220045 1220120 1220148 1220328 1220342 1220428 1220430 1220569 1220587 1220783 1220915 1221044 1221293 1221303 1221504 1221612 1221615 1221635 1221645 1221649 1221765 1221777 1221783 1221816 1221829 1221830 1221858 1222048 1222173 1222264 1222273 1222294 1222301 1222303 1222304 1222307 1222357 1222366 1222368 1222371 1222378 1222385 1222422 1222426 1222428 1222437 1222445 1222459 1222464 1222489 1222522 1222525 1222532 1222557 1222559 1222563 1222585 1222596 1222606 1222608 1222613 1222615 1222618 1222622 1222624 1222627 1222630 1222635 1222721 1222727 1222769 1222771 1222775 1222777 1222780 1222782 1222793 1222799 1222801 1222968 1223007 1223011 1223015 1223020 1223023 1223024 1223033 1223034 1223035 1223038 1223039 1223041 1223045 1223046 1223051 1223052 1223058 1223060 1223061 1223076 1223077 1223111 1223113 1223138 1223143 1223187 1223189 1223190 1223191 1223198 1223202 1223285 1223315 1223338 1223369 1223380 1223384 1223390 1223439 1223462 1223532 1223539 1223575 1223590 1223591 1223592 1223593 1223625 1223629 1223633 1223634 1223637 1223641 1223643 1223649 1223650 1223651 1223652 1223653 1223654 1223655 1223660 1223661 1223664 1223665 1223666 1223668 1223669 1223670 1223671 1223675 1223677 1223678 1223686 1223692 1223693 1223695 1223696 1223698 1223705 1223712 1223718 1223728 1223732 1223735 1223739 1223741 1223744 1223745 1223747 1223748 1223749 1223750 1223752 1223754 1223757 1223759 1223761 1223762 1223774 1223782 1223787 1223788 1223789 1223790 1223802 1223805 1223810 1223822 1223827 1223831 1223834 1223838 1223869 1223870 1223871 1223872 1223874 1223944 1223945 1223946 1223991 1224076 1224096 1224098 1224099 1224137 1224166 1224174 1224177 1224180 1224181 1224331 1224400 1224423 1224429 1224430 1224432 1224433 1224437 1224438 1224442 1224443 1224445 1224449 1224477 1224479 1224480 1224481 1224482 1224486 1224487 1224488 1224491 1224492 1224493 1224494 1224495 1224500 1224501 1224502 1224504 1224505 1224506 1224507 1224508 1224509 1224511 1224513 1224517 1224519 1224521 1224524 1224525 1224526 1224530 1224531 1224534 1224537 1224541 1224542 1224543 1224546 1224550 1224552 1224553 1224555 1224557 1224558 1224559 1224562 1224565 1224566 1224567 1224568 1224569 1224571 1224573 1224576 1224577 1224578 1224579 1224580 1224581 1224582 1224585 1224586 1224587 1224588 1224592 1224596 1224598 1224600 1224601 1224602 1224603 1224605 1224607 1224608 1224609 1224611 1224613 1224615 1224617 1224618 1224620 1224621 1224622 1224623 1224624 1224626 1224627 1224628 1224629 1224630 1224632 1224633 1224634 1224636 1224637 1224638 1224639 1224640 1224643 1224644 1224645 1224646 1224647 1224648 1224649 1224650 1224651 1224652 1224653 1224654 1224657 1224660 1224663 1224664 1224665 1224666 1224667 1224668 1224671 1224672 1224674 1224675 1224676 1224677 1224678 1224679 1224680 1224681 1224682 1224683 1224685 1224686 1224687 1224688 1224692 1224696 1224697 1224699 1224701 1224703 1224704 1224705 1224706 1224707 1224709 1224710 1224712 1224714 1224716 1224717 1224718 1224719 1224720 1224721 1224722 1224723 1224725 1224727 1224728 1224729 1224730 1224731 1224732 1224733 1224736 1224738 1224739 1224740 1224741 1224742 1224747 1224749 1224763 1224764 1224765 1224766 1224790 1224792 1224793 1224803 1224804 1224866 1224936 1224989 1225007 1225053 1225133 1225134 1225136 1225172 1225502 1225578 1225579 1225580 1225593 1225598 1225605 1225607 1225610 1225616 1225618 1225640 1225642 1225692 1225694 1225695 1225696 1225698 1225699 1225704 1225705 1225708 1225710 1225712 1225714 1225715 1225720 1225722 1225728 1225734 1225735 1225736 1225747 1225748 1225749 1225750 1225756 1225765 1225766 1225769 1225773 1225775 1225842 1225945 1226158 CVE-2023-0160 CVE-2023-52434 CVE-2023-52458 CVE-2023-52472 CVE-2023-52503 CVE-2023-52616 CVE-2023-52618 CVE-2023-52631 CVE-2023-52635 CVE-2023-52640 CVE-2023-52641 CVE-2023-52645 CVE-2023-52652 CVE-2023-52653 CVE-2023-52654 CVE-2023-52655 CVE-2023-52657 CVE-2023-52658 CVE-2023-52659 CVE-2023-52660 CVE-2023-52661 CVE-2023-52662 CVE-2023-52663 CVE-2023-52664 CVE-2023-52667 CVE-2023-52669 CVE-2023-52670 CVE-2023-52671 CVE-2023-52673 CVE-2023-52674 CVE-2023-52675 CVE-2023-52676 CVE-2023-52678 CVE-2023-52679 CVE-2023-52680 CVE-2023-52681 CVE-2023-52683 CVE-2023-52685 CVE-2023-52686 CVE-2023-52687 CVE-2023-52690 CVE-2023-52691 CVE-2023-52692 CVE-2023-52693 CVE-2023-52694 CVE-2023-52695 CVE-2023-52696 CVE-2023-52697 CVE-2023-52698 CVE-2023-52771 CVE-2023-52772 CVE-2023-52860 CVE-2023-52882 CVE-2023-6238 CVE-2023-7042 CVE-2024-0639 CVE-2024-21823 CVE-2024-22099 CVE-2024-23848 CVE-2024-24861 CVE-2024-25739 CVE-2024-26601 CVE-2024-26611 CVE-2024-26614 CVE-2024-26632 CVE-2024-26638 CVE-2024-26642 CVE-2024-26643 CVE-2024-26650 CVE-2024-26654 CVE-2024-26656 CVE-2024-26657 CVE-2024-26671 CVE-2024-26673 CVE-2024-26674 CVE-2024-26679 CVE-2024-26684 CVE-2024-26685 CVE-2024-26692 CVE-2024-26704 CVE-2024-26714 CVE-2024-26726 CVE-2024-26731 CVE-2024-26733 CVE-2024-26737 CVE-2024-26739 CVE-2024-26740 CVE-2024-26742 CVE-2024-26760 CVE-2024-267600 CVE-2024-26761 CVE-2024-26764 CVE-2024-26769 CVE-2024-26772 CVE-2024-26773 CVE-2024-26774 CVE-2024-26775 CVE-2024-26783 CVE-2024-26786 CVE-2024-26791 CVE-2024-26793 CVE-2024-26794 CVE-2024-26802 CVE-2024-26805 CVE-2024-26807 CVE-2024-26815 CVE-2024-26816 CVE-2024-26822 CVE-2024-26832 CVE-2024-26836 CVE-2024-26844 CVE-2024-26846 CVE-2024-26853 CVE-2024-26854 CVE-2024-26855 CVE-2024-26856 CVE-2024-26857 CVE-2024-26858 CVE-2024-26860 CVE-2024-26861 CVE-2024-26862 CVE-2024-26866 CVE-2024-26868 CVE-2024-26870 CVE-2024-26878 CVE-2024-26881 CVE-2024-26882 CVE-2024-26883 CVE-2024-26884 CVE-2024-26885 CVE-2024-26899 CVE-2024-26900 CVE-2024-26901 CVE-2024-26903 CVE-2024-26906 CVE-2024-26909 CVE-2024-26921 CVE-2024-26922 CVE-2024-26923 CVE-2024-26925 CVE-2024-26928 CVE-2024-26932 CVE-2024-26933 CVE-2024-26934 CVE-2024-26935 CVE-2024-26937 CVE-2024-26938 CVE-2024-26940 CVE-2024-26943 CVE-2024-26945 CVE-2024-26946 CVE-2024-26948 CVE-2024-26949 CVE-2024-26950 CVE-2024-26951 CVE-2024-26957 CVE-2024-26958 CVE-2024-26960 CVE-2024-26961 CVE-2024-26962 CVE-2024-26963 CVE-2024-26964 CVE-2024-26972 CVE-2024-26973 CVE-2024-26978 CVE-2024-26981 CVE-2024-26982 CVE-2024-26983 CVE-2024-26984 CVE-2024-26986 CVE-2024-26988 CVE-2024-26989 CVE-2024-26990 CVE-2024-26991 CVE-2024-26992 CVE-2024-26993 CVE-2024-26994 CVE-2024-26995 CVE-2024-26996 CVE-2024-26997 CVE-2024-26999 CVE-2024-27000 CVE-2024-27001 CVE-2024-27002 CVE-2024-27003 CVE-2024-27004 CVE-2024-27008 CVE-2024-27013 CVE-2024-27014 CVE-2024-27022 CVE-2024-27027 CVE-2024-27028 CVE-2024-27029 CVE-2024-27030 CVE-2024-27031 CVE-2024-27036 CVE-2024-27046 CVE-2024-27056 CVE-2024-27057 CVE-2024-27062 CVE-2024-27067 CVE-2024-27080 CVE-2024-27388 CVE-2024-27389 CVE-2024-27393 CVE-2024-27395 CVE-2024-27396 CVE-2024-27398 CVE-2024-27399 CVE-2024-27400 CVE-2024-27401 CVE-2024-27405 CVE-2024-27408 CVE-2024-27410 CVE-2024-27411 CVE-2024-27412 CVE-2024-27413 CVE-2024-27416 CVE-2024-27417 CVE-2024-27418 CVE-2024-27431 CVE-2024-27432 CVE-2024-27434 CVE-2024-27435 CVE-2024-27436 CVE-2024-35784 CVE-2024-35786 CVE-2024-35788 CVE-2024-35789 CVE-2024-35790 CVE-2024-35791 CVE-2024-35794 CVE-2024-35795 CVE-2024-35796 CVE-2024-35799 CVE-2024-35800 CVE-2024-35801 CVE-2024-35803 CVE-2024-35804 CVE-2024-35806 CVE-2024-35808 CVE-2024-35809 CVE-2024-35810 CVE-2024-35811 CVE-2024-35812 CVE-2024-35813 CVE-2024-35814 CVE-2024-35815 CVE-2024-35817 CVE-2024-35819 CVE-2024-35821 CVE-2024-35822 CVE-2024-35823 CVE-2024-35824 CVE-2024-35825 CVE-2024-35828 CVE-2024-35829 CVE-2024-35830 CVE-2024-35833 CVE-2024-35834 CVE-2024-35835 CVE-2024-35836 CVE-2024-35837 CVE-2024-35838 CVE-2024-35841 CVE-2024-35842 CVE-2024-35845 CVE-2024-35847 CVE-2024-35849 CVE-2024-35850 CVE-2024-35851 CVE-2024-35852 CVE-2024-35854 CVE-2024-35860 CVE-2024-35861 CVE-2024-35862 CVE-2024-35863 CVE-2024-35864 CVE-2024-35865 CVE-2024-35866 CVE-2024-35867 CVE-2024-35868 CVE-2024-35869 CVE-2024-35870 CVE-2024-35872 CVE-2024-35875 CVE-2024-35877 CVE-2024-35878 CVE-2024-35879 CVE-2024-35883 CVE-2024-35885 CVE-2024-35887 CVE-2024-35889 CVE-2024-35891 CVE-2024-35895 CVE-2024-35901 CVE-2024-35903 CVE-2024-35904 CVE-2024-35905 CVE-2024-35907 CVE-2024-35909 CVE-2024-35911 CVE-2024-35912 CVE-2024-35914 CVE-2024-35915 CVE-2024-35916 CVE-2024-35917 CVE-2024-35921 CVE-2024-35922 CVE-2024-35924 CVE-2024-35927 CVE-2024-35928 CVE-2024-35930 CVE-2024-35931 CVE-2024-35932 CVE-2024-35933 CVE-2024-35935 CVE-2024-35936 CVE-2024-35937 CVE-2024-35938 CVE-2024-35940 CVE-2024-35943 CVE-2024-35944 CVE-2024-35945 CVE-2024-35946 CVE-2024-35947 CVE-2024-35950 CVE-2024-35951 CVE-2024-35952 CVE-2024-35953 CVE-2024-35954 CVE-2024-35955 CVE-2024-35956 CVE-2024-35958 CVE-2024-35959 CVE-2024-35960 CVE-2024-35961 CVE-2024-35963 CVE-2024-35964 CVE-2024-35965 CVE-2024-35966 CVE-2024-35967 CVE-2024-35969 CVE-2024-35971 CVE-2024-35972 CVE-2024-35973 CVE-2024-35974 CVE-2024-35975 CVE-2024-35977 CVE-2024-35978 CVE-2024-35981 CVE-2024-35982 CVE-2024-35984 CVE-2024-35986 CVE-2024-35989 CVE-2024-35990 CVE-2024-35991 CVE-2024-35992 CVE-2024-35995 CVE-2024-35997 CVE-2024-35999 CVE-2024-36002 CVE-2024-36006 CVE-2024-36007 CVE-2024-36009 CVE-2024-36011 CVE-2024-36012 CVE-2024-36013 CVE-2024-36014 CVE-2024-36015 CVE-2024-36016 CVE-2024-36018 CVE-2024-36019 CVE-2024-36020 CVE-2024-36021 CVE-2024-36025 CVE-2024-36026 CVE-2024-36029 CVE-2024-36030 CVE-2024-36032 CVE-2024-36880 CVE-2024-36885 CVE-2024-36890 CVE-2024-36891 CVE-2024-36893 CVE-2024-36894 CVE-2024-36895 CVE-2024-36896 CVE-2024-36897 CVE-2024-36898 CVE-2024-36906 CVE-2024-36918 CVE-2024-36921 CVE-2024-36922 CVE-2024-36928 CVE-2024-36930 CVE-2024-36931 CVE-2024-36936 CVE-2024-36940 CVE-2024-36941 CVE-2024-36942 CVE-2024-36944 CVE-2024-36947 CVE-2024-36949 CVE-2024-36950 CVE-2024-36951 CVE-2024-36955 CVE-2024-36959 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2203-1 Released: Tue Jun 25 15:04:37 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1065729,1181674,1187716,1193599,1194869,1207948,1208593,1209657,1213573,1214852,1215199,1216196,1216358,1216702,1217169,1217384,1217408,1217489,1217750,1217959,1218205,1218336,1218447,1218779,1218917,1219104,1219170,1219596,1219623,1219834,1220021,1220045,1220120,1220148,1220328,1220342,1220428,1220430,1220569,1220587,1220783,1220915,1221044,1221293,1221303,1221504,1221612,1221615,1221635,1221645,1221649,1221765,1221777,1221783,1221816,1221829,1221830,1221858,1222048,1222173,1222264,1222273,1222294,1222301,1222303,1222304,1222307,1222357,1222366,1222368,1222371,1222378,1222385,1222422,1222426,1222428,1222437,1222445,1222459,1222464,1222489,1222522,1222525,1222532,1222557,1222559,1222563,1222585,1222596,1222606,1222608,1222613,1222615,1222618,1222622,1222624,1222627,1222630,1222635,1222721,1222727,1222769,1222771,1222775,1222777,1222780,1222782,1222793,1222799,1222801,1222968,1223007,1223011,1223015,1223020,1223023,1223024,1223033,1223034,1223035,1223038,1223039,1 223041,1223045,1223046,1223051,1223052,1223058,1223060,1223061,1223076,1223077,1223111,1223113,1223138,1223143,1223187,1223189,1223190,1223191,1223198,1223202,1223285,1223315,1223338,1223369,1223380,1223384,1223390,1223439,1223462,1223532,1223539,1223575,1223590,1223591,1223592,1223593,1223625,1223629,1223633,1223634,1223637,1223641,1223643,1223649,1223650,1223651,1223652,1223653,1223654,1223655,1223660,1223661,1223664,1223665,1223666,1223668,1223669,1223670,1223671,1223675,1223677,1223678,1223686,1223692,1223693,1223695,1223696,1223698,1223705,1223712,1223718,1223728,1223732,1223735,1223739,1223741,1223744,1223745,1223747,1223748,1223749,1223750,1223752,1223754,1223757,1223759,1223761,1223762,1223774,1223782,1223787,1223788,1223789,1223790,1223802,1223805,1223810,1223822,1223827,1223831,1223834,1223838,1223869,1223870,1223871,1223872,1223874,1223944,1223945,1223946,1223991,1224076,1224096,1224098,1224099,1224137,1224166,1224174,1224177,1224180,1224181,1224331,1224423,1224429,122443 0,1224432,1224433,1224437,1224438,1224442,1224443,1224445,1224449,1224477,1224479,1224480,1224481,1224482,1224486,1224487,1224488,1224491,1224492,1224493,1224494,1224495,1224500,1224501,1224502,1224504,1224505,1224506,1224507,1224508,1224509,1224511,1224513,1224517,1224519,1224521,1224524,1224525,1224526,1224530,1224531,1224534,1224537,1224541,1224542,1224543,1224546,1224550,1224552,1224553,1224555,1224557,1224558,1224559,1224562,1224565,1224566,1224567,1224568,1224569,1224571,1224573,1224576,1224577,1224578,1224579,1224580,1224581,1224582,1224585,1224586,1224587,1224588,1224592,1224596,1224598,1224600,1224601,1224602,1224603,1224605,1224607,1224608,1224609,1224611,1224613,1224615,1224617,1224618,1224620,1224621,1224622,1224623,1224624,1224626,1224627,1224628,1224629,1224630,1224632,1224633,1224634,1224636,1224637,1224638,1224639,1224640,1224643,1224644,1224645,1224646,1224647,1224648,1224649,1224650,1224651,1224652,1224653,1224654,1224657,1224660,1224663,1224664,1224665,1224666,122 4667,1224668,1224671,1224672,1224674,1224675,1224676,1224677,1224678,1224679,1224680,1224681,1224682,1224683,1224685,1224686,1224687,1224688,1224692,1224696,1224697,1224699,1224701,1224703,1224704,1224705,1224706,1224707,1224709,1224710,1224712,1224714,1224716,1224717,1224718,1224719,1224720,1224721,1224722,1224723,1224725,1224727,1224728,1224729,1224730,1224731,1224732,1224733,1224736,1224738,1224739,1224740,1224741,1224742,1224747,1224749,1224763,1224764,1224765,1224766,1224790,1224792,1224793,1224803,1224804,1224866,1224936,1224989,1225007,1225053,1225133,1225134,1225136,1225172,1225502,1225578,1225579,1225580,1225593,1225605,1225607,1225610,1225616,1225618,1225640,1225642,1225692,1225694,1225695,1225696,1225698,1225699,1225704,1225705,1225708,1225710,1225712,1225714,1225715,1225720,1225722,1225728,1225734,1225735,1225736,1225747,1225748,1225749,1225750,1225756,1225765,1225766,1225769,1225773,1225775,1225842,1225945,1226158,CVE-2023-0160,CVE-2023-52434,CVE-2023-52458,CVE-2023-524 72,CVE-2023-52503,CVE-2023-52616,CVE-2023-52618,CVE-2023-52631,CVE-2023-52635,CVE-2023-52640,CVE-2023-52641,CVE-2023-52645,CVE-2023-52652,CVE-2023-52653,CVE-2023-52654,CVE-2023-52655,CVE-2023-52657,CVE-2023-52658,CVE-2023-52659,CVE-2023-52660,CVE-2023-52661,CVE-2023-52662,CVE-2023-52663,CVE-2023-52664,CVE-2023-52667,CVE-2023-52669,CVE-2023-52670,CVE-2023-52671,CVE-2023-52673,CVE-2023-52674,CVE-2023-52675,CVE-2023-52676,CVE-2023-52678,CVE-2023-52679,CVE-2023-52680,CVE-2023-52681,CVE-2023-52683,CVE-2023-52685,CVE-2023-52686,CVE-2023-52687,CVE-2023-52690,CVE-2023-52691,CVE-2023-52692,CVE-2023-52693,CVE-2023-52694,CVE-2023-52695,CVE-2023-52696,CVE-2023-52697,CVE-2023-52698,CVE-2023-52771,CVE-2023-52772,CVE-2023-52860,CVE-2023-52882,CVE-2023-6238,CVE-2023-7042,CVE-2024-0639,CVE-2024-21823,CVE-2024-22099,CVE-2024-23848,CVE-2024-24861,CVE-2024-25739,CVE-2024-26601,CVE-2024-26611,CVE-2024-26614,CVE-2024-26632,CVE-2024-26638,CVE-2024-26642,CVE-2024-26643,CVE-2024-26650,CVE-2024-26654,CVE-202 4-26656,CVE-2024-26657,CVE-2024-26671,CVE-2024-26673,CVE-2024-26674,CVE-2024-26679,CVE-2024-26684,CVE-2024-26685,CVE-2024-26692,CVE-2024-26704,CVE-2024-26714,CVE-2024-26726,CVE-2024-26731,CVE-2024-26733,CVE-2024-26737,CVE-2024-26739,CVE-2024-26740,CVE-2024-26742,CVE-2024-26760,CVE-2024-267600,CVE-2024-26761,CVE-2024-26764,CVE-2024-26769,CVE-2024-26772,CVE-2024-26773,CVE-2024-26774,CVE-2024-26775,CVE-2024-26783,CVE-2024-26786,CVE-2024-26791,CVE-2024-26793,CVE-2024-26794,CVE-2024-26802,CVE-2024-26805,CVE-2024-26807,CVE-2024-26815,CVE-2024-26816,CVE-2024-26822,CVE-2024-26832,CVE-2024-26836,CVE-2024-26844,CVE-2024-26846,CVE-2024-26853,CVE-2024-26854,CVE-2024-26855,CVE-2024-26856,CVE-2024-26857,CVE-2024-26858,CVE-2024-26860,CVE-2024-26861,CVE-2024-26862,CVE-2024-26866,CVE-2024-26868,CVE-2024-26870,CVE-2024-26878,CVE-2024-26881,CVE-2024-26882,CVE-2024-26883,CVE-2024-26884,CVE-2024-26885,CVE-2024-26899,CVE-2024-26900,CVE-2024-26901,CVE-2024-26903,CVE-2024-26906,CVE-2024-26909,CVE-2024-2692 1,CVE-2024-26922,CVE-2024-26923,CVE-2024-26925,CVE-2024-26928,CVE-2024-26932,CVE-2024-26933,CVE-2024-26934,CVE-2024-26935,CVE-2024-26937,CVE-2024-26938,CVE-2024-26940,CVE-2024-26943,CVE-2024-26945,CVE-2024-26946,CVE-2024-26948,CVE-2024-26949,CVE-2024-26950,CVE-2024-26951,CVE-2024-26957,CVE-2024-26958,CVE-2024-26960,CVE-2024-26961,CVE-2024-26962,CVE-2024-26963,CVE-2024-26964,CVE-2024-26972,CVE-2024-26973,CVE-2024-26978,CVE-2024-26981,CVE-2024-26982,CVE-2024-26983,CVE-2024-26984,CVE-2024-26986,CVE-2024-26988,CVE-2024-26989,CVE-2024-26990,CVE-2024-26991,CVE-2024-26992,CVE-2024-26993,CVE-2024-26994,CVE-2024-26995,CVE-2024-26996,CVE-2024-26997,CVE-2024-26999,CVE-2024-27000,CVE-2024-27001,CVE-2024-27002,CVE-2024-27003,CVE-2024-27004,CVE-2024-27008,CVE-2024-27013,CVE-2024-27014,CVE-2024-27022,CVE-2024-27027,CVE-2024-27028,CVE-2024-27029,CVE-2024-27030,CVE-2024-27031,CVE-2024-27036,CVE-2024-27046,CVE-2024-27056,CVE-2024-27057,CVE-2024-27062,CVE-2024-27067,CVE-2024-27080,CVE-2024-27388,CVE-2 024-27389,CVE-2024-27393,CVE-2024-27395,CVE-2024-27396,CVE-2024-27398,CVE-2024-27399,CVE-2024-27400,CVE-2024-27401,CVE-2024-27405,CVE-2024-27408,CVE-2024-27410,CVE-2024-27411,CVE-2024-27412,CVE-2024-27413,CVE-2024-27416,CVE-2024-27417,CVE-2024-27418,CVE-2024-27431,CVE-2024-27432,CVE-2024-27434,CVE-2024-27435,CVE-2024-27436,CVE-2024-35784,CVE-2024-35786,CVE-2024-35788,CVE-2024-35789,CVE-2024-35790,CVE-2024-35791,CVE-2024-35794,CVE-2024-35795,CVE-2024-35796,CVE-2024-35799,CVE-2024-35800,CVE-2024-35801,CVE-2024-35803,CVE-2024-35804,CVE-2024-35806,CVE-2024-35808,CVE-2024-35809,CVE-2024-35810,CVE-2024-35811,CVE-2024-35812,CVE-2024-35813,CVE-2024-35814,CVE-2024-35815,CVE-2024-35817,CVE-2024-35819,CVE-2024-35821,CVE-2024-35822,CVE-2024-35823,CVE-2024-35824,CVE-2024-35825,CVE-2024-35828,CVE-2024-35829,CVE-2024-35830,CVE-2024-35833,CVE-2024-35834,CVE-2024-35835,CVE-2024-35836,CVE-2024-35837,CVE-2024-35838,CVE-2024-35841,CVE-2024-35842,CVE-2024-35845,CVE-2024-35847,CVE-2024-35849,CVE-2024-358 50,CVE-2024-35851,CVE-2024-35852,CVE-2024-35854,CVE-2024-35860,CVE-2024-35861,CVE-2024-35862,CVE-2024-35863,CVE-2024-35864,CVE-2024-35865,CVE-2024-35866,CVE-2024-35867,CVE-2024-35868,CVE-2024-35869,CVE-2024-35870,CVE-2024-35872,CVE-2024-35875,CVE-2024-35877,CVE-2024-35878,CVE-2024-35879,CVE-2024-35883,CVE-2024-35885,CVE-2024-35887,CVE-2024-35889,CVE-2024-35891,CVE-2024-35895,CVE-2024-35901,CVE-2024-35903,CVE-2024-35904,CVE-2024-35905,CVE-2024-35907,CVE-2024-35909,CVE-2024-35911,CVE-2024-35912,CVE-2024-35914,CVE-2024-35915,CVE-2024-35916,CVE-2024-35917,CVE-2024-35921,CVE-2024-35922,CVE-2024-35924,CVE-2024-35927,CVE-2024-35928,CVE-2024-35930,CVE-2024-35931,CVE-2024-35932,CVE-2024-35933,CVE-2024-35935,CVE-2024-35936,CVE-2024-35937,CVE-2024-35938,CVE-2024-35940,CVE-2024-35943,CVE-2024-35944,CVE-2024-35945,CVE-2024-35946,CVE-2024-35947,CVE-2024-35950,CVE-2024-35951,CVE-2024-35952,CVE-2024-35953,CVE-2024-35954,CVE-2024-35955,CVE-2024-35956,CVE-2024-35958,CVE-2024-35959,CVE-2024-35960,CVE- 2024-35961,CVE-2024-35963,CVE-2024-35964,CVE-2024-35965,CVE-2024-35966,CVE-2024-35967,CVE-2024-35969,CVE-2024-35971,CVE-2024-35972,CVE-2024-35973,CVE-2024-35974,CVE-2024-35975,CVE-2024-35977,CVE-2024-35978,CVE-2024-35981,CVE-2024-35982,CVE-2024-35984,CVE-2024-35986,CVE-2024-35989,CVE-2024-35990,CVE-2024-35991,CVE-2024-35992,CVE-2024-35995,CVE-2024-35997,CVE-2024-35999,CVE-2024-36002,CVE-2024-36006,CVE-2024-36007,CVE-2024-36009,CVE-2024-36011,CVE-2024-36012,CVE-2024-36013,CVE-2024-36014,CVE-2024-36015,CVE-2024-36016,CVE-2024-36018,CVE-2024-36019,CVE-2024-36020,CVE-2024-36021,CVE-2024-36025,CVE-2024-36026,CVE-2024-36029,CVE-2024-36030,CVE-2024-36032,CVE-2024-36880,CVE-2024-36885,CVE-2024-36890,CVE-2024-36891,CVE-2024-36893,CVE-2024-36894,CVE-2024-36895,CVE-2024-36896,CVE-2024-36897,CVE-2024-36898,CVE-2024-36906,CVE-2024-36918,CVE-2024-36921,CVE-2024-36922,CVE-2024-36928,CVE-2024-36930,CVE-2024-36931,CVE-2024-36936,CVE-2024-36940,CVE-2024-36941,CVE-2024-36942,CVE-2024-36944,CVE-2024-36 947,CVE-2024-36949,CVE-2024-36950,CVE-2024-36951,CVE-2024-36955,CVE-2024-36959 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-0160: Fixed deadlock flaw in BPF that could allow a local user to potentially crash the system (bsc#1209657). - CVE-2023-52434: Fixed potential OOBs in smb2_parse_contexts() (bsc#1220148). - CVE-2023-52458: Fixed check that partition length needs to be aligned with block size (bsc#1220428). - CVE-2023-52503: Fixed tee/amdtee use-after-free vulnerability in amdtee_close_session (bsc#1220915). - CVE-2023-52618: Fixed string overflow in block/rnbd-srv (bsc#1221615). - CVE-2023-52631: Fixed an NULL dereference bug (bsc#1222264 CVE-2023-52631). - CVE-2023-52635: Fixed PM/devfreq to synchronize devfreq_monitor_[start/stop] (bsc#1222294). - CVE-2023-52640: Fixed out-of-bounds in ntfs_listxattr (bsc#1222301). - CVE-2023-52641: Fixed NULL ptr dereference checking at the end of attr_allocate_frame() (bsc#1222303) - CVE-2023-52645: Fixed pmdomain/mediatek race conditions with genpd (bsc#1223033). - CVE-2023-52652: Fixed NTB for possible name leak in ntb_register_device() (bsc#1223686). - CVE-2023-52659: Fixed to pfn_to_kaddr() not treated as a 64-bit type (bsc#1224442). - CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put() (bsc#1224727). - CVE-2023-52680: Fixed missing error checks to *_ctl_get() (bsc#1224608). - CVE-2023-52692: Fixed missing error check to scarlett2_usb_set_config() (bsc#1224628). - CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (CVE-2023-52698 bsc#1224621) - CVE-2023-52771: Fixed delete_endpoint() vs parent unregistration race (bsc#1225007). - CVE-2023-52772: Fixed use-after-free in unix_stream_read_actor() (bsc#1224989). - CVE-2023-52860: Fixed null pointer dereference in hisi_hns3 (bsc#1224936). - CVE-2023-6238: Fixed kcalloc() arguments order (bsc#1217384). - CVE-2023-7042: Fixed a null-pointer-dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() (bsc#1218336). - CVE-2024-0639: Fixed a denial-of-service vulnerability due to a deadlock found in sctp_auto_asconf_init in net/sctp/socket.c (bsc#1218917). - CVE-2024-21823: Fixed safety flag to struct ends (bsc#1223625). - CVE-2024-22099: Fixed a null-pointer-dereference in rfcomm_check_security (bsc#1219170). - CVE-2024-23848: Fixed media/cec for possible use-after-free in cec_queue_msg_fh (bsc#1219104). - CVE-2024-24861: Fixed an overflow due to race condition in media/xc4000 device driver in xc4000 xc4000_get_frequency() function (bsc#1219623). - CVE-2024-25739: Fixed possible crash in create_empty_lvol() in drivers/mtd/ubi/vtbl.c (bsc#1219834). - CVE-2024-26601: Fixed ext4 buddy bitmap corruption via fast commit replay (bsc#1220342). - CVE-2024-26614: Fixed the initialization of accept_queue's spinlocks (bsc#1221293). - CVE-2024-26632: Fixed iterating over an empty bio with bio_for_each_folio_all (bsc#1221635). - CVE-2024-26638: Fixed uninitialize struct msghdr completely (bsc#1221649 CVE-2024-26638). - CVE-2024-26642: Fixed the set of anonymous timeout flag in netfilter nf_tables (bsc#1221830). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2024-26654: Fixed use after free in ALSA/sh/aica (bsc#1222304). - CVE-2024-26656: Fixed drm/amdgpu use-after-free bug (bsc#1222307). - CVE-2024-26671: Fixed blk-mq IO hang from sbitmap wakeup race (bsc#1222357). - CVE-2024-26673: Fixed netfilter/nft_ct layer 3 and 4 protocol sanitization (bsc#1222368). - CVE-2024-26674: Revert to _ASM_EXTABLE_UA() for {get,put}_user() fixups (bsc#1222378). - CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385). - CVE-2024-26684: Fixed net/stmmac/xgmac handling of DPP safety error for DMA channels (bsc#1222445). - CVE-2024-26685: Fixed nilfs2 potential bug in end_buffer_async_write (bsc#1222437). - CVE-2024-26692: Fixed regression in writes when non-standard maximum write size negotiated (bsc#1222464). - CVE-2024-26704: Fixed a double-free of blocks due to wrong extents moved_len in ext4 (bsc#1222422). - CVE-2024-26726: Fixed invalid drop extent_map for free space inode on write error (bsc#1222532) - CVE-2024-26731: Fixed NULL pointer dereference in sk_psock_verdict_data_ready() (bsc#1222371). - CVE-2024-26733: Fixed an overflow in arp_req_get() in arp (bsc#1222585). - CVE-2024-26737: Fixed selftests/bpf racing between bpf_timer_cancel_and_free and bpf_timer_cancel (bsc#1222557). - CVE-2024-26740: Fixed use the backlog for mirred ingress (bsc#1222563). - CVE-2024-26760: Fixed bio_put() for error case (bsc#1222596 cve-2024-267600). - CVE-2024-26760: Fixed scsi/target/pscsi bio_put() for error case (bsc#1222596). - CVE-2024-26764: Fixed IOCB_AIO_RW check in fs/aio before the struct aio_kiocb conversion (bsc#1222721). - CVE-2024-26772: Fixed ext4 to avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (bsc#1222613). - CVE-2024-26773: Fixed ext4 block allocation from corrupted group in ext4_mb_try_best_found() (bsc#1222618). - CVE-2024-26774: Fixed dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt (bsc#1222622). - CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627). - CVE-2024-26783: Fixed mm/vmscan bug when calling wakeup_kswapd() with a wrong zone index (bsc#1222615). - CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793) - CVE-2024-26793: Fixed an use-after-free and null-ptr-deref in gtp_newlink() in gtp (bsc#1222428). - CVE-2024-26805: Fixed a kernel-infoleak-after-free in __skb_datagram_iter in netlink (bsc#1222630). - CVE-2024-26807: Fixed spi/cadence-qspi NULL pointer reference in runtime PM hooks (bsc#1222801). - CVE-2024-26815: Fixed improper TCA_TAPRIO_TC_ENTRY_INDEX check (bsc#1222635). - CVE-2024-26816: Fixed relocations in .notes section when building with CONFIG_XEN_PV=y (bsc#1222624). - CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011). - CVE-2024-26832: Fixed missing folio cleanup in writeback race path (bsc#1223007). - CVE-2024-26836: Fixed platform/x86/think-lmi password opcode ordering for workstations (bsc#1222968). - CVE-2024-26844: Fixed WARNING in _copy_from_iter (bsc#1223015). - CVE-2024-26853: Fixed igc returning frame twice in XDP_REDIRECT (bsc#1223061). - CVE-2024-26855: Fixed net/ice potential NULL pointer dereference in ice_bridge_setlink() (bsc#1223051). - CVE-2024-26856: Fixed use-after-free inside sparx5_del_mact_entry (bsc#1223052). - CVE-2024-26857: Fixed geneve to make sure to pull inner header in geneve_rx() (bsc#1223058). - CVE-2024-26860: Fixed a memory leak when rechecking the data (bsc#1223077). - CVE-2024-26861: Fixed wireguard/receive annotate data-race around receiving_counter.counter (bsc#1223076). - CVE-2024-26862: Fixed packet annotate data-races around ignore_outgoing (bsc#1223111). - CVE-2024-26866: Fixed spi/spi-fsl-lpspi by removing redundant spi_controller_put call (bsc#1223024). - CVE-2024-26878: Fixed quota for potential NULL pointer dereference (bsc#1223060). - CVE-2024-26881: Fixed net/hns3 kernel crash when 1588 is received on HIP08 devices (bsc#1223041). - CVE-2024-26882: Fixed net/ip_tunnel to make sure to pull inner header in ip_tunnel_rcv() (bsc#1223034). - CVE-2024-26883: Fixed bpf stackmap overflow check on 32-bit arches (bsc#1223035). - CVE-2024-26884: Fixed bpf hashtab overflow check on 32-bit arches (bsc#1223189). - CVE-2024-26885: Fixed bpf DEVMAP_HASH overflow check on 32-bit arches (bsc#1223190). - CVE-2024-26899: Fixed deadlock between bd_link_disk_holder and partition scan (bsc#1223045). - CVE-2024-26901: Fixed do_sys_name_to_handle() to use kzalloc() to prevent kernel-infoleak (bsc#1223198). - CVE-2024-26906: Fixed invalid vsyscall page read for copy_from_kernel_nofault() (bsc#1223202). - CVE-2024-26909: Fixed drm bridge use-after-free (bsc#1223143). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2024-26923: Fixed false-positive lockdep splat for spin_lock() in __unix_gc() (bsc#1223384). - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390). - CVE-2024-26928: Fix potential UAF in cifs_debug_files_proc_show() (bsc#1223532). - CVE-2024-26945: Fixed nr_cpus < nr_iaa case (bsc#1223732). - CVE-2024-26946: Fixed copy_from_kernel_nofault() to read from unsafe address (bsc#1223669). - CVE-2024-26948: Fixed drm/amd/display by adding dc_state NULL check in dc_state_release (bsc#1223664). - CVE-2024-26950: Fixed wireguard/netlink to access device through ctx instead of peer (bsc#1223661). - CVE-2024-26951: Fixed wireguard/netlink check for dangling peer via is_dead instead of empty list (bsc#1223660). - CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653). - CVE-2024-26960: Fixed mm/swap race between free_swap_and_cache() and swapoff() (bsc#1223655). - CVE-2024-26982: Fixed Squashfs inode number check not to be an invalid value of zero (bsc#1223634). - CVE-2024-26991: Fixed overflow lpage_info when checking attributes (bsc#1223695). - CVE-2024-26993: Fixed fs/sysfs reference leak in sysfs_break_active_protection() (bsc#1223693). - CVE-2024-27013: Fixed tun limit printing rate when illegal packet received by tun device (bsc#1223745). - CVE-2024-27014: Fixed net/mlx5e to prevent deadlock while disabling aRFS (bsc#1223735). - CVE-2024-27022: Fixed linking file vma until vma is fully initialized (bsc#1223774). - CVE-2024-27030: Fixed octeontx2-af to use separate handlers for interrupts (bsc#1223790). - CVE-2024-27036: Fixed writeback data corruption (bsc#1223810). - CVE-2024-27046: Fixed nfp/flower handling acti_netdevs allocation failure (bsc#1223827). - CVE-2024-27056: Fixed wifi/iwlwifi/mvm to ensure offloading TID queue exists (bsc#1223822). - CVE-2024-27062: Fixed nouveau lock inside client object tree (bsc#1223834). - CVE-2024-27389: Fixed pstore inode handling with d_invalidate() (bsc#1223705). - CVE-2024-27395: Fixed Use-After-Free in ovs_ct_exit (bsc#1224098). - CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096). - CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181). - CVE-2024-27408: Fixed race condition in dmaengine w-edma/eDMA (bsc#1224430). - CVE-2024-27417: Fixed potential 'struct net' leak in inet6_rtm_getaddr() (bsc#1224721) - CVE-2024-27418: Fixed memory leak in mctp_local_output (bsc#1224720) - CVE-2024-27431: Fixed Zero-initialise xdp_rxq_info struct before running XDP program (bsc#1224718). - CVE-2024-35852: Fixed memory leak when canceling rehash work (bsc#1224502). - CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636). - CVE-2024-35860: struct bpf_link and bpf_link_ops kABI workaround (bsc#1224531). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668). - CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key() (bsc#1224667). - CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664). - CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678). - CVE-2024-35869: Guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224672). - CVE-2024-35872: Fixed GUP-fast succeeding on secretmem folios (bsc#1224530). - CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525). - CVE-2024-35895: Fixed lock inversion deadlock in map delete elem (bsc#1224511). - CVE-2024-35903: Fixed IP after emitting call depth accounting (bsc#1224493). - CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488). - CVE-2024-35917: Fixed Fix bpf_plt pointer arithmetic (bsc#1224481). - CVE-2024-35921: Fixed oops when HEVC init fails (bsc#1224477). - CVE-2024-35931: Fixed PCI error slot reset during RAS recovery (bsc#1224652). - CVE-2024-35943: Fixed a null pointer dereference in omap_prm_domain_init (bsc#1224649). - CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host() (bsc#1224648). - CVE-2024-35956: Fixed qgroup prealloc rsv leak in subvolume operations (bsc#1224674) - CVE-2024-35964: Fixed not validating setsockopt user input (bsc#1224581). - CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580). - CVE-2024-35991: Fixed kABI workaround for struct idxd_evl (bsc#1224553). - CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550). - CVE-2024-36006: Fixed incorrect list API usage (bsc#1224541). - CVE-2024-36007: Fixed warning during rehash (bsc#1224543). - CVE-2024-36030: Fixed the double free in rvu_npc_freemem() (bsc#1225712) The following non-security bugs were fixed: - 9p: add missing locking around taking dentry fid list (git-fixes) - accel/ivpu: Fix deadlock in context_xa (git-fixes). - ACPI: bus: Indicate support for IRQ ResourceSource thru _OSC (git-fixes). - ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes). - ACPI: bus: Indicate support for the Generic Event Device thru _OSC (git-fixes). - ACPICA: debugger: check status of acpi_evaluate_object() in acpi_db_walk_for_fields() (git-fixes). - ACPI: CPPC: Fix access width used for PCC registers (git-fixes). - ACPI: CPPC: Fix bit_offset shift in MASK_VAL() macro (git-fixes). - ACPI: CPPC: Use access_width over bit_width for system memory accesses (stable-fixes). - ACPI: disable -Wstringop-truncation (git-fixes). - ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes). - ACPI: LPSS: Advertise number of chip selects via property (git-fixes). - ACPI: resource: Add Infinity laptops to irq1_edge_low_force_override (stable-fixes). - ACPI: resource: Do IRQ override on Lunnen Ground laptops (stable-fixes). - ACPI: scan: Do not increase dep_unmet for already met dependencies (git-fixes). - ACPI: video: Add backlight=native quirk for Lenovo Slim 7 16ARH7 (bsc#1217750). - ACPI: x86: Move acpi_quirk_skip_serdev_enumeration() out of CONFIG_X86_ANDROID_TABLETS (stable-fixes). - Add alt-commit to a nouveau patch - Add reference to L3 bsc#1225765 in BPF control flow graph and precision backtrack fixes (bsc#1225756) The L3 bsc#1225765 was created seperately since our customer requires PTF. - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (git-fixes). - ahci: asm1064: asm1166: do not limit reported ports (git-fixes). - ahci: asm1064: correct count of reported ports (stable-fixes). - ALSA: aoa: avoid false-positive format truncation warning (git-fixes). - ALSA: core: Fix NULL module pointer assignment at card init (git-fixes). - ALSA: core: Remove debugfs at disconnection (git-fixes). - ALSA: firewire-lib: handle quirk to calculate payload quadlets as data block counter (stable-fixes). - ALSA: Fix deadlocks with kctl removals at disconnection (stable-fixes). - ALSA: hda: Add Intel BMG PCI ID and HDMI codec vid (stable-fixes). - ALSA: hda: clarify Copyright information (stable-fixes). - ALSA: hda: cs35l41: Add support for ASUS ROG 2024 Laptops (stable-fixes). - ALSA: hda: cs35l41: Ignore errors when configuring IRQs (stable-fixes). - ALSA: hda: cs35l41: Remove redundant argument to cs35l41_request_firmware_file() (stable-fixes). - ALSA: hda: cs35l41: Remove Speaker ID for Lenovo Legion slim 7 16ARHA7 (git-fixes). - ALSA: hda: cs35l41: Set the max PCM Gain using tuning setting (stable-fixes). - ALSA: hda: cs35l41: Support HP Omen models without _DSD (stable-fixes). - ALSA: hda: cs35l41: Support Lenovo 13X laptop without _DSD (stable-fixes). - ALSA: hda: cs35l41: Update DSP1RX5/6 Sources for DSP config (stable-fixes). - ALSA: hda: cs35l56: Add ACPI device match tables (git-fixes). - ALSA: hda: cs35l56: Exit cache-only after cs35l56_wait_for_firmware_boot() (stable-fixes). - ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance (git-fixes). - ALSA: hda: cs35l56: Set the init_done flag before component_add() (git-fixes). - ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup (git-fixes). - ALSA: hda: hda_cs_dsp_ctl: Remove notification of driver write (stable-fixes). - ALSA: hda: intel-dsp-config: harden I2C/I2S codec detection (stable-fixes). - ALSA/hda: intel-dsp-config: reduce log verbosity (git-fixes). - ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() (git-fixes). - ALSA: hda/realtek: Add quirk for HP SnowWhite laptops (stable-fixes). - ALSA: hda/realtek: Add quirk for HP Spectre x360 14 eu0000 (stable-fixes). - ALSA: hda/realtek: Add quirks for ASUS Laptops using CS35L56 (stable-fixes). - ALSA: hda/realtek: Add quirks for HP Omen models using CS35L41 (stable-fixes). - ALSA: hda/realtek: Add quirks for Huawei Matebook D14 NBLB-WAX9N (stable-fixes). - ALSA: hda/realtek: Add quirks for Lenovo 13X (stable-fixes). - ALSA: hda/realtek: Add quirks for some Clevo laptops (stable-fixes). - ALSA: hda/realtek: Add sound quirks for Lenovo Legion slim 7 16ARHA7 models (stable-fixes). - ALSA: hda/realtek: Add support for ASUS Zenbook 2024 HN7306W (stable-fixes). - ALSA: hda/realtek: Adjust G814JZR to use SPI init for amp (git-fixes). - ALSA: hda/realtek: cs35l41: Support ASUS ROG G634JYR (stable-fixes). - ALSA: hda/realtek: Drop doubly quirk entry for 103c:8a2e (git-fixes). - ALSA: hda/realtek - Enable audio jacks of Haier Boyue G42 with ALC269VC (stable-fixes). - ALSA: hda/realtek: Enable headset mic of JP-IK LEAP W502 with ALC897 (stable-fixes). - ALSA: hda/realtek: Fix build error without CONFIG_PM (stable-fixes). - ALSA: hda/realtek: Fix conflicting PCI SSID 17aa:386f for Lenovo Legion models (bsc#1223462). - ALSA: hda/realtek - fixed headset Mic not show (stable-fixes). - ALSA: hda/realtek: Fixes for Asus GU605M and GA403U sound (stable-fixes). - ALSA: hda/realtek - Fix inactive headset mic jack (stable-fixes). - ALSA: hda/realtek: Fix internal speakers for Legion Y9000X 2022 IAH7 (stable-fixes). - ALSA: hda/realtek: Fix mute led of HP Laptop 15-da3001TU (stable-fixes). - ALSA: hda/realtek: fix mute/micmute LEDs do not work for ProBook 440/460 G11 (stable-fixes). - ALSA: hda/realtek: fix the hp playback volume issue for LG machines (stable-fixes). - ALSA: hda/realtek: Fix volumn control of ThinkBook 16P Gen4 (git-fixes). - ALSA: hda/realtek - Set GPIO3 to default at S4 state for Thinkpad with ALC1318 (stable-fixes). - ALSA: hda/realtek: Update Panasonic CF-SZ6 quirk to support headset with microphone (git-fixes). - ALSA: hda/tas2781: add locks to kcontrols (git-fixes). - ALSA: hda/tas2781: Add new vendor_id and subsystem_id to support ThinkPad ICE-1 (stable-fixes). - ALSA: hda/tas2781: correct the register for pow calibrated data (git-fixes). - ALSA: hda/tas2781: remove digital gain kcontrol (git-fixes). - ALSA: line6: Zero-initialize message buffers (stable-fixes). - ALSA: scarlett2: Add Focusrite Clarett+ 2Pre and 4Pre support (stable-fixes). - ALSA: scarlett2: Add Focusrite Clarett 2Pre and 4Pre USB support (stable-fixes). - ALSA: scarlett2: Add missing error check to scarlett2_config_save() (git-fixes). - ALSA: scarlett2: Add support for Clarett 8Pre USB (stable-fixes). - ALSA: scarlett2: Default mixer driver to enabled (stable-fixes). - ALSA: scarlett2: Move USB IDs out from device_info struct (stable-fixes). - ALSA: seq: Do not clear bank selection at event -> UMP MIDI2 conversion (git-fixes). - ALSA: seq: Fix incorrect UMP type for system messages (git-fixes). - ALSA: seq: Fix missing bank setup between MIDI1/MIDI2 UMP conversion (git-fixes). - ALSA: seq: Fix yet another spot for system message conversion (git-fixes). - ALSA: seq: ump: Fix conversion from MIDI2 to MIDI1 UMP messages (git-fixes). - ALSA: seq: ump: Fix swapped song position pointer data (git-fixes). - ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs (git-fixes). - ALSA: timer: Set lower bound of start tick time (stable-fixes). - ALSA: ump: Do not accept an invalid UMP protocol number (git-fixes). - ALSA: ump: Do not clear bank selection after sending a program change (git-fixes). - ALSA: ump: Set default protocol when not given explicitly (git-fixes). - ALSA: usb-audio: Add sampling rates support for Mbox3 (stable-fixes). - ALSA: usb-audio: Fix for sampling rates support for Mbox3 (stable-fixes). - amd/amdkfd: sync all devices to wait all processes being evicted (stable-fixes). - amdkfd: use calloc instead of kzalloc to avoid integer overflow (stable-fixes). - arm64: bpf: fix 32bit unconditional bswap (git-fixes). - arm64: dts: allwinner: h616: Fix I2C0 pins (git-fixes) - arm64: dts: allwinner: Pine H64: correctly remove reg_gmac_3v3 (git-fixes) - arm64: dts: broadcom: bcmbca: bcm4908: drop invalid switch cells (git-fixes) - arm64: dts: Fix dtc interrupt_provider warnings (git-fixes) - arm64: dts: hi3798cv200: fix the size of GICR (git-fixes) - arm64: dts: imx8qm-ss-dma: fix can lpcg indices (git-fixes) - arm64: dts: imx8-ss-conn: fix usb lpcg indices (git-fixes) - arm64: dts: imx8-ss-conn: fix usdhc wrong lpcg clock order (git-fixes) - arm64: dts: imx8-ss-dma: fix adc lpcg indices (git-fixes) - arm64: dts: imx8-ss-dma: fix can lpcg indices (git-fixes) - arm64: dts: imx8-ss-dma: fix spi lpcg indices (git-fixes) - arm64: dts: imx8-ss-lsio: fix pwm lpcg indices (git-fixes) - arm64: dts: marvell: reorder crypto interrupts on Armada SoCs (git-fixes) - arm64: dts: microchip: sparx5: fix mdio reg (git-fixes) - arm64: dts: rockchip: Add enable-strobe-pulldown to emmc phy on ROCK (git-fixes) - arm64: dts: rockchip: enable internal pull-up for Q7_THRM# on RK3399 (git-fixes) - arm64: dts: rockchip: enable internal pull-up on PCIE_WAKE# for (git-fixes) - arm64: dts: rockchip: enable internal pull-up on Q7_USB_ID for RK3399 (git-fixes) - arm64: dts: rockchip: fix rk3328 hdmi ports node (git-fixes) - arm64: dts: rockchip: fix rk3399 hdmi ports node (git-fixes) - arm64: dts: rockchip: regulator for sd needs to be always on for (git-fixes) - arm64: dts: rockchip: Remove unsupported node from the Pinebook Pro (git-fixes) - arm64: dts: rockchip: set PHY address of MT7531 switch to 0x1f (git-fixes) - arm64/head: Disable MMU at EL2 before clearing HCR_EL2.E2H (git-fixes). - arm64: hibernate: Fix level3 translation fault in swsusp_save() (git-fixes). - arm64/ptrace: Use saved floating point state type to determine SVE (git-fixes) - arm64/sve: Lower the maximum allocation for the SVE ptrace regset (git-fixes) - arm64: tegra: Correct Tegra132 I2C alias (git-fixes) - arm64: tegra: Set the correct PHY mode for MGBE (git-fixes) - ARM: 9381/1: kasan: clear stale stack poison (git-fixes). - ARM: imx: Check return value of devm_kasprintf in imx_mmdc_perf_init (git-fixes). - ARM: imx_v6_v7_defconfig: Restore CONFIG_BACKLIGHT_CLASS_DEVICE (git-fixes). - ARM: OMAP2+: fix N810 MMC gpiod table (git-fixes). - ARM: OMAP2+: fix USB regression on Nokia N8x0 (git-fixes). - arm_pmu: acpi: Add a representative platform device for TRBE (bsc#1220587) - arm_pmu: acpi: Refactor arm_spe_acpi_register_device() (bsc#1220587) - ARM: prctl: reject PR_SET_MDWE on pre-ARMv6 (stable-fixes). - ARM: s5pv210: fix pm.c kernel-doc warning (git-fixes). - asm-generic: make sparse happy with odd-sized put_unaligned_*() (stable-fixes). - ASoC: acp: Support microphone from device Acer 315-24p (git-fixes). - ASoC: amd: acp: fix for acp_init function error handling (git-fixes). - ASoC: amd: yc: Add Lenovo ThinkBook 21J0 into DMI quirk table (stable-fixes). - ASoC: amd: yc: Fix non-functional mic on ASUS M7600RE (stable-fixes). - ASoC: amd: yc: Fix non-functional mic on Lenovo 21J2 (stable-fixes). - ASoC: amd: yc: Revert 'Fix non-functional mic on Lenovo 21J2' (stable-fixes). - ASoC: codecs: wsa881x: set clk_stop_mode1 flag (git-fixes). - ASoC: cs35l56: Fix unintended bus access while resetting amp (git-fixes). - ASoC: cs35l56: Prevent overwriting firmware ASP config (git-fixes). - ASoC: da7219-aad: fix usage of device_get_named_child_node() (git-fixes). - ASoC: Intel: avs: Fix ASRC module initialization (git-fixes). - ASoC: Intel: avs: Fix potential integer overflow (git-fixes). - ASoC: Intel: avs: Populate board selection with new I2S entries (stable-fixes). - ASoC: Intel: avs: Set name of control as in topology (git-fixes). - ASoC: Intel: avs: ssm4567: Do not ignore route checks (git-fixes). - ASoC: Intel: avs: Test result of avs_get_module_entry() (git-fixes). - ASoC: Intel: bytcr_rt5640: Apply Asus T100TA quirk to Asus T100TAM too (git-fixes). - ASoC: Intel: common: DMI remap for rebranded Intel NUC M15 (LAPRC710) laptops (stable-fixes). - ASoC: Intel: Disable route checks for Skylake boards (git-fixes). - ASoC: kirkwood: Fix potential NULL dereference (git-fixes). - ASoC: mediatek: Assign dummy when codec not specified for a DAI link (git-fixes). - ASoC: mediatek: mt8192: fix register configuration for tdm (git-fixes). - ASoC: meson: axg-card: make links nonatomic (git-fixes). - ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes). - ASoC: meson: axg-fifo: use threaded irq to check periods (git-fixes). - ASoC: meson: axg-tdm-interface: manage formatters in trigger (git-fixes). - ASoC: meson: cards: select SND_DYNAMIC_MINORS (git-fixes). - ASoC: ops: Fix wraparound for mask in snd_soc_get_volsw (git-fixes). - ASoC: rockchip: i2s-tdm: Fix inaccurate sampling rates (git-fixes). - ASoC: rt5645: Fix the electric noise due to the CBJ contacts floating (git-fixes). - ASoC: rt5645: Make LattePanda board DMI match more precise (stable-fixes). - ASoC: rt5682-sdw: fix locking sequence (git-fixes). - ASoC: rt711-sdca: fix locking sequence (git-fixes). - ASoC: rt711-sdw: fix locking sequence (git-fixes). - ASoC: rt712-sdca-sdw: fix locking sequence (git-fixes). - ASoC: rt715: add vendor clear control register (git-fixes). - ASoC: rt715-sdca: volume step modification (git-fixes). - ASoC: rt722-sdca: add headset microphone vrefo setting (git-fixes). - ASoC: rt722-sdca: modify channel number to support 4 channels (git-fixes). - ASoC: rt722-sdca-sdw: fix locking sequence (git-fixes). - ASoC: soc-core.c: Skip dummy codec when adding platforms (stable-fixes). - ASoC: SOF: amd: Optimize quirk for Valve Galileo (stable-fixes). - ASoC: SOF: Intel: add default firmware library path for LNL (git-fixes). - ASoC: SOF: Intel: hda-dsp: Skip IMR boot on ACE platforms in case of S3 suspend (stable-fixes). - ASoC: SOF: Intel: lnl: Correct rom_status_reg (git-fixes). - ASoC: SOF: Intel: mtl: call dsp dump when boot retry fails (stable-fixes). - ASoC: SOF: Intel: mtl: Correct rom_status_reg (git-fixes). - ASoC: SOF: Intel: mtl: Disable interrupts when firmware boot failed (git-fixes). - ASoC: SOF: Intel: mtl: Implement firmware boot state check (git-fixes). - ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend (stable-fixes). - ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension (git-fixes). - ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (git-fixes). - ASoC: tas2781: Fix a warning reported by robot kernel test (git-fixes). - ASoC: tas2781: Fix wrong loading calibrated data sequence (git-fixes). - ASoC: tas2781: mark dvc_tlv with __maybe_unused (git-fixes). - ASoC: tegra: Fix DSPK 16-bit playback (git-fixes). - ASoC: ti: Convert Pandora ASoC to GPIO descriptors (stable-fixes). - ASoC: ti: davinci-mcasp: Fix race condition during probe (git-fixes). - ASoC: tlv320adc3xxx: Do not strip remove function when driver is builtin (git-fixes). - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes). - ASoC: wm_adsp: Add missing MODULE_DESCRIPTION() (git-fixes). - ASoC: wm_adsp: Fix missing mutex_lock in wm_adsp_write_ctl() (git-fixes). - ata: libata-core: Allow command duration limits detection for ACS-4 drives (git-fixes). - ata: pata_legacy: make legacy_exit() work again (git-fixes). - ata: sata_gemini: Check clk_enable() result (stable-fixes). - ata: sata_mv: Fix PCI device ID table declaration compilation warning (git-fixes). - ata: sata_sx4: fix pdc20621_get_from_dimm() on 64-bit (git-fixes). - autofs: use wake_up() instead of wake_up_interruptible(() (bsc#1224166). - ax25: Fix netdev refcount issue (git-fixes). - ax25: Fix reference count leak issue of net_device (git-fixes). - ax25: Fix reference count leak issues of ax25_dev (git-fixes). - ax25: fix use-after-free bugs caused by ax25_ds_del_timer (git-fixes). - batman-adv: Avoid infinite loop trying to resize local TT (git-fixes). - bitops: add missing prototype check (git-fixes). - blk-cgroup: fix list corruption from reorder of WRITE ->lqueued (bsc#1225605). - blk-cgroup: fix list corruption from resetting io stat (bsc#1225605). - block: fix q->blkg_list corruption during disk rebind (bsc#1223591). - Bluetooth: Add new quirk for broken read key length on ATS2851 (stable-fixes). - Bluetooth: add quirk for broken address properties (git-fixes). - Bluetooth: btintel: Fixe build regression (git-fixes). - Bluetooth: btintel: Fix null ptr deref in btintel_read_version (stable-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x0bda:0x4853 (stable-fixes). - Bluetooth: btusb: Fix triggering coredump implementation for QCA (git-fixes). - Bluetooth: Fix memory leak in hci_req_sync_complete() (git-fixes). - Bluetooth: Fix TOCTOU in HCI debugfs implementation (git-fixes). - Bluetooth: Fix type of len in {l2cap,sco}_sock_getsockopt_old() (stable-fixes). - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (git-fixes). - Bluetooth: hci_core: Cancel request on command timeout (stable-fixes). - Bluetooth: hci_event: Fix sending HCI_OP_READ_ENC_KEY_SIZE (git-fixes). - Bluetooth: hci_event: set the conn encrypted before conn establishes (stable-fixes). - Bluetooth: HCI: Fix potential null-ptr-deref (git-fixes). - Bluetooth: hci_sock: Fix not validating setsockopt user input (git-fixes). - Bluetooth: hci_sync: Fix not checking error on hci_cmd_sync_cancel_sync (git-fixes). - Bluetooth: hci_sync: Fix using the same interval and window for Coded PHY (git-fixes). - Bluetooth: hci_sync: Use QoS to determine which PHY to scan (stable-fixes). - Bluetooth: ISO: Align broadcast sync_timeout with connection timeout (stable-fixes). - Bluetooth: ISO: Do not reject BT_ISO_QOS if parameters are unset (git-fixes). - Bluetooth: l2cap: Do not double set the HCI_CONN_MGMT_CONNECTED bit (git-fixes). - Bluetooth: L2CAP: Fix not validating setsockopt user input (git-fixes). - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (git-fixes). - Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect() (git-fixes). - Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID (bsc#1221504). - Bluetooth: mgmt: Fix limited discoverable off timeout (stable-fixes). - Bluetooth: msft: fix slab-use-after-free in msft_do_close() (git-fixes). - Bluetooth: qca: add missing firmware sanity checks (git-fixes). - Bluetooth: qca: fix device-address endianness (git-fixes). - Bluetooth: qca: Fix error code in qca_read_fw_build_info() (git-fixes). - Bluetooth: qca: fix firmware check error path (git-fixes). - Bluetooth: qca: fix info leak when fetching fw build id (git-fixes). - Bluetooth: qca: fix NULL-deref on non-serdev setup (git-fixes). - Bluetooth: qca: fix NULL-deref on non-serdev suspend (git-fixes). - Bluetooth: qca: fix NVM configuration parsing (git-fixes). - Bluetooth: RFCOMM: Fix not validating setsockopt user input (git-fixes). - Bluetooth: SCO: Fix not validating setsockopt user input (git-fixes). - bnx2x: Fix firmware version string character counts (git-fixes). - bnxt_en: Fix error recovery for RoCE ulp client (git-fixes). - bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init() (git-fixes). - bnxt_en: Reset PTP tx_avail after possible firmware reset (git-fixes). - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes) - bootconfig: Fix the kerneldoc of _xbc_exit() (git-fixes). - bootconfig: use memblock_free_late to free xbc memory to buddy (git-fixes). - bootmem: use kmemleak_free_part_phys in free_bootmem_page (git-fixes). - bootmem: use kmemleak_free_part_phys in put_page_bootmem (git-fixes). - bpf, arm64: fix bug in BPF_LDX_MEMSX (git-fixes) - bpf, arm64: Fix incorrect runtime stats (git-fixes) - bpf: fix precision backtracking instruction iteration (bsc#1225756). - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (git-fixes). - bpf: handle ldimm64 properly in check_cfg() (bsc#1225756). - bpf, scripts: Correct GPL license name (git-fixes). - btrfs: add a helper to read the superblock metadata_uuid (git-fixes) - btrfs: add and use helper to check if block group is used (bsc#1220120). - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: add new unused block groups to the list of unused block groups (bsc#1220120). - btrfs: allow to run delayed refs by bytes to be released instead of count (bsc#1220120). - btrfs: always print transaction aborted messages with an error level (git-fixes) - btrfs: always reserve space for delayed refs when starting transaction (bsc#1220120). - btrfs: assert correct lock is held at btrfs_select_ref_head() (bsc#1220120). - btrfs: assert delayed node locked when removing delayed item (git-fixes) - btrfs: avoid starting and committing empty transaction when flushing space (bsc#1220120). - btrfs: avoid starting new transaction when flushing delayed items and refs (bsc#1220120). - btrfs: check for BTRFS_FS_ERROR in pending ordered assert (git-fixes) - btrfs: compare the correct fsid/metadata_uuid in btrfs_validate_super (git-fixes) - btrfs: defrag: avoid unnecessary defrag caused by incorrect extent size (git-fixes) - btrfs: defrag: reject unknown flags of btrfs_ioctl_defrag_range_args (git-fixes) - btrfs: do not allow non subvolume root targets for snapshot (git-fixes) - btrfs: do not arbitrarily slow down delalloc if we're committing (git-fixes) - btrfs: do not delete unused block group if it may be used soon (bsc#1220120). - btrfs: do not refill whole delayed refs block reserve when starting transaction (bsc#1220120). - btrfs: do not start transaction when joining with TRANS_JOIN_NOSTART (git-fixes) - btrfs: do not steal space from global rsv after a transaction abort (bsc#1220120). - btrfs: do not warn if discard range is not aligned to sector (git-fixes) - btrfs: ensure fiemap does not race with writes when FIEMAP_FLAG_SYNC is given (bsc#1223285). - btrfs: error out when COWing block using a stale transaction (git-fixes) - btrfs: error out when reallocating block for defrag using a stale transaction (git-fixes) - btrfs: error when COWing block from a root that is being deleted (git-fixes) - btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes) - btrfs: fail priority metadata ticket with real fs error (bsc#1220120). - btrfs: file_remove_privs needs an exclusive lock in direct io write (git-fixes) - btrfs: fix 64bit compat send ioctl arguments not initializing version member (git-fixes) - btrfs: fix deadlock with fiemap and extent locking (bsc#1223285). - btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes) - btrfs: fix kvcalloc() arguments order in btrfs_ioctl_send() (git-fixes) - btrfs: fix lockdep splat and potential deadlock after failure running delayed items (git-fixes) - btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes) - btrfs: fix off-by-one when checking chunk map includes logical address (git-fixes) - btrfs: fix race between ordered extent completion and fiemap (bsc#1223285). - btrfs: fix race when detecting delalloc ranges during fiemap (bsc#1223285). - btrfs: fix race when refilling delayed refs block reserve (git-fixes) - btrfs: fix start transaction qgroup rsv double free (git-fixes) - btrfs: fix stripe length calculation for non-zoned data chunk allocation (bsc#1217489). - btrfs: fix wrong block_start calculation for btrfs_drop_extent_map_range() (git-fixes) Dropped hunk in selftests (test_case_7), 92e1229b204d6. - btrfs: free qgroup rsv on io failure (git-fixes) - btrfs: free the allocated memory if btrfs_alloc_page_array() fails (git-fixes) - btrfs: get rid of label and goto at insert_delayed_ref() (bsc#1220120). - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: handle errors properly in update_inline_extent_backref() (git-fixes) - btrfs: initialize key where it's used when running delayed data ref (bsc#1220120). - btrfs: log message if extent item not found when running delayed extent op (bsc#1220120). - btrfs: make btrfs_cleanup_fs_roots() static (bsc#1220120). - btrfs: make btrfs_destroy_delayed_refs() return void (bsc#1220120). - btrfs: make btrfs_destroy_marked_extents() return void (bsc#1220120). - btrfs: make btrfs_destroy_pinned_extent() return void (bsc#1220120). - btrfs: make error messages more clear when getting a chunk map (git-fixes) - btrfs: make find_first_extent_bit() return a boolean (bsc#1220120). - btrfs: make find_free_dev_extent() static (bsc#1220120). - btrfs: make insert_delayed_ref() return a bool instead of an int (bsc#1220120). - btrfs: merge find_free_dev_extent() and find_free_dev_extent_start() (bsc#1220120). - btrfs: move btrfs_free_excluded_extents() into block-group.c (bsc#1220120). - btrfs: open code trivial btrfs_add_excluded_extent() (bsc#1220120). - btrfs: output extra debug info if we failed to find an inline backref (git-fixes) - btrfs: pass a space_info argument to btrfs_reserve_metadata_bytes() (bsc#1220120). - btrfs: prevent transaction block reserve underflow when starting transaction (git-fixes) - btrfs: print available space across all block groups when dumping space info (bsc#1220120). - btrfs: print available space for a block group when dumping a space info (bsc#1220120). - btrfs: print block group super and delalloc bytes when dumping space info (bsc#1220120). - btrfs: print target number of bytes when dumping free space (bsc#1220120). - btrfs: qgroup: always free reserved space for extent records (bsc#1216196). - btrfs: qgroup: convert PREALLOC to PERTRANS after record_root_in_trans (git-fixes) - btrfs: record delayed inode root in transaction (git-fixes) - btrfs: reject encoded write if inode has nodatasum flag set (git-fixes) - btrfs: release path before inode lookup during the ino lookup ioctl (git-fixes) - btrfs: remove pointless initialization at btrfs_delayed_refs_rsv_release() (bsc#1220120). - btrfs: remove pointless in_tree field from struct btrfs_delayed_ref_node (bsc#1220120). - btrfs: remove pointless 'ref_root' variable from run_delayed_data_ref() (bsc#1220120). - btrfs: remove redundant BUG_ON() from __btrfs_inc_extent_ref() (bsc#1220120). - btrfs: remove refs_to_add argument from __btrfs_inc_extent_ref() (bsc#1220120). - btrfs: remove refs_to_drop argument from __btrfs_free_extent() (bsc#1220120). - btrfs: remove the refcount warning/check at btrfs_put_delayed_ref() (bsc#1220120). - btrfs: remove unnecessary logic when running new delayed references (bsc#1220120). - btrfs: remove unnecessary prototype declarations at disk-io.c (bsc#1220120). - btrfs: remove unused is_head field from struct btrfs_delayed_ref_node (bsc#1220120). - btrfs: rename add_new_free_space() to btrfs_add_new_free_space() (bsc#1220120). - btrfs: reorder some members of struct btrfs_delayed_ref_head (bsc#1220120). - btrfs: reserve space for delayed refs on a per ref basis (bsc#1220120). - btrfs: reset destination buffer when read_extent_buffer() gets invalid range (git-fixes) - btrfs: return -EUCLEAN for delayed tree ref with a ref count not equals to 1 (git-fixes) - btrfs: return -EUCLEAN if extent item is missing when searching inline backref (bsc#1220120). - btrfs: return real error when orphan cleanup fails due to a transaction abort (bsc#1220120). - btrfs: send: do not issue unnecessary zero writes for trailing hole (bsc#1222459). - btrfs: send: ensure send_fd is writable (git-fixes) - btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes) - btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes) - btrfs: set page extent mapped after read_folio in relocate_one_page (git-fixes) - btrfs: simplify check for extent item overrun at lookup_inline_extent_backref() (bsc#1220120). - btrfs: stop doing excessive space reservation for csum deletion (bsc#1220120). - btrfs: store the error that turned the fs into error state (bsc#1220120). - btrfs: sysfs: validate scrub_speed_max value (git-fixes) - btrfs: tree-checker: fix inline ref size in error messages (git-fixes) - btrfs: update comment for btrfs_join_transaction_nostart() (bsc#1220120). - btrfs: update documentation for add_new_free_space() (bsc#1220120). - btrfs: use a bool to track qgroup record insertion when adding ref head (bsc#1220120). - btrfs: use a single switch statement when initializing delayed ref head (bsc#1220120). - btrfs: use a single variable for return value at lookup_inline_extent_backref() (bsc#1220120). - btrfs: use a single variable for return value at run_delayed_extent_op() (bsc#1220120). - btrfs: use bool type for delayed ref head fields that are used as booleans (bsc#1220120). - btrfs: use the correct superblock to compare fsid in btrfs_validate_super (git-fixes) - btrfs: use u64 for buffer sizes in the tree search ioctls (git-fixes) - btrfs: zoned: do not skip block groups with 100% zone unusable (bsc#1220120). - bus: mhi: ep: check the correct variable in mhi_ep_register_controller() (git-fixes). - ceph: redirty page before returning AOP_WRITEPAGE_ACTIVATE (bsc#1224866). - ceph: stop copying to iter at EOF on sync reads (bsc#1222606). - certs: Add ECDSA signature verification self-test (bsc#1222777). - certs: Move RSA self-test data to separate file (bsc#1222777). - cifs: account for primary channel in the interface list (bsc#1225172). - cifs: cifs_chan_is_iface_active should be called with chan_lock held (bsc#1225172). - cifs: distribute channels across interfaces based on speed (bsc#1225172).++ kernel-source.spec (revision 4)%define git_commit 596cd3fdbd0fb5902e80279485ad8596f4e82397Release: <RELEASE>.g596cd3f - cifs: do not pass cifs_sb when trying to add channels (bsc#1225172). - cifs: Do not use certain unnecessary folio_*() functions (bsc#1225172). - cifs: failure to add channel on iface should bump up weight (git-fixes, bsc#1225172). - cifs: fix charset issue in reconnection (bsc#1225172). - cifs: fix leak of iface for primary channel (git-fixes, bsc#1225172). - cifs: handle cases where a channel is closed (bsc#1225172). - cifs: handle cases where multiple sessions share connection (bsc#1225172). - cifs: reconnect work should have reference on server struct (bsc#1225172). - clk: Do not hold prepare_lock when calling kref_put() (stable-fixes). - clk: Get runtime PM before walking tree during disable_unused (git-fixes). - clk: Get runtime PM before walking tree for clk_summary (git-fixes). - clk: Initialize struct clk_core kref earlier (stable-fixes). - clk: mediatek: Do a runtime PM get on controllers during probe (git-fixes). - clk: mediatek: mt8365-mm: fix DPI0 parent (git-fixes). - clk: mediatek: pllfh: Do not log error for missing fhctl node (git-fixes). - clk: qcom: clk-alpha-pll: fix rate setting for Stromer PLLs (git-fixes). - clk: qcom: clk-alpha-pll: remove invalid Stromer register offset (git-fixes). - clk: qcom: dispcc-sm6350: fix DisplayPort clocks (git-fixes). - clk: qcom: dispcc-sm8450: fix DisplayPort clocks (git-fixes). - clk: qcom: dispcc-sm8550: fix DisplayPort clocks (git-fixes). - clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes). - clk: qcom: reset: Commonize the de/assert functions (stable-fixes). - clk: qcom: reset: Ensure write completion on reset de/assertion (git-fixes). - clk: Remove prepare_lock hold assertion in __clk_release() (git-fixes). - clk: renesas: r8a779a0: Fix CANFD parent clock (git-fixes). - clk: renesas: r9a07g043: Add clock and reset entry for PLIC (git-fixes). - clk: rs9: fix wrong default value for clock amplitude (git-fixes). - clk: samsung: exynosautov9: fix wrong pll clock id value (git-fixes). - clk: Show active consumers of clocks in debugfs (stable-fixes). - clk: sunxi-ng: h6: Reparent CPUX during PLL CPUX rate change (git-fixes). - clocksource/drivers/arm_global_timer: Fix maximum prescaler value (git-fixes). - clocksource/drivers/imx: Fix -Wunused-but-set-variable warning (git-fixes). - comedi: vmk80xx: fix incomplete endpoint checking (git-fixes). - coresight: trbe: Add a representative coresight_platform_data for (bsc#1220587) - coresight: trbe: Allocate platform data per device (bsc#1220587) - coresight: trbe: Enable ACPI based TRBE devices (bsc#1220587) - counter: linux/counter.h: fix Excess kernel-doc description warning (git-fixes). - cppc_cpufreq: Fix possible null pointer dereference (git-fixes). - cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations (git-fixes). - cpufreq: exit() callback is optional (git-fixes). - cpumask: Add for_each_cpu_from() (bsc#1225053). - crypto: bcm - Fix pointer arithmetic (git-fixes). - crypto: ccp - Add support for PCI device 0x156E (bsc#1223338). - crypto: ccp - Add support for PCI device 0x17E0 (bsc#1223338). - crypto: ccp - drop platform ifdef checks (git-fixes). - crypto: ecc - update ecc_gen_privkey for FIPS 186-5 (bsc#1222782). - crypto: ecdsa - Fix module auto-load on add-key (git-fixes). - crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init (git-fixes). - crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (git-fixes). - crypto: qat - fix ring to service map for dcc in 4xxx (git-fixes). - crypto: qat - improve error logging to be consistent across features (git-fixes). - crypto: qat - relocate and rename get_service_enabled() (stable-fixes). - crypto: qat - specify firmware files for 402xx (git-fixes). - crypto: rsa - add a check for allocation failure (bsc#1222775). - crypto: rsa - allow only odd e and restrict value in FIPS mode (bsc#1222775). - crypto: testmgr - remove unused xts4096 and xts512 algorithms from testmgr.c (bsc#1222769). - crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes). - cxl/acpi: Fix load failures due to single window creation failure (git-fixes). - cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window (git-fixes). - cxl/trace: Properly initialize cxl_poison region name (git-fixes). - dax: alloc_dax() return ERR_PTR(-EOPNOTSUPP) for CONFIG_DAX=n (jsc#PED-5853). - dax/bus.c: replace driver-core lock usage by a local rwsem (jsc#PED-5853). - dax/bus.c: replace several sprintf() with sysfs_emit() (jsc#PED-5853). - device-dax: make dax_bus_type const (jsc#PED-5853). - dlm: fix user space lkb refcounting (git-fixes). - dma-buf: Fix NULL pointer dereference in sanitycheck() (git-fixes). - dma-buf/sw-sync: do not enable IRQ from sync_print_obj() (git-fixes). - dmaengine: axi-dmac: fix possible race in remove() (git-fixes). - dmaengine: idma64: Add check for dma_set_max_seg_size (git-fixes). - dmaengine: idxd: Avoid unnecessary destruction of file_ida (git-fixes). - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (git-fixes). - dmaengine: owl: fix register access functions (git-fixes). - dmaengine: tegra186: Fix residual calculation (git-fixes). - dma-mapping: benchmark: fix node id validation (git-fixes). - dma-mapping: benchmark: handle NUMA_NO_NODE correctly (git-fixes). - dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users (git-fixes). - dma: xilinx_dpdma: Fix locking (git-fixes). - dm crypt: remove redundant state settings after waking up (jsc#PED-7542). - dm-integrity: set max_integrity_segments in dm_integrity_io_hints (jsc#PED-7542). - dm-multipath: dont't attempt SG_IO on non-SCSI-disks (bsc#1223575). - dm-raid: add a new helper prepare_suspend() in md_personality (jsc#PED-7542). - dm-raid: really frozen sync_thread during suspend (jsc#PED-7542). - dm thin: add braces around conditional code that spans lines (jsc#PED-7542). - dm: update relevant MODULE_AUTHOR entries to latest dm-devel mailing list (jsc#PED-7542). - dm verity: set DM_TARGET_SINGLETON feature flag (jsc#PED-7542). - Docs/admin-guide/mm/damon/usage: fix wrong example of DAMOS filter matching sysfs file (git-fixes). - docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes). - docs: netdev: Fix typo in Signed-off-by tag (git-fixes). - docs: Restore 'smart quotes' for quotes (stable-fixes). - driver core: Introduce device_link_wait_removal() (stable-fixes). - drivers/nvme: Add quirks for device 126f:2262 (git-fixes). - drm: add drm_gem_object_is_shared_for_memory_stats() helper (stable-fixes). - drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init() (stable-fixes). - drm/amd/display: Add dml2 copy functions (stable-fixes). - drm/amd/display: Allow dirty rects to be sent to dmub when abm is active (stable-fixes). - drm/amd/display: Atom Integrated System Info v2_2 for DCN35 (stable-fixes). - drm/amd/display: Change default size for dummy plane in DML2 (stable-fixes). - drm/amd/display: Do not recursively call manual trigger programming (stable-fixes). - drm/amd/display: Enable colorspace property for MST connectors (git-fixes). - drm/amd/display: Fix bounds check for dcn35 DcfClocks (git-fixes). - drm/amd/display: fix disable otg wa logic in DCN316 (stable-fixes). - drm/amd/display: Fix division by zero in setup_dsc_config (stable-fixes). - drm/amd/display: Fix idle check for shared firmware state (stable-fixes). - drm/amd/display: Fix incorrect DSC instance for MST (stable-fixes). - drm/amd/display: fix input states translation error for dcn35 & dcn351 (stable-fixes). - drm/amd/display: Fix nanosec stat overflow (stable-fixes). - drm/amd/display: Fix noise issue on HDMI AV mute (stable-fixes). - drm/amd/display: Fix potential index out of bounds in color transformation function (git-fixes). - drm/amd/display: handle range offsets in VRR ranges (stable-fixes). - drm/amd/display: Handle Y carry-over in VCP X.Y calculation (stable-fixes). - drm/amd/display: Init DPPCLK from SMU on dcn32 (stable-fixes). - drm/amd/display: Override min required DCFCLK in dml1_validate (stable-fixes). - drm/amd/display: Prevent crash when disable stream (stable-fixes). - drm/amd/display: Program VSC SDP colorimetry for all DP sinks >= 1.4 (stable-fixes). - drm/amd/display: Remove MPC rate control logic from DCN30 and above (stable-fixes). - drm/amd/display: Remove redundant condition in dcn35_calc_blocks_to_gate() (git-fixes). - drm/amd/display: Return the correct HDCP error code (stable-fixes). - drm/amd/display: Set DCN351 BB and IP the same as DCN35 (stable-fixes). - drm/amd/display: Set VSC SDP Colorimetry same way for MST and SST (stable-fixes). - drm/amd/display: Use freesync when `DRM_EDID_FEATURE_CONTINUOUS_FREQ` found (stable-fixes). - drm/amd: Flush GFXOFF requests in prepare stage (git-fixes). - drm/amdgpu: always force full reset for SOC21 (stable-fixes). - drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag (stable-fixes). - drm/amdgpu: Assign correct bits for SDMA HDP flush (stable-fixes). - drm/amdgpu/display: Address kdoc for 'is_psr_su' in 'fill_dc_dirty_rects' (git-fixes). - drm/amdgpu: drop setting buffer funcs in sdma442 (git-fixes). - drm/amdgpu: Fix comparison in amdgpu_res_cpu_visible (git-fixes). - drm/amdgpu: fix deadlock while reading mqd from debugfs (git-fixes). - drm/amdgpu: fix doorbell regression (git-fixes). - drm/amdgpu: fix incorrect number of active RBs for gfx11 (stable-fixes). - drm/amdgpu: Fix leak when GPU memory allocation fails (stable-fixes). - drm/amdgpu: fix mmhub client id out-of-bounds access (git-fixes). - drm/amdgpu: fix use-after-free bug (stable-fixes). - drm/amdgpu: Fix VCN allocation in CPX partition (stable-fixes). - drm/amdgpu: fix visible VRAM handling during faults (git-fixes). - drm/amdgpu: implement IRQ_STATE_ENABLE for SDMA v4.4.2 (stable-fixes). - drm/amdgpu: make damage clips support configurable (stable-fixes). - drm/amdgpu: once more fix the call oder in amdgpu_ttm_move() v2 (git-fixes). - drm/amdgpu/pm: Check the validity of overdiver power limit (git-fixes). - drm/amdgpu/pm: Fix NULL pointer dereference when get power limit (git-fixes). - drm/amdgpu/pm: Fix the error of pwm1_enable setting (stable-fixes). - drm/amdgpu: Refine IB schedule error logging (stable-fixes). - drm/amdgpu: remove invalid resource->start check v2 (git-fixes). - drm/amdgpu: Reset dGPU if suspend got aborted (stable-fixes). - drm/amdgpu/sdma5.2: use legacy HDP flush for SDMA2/3 (stable-fixes). - drm/amdgpu: validate the parameters of bo mapping operations more clearly (git-fixes). - drm/amdkfd: Check cgroup when returning DMABuf info (stable-fixes). - drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (git-fixes). - drm/amdkfd: Fix memory leak in create_process failure (git-fixes). - drm/amdkfd: fix TLB flush after unmap for GFX9.4.2 (stable-fixes). - drm/amdkfd: range check cp bad op exception interrupts (stable-fixes). - drm/amdkfd: Reset GPU on queue preemption failure (stable-fixes). - drm/amd/pm: fixes a random hang in S4 for SMU v13.0.4/11 (stable-fixes). - drm/amd/swsmu: modify the gfx activity scaling (stable-fixes). - drm/arm/malidp: fix a possible null pointer dereference (git-fixes). - drm/ast: Fix soft lockup (git-fixes). - drm/bridge: anx7625: Do not log an error when DSI host can't be found (git-fixes). - drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (git-fixes). - drm/bridge: dpc3433: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: Fix improper bridge init order with pre_enable_prev_first (git-fixes). - drm/bridge: icn6211: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt8912b: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt9611: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt9611uxc: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (git-fixes). - drm/buddy: check range allocation matches alignment (stable-fixes). - drm: Check output polling initialized before disabling (stable-fixes). - drm: Check polling initialized before enabling in drm_helper_probe_single_connector_modes (stable-fixes). - drm/client: Fully protect modes[] with dev->mode_config.mutex (stable-fixes). - drm/connector: Add \n to message about demoting connector force-probes (git-fixes). - drm/display: fix typo (git-fixes). - drm/exynos: do not return negative values from .get_modes() (stable-fixes). - drm/fbdev-generic: Do not set physical framebuffer address (git-fixes). - drm: Fix drm_fixp2int_round() making it add 0.5 (git-fixes). - drm/gma500: Remove lid code (git-fixes). - drm/i915/audio: Fix audio time stamp programming for DP (stable-fixes). - drm/i915/bios: Fix parsing backlight BDB data (git-fixes). - drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() (stable-fixes). - drm/i915/cdclk: Fix CDCLK programming order when pipes are active (git-fixes). - drm/i915: Disable live M/N updates when using bigjoiner (stable-fixes). - drm/i915: Disable port sync when bigjoiner is used (stable-fixes). - drm/i915/display: Use i915_gem_object_get_dma_address to get dma address (stable-fixes). - drm/i915: Do not match JSL in ehl_combo_pll_div_frac_wa_needed() (git-fixes). - drm/i915/dp: Fix the computation for compressed_bpp for DISPLAY < 13 (git-fixes). - drm/i915/dp: Remove support for UHBR13.5 (git-fixes). - drm/i915/dpt: Make DPT object unshrinkable (git-fixes). - drm/i915/dsb: Fix DSB vblank waits when using VRR (git-fixes). - drm/i915/dsi: Go back to the previous INIT_OTP/DISPLAY_ON order, mostly (git-fixes). - drm/i915: Fix audio component initialization (git-fixes). - drm/i915/gt: Automate CCS Mode setting during engine resets (git-fixes). - drm/i915/gt: Disable HW load balancing for CCS (git-fixes). - drm/i915/gt: Disarm breadcrumbs if engines are already idle (git-fixes). - drm/i915/gt: Do not generate the command streamer for all the CCS (git-fixes). - drm/i915/gt: Enable only one CCS for compute workload (git-fixes). - drm/i915/gt: Fix CCS id's calculation for CCS mode setting (git-fixes). - drm/i915/gt: Reset queue_priority_hint on parking (git-fixes). - drm/i915/guc: avoid FIELD_PREP warning (git-fixes). - drm/i915/hwmon: Fix locking inversion in sysfs getter (git-fixes). - drm/i915: Include the PLL name in the debug messages (stable-fixes). - drm/i915/lspcon: Separate function to set expected mode (bsc#1193599). - drm/i915/lspcon: Separate lspcon probe and lspcon init (bsc#1193599). - drm/i915/mst: Limit MST+DSC to TGL+ (git-fixes). - drm/i915/mst: Reject FEC+MST on ICL (git-fixes). - drm/i915: Pre-populate the cursor physical dma address (git-fixes). - drm/i915: Replace a memset() with zero initialization (stable-fixes). - drm/i915: Stop printing pipe name as hex (stable-fixes). - drm/i915: Suppress old PLL pipe_mask checks for MG/TC/TBT PLLs (stable-fixes). - drm/i915: Try to preserve the current shared_dpll for fastset on type-c ports (stable-fixes). - drm/i915: Use named initializers for DPLL info (stable-fixes). - drm/i915/vrr: Disable VRR when using bigjoiner (stable-fixes). - drm/i915/vrr: Generate VRR 'safe window' for DSB (git-fixes). - drm/imx/ipuv3: do not return negative values from .get_modes() (stable-fixes). - drm/lcdif: Do not disable clocks on already suspended hardware (git-fixes). - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes). - drm/mediatek: dp: Fix mtk_dp_aux_transfer return value (git-fixes). - drm/mediatek: Init `ddp_comp` with devm_kcalloc() (git-fixes). - drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes). - drm/meson: dw-hdmi: power up phy on device init (git-fixes). - drm/meson: gate px_clk when setting rate (git-fixes). - drm/meson: vclk: fix calculation of 59.94 fractional rates (git-fixes). - drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails (git-fixes). - drm/msm: Add newlines to some debug prints (git-fixes). - drm/msm/adreno: fix CP cycles stat retrieval on a7xx (git-fixes). - drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes). - drm/msm/dp: Avoid a long timeout for AUX transfer if nothing connected (git-fixes). - drm/msm/dp: fix typo in dp_display_handle_port_status_changed() (git-fixes). - drm/msm/dpu: Add callback function pointer check before its call (git-fixes). - drm/msm/dpu: Allow configuring multiple active DSC blocks (git-fixes). - drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes). - drm/msm/dpu: do not allow overriding data from catalog (git-fixes). - drm/msm/dpu: make error messages at dpu_core_irq_register_callback() more sensible (git-fixes). - drm/msm/dpu: use devres-managed allocation for MDP TOP (stable-fixes). - drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (git-fixes). - drm/nouveau/disp: Fix missing backlight control on Macbook 5, 1 (bsc#1223838). - drm/nouveau/dp: Do not probe eDP ports twice harder (stable-fixes). - drm/nouveau/dp: Fix incorrect return code in r535_dp_aux_xfer() (git-fixes). - drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() (stable-fixes). - drm/nouveau: use tile_mode and pte_kind for VM_BIND bo allocations (git-fixes). - drm: nv04: Fix out of bounds access (git-fixes). - drm/omapdrm: Fix console by implementing fb_dirty (git-fixes). - drm/panel: do not return negative error codes from drm_panel_get_modes() (stable-fixes). - drm/panel: ili9341: Respect deferred probe (git-fixes). - drm/panel: ili9341: Use predefined error codes (git-fixes). - drm/panel: ltk050h3146w: add MIPI_DSI_MODE_VIDEO to LTK050H3148W flags (git-fixes). - drm/panel: ltk050h3146w: drop duplicate commands from LTK050H3148W init (git-fixes). - drm/panel: novatek-nt35950: Do not log an error when DSI host can't be found (git-fixes). - drm: panel-orientation-quirks: Add quirk for GPD Win Mini (stable-fixes). - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (git-fixes). - drm/panel: sitronix-st7789v: fix display size for jt240mhqs_hwt_ek_e3 panel (git-fixes). - drm/panel: sitronix-st7789v: fix timing for jt240mhqs_hwt_ek_e3 panel (git-fixes). - drm/panel: sitronix-st7789v: tweak timing for jt240mhqs_hwt_ek_e3 panel (git-fixes). - drm/panel: visionox-rm69299: do not unregister DSI device (git-fixes). - drm/panfrost: fix power transition timeout warnings (git-fixes). - drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr() (git-fixes). - drm/prime: Unbreak virtgpu dma-buf export (git-fixes). - drm/probe-helper: warn about negative .get_modes() (stable-fixes). - drm/qxl: remove unused `count` variable from `qxl_surface_id_alloc()` (git-fixes). - drm/qxl: remove unused variable from `qxl_process_single_command()` (git-fixes). - drm/radeon: make -fstrict-flex-arrays=3 happy (git-fixes). - drm/radeon: silence UBSAN warning (v3) (stable-fixes). - drm/rockchip: vop2: Do not divide height twice for YUV (git-fixes). - drm/rockchip: vop2: Remove AR30 and AB30 format support (git-fixes). - drm/sched: fix null-ptr-deref in init entity (git-fixes). - drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) (git-fixes). - drm/ttm: return ENOSPC from ttm_bo_mem_space v3 (stable-fixes). - drm/ttm: stop pooling cached NUMA pages v2 (git-fixes). - drm/vc4: do not check if plane->state->fb == state->fb (stable-fixes). - drm: vc4: Fix possible null pointer dereference (git-fixes). - drm/vc4: hdmi: do not return negative values from .get_modes() (stable-fixes). - drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed (git-fixes). - drm/vmwgfx: Enable DMA mappings with SEV (git-fixes). - drm/vmwgfx: Fix crtc's atomic check conditional (git-fixes). - drm/vmwgfx: Fix invalid reads in fence signaled events (git-fixes). - drm/vmwgfx: Fix Legacy Display Unit (git-fixes). - drm/vmwgfx: Fix prime import/export (git-fixes). - drm/vmwgfx: Sort primary plane formats by order of preference (git-fixes). - drm: zynqmp_dpsub: Always register bridge (git-fixes). - dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes) - dump_stack: Do not get cpu_sync for panic CPU (bsc#1225607). - dyndbg: fix old BUG_ON in >control parser (stable-fixes). - e1000e: Minor flow correction in e1000_shutdown function (git-fixes). - e1000e: move force SMBUS from enable ulp function to avoid PHY loss issue (git-fixes). - e1000e: Workaround for sporadic MDI error on Meteor Lake systems (git-fixes). - ecryptfs: Fix buffer size for tag 66 packet (git-fixes) - ecryptfs: Reject casefold directory inodes (git-fixes) - EDAC/synopsys: Fix ECC status and IRQ control race condition (git-fixes). - Edit 'amdkfd: use calloc instead of kzalloc to avoid integer overflow' Reference CVE and bug numbers. - efi: disable mirror feature during crashkernel (stable-fixes). - efi: fix panic in kdump kernel (git-fixes). - efi: libstub: only free priv.runtime_map when allocated (git-fixes). - efi/unaccepted: do not let /proc/vmcore try to access unaccepted memory (git-fixes). - efi/unaccepted: touch soft lockup during memory accept (git-fixes). - Enable CONFIG_FIPS_SIGNATURE_SELFTEST (bsc#1222771) - Enable new CONFIG_FIPS_SIGNATURE_SELFTEST_ECDSA. - Enable new CONFIG_FIPS_SIGNATURE_SELFTEST_RSA. - extcon: max8997: select IRQ_DOMAIN instead of depending on it (git-fixes). - fast_dput(): handle underflows gracefully (git-fixes) - fat: fix uninitialized field in nostale filehandles (git-fixes) - fbdev: fix incorrect address computation in deferred IO (git-fixes). - fbdev: savage: Handle err return when savagefb_check_var failed (git-fixes). - fbdev: sh7760fb: allow modular build (git-fixes). - fbdev: shmobile: fix snprintf truncation (git-fixes). - fbdev: sisfb: hide unused variables (git-fixes). - fbdev: viafb: fix typo in hw_bitblt_1 and hw_bitblt_2 (stable-fixes). - fbmon: prevent division by zero in fb_videomode_from_videomode() (stable-fixes). - firewire: core: use long bus reset on gap count error (stable-fixes). - firewire: ohci: mask bus reset interrupts between ISR and bottom half (stable-fixes). - firmware: arm_scmi: Make raw debugfs entries non-seekable (git-fixes). - firmware: dmi-id: add a release callback function (git-fixes). - firmware: raspberrypi: Use correct device for DMA mappings (git-fixes). - firmware: tegra: bpmp: Return directly after a failed kzalloc() in get_filename() (stable-fixes). - Fix a potential infinite loop in extract_user_to_sg() (git-fixes). - Fix build errors due to new UIO_MEM_DMA_COHERENT mess (git-fixes). - fs/9p: only translate RWX permissions for plain 9P2000 (git-fixes) - fs/9p: translate O_TRUNC into OTRUNC (git-fixes) - fs: Fix error checking for d_hash_and_lookup() (git-fixes) - fs: indicate request originates from old mount API (git-fixes) - fs: relax mount_setattr() permission checks (git-fixes) - fsverity: skip PKCS#7 parser when keyring is empty (git-fixes) - ftrace: Fix possible use-after-free issue in ftrace_location() (git-fixes). - fuse: do not unhash root (bsc#1223946). - fuse: fix root lookup with nonzero generation (bsc#1223945). - geneve: fix header validation in geneve[6]_xmit_skb (git-fixes). - geneve: make sure to pull inner header in geneve_rx() (git-fixes). - gpio: cdev: check for NULL labels when sanitizing them for irqs (git-fixes). - gpio: cdev: fix missed label sanitizing in debounce_setup() (git-fixes). - gpio: cdev: sanitize the label before requesting the interrupt (stable-fixes). - gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes). - gpiolib: cdev: fix uninitialised kfifo (git-fixes). - gpiolib: cdev: relocate debounce_period_us from struct gpio_desc (stable-fixes). - gpiolib: swnode: Remove wrong header inclusion (git-fixes). - gpio: tangier: Use correct type for the IRQ chip data (git-fixes). - gpio: tegra186: Fix tegra186_gpio_is_accessible() check (git-fixes). - gpio: wcove: Use -ENOTSUPP consistently (stable-fixes). - gpu: host1x: Do not setup DMA for virtual devices (stable-fixes). - gtp: fix use-after-free and null-ptr-deref in gtp_newlink() (git-fixes). - HID: amd_sfh: Handle 'no sensors' in PM operations (git-fixes). - HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up (git-fixes). - HID: input: avoid polling stylus battery on Chromebook Pompom (stable-fixes). - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (git-fixes). - HID: intel-ish-hid: ipc: Fix dev_err usage with uninitialized dev->devc (git-fixes). - HID: logitech-dj: allow mice to use all types of reports (git-fixes). - HID: multitouch: Add required quirk for Synaptics 0xcddc device (stable-fixes). - hwmon: (amc6821) add of_match table (stable-fixes). - hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock (git-fixes). - hwmon: (corsair-cpro) Use a separate buffer for sending commands (git-fixes). - hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() (git-fixes). - hwmon: (intel-m10-bmc-hwmon) Fix multiplier for N6000 board power sensor (git-fixes). - hwmon: (lm70) fix links in doc and comments (git-fixes). - hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us (git-fixes). - hwmon: (shtc1) Fix property misspelling (git-fixes). - hwtracing: hisi_ptt: Move type check to the beginning of hisi_ptt_pmu_event_init() (git-fixes). - i2c: acpi: Unbind mux adapters before delete (git-fixes). - i2c: cadence: Avoid fifo clear after start (git-fixes). - i2c: pxa: hide unused icr_bits[] variable (git-fixes). - i2c: smbus: fix NULL function pointer dereference (git-fixes). - i2c: synquacer: Fix an error handling path in synquacer_i2c_probe() (git-fixes). - i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame (git-fixes). - i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (git-fixes). - i40e: disable NAPI right after disabling irqs when handling xsk_pool (git-fixes). - i40e: Enforce software interrupt during busy-poll exit (git-fixes). - i40e: Fix firmware version comparison function (git-fixes). - i40e: fix i40e_count_filters() to count only active/new filters (git-fixes). - i40e: Fix VF MAC filter removal (git-fixes). - i40e: fix vf may be used uninitialized in this function warning (git-fixes). - i915: make inject_virtual_interrupt() void (stable-fixes). - IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes) - ice: fix enabling RX VLAN filtering (git-fixes). - ice: fix memory corruption bug with suspend and rebuild (git-fixes). - ice: fix stats being updated by way too large values (git-fixes). - ice: fix typo in assignment (git-fixes). - ice: fix uninitialized dplls mutex usage (git-fixes). - ice: reconfig host after changing MSI-X on VF (git-fixes). - ice: Refactor FW data type and fix bitmap casting issue (git-fixes). - ice: reorder disabling IRQ and NAPI in ice_qp_dis (git-fixes). - ice: use relative VSI index for VFs instead of PF VSI number (git-fixes). - ice: virtchnl: stop pretending to support RSS over AQ or registers (git-fixes). - ida: make 'ida_dump' static (git-fixes). - idma64: Do not try to serve interrupts when device is powered off (git-fixes). - idpf: disable local BH when scheduling napi for marker packets (git-fixes). - idpf: extend tx watchdog timeout (bsc#1224137). - idpf: fix kernel panic on unknown packet types (git-fixes). - igb: extend PTP timestamp adjustments to i211 (git-fixes). - igb: Fix missing time sync events (git-fixes). - igc: avoid returning frame twice in XDP_REDIRECT (git-fixes). - igc: Fix missing time sync events (git-fixes). - igc: Remove stale comment about Tx timestamping (git-fixes). - iio: accel: mxc4005: Interrupt handling fixes (git-fixes). - iio: adc: stm32: Fixing err code to not indicate success (git-fixes). - iio: core: Leave private pointer NULL when no private data supplied (git-fixes). - iio: dummy_evgen: remove Excess kernel-doc comments (git-fixes). - iio: gts-helper: Fix division loop (git-fixes). - iio:imu: adis16475: Fix sync mode setting (git-fixes). - iio: pressure: dps310: support negative temperature values (git-fixes). - iio: pressure: Fixes BME280 SPI driver data (git-fixes). - inet_diag: annotate data-races around inet_diag_table[] (git-fixes). - inet: frags: eliminate kernel-doc warning (git-fixes). - init/main.c: Fix potential static_command_line memory overflow (git-fixes). - init: open /initrd.image with O_LARGEFILE (stable-fixes). - Input: allocate keycode for Display refresh rate toggle (stable-fixes). - Input: cyapa - add missing input core locking to suspend/resume functions (git-fixes). - Input: gpio_keys_polled - suppress deferred probe error for gpio (stable-fixes). - Input: imagis - use FIELD_GET where applicable (stable-fixes). - Input: ims-pcu - fix printf string overflow (git-fixes). - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (git-fixes). - Input: synaptics-rmi4 - fail probing if memory allocation for 'phys' fails (stable-fixes). - input/touchscreen: imagis: Correct the maximum touch area value (stable-fixes). - Input: xpad - add additional HyperX Controller Identifiers (stable-fixes). - Input: xpad - add support for Snakebyte GAMEPADs (stable-fixes). - intel: legacy: Partial revert of field get conversion (git-fixes). - interconnect: qcom: osm-l3: Replace custom implementation of COUNT_ARGS() (git-fixes). - interconnect: qcom: qcm2290: Fix mas_snoc_bimc QoS port assignment (git-fixes). - interconnect: qcom: sc8180x: Mark CO0 BCM keepalive (git-fixes). - interconnect: qcom: sm8550: Enable sync_state (git-fixes). - iomap: clear the per-folio dirty bits on all writeback failures (git-fixes) - iommu/arm-smmu-v3: Check that the RID domain is S1 in SVA (git-fixes). - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331) - iommu/dma: Trace bounce buffer usage when mapping buffers (git-fixes). - iommufd: Add missing IOMMUFD_DRIVER kconfig for the selftest (git-fixes). - iommufd: Fix iopt_access_list_id overwrite bug (git-fixes). - iommufd/iova_bitmap: Bounds check mapped::pages access (git-fixes). - iommufd/iova_bitmap: Consider page offset for the pages to be pinned (git-fixes). - iommufd/iova_bitmap: Switch iova_bitmap::bitmap to an u8 array (git-fixes). - iommufd: Reject non-zero data_type if no data_len is provided (git-fixes). - iommu: Map reserved memory as cacheable if device is coherent (git-fixes). - iommu/vt-d: Allocate local memory for page request queue (git-fixes). - iommu/vt-d: Fix wrong use of pasid config (git-fixes). - iommu/vt-d: Set SSADE when attaching to a parent with dirty tracking (git-fixes). - iommu/vt-d: Update iotlb in nested domain attach (git-fixes). - ionic: set adminq irq affinity (git-fixes). - io_uring: kabi cookie remove (bsc#1217384). - ipv4: annotate data-races around fi->fib_dead (git-fixes). - irqchip/alpine-msi: Fix off-by-one in allocation error path (git-fixes). - irqchip/armada-370-xp: Suppress unused-function warning (git-fixes). - irqchip/gic-v3-its: Do not assume vPE tables are preallocated (git-fixes). - irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (git-fixes). - irqchip/gic-v3-its: Prevent double free on error (git-fixes). - irqchip/loongson-pch-msi: Fix off-by-one on allocation error path (git-fixes). - irqchip/mbigen: Do not use bus_get_dev_root() to find the parent (git-fixes). - irqchip/renesas-rzg2l: Add macro to retrieve TITSR register offset based on register's index (stable-fixes). - irqchip/renesas-rzg2l: Flush posted write in irq_eoi() (git-fixes). - irqchip/renesas-rzg2l: Implement restriction when writing ISCR register (stable-fixes). - irqchip/renesas-rzg2l: Prevent spurious interrupts when setting trigger type (git-fixes). - irqchip/renesas-rzg2l: Rename rzg2l_irq_eoi() (stable-fixes). - irqchip/renesas-rzg2l: Rename rzg2l_tint_eoi() (stable-fixes). - ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() (git-fixes). - ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able (git-fixes). - jffs2: prevent xattr node from overflowing the eraseblock (git-fixes). - kABI: Adjust trace_iterator.wait_index (git-fixes). - kABI fix of KVM: x86/pmu: Allow programming events that match unsupported arch events (bsc#1225696). - kABI fix of KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible (git-fixes). - kabi fix of perf/x86/intel: Expose existence of callback support to KVM (git fixes). - kabi/severities: ignore brcmfmac-specific local symbols - kabi/severities: ignore IMS functions They were dropped in previous patches. Noone is supposed to use them. - kabi/severities: ignore TAS2781 symbol drop, it's only locally used - kabi/severities: ignore Wangxun ethernet driver local symbols - kabi/severities: Remove mitigation-related symbols Those are used by the core kernel to implement CPU vulnerabilities mitigation and are not expected to be consumed by 3rd party users. - kABI workaround for cs35l56 (git-fixes). - kABI workaround for of driver changes (git-fixes). - kasan: disable kasan_non_canonical_hook() for HW tags (git-fixes). - kasan, fortify: properly rename memintrinsics (git-fixes). - kasan: print the original fault addr when access invalid shadow (git-fixes). - kasan/test: avoid gcc warning for intentional overflow (git-fixes). - kbuild: Move -Wenum-{compare-conditional,enum-conversion} into W=1 (stable-fixes). - kconfig: fix infinite loop when expanding a macro at the end of file (git-fixes). - kexec: do syscore_shutdown() in kernel_kexec (git-fixes). - KEYS: trusted: Do not use WARN when encode fails (git-fixes). - KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes). - kprobes: Fix possible use-after-free issue on kprobe registration (git-fixes). - kselftest: Add a ksft_perror() helper (stable-fixes). - kunit/fortify: Fix mismatched kvalloc()/vfree() usage (git-fixes). - KVM: nVMX: Clear EXIT_QUALIFICATION when injecting an EPT Misconfig (git-fixes). - KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1224790). - KVM: SVM: Add support for allowing zero SEV ASIDs (git-fixes). - KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (git-fixes). - KVM: SVM: Use unsigned integers when dealing with ASIDs (git-fixes). - KVM: VMX: Disable LBR virtualization if the CPU does not support LBR callstacks (git-fixes). - KVM: VMX: Report up-to-date exit qualification to userspace (git-fixes). - KVM: x86: Allow, do not ignore, same-value writes to immutable MSRs (git-fixes). - KVM: x86: Fix broken debugregs ABI for 32 bit kernels (git-fixes). - KVM: x86: Fully re-initialize supported_mce_cap on vendor module load (git-fixes). - KVM: x86: Introduce __kvm_get_hypervisor_cpuid() helper (git-fixes). - KVM: x86: Mark target gfn of emulated atomic instruction as dirty (git-fixes). - KVM: x86/mmu: Do not force emulation of L2 accesses to non-APIC internal slots (git-fixes). - KVM: x86/mmu: Move private vs. shared check above slot validity checks (git-fixes). - KVM: x86/mmu: Restrict KVM_SW_PROTECTED_VM to the TDP MMU (git-fixes). - KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status (git-fixes). - KVM: x86: Only set APICV_INHIBIT_REASON_ABSENT if APICv is enabled (git-fixes). - KVM: x86/pmu: Allow programming events that match unsupported arch events (git-fixes). - KVM: x86/pmu: Always treat Fixed counters as available when supported (git-fixes). - KVM: x86/pmu: Apply 'fast' RDPMC only to Intel PMUs (git-fixes). - KVM: x86/pmu: Disable support for adaptive PEBS (git-fixes). - KVM: x86/pmu: Disallow 'fast' RDPMC for architectural Intel PMUs (git-fixes). - KVM: x86/pmu: Do not ignore bits 31:30 for RDPMC index on AMD (git-fixes). - KVM: x86/pmu: Do not mask LVTPC when handling a PMI on AMD platforms (git-fixes). - KVM: x86/pmu: Explicitly check NMI from guest to reducee false positives (git-fixes). - KVM: x86/pmu: Prioritize VMX interception over #GP on RDPMC due to bad index (git-fixes). - KVM: x86/pmu: Set enable bits for GP counters in PERF_GLOBAL_CTRL at 'RESET' (git-fixes). - KVM: x86/pmu: Zero out PMU metadata on AMD if PMU is disabled (git-fixes). - KVM: x86: Snapshot if a vCPU's vendor model is AMD vs. Intel compatible (git-fixes). - KVM: x86: Update KVM_SW_PROTECTED_VM docs to make it clear they're a WIP (git-fixes). - KVM: x86: Use actual kvm_cpuid.base for clearing KVM_FEATURE_PV_UNHALT (git-fixes). - KVM: x86/xen: fix recursive deadlock in timer injection (git-fixes). - KVM: x86/xen: improve accuracy of Xen timers (git-fixes). - KVM: x86/xen: inject vCPU upcall vector when local APIC is enabled (git-fixes). - KVM: x86/xen: remove WARN_ON_ONCE() with false positives in evtchn delivery (git-fixes). - leds: pwm: Disable PWM when going to suspend (git-fixes). - libnvdimm: Fix ACPI_NFIT in BLK_DEV_PMEM help (jsc#PED-5853). - libperf evlist: Avoid out-of-bounds access (git-fixes). - libsubcmd: Fix parse-options memory leak (git-fixes). - lib/test_hmm.c: handle src_pfns and dst_pfns allocation failure (git-fixes). - livepatch: Fix missing newline character in klp_resolve_symbols() (bsc#1223539). - locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock (git-fixes) - lsm: fix the logic in security_inode_getsecctx() (git-fixes). - mac802154: fix llsec key resources release in mac802154_llsec_key_del (git-fixes). - maple_tree: fix mas_empty_area_rev() null pointer dereference (git-fixes). - md: add a new helper rdev_has_badblock() (jsc#PED-7542). - md: add a new helper reshape_interrupted() (jsc#PED-7542). - md: changed the switch of RAID_VERSION to if (jsc#PED-7542). - md: check mddev->pers before calling md_set_readonly() (jsc#PED-7542). - md: clean up invalid BUG_ON in md_ioctl (jsc#PED-7542). - md: clean up openers check in do_md_stop() and md_set_readonly() (jsc#PED-7542). - md/dm-raid: do not call md_reap_sync_thread() directly (jsc#PED-7542). - md: Do not clear MD_CLOSING when the raid is about to stop (jsc#PED-7542). - md: do not clear MD_RECOVERY_FROZEN for new dm-raid until resume (jsc#PED-7542). - md: export helper md_is_rdwr() (jsc#PED-7542). - md: export helpers to stop sync_thread (jsc#PED-7542). - md: factor out a helper to sync mddev (jsc#PED-7542). - md: fix kmemleak of rdev->serial (jsc#PED-7542). - md: get rdev->mddev with READ_ONCE() (jsc#PED-7542). - md: merge the check of capabilities into md_ioctl_valid() (jsc#PED-7542). - md: preserve KABI in struct md_personality (jsc#PED-7542). - md/raid1-10: add a helper raid1_check_read_range() (jsc#PED-7542). - md/raid1-10: factor out a new helper raid1_should_read_first() (jsc#PED-7542). - md/raid1: factor out choose_bb_rdev() from read_balance() (jsc#PED-7542). - md/raid1: factor out choose_slow_rdev() from read_balance() (jsc#PED-7542). - md/raid1: factor out helpers to add rdev to conf (jsc#PED-7542). - md/raid1: factor out helpers to choose the best rdev from read_balance() (jsc#PED-7542). - md/raid1: factor out read_first_rdev() from read_balance() (jsc#PED-7542). - md/raid1: factor out the code to manage sequential IO (jsc#PED-7542). - md/raid1: fix choose next idle in read_balance() (jsc#PED-7542). - md/raid1: record nonrot rdevs while adding/removing rdevs to conf (jsc#PED-7542). - md: remove redundant check of 'mddev->sync_thread' (jsc#PED-7542). - md: remove redundant md_wakeup_thread() (jsc#PED-7542). - md: return directly before setting did_set_md_closing (jsc#PED-7542). - md: sync blockdev before stopping raid or setting readonly (jsc#PED-7542). - md: use RCU lock to protect traversal in md_spares_need_change() (jsc#PED-7542). - media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (git-fixes). - media: cadence: csi2rx: use match fwnode for media link (git-fixes). - media: cec: core: remove length check of Timer Status (stable-fixes). - media: dt-bindings: ovti,ov2680: Fix the power supply names (git-fixes). - media: flexcop-usb: fix sanity check of bNumEndpoints (git-fixes). - media: i2c: et8ek8: Do not strip remove function when driver is builtin (git-fixes). - media: ipu3-cio2: Request IRQ earlier (git-fixes). - media: mc: Fix flags handling when creating pad links (stable-fixes). - media: mc: Fix graph walk in media_pipeline_start (git-fixes). - media: mc: mark the media devnode as registered from the, start (git-fixes). - media: mc: Rename pad variable to clarify intent (stable-fixes). - media: ngene: Add dvb_ca_en50221_init return value check (git-fixes). - media: rcar-vin: work around -Wenum-compare-conditional warning (git-fixes). - media: rkisp1: Fix IRQ handling due to shared interrupts (stable-fixes). - media: sta2x11: fix irq handler cast (stable-fixes). - media: stk1160: fix bounds checking in stk1160_copy_video() (git-fixes). - media: sunxi: a83-mips-csi2: also select GENERIC_PHY (git-fixes). - media: uvcvideo: Add quirk for Logitech Rally Bar (git-fixes). - media: v4l2-subdev: Fix stream handling for crop API (git-fixes). - media: v4l: Do not turn on privacy LED if streamon fails (git-fixes). - mei: me: add arrow lake point H DID (stable-fixes). - mei: me: add arrow lake point S DID (stable-fixes). - mei: me: add lunar lake point M DID (stable-fixes). - mei: me: disable RPL-S on SPS and IGN firmwares (git-fixes). - mlxbf_gige: call request_irq() after NAPI initialized (git-fixes). - mlxbf_gige: stop interface during shutdown (git-fixes). - mlxbf_gige: stop PHY during open() error paths (git-fixes). - mlxsw: Use refcount_t for reference counting (git-fixes). - mmc: core: Add HS400 tuning in HS400es initialization (stable-fixes). - mmc: core: Avoid negative index with array access (git-fixes). - mmc: core: Initialize mmc_blk_ioc_data (git-fixes). - mmc: davinci: Do not strip remove function when driver is builtin (git-fixes). - mmc: omap: fix broken slot switch lookup (git-fixes). - mmc: omap: fix deferred probe (git-fixes). - mmc: omap: restore original power up/down steps (git-fixes). - mmc: sdhci_am654: Add ITAPDLYSEL in sdhci_j721e_4bit_set_clock (git-fixes). - mmc: sdhci_am654: Add OTAP/ITAP delay enable (git-fixes). - mmc: sdhci_am654: Add tuning algorithm for delay chain (git-fixes). - mmc: sdhci_am654: Fix ITAPDLY for HS400 timing (git-fixes). - mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes). - mmc: sdhci-msm: pervent access to suspended controller (git-fixes). - mmc: sdhci-omap: re-tuning is needed after a pm transition to support emmc HS200 mode (git-fixes). - mm_init kABI workaround (git-fixes). - mm: memcg: do not periodically flush stats when memcg is disabled (bsc#1222525). - mm: memcg: use larger batches for proactive reclaim (bsc#1222522). - mm,page_owner: check for null stack_record before bumping its refcount (bsc#1222366). - mm,page_owner: Defer enablement of static branch (bsc#1222366). - mm,page_owner: drop unnecessary check (bsc#1222366). - mm,page_owner: Fix accounting of pages when migrating (bsc#1222366). - mm,page_owner: Fix printing of stack records (bsc#1222366). - mm,page_owner: fix recursion (bsc#1222366). - mm,page_owner: Fix refcount imbalance (bsc#1222366). - mm: page_owner: fix wrong information in dump_page_owner (git-fixes). - mm,page_owner: Update metadata for tail pages (bsc#1222366). - mm/slab: make __free(kfree) accept error pointers (git-fixes). - modpost: Add '.ltext' and '.ltext.*' to TEXT_SECTIONS (stable-fixes). - mptcp: annotate data-races around msk->rmem_fwd_alloc (git-fixes). - mptcp: fix bogus receive window shrinkage with multiple subflows (git-fixes). - mptcp: move __mptcp_error_report in protocol.c (git-fixes). - mptcp: process pending subflow error on close (git-fixes). - mptcp: Remove unnecessary test for __mptcp_init_sock() (git-fixes). - mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (git-fixes). - mtd: diskonchip: work around ubsan link failure (stable-fixes). - mtd: rawnand: hynix: fixed typo (git-fixes). - mtd: spinand: Add support for 5-byte IDs (stable-fixes). - net: add netdev_lockdep_set_classes() to virtual drivers (git-fixes). - net: annotate data-races around sk->sk_bind_phc (git-fixes). - net: annotate data-races around sk->sk_forward_alloc (git-fixes). - net: annotate data-races around sk->sk_lingertime (git-fixes). - net: annotate data-races around sk->sk_tsflags (git-fixes). - net: bonding: remove kernel-doc comment marker (git-fixes). - net: cfg802154: fix kernel-doc notation warnings (git-fixes). - net: dsa: microchip: fix register write order in ksz8_ind_write8() (git-fixes). - net: dsa: mt7530: fix handling of all link-local frames (git-fixes). - net: dsa: mt7530: fix link-local frames that ingress vlan filtering ports (git-fixes). - net: dsa: mt7530: prevent possible incorrect XTAL frequency selection (git-fixes). - net: dsa: mt7530: trap link-local frames regardless of ST Port State (git-fixes). - net: dsa: sja1105: Fix parameters order in sja1110_pcs_mdio_write_c45() (git-fixes). - net: ena: Fix incorrect descriptor free behavior (git-fixes). - net: ena: Fix potential sign extension issue (git-fixes). - net: ena: Move XDP code to its new files (git-fixes). - net: ena: Pass ena_adapter instead of net_device to ena_xmit_common() (git-fixes). - net: ena: Remove ena_select_queue (git-fixes). - net: ena: Set tx_info->xdpf value to NULL (git-fixes). - net: ena: Use tx_ring instead of xdp_ring for XDP channel TX (git-fixes). - net: ena: Wrong missing IO completions check order (git-fixes). - net: ethernet: mtk_eth_soc: fix PPE hanging issue (git-fixes). - net: ethernet: ti: cpsw: enable mac_managed_pm to fix mdio (git-fixes). - net: fec: Set mac_managed_pm during probe (git-fixes). - netfilter: nf_tables: disable toggling dormant table state more than once (git-fixes). - netfilter: nf_tables: uapi: Describe NFTA_RULE_CHAIN_ID (git-fixes). - netfilter: nft_ct: fix l3num expectations with inet pseudo family (git-fixes). - netfilter: nft_set_rbtree: use read spinlock to avoid datapath contention (git-fixes). - net: hns3: fix index limit to support all queue stats (git-fixes). - net: hns3: fix kernel crash when 1588 is received on HIP08 devices (git-fixes). - net: hns3: fix kernel crash when devlink reload during pf initialization (git-fixes). - net: hns3: fix port duplex configure error in IMP reset (git-fixes). - net: hns3: fix wrong judgment condition issue (git-fixes). - net: hns3: mark unexcuted loopback test result as UNEXECUTED (git-fixes). - net: hns3: tracing: fix hclgevf trace event strings (git-fixes). - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() (git-fixes). - net: ks8851: Handle softirqs at the end of IRQ thread to fix hang (git-fixes). - net: ks8851: Inline ks8851_rx_skb() (git-fixes). - net: ks8851: Queue RX packets in IRQ handler instead of disabling BHs (git-fixes). - net: lan743x: Add set RFE read fifo threshold for PCI1x1x chips (git-fixes). - net: libwx: fix memory leak on free page (git-fixes). - net: llc: fix kernel-doc notation warnings (git-fixes). - net: ll_temac: platform_get_resource replaced by wrong function (git-fixes). - net: mana: Fix Rx DMA datasize and skb_over_panic (git-fixes). - net: mediatek: mtk_eth_soc: clear MAC_MCR_FORCE_LINK only when MAC is up (git-fixes). - net/mlx5: Correctly compare pkt reformat ids (git-fixes). - net/mlx5e: Change the warning when ignore_flow_level is not supported (git-fixes). - net/mlx5e: Do not produce metadata freelist entries in Tx port ts WQE xmit (git-fixes). - net/mlx5e: Fix MACsec state loss upon state update in offload path (git-fixes). - net/mlx5e: Fix mlx5e_priv_init() cleanup flow (git-fixes). - net/mlx5e: HTB, Fix inconsistencies with QoS SQs number (git-fixes). - net/mlx5e: RSS, Block changing channels number when RXFH is configured (git-fixes). - net/mlx5e: RSS, Block XOR hash with over 128 channels (git-fixes). - net/mlx5: E-switch, Change flow rule destination checking (git-fixes). - net/mlx5: E-switch, store eswitch pointer before registering devlink_param (git-fixes). - net/mlx5e: Switch to using _bh variant of of spinlock API in port timestamping NAPI poll context (git-fixes). - net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map (git-fixes). - net/mlx5: Fix fw reporter diagnose output (git-fixes). - net/mlx5: Fix peer devlink set for SF representor devlink port (git-fixes). - net/mlx5: Lag, restore buckets number to default after hash LAG deactivation (git-fixes). - net/mlx5: offset comp irq index in name by one (git-fixes). - net/mlx5: Properly link new fs rules into the tree (git-fixes). - net/mlx5: Register devlink first under devlink lock (git-fixes). - net/mlx5: Restore mistakenly dropped parts in register devlink flow (git-fixes). - net/mlx5: SF, Stop waiting for FW as teardown was called (git-fixes). - net: nfc: remove inappropriate attrs check (stable-fixes). - net: NSH: fix kernel-doc notation warning (git-fixes). - net: pcs: xpcs: Return EINVAL in the internal methods (git-fixes). - net: phy: fix phy_read_poll_timeout argument type in genphy_loopback (git-fixes). - net: phy: micrel: Fix potential null pointer dereference (git-fixes). - net: phy: micrel: lan8814: Fix when enabling/disabling 1-step timestamping (git-fixes). - net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8061 (git-fixes). - net: phy: phy_device: Prevent nullptr exceptions on ISR (git-fixes). - net: phy: phy_device: Prevent nullptr exceptions on ISR (stable-fixes). - net: ravb: Always process TX descriptor ring (git-fixes). - net: ravb: Let IP-specific receive function to interrogate descriptors (git-fixes). - net/smc: bugfix for smcr v2 server connect success statistic (git-fixes). - net/smc: fix documentation of buffer sizes (git-fixes). - net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add (git-fixes). - net: smsc95xx: add support for SYS TEC USB-SPEmodule1 (git-fixes). - net: sparx5: Fix use after free inside sparx5_del_mact_entry (git-fixes). - net: sparx5: fix wrong config being used when reconfiguring PCS (git-fixes). - net: sparx5: flower: fix fragment flags handling (git-fixes). - net: stmmac: dwmac-starfive: Add support for JH7100 SoC (git-fixes). - net: stmmac: Fix incorrect dereference in interrupt handlers (git-fixes). - net: stmmac: fix rx queue priority assignment (git-fixes). - net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() (git-fixes). - net: tcp: fix unexcepted socket die when snd_wnd is 0 (git-fixes). - net: tls: fix returned read length with async decrypt (bsc#1221858). - net: tls: fix use-after-free with partial reads and async (bsc#1221858). - net: tls, fix WARNIING in __sk_msg_free (bsc#1221858). - net: usb: ax88179_178a: avoid the interface always configured as random address (git-fixes). - net: usb: ax88179_178a: avoid writing the mac address before first reading (git-fixes). - net: usb: ax88179_178a: fix link status when link is set to down/up (git-fixes). - net: usb: ax88179_178a: stop lying about skb->truesize (git-fixes). - net:usb:qmi_wwan: support Rolling modules (stable-fixes). - net: usb: smsc95xx: stop lying about skb->truesize (git-fixes). - net: usb: sr9700: stop lying about skb->truesize (git-fixes). - net: Use sockaddr_storage for getsockopt(SO_PEERNAME) (git-fixes). - net: veth: do not manipulate GRO when using XDP (git-fixes). - net: wwan: t7xx: Split 64bit accesses to fix alignment issues (git-fixes). - net/x25: fix incorrect parameter validation in the x25_getsockopt() function (git-fixes). - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes). - nfc: nci: Fix kcov check in nci_rx_work() (git-fixes). - nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet (git-fixes). - nfc: nci: Fix uninit-value in nci_rx_work (git-fixes). - nf_conntrack: fix -Wunused-const-variable= (git-fixes). - NFC: trf7970a: disable all regulators on removal (git-fixes). - nfp: flower: handle acti_netdevs allocation failure (git-fixes). - NFSD: change LISTXATTRS cookie encoding to big-endian (git-fixes). - NFSD: Convert the callback workqueue to use delayed_work (git-fixes). - nfsd: do not call locks_release_private() twice concurrently (git-fixes). - nfsd: Fix a regression in nfsd_setattr() (git-fixes). - NFSD: fix LISTXATTRS returning a short list with eof=TRUE (git-fixes). - NFSD: fix LISTXATTRS returning more bytes than maxcount (git-fixes). - NFSD: fix nfsd4_listxattr_validate_cookie (git-fixes). - NFSD: Fix nfsd_clid_class use of __string_len() macro (git-fixes). - NFSD: Reschedule CB operations when backchannel rpc_clnt is shut down (git-fixes). - NFSD: Reset cb_seq_status after NFS4ERR_DELAY (git-fixes). - NFSD: Retransmit callbacks after client reconnects (git-fixes). - nfsd: use __fput_sync() to avoid delayed closing of files (bsc#1223380 bsc#1217408). - NFS: Fix an off by one in root_nfs_cat() (git-fixes). - NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt (git-fixes). - nfs: fix panic when nfs4_ff_layout_prepare_ds() fails (git-fixes). - NFS: Read unlock folio on nfs_page_create_from_folio() error (git-fixes). - NFSv4.1/pnfs: fix NFS with TLS in pnfs (git-fixes). - NFSv4.2: fix listxattr maximum XDR buffer size (git-fixes). - NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (git-fixes). - nilfs2: fix OOB in nilfs_set_de_type (git-fixes). - nilfs2: fix out-of-range warning (git-fixes). - nilfs2: fix potential bug in end_buffer_async_write (git-fixes). - nilfs2: fix unexpected freezing of nilfs_segctor_sync() (git-fixes). - nilfs2: fix use-after-free of timer for log writer thread (git-fixes). - nilfs2: make superblock data array index computation sparse friendly (git-fixes). - nouveau/dmem: handle kcalloc() allocation failure (git-fixes). - nouveau: fix devinit paths to only handle display on GSP (git-fixes). - nouveau: fix function cast warning (git-fixes). - nouveau: fix instmem race condition around ptr stores (git-fixes). - nouveau/gsp: do not check devinit disable on GSP (git-fixes). - nouveau: lock the client object tree (stable-fixes). - nouveau: reset the bo resource bus info after an eviction (git-fixes). - nouveau/uvmm: fix addr/range calcs for remap operations (git-fixes). - nvdimm: make nvdimm_bus_type const (jsc#PED-5853). - nvdimm/pmem: fix leak on dax_add_host() failure (jsc#PED-5853). - nvdimm/pmem: Treat alloc_dax() -EOPNOTSUPP failure as non-fatal (jsc#PED-5853). - nvme-fc: do not wait in vain when unloading module (git-fixes). - nvme: fix multipath batched completion accounting (git-fixes). - nvme: fix reconnection fail due to reserved tag allocation (git-fixes). - nvme: fix warn output about shared namespaces without CONFIG_NVME_MULTIPATH (git-fixes). - nvme-multipath: fix io accounting on failover (git-fixes). - nvme-pci: Add quirk for broken MSIs (git-fixes). - nvme-tcp: strict pdu pacing to avoid send stalls on TLS (bsc#1221858). - nvmet-fc: abort command when there is no binding (git-fixes). - nvmet-fc: avoid deadlock on delete association path (git-fixes). - nvmet-fc: defer cleanup using RCU properly (git-fixes). - nvmet-fc: hold reference on hostport match (git-fixes). - nvmet-fcloop: swap the list_add_tail arguments (git-fixes). - nvmet-fc: release reference on target port (git-fixes). - nvmet-fc: take ref count on tgtport before delete assoc (git-fixes). - nvmet: fix ns enable/disable possible hang (git-fixes). - nvmet-tcp: fix nvme tcp ida memory leak (git-fixes). - octeontx2-af: Add array index check (git-fixes). - octeontx2-af: Fix devlink params (git-fixes). - octeontx2-af: Fix issue with loading coalesced KPU profiles (git-fixes). - octeontx2-af: Fix NIX SQ mode and BP config (git-fixes). - Octeontx2-af: fix pause frame configuration in GMP mode (git-fixes). - octeontx2-af: Use matching wake_up API variant in CGX command interface (git-fixes). - octeontx2-af: Use separate handlers for interrupts (git-fixes). - octeontx2: Detect the mbox up or down message via register (git-fixes). - octeontx2-pf: check negative error code in otx2_open() (git-fixes). - octeontx2-pf: fix FLOW_DIS_IS_FRAGMENT implementation (git-fixes). - octeontx2-pf: Fix transmit scheduler resource leak (git-fixes). - octeontx2-pf: Send UP messages to VF only when VF is up (git-fixes). - octeontx2-pf: Use default max_active works instead of one (git-fixes). - octeontx2-pf: Wait till detach_resources msg is complete (git-fixes). - of: dynamic: Synchronize of_changeset_destroy() with the devlink removals (git-fixes). - of: module: add buffer overflow check in of_modalias() (git-fixes). - of: module: prevent NULL pointer dereference in vsnprintf() (stable-fixes). - of: property: Add in-ports/out-ports support to of_graph_get_port_parent() (stable-fixes). - of: property: fix typo in io-channels (git-fixes). - of: property: fw_devlink: Fix stupid bug in remote-endpoint parsing (git-fixes). - of: property: Improve finding the consumer of a remote-endpoint property (git-fixes). - of: property: Improve finding the supplier of a remote-endpoint property (git-fixes). - of: unittest: Fix compile in the non-dynamic case (git-fixes). - overflow: Allow non-type arg to type_max() and type_min() (stable-fixes). - PCI/AER: Block runtime suspend when handling errors (stable-fixes). - PCI/ASPM: Use RMW accessors for changing LNKCTL (git-fixes). - PCI: Delay after FLR of Solidigm P44 Pro NVMe (stable-fixes). - PCI: Disable D3cold on Asus B1400 PCI-NVMe bridge (stable-fixes). - PCI/DPC: Quirk PIO log size for Intel Raptor Lake Root Ports (stable-fixes). - PCI/DPC: Use FIELD_GET() (stable-fixes). - PCI: dwc: ep: Fix DBI access failure for drivers requiring refclk from host (git-fixes). - PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (git-fixes). - PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (git-fixes). - PCI: Execute quirk_enable_clear_retrain_link() earlier (stable-fixes). - PCI: Fix typos in docs and comments (stable-fixes). - PCI: hv: Fix ring buffer size calculation (git-fixes). - PCI: Make link retraining use RMW accessors for changing LNKCTL (git-fixes). - PCI/PM: Drain runtime-idle callbacks before driver removal (stable-fixes). - PCI: qcom: Add support for sa8775p SoC (git-fixes). - PCI: qcom: Disable ASPM L0s for sc8280xp, sa8540p and sa8295p (git-fixes). - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (git-fixes). - PCI: rpaphp: Error out on busy status from get-sensor-state (bsc#1223369 ltc#205888). - PCI: Simplify pcie_capability_clear_and_set_word() to ..._clear_word() (stable-fixes). - PCI: switchtec: Add support for PCIe Gen5 devices (stable-fixes). - PCI: switchtec: Use normal comment style (stable-fixes). - PCI: tegra194: Fix probe path for Endpoint mode (git-fixes). - peci: linux/peci.h: fix Excess kernel-doc description warning (git-fixes). - perf annotate: Fix annotation_calc_lines() to pass correct address to get_srcline() (git-fixes). - perf annotate: Get rid of duplicate --group option item (git-fixes). - perf auxtrace: Fix multiple use of --itrace option (git-fixes). - perf bench internals inject-build-id: Fix trap divide when collecting just one DSO (git-fixes). - perf bench uprobe: Remove lib64 from libc.so.6 binary path (git-fixes). - perf bpf: Clean up the generated/copied vmlinux.h (git-fixes). - perf daemon: Fix file leak in daemon_session__control (git-fixes). - perf docs: Document bpf event modifier (git-fixes). - perf evsel: Fix duplicate initialization of data->id in evsel__parse_sample() (git-fixes). - perf expr: Fix 'has_event' function for metric style events (git-fixes). - perf intel-pt: Fix unassigned instruction op (discovered by MemorySanitizer) (git-fixes). - perf jevents: Drop or simplify small integer values (git-fixes). - perf list: fix short description for some cache events (git-fixes). - perf lock contention: Add a missing NULL check (git-fixes). - perf metric: Do not remove scale from counts (git-fixes). - perf pmu: Count sys and cpuid JSON events separately (git fixes). - perf pmu: Fix a potential memory leak in perf_pmu__lookup() (git-fixes). - perf pmu: Treat the msr pmu as software (git-fixes). - perf print-events: make is_event_supported() more robust (git-fixes). - perf probe: Add missing libgen.h header needed for using basename() (git-fixes). - perf record: Check conflict between '--timestamp-filename' option and pipe mode before recording (git-fixes). - perf record: Fix debug message placement for test consumption (git-fixes). - perf record: Fix possible incorrect free in record__switch_output() (git-fixes). - perf report: Avoid SEGV in report__setup_sample_type() (git-fixes). - perf sched timehist: Fix -g/--call-graph option failure (git-fixes). - perf script: Show also errors for --insn-trace option (git-fixes). - perf srcline: Add missed addr2line closes (git-fixes). - perf stat: Avoid metric-only segv (git-fixes). - perf stat: Do not display metric header for non-leader uncore events (git-fixes). - perf stat: Do not fail on metrics on s390 z/VM systems (git-fixes). - perf symbols: Fix ownership of string in dso__load_vmlinux() (git-fixes). - perf tests: Apply attributes to all events in object code reading test (git-fixes). - perf test shell arm_coresight: Increase buffer size for Coresight basic tests (git-fixes). - perf tests: Make data symbol test wait for perf to start (bsc#1220045). - perf tests: Make 'test data symbol' more robust on Neoverse N1 (git-fixes). - perf tests: Skip data symbol test if buf1 symbol is missing (bsc#1220045). - perf thread: Fixes to thread__new() related to initializing comm (git-fixes). - perf thread_map: Free strlist on normal path in thread_map__new_by_tid_str() (git-fixes). - perf top: Uniform the event name for the hybrid machine (git-fixes). - perf top: Use evsel's cpus to replace user_requested_cpus (git-fixes). - perf ui browser: Avoid SEGV on title (git fixes). - perf ui browser: Do not save pointer to stack memory (git-fixes). - perf vendor events amd: Add Zen 4 memory controller events (git-fixes). - perf vendor events amd: Fix Zen 4 cache latency events (git-fixes). - perf/x86/amd/core: Avoid register reset when CPU is dead (git-fixes). - perf/x86/amd/lbr: Discard erroneous branch entries (git-fixes). - perf/x86/amd/lbr: Use freeze based on availability (git-fixes). - perf/x86: Fix out of range data (git-fixes). - perf/x86/intel/ds: Do not clear ->pebs_data_cfg for the last PEBS event (git-fixes). - perf/x86/intel: Expose existence of callback support to KVM (git-fixes). - phy: freescale: imx8m-pcie: fix pcie link-up instability (git-fixes). - phy: marvell: a3700-comphy: Fix hardcoded array size (git-fixes). - phy: marvell: a3700-comphy: Fix out of bounds read (git-fixes). - phy: rockchip: naneng-combphy: Fix mux on rk3588 (git-fixes). - phy: rockchip-snps-pcie3: fix bifurcation on rk3588 (git-fixes). - phy: rockchip-snps-pcie3: fix clearing PHP_GRF_PCIESEL_CON bits (git-fixes). - phy: ti: tusb1210: Resolve charger-det crash if charger psy is unregistered (git-fixes). - pinctrl: armada-37xx: remove an unused variable (git-fixes). - pinctrl: baytrail: Fix selecting gpio pinctrl state (git-fixes). - pinctrl: core: delete incorrect free in pinctrl_enable() (git-fixes). - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (git-fixes). - pinctrl: mediatek: paris: Fix PIN_CONFIG_INPUT_SCHMITT_ENABLE readback (git-fixes). - pinctrl: mediatek: paris: Rework support for PIN_CONFIG_{INPUT,OUTPUT}_ENABLE (git-fixes). - pinctrl/meson: fix typo in PDM's pin name (git-fixes). - pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T (git-fixes). - pinctrl: qcom: pinctrl-sm7150: Fix sdc1 and ufs special pins regs (git-fixes). - pinctrl: renesas: checker: Limit cfg reg enum checks to provided IDs (stable-fixes). - platform/chrome: cros_ec_uart: properly fix race condition (git-fixes). - platform/x86/amd/pmc: Extend Framework 13 quirk to more BIOSes (stable-fixes). - platform/x86/intel-uncore-freq: Do not present root domain on error (git-fixes). - platform/x86: intel-vbtn: Update tablet mode switch at end of probe (git-fixes). - platform/x86: ISST: Add Granite Rapids-D to HPM CPU list (stable-fixes). - platform/x86: touchscreen_dmi: Add an extra entry for a variant of the Chuwi Vi8 tablet (stable-fixes). - platform/x86: x86-android-tablets: Fix acer_b1_750_goodix_gpios name (stable-fixes). - platform/x86: xiaomi-wmi: Fix race condition when reporting key events (git-fixes). - PM / devfreq: Synchronize devfreq_monitor_[start/stop] (stable-fixes). - PM: s2idle: Make sure CPUs will wakeup directly on resume (git-fixes). - Port 'certs: Add ECDSA signature verification self-test'. - Port 'certs: Move RSA self-test data to separate file'. - powerpc: Avoid nmi_enter/nmi_exit in real mode interrupt (bsc#1221645 ltc#205739 bsc#1223191). - powerpc/crypto/chacha-p10: Fix failure on non Power10 (bsc#1218205). - powerpc/eeh: Permanently disable the removed device (bsc#1223991 ltc#205740). - powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks (git-fixes). - powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes). - powerpc/pseries: make max polling consistent for longer H_CALLs (bsc#1215199). - powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783). - powerpc/uaccess: Fix build errors seen with GCC 13/14 (bsc#1194869). - powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869). - power: rt9455: hide unused rt9455_boost_voltage_values (git-fixes). - power: supply: mt6360_charger: Fix of_match for usb-otg-vbus regulator (git-fixes). - ppdev: Add an error check in register_device (git-fixes). - prctl: generalize PR_SET_MDWE support check to be per-arch (bsc#1225610). - printk: Add this_cpu_in_panic() (bsc#1225607). - printk: Adjust mapping for 32bit seq macros (bsc#1225607). - printk: Avoid non-panic CPUs writing to ringbuffer (bsc#1225607). - printk: Consolidate console deferred printing (bsc#1225607). - printk: Disable passing console lock owner completely during panic() (bsc#1225607). - printk: Do not take console lock for console_flush_on_panic() (bsc#1225607). - printk: For @suppress_panic_printk check for other CPU in panic (bsc#1225607). - printk: Keep non-panic-CPUs out of console lock (bsc#1225607). - printk: Let no_printk() use _printk() (bsc#1225618). - printk: nbcon: Relocate 32bit seq macros (bsc#1225607). - printk: Reduce console_unblank() usage in unsafe scenarios (bsc#1225607). - printk: Rename abandon_console_lock_in_panic() to other_cpu_in_panic() (bsc#1225607). - printk: ringbuffer: Clarify special lpos values (bsc#1225607). - printk: ringbuffer: Cleanup reader terminology (bsc#1225607). - printk: ringbuffer: Do not skip non-finalized records with prb_next_seq() (bsc#1225607). - printk: ringbuffer: Skip non-finalized records in panic (bsc#1225607). - printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1225616). - printk: Use prb_first_seq() as base for 32bit seq macros (bsc#1225607). - printk: Wait for all reserved records with pr_flush() (bsc#1225607). - proc/kcore: do not try to access unaccepted memory (git-fixes). - pstore: inode: Convert mutex usage to guard(mutex) (stable-fixes). - pstore: inode: Only d_invalidate() is needed (git-fixes). - pstore/zone: Add a null pointer check to the psz_kmsg_read (stable-fixes). - pwm: img: fix pwm clock lookup (git-fixes). - qibfs: fix dentry leak (git-fixes) - r8169: fix issue caused by buggy BIOS on certain boards with RTL8168d (git-fixes). - r8169: skip DASH fw status checks when DASH is disabled (git-fixes). - random: handle creditable entropy from atomic process context (git-fixes). - RAS/AMD/FMPM: Avoid NULL ptr deref in get_saved_records() (jsc#PED-7619). - RAS/AMD/FMPM: Fix build when debugfs is not enabled (jsc#PED-7619). - RAS/AMD/FMPM: Safely handle saved records of various sizes (jsc#PED-7619). - RDMA/cm: add timeout to cm_destroy_id wait (git-fixes) - RDMA/cma: Fix kmemleak in rdma_core observed during blktests nvme/rdma use siw (git-fixes) - RDMA/cm: Print the old state when cm_destroy_id gets timeout (git-fixes) - RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes) - RDMA/hns: Fix deadlock on SRQ async events. (git-fixes) - RDMA/hns: Fix GMV table pagesize (git-fixes) - RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes) - RDMA/hns: Fix UAF for cq async event (git-fixes) - RDMA/hns: Modify the print level of CQE error (git-fixes) - RDMA/hns: Use complete parentheses in macros (git-fixes) - RDMA/IPoIB: Fix format truncation compilation errors (git-fixes) - RDMA/mana_ib: Fix bug in creation of dma regions (git-fixes). - RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes) - RDMA/mlx5: Change check for cacheable mkeys (git-fixes) - RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes) - RDMA/mlx5: Uncacheable mkey has neither rb_key or cache_ent (git-fixes) - RDMA/rxe: Allow good work requests to be executed (git-fixes) - RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes) - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes) - RDMA/rxe: Fix the problem 'mutex_destroy missing' (git-fixes) - README.BRANCH: Remove copy of branch name - Reapply 'drm/qxl: simplify qxl_fence_wait' (stable-fixes). - regmap: Add regmap_read_bypassed() (git-fixes). - regmap: kunit: Ensure that changed bytes are actually different (stable-fixes). - regmap: maple: Fix cache corruption in regcache_maple_drop() (git-fixes). - regmap: maple: Fix uninitialized symbol 'ret' warnings (git-fixes). - regulator: bd71828: Do not overwrite runtime voltages (git-fixes). - regulator: change devm_regulator_get_enable_optional() stub to return Ok (git-fixes). - regulator: change stubbed devm_regulator_get_enable to return Ok (git-fixes). - regulator: core: fix debugfs creation regression (git-fixes). - regulator: mt6360: De-capitalize devicetree regulator subnodes (git-fixes). - regulator: tps65132: Add of_match table (stable-fixes). - remoteproc: k3-r5: Do not allow core1 to power up before core0 via sysfs (git-fixes). - remoteproc: k3-r5: Jump to error handling labels in start/stop errors (git-fixes). - remoteproc: k3-r5: Wait for core0 power-up before powering up core1 (git-fixes). - remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (git-fixes). - remoteproc: stm32: Fix incorrect type assignment returned by stm32_rproc_get_loaded_rsc_tablef (git-fixes). - remoteproc: virtio: Fix wdg cannot recovery remote processor (git-fixes). - Remove NTFSv3 from configs (bsc#1224429) References: bsc#1224429 comment#3 We only support fuse version of the NTFS-3g driver. Disable NTFSv3 from all configs. This was enabled in d016c04d731 ('Bump to 6.4 kernel (jsc#PED-4593)') - Revert 'ACPI: PM: Block ASUS B1400CEAE from suspend to idle by default' (stable-fixes). - Revert 'ASoC: SOF: Intel: hda-dai-ops: only allocate/release streams for first CPU DAI' (stable-fixes). - Revert 'ASoC: SOF: Intel: hda-dai-ops: reset device count for SoundWire DAIs' (stable-fixes). - Revert 'cifs: reconnect work should have reference on server struct' (git-fixes, bsc#1225172). - Revert 'drm/amd/amdgpu: Fix potential ioremap() memory leaks in amdgpu_device_init()' (stable-fixes). - Revert 'drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR' (stable-fixes). - Revert 'drm/amdkfd: fix gfx_target_version for certain 11.0.3 devices' (stable-fixes). - Revert 'drm/bridge: ti-sn65dsi83: Fix enable error path' (git-fixes). - Revert 'drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor()' (stable-fixes). - Revert 'drm/qxl: simplify qxl_fence_wait' (git-fixes). - Revert 'iommu/amd: Enable PCI/IMS' (git-fixes). - Revert 'iommu/vt-d: Enable PCI/IMS' (git-fixes). - Revert 'net/mlx5: Block entering switchdev mode with ns inconsistency' (git-fixes). - Revert 'net/mlx5e: Check the number of elements before walk TC rhashtable' (git-fixes). - Revert 'PCI/MSI: Provide IMS (Interrupt Message Store) support' (git-fixes). - Revert 'PCI/MSI: Provide pci_ims_alloc/free_irq()' (git-fixes). - Revert 'PCI/MSI: Provide stubs for IMS functions' (git-fixes). - Revert 'selinux: introduce an initial SID for early boot processes' (bsc#1208593) It caused a regression on ALP-current branch, kernel-obs-qa build failed. - Revert 'usb: cdc-wdm: close race between read and workqueue' (git-fixes). - Revert 'usb: phy: generic: Get the vbus supply' (git-fixes). - ring-buffer: Do not set shortest_full when full target is hit (git-fixes). - ring-buffer: Fix a race between readers and resize checks (git-fixes). - ring-buffer: Fix full_waiters_pending in poll (git-fixes). - ring-buffer: Fix resetting of shortest_full (git-fixes). - ring-buffer: Fix waking up ring buffer readers (git-fixes). - ring-buffer: Make wake once of ring_buffer_wait() more robust (git-fixes). - ring-buffer: use READ_ONCE() to read cpu_buffer->commit_page in concurrent environment (git-fixes). - ring-buffer: Use wait_event_interruptible() in ring_buffer_wait() (git-fixes). - rtc: mt6397: select IRQ_DOMAIN instead of depending on it (git-fixes). - s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes bsc#1224792). - s390/cio: Ensure the copied buf is NUL terminated (git-fixes bsc#1223869). - s390/cio: fix tracepoint subchannel type field (git-fixes bsc#1224793). - s390/cpacf: Split and rework cpacf query functions (git-fixes bsc#1225133). - s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (git-fixes bsc#1225136). - s390/ipl: Fix incorrect initialization of nvme dump block (git-fixes bsc#1225134). - s390/ism: Properly fix receive message buffer allocation (git-fixes bsc#1223590). - s390/mm: Fix clearing storage keys for huge pages (git-fixes bsc#1223871). - s390/mm: Fix storage key clearing for guest huge pages (git-fixes bsc#1223872). - s390/qeth: Fix kernel panic after setting hsuid (git-fixes bsc#1223874). - s390/vdso: Add CFI for RA register to asm macro vdso_func (git-fixes bsc#1223870). - s390/vdso: drop '-fPIC' from LDFLAGS (git-fixes bsc#1223593). - s390/vtime: fix average steal time calculation (git-fixes bsc#1221783). - s390/zcrypt: fix reference counting on zcrypt card objects (git-fixes bsc#1223592). - sched/balancing: Rename newidle_balance() => sched_balance_newidle() (bsc#1222173). - sched/fair: Check root_domain::overload value before update (bsc#1222173). - sched/fair: Use helper functions to access root_domain::overload (bsc#1222173). - sched/psi: Select KERNFS as needed (git-fixes). - sched/topology: Optimize topology_span_sane() (bsc#1225053). - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes). - scsi: core: Consult supported VPD page list prior to fetching page (git-fixes). - scsi: core: Fix unremoved procfs host directory regression (git-fixes). - scsi: csiostor: Avoid function pointer casts (git-fixes). - scsi: hisi_sas: Modify the deadline for ata_wait_after_reset() (git-fixes). - scsi: libsas: Add a helper sas_get_sas_addr_and_dev_type() (git-fixes). - scsi: libsas: Fix disk not being scanned in after being removed (git-fixes). - scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842). - scsi: lpfc: Change default logging level for unsolicited CT MIB commands (bsc#1225842). - scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask (bsc#1225842). Refresh: - patches.suse/lpfc-reintroduce-old-irq-probe-logic.patch - scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (bsc#1225842). - scsi: lpfc: Copyright updates for 14.4.0.1 patches (bsc#1221777). - scsi: lpfc: Copyright updates for 14.4.0.2 patches (bsc#1225842). - scsi: lpfc: Correct size for cmdwqe/rspwqe for memset() (bsc#1221777). - scsi: lpfc: Correct size for wqe for memset() (bsc#1221777). - scsi: lpfc: Define lpfc_dmabuf type for ctx_buf ptr (bsc#1221777). - scsi: lpfc: Define lpfc_nodelist type for ctx_ndlp ptr (bsc#1221777). - scsi: lpfc: Define types in a union for generic void *context3 ptr (bsc#1221777). - scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (bsc#1225842). - scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (bsc#1221777). - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1221777). - scsi: lpfc: Remove IRQF_ONESHOT flag from threaded IRQ handling (bsc#1221777 bsc#1217959). - scsi: lpfc: Remove unnecessary log message in queuecommand path (bsc#1221777). - scsi: lpfc: Replace hbalock with ndlp lock in lpfc_nvme_unregister_port() (bsc#1221777). - scsi: lpfc: Update logging of protection type for T10 DIF I/O (bsc#1225842). - scsi: lpfc: Update lpfc_ramp_down_queue_handler() logic (bsc#1221777). - scsi: lpfc: Update lpfc version to 14.4.0.1 (bsc#1221777). - scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842). - scsi: lpfc: Use a dedicated lock for ras_fwlog state (bsc#1221777). - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (git-fixes). - scsi: mylex: Fix sysfs buffer lengths (git-fixes). - scsi: qla2xxx: Change debug message during driver unload (bsc1221816). - scsi: qla2xxx: Delay I/O Abort on PCI error (bsc1221816). - scsi: qla2xxx: Fix command flush on cable pull (bsc1221816). - scsi: qla2xxx: Fix double free of fcport (bsc1221816). - scsi: qla2xxx: Fix double free of the ha->vp_map pointer (bsc1221816). - scsi: qla2xxx: Fix N2N stuck connection (bsc1221816). - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (git-fixes). - scsi: qla2xxx: NVME|FCP prefer flag not being honored (bsc1221816). - scsi: qla2xxx: Prevent command send on chip reset (bsc1221816). - scsi: qla2xxx: Split FCE|EFT trace control (bsc1221816). - scsi: qla2xxx: Update manufacturer detail (bsc1221816). - scsi: qla2xxx: Update version to 10.02.09.200-k (bsc1221816). - scsi: sd: Unregister device if device_add_disk() failed in sd_probe() (git-fixes). - scsi: sg: Avoid race in error handling & drop bogus warn (git-fixes). - scsi: sg: Avoid sg device teardown race (git-fixes). - scsi: smartpqi: Fix disable_managed_interrupts (git-fixes). - sctp: annotate data-races around sk->sk_wmem_queued (git-fixes). - sdhci-of-dwcmshc: disable PM runtime in dwcmshc_remove() (git-fixes). - selftests/binderfs: use the Makefile's rules, not Make's implicit rules (git-fixes). - selftests/bpf: add edge case backtracking logic test (bsc#1225756). - selftests/bpf: precision tracking test for BPF_NEG and BPF_END (bsc#1225756). - selftests: default to host arch for LLVM builds (git-fixes). - selftests: forwarding: Fix ping failure due to short timeout (git-fixes). - selftests/ftrace: Fix event filter target_func selection (stable-fixes). - selftests/ftrace: Limit length in subsystem-enable tests (git-fixes). - selftests/kcmp: remove unused open mode (git-fixes). - selftests: kselftest: Fix build failure with NOLIBC (git-fixes). - selftests: kselftest: Mark functions that unconditionally call exit() as __noreturn (git-fixes). - selftests: net: bridge: increase IGMP/MLD exclude timeout membership interval (git-fixes). - selftests/net: convert test_bridge_neigh_suppress.sh to run it in unique namespace (stable-fixes). - selftests: net: kill smcrouted in the cleanup logic in amt.sh (git-fixes). - selftests: net: move amt to socat for better compatibility (git-fixes). - selftests/pidfd: Fix config for pidfd_setns_test (git-fixes). - selftests/powerpc/dexcr: Add -no-pie to hashchk tests (git-fixes). - selftests/powerpc/papr-vpd: Fix missing variable initialization (jsc#PED-4486 git-fixes). - selftests/resctrl: fix clang build failure: use LOCAL_HDRS (git-fixes). - selftests: test_bridge_neigh_suppress.sh: Fix failures due to duplicate MAC (git-fixes). - selftests: timers: Convert posix_timers test to generate KTAP output (stable-fixes). - selftests: timers: Fix abs() warning in posix_timers test (git-fixes). - selftests: timers: Fix posix_timers ksft_print_msg() warning (git-fixes). - selftests: timers: Fix valid-adjtimex signed left-shift undefined behavior (stable-fixes). - selftests/timers/posix_timers: Reimplement check_timer_distribution() (git-fixes). - selftests: vxlan_mdb: Fix failures with old libnet (git-fixes). - selinux: avoid dereference of garbage after mount failure (git-fixes). - selinux: introduce an initial SID for early boot processes (bsc#1208593). - serial: 8250_bcm7271: use default_mux_rate if possible (git-fixes). - serial: 8250_dw: Revert: Do not reclock if already at correct rate (git-fixes). - serial: 8250_exar: Do not remove GPIO device on suspend (git-fixes). - serial: 8520_mtk: Set RTS on shutdown for Rx in-band wakeup (git-fixes). - serial: core: Fix atomicity violation in uart_tiocmget (git-fixes). - serial: core: only stop transmit when HW fifo is empty (git-fixes). - serial: kgdboc: Fix NMI-safety problems from keyboard reset code (stable-fixes). - serial: Lock console when calling into driver before registration (git-fixes). - serial: max3100: Fix bitwise types (git-fixes). - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (git-fixes). - serial: max310x: fix NULL pointer dereference in I2C instantiation (git-fixes). - serial: max310x: fix syntax error in IRQ error message (git-fixes). - serial: mxs-auart: add spinlock around changing cts state (git-fixes). - serial/pmac_zilog: Remove flawed mitigation for rx irq flood (git-fixes). - serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (git-fixes). - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (git-fixes). - serial: sh-sci: protect invalidating RXDMA on shutdown (git-fixes). - serial: stm32: Reset .throttled state in .startup() (git-fixes). - series.conf: cleanup Fix subsection header to silence series_insert error. - SEV: disable SEV-ES DebugSwap by default (git-fixes). - slimbus: core: Remove usage of the deprecated ida_simple_xx() API (git-fixes). - slimbus: qcom-ngd-ctrl: Add timeout for wait operation (git-fixes). - smb3: show beginning time for per share stats (bsc#1225172). - smb: client: ensure to try all targets when finding nested links (bsc#1225172). - smb: client: fix mount when dns_resolver key is not available (git-fixes, bsc#1225172). - smb: client: fix parsing of SMB3.1.1 POSIX create context (git-fixes, bsc#1225172). - smb: client: get rid of dfs code dep in namespace.c (bsc#1225172). - smb: client: get rid of dfs naming in automount code (bsc#1225172). - smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1225172). - smb: client: reduce stack usage in cifs_try_adding_channels() (bsc#1225172). - smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (bsc#1225172). - smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1225172). - soc: fsl: qbman: Always disable interrupts when taking cgr_lock (git-fixes). - soc: fsl: qbman: Use raw spinlock for cgr_lock (git-fixes). - sock_diag: annotate data-races around sock_diag_handlers[family] (git-fixes). - soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes). - soc: microchip: Fix POLARFIRE_SOC_SYS_CTRL input prompt (stable-fixes). - soc: qcom: pmic_glink: do not traverse clients list without a lock (git-fixes). - soc: qcom: pmic_glink: Make client-lock non-sleeping (git-fixes). - soc: qcom: pmic_glink: notify clients about the current state (git-fixes). - soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (git-fixes). - soundwire: amd: fix for wake interrupt handling for clockstop mode (git-fixes). - speakup: Avoid crash on very long word (git-fixes). - speakup: Fix 8bit characters from direct synth (git-fixes). - speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes). - spi: Do not mark message DMA mapped when no transfer in it is (git-fixes). - spi: fix null pointer dereference within spi_sync (git-fixes). - spi: intel-pci: Add support for Lunar Lake-M SPI serial flash (stable-fixes). - spi: lm70llp: fix links in doc and comments (git-fixes). - spi: lpspi: Avoid potential use-after-free in probe() (git-fixes). - spi: mchp-pci1xxx: Fix a possible null pointer dereference in pci1xxx_spi_probe (git-fixes). - spi: microchip-core-qspi: fix setting spi bus clock rate (git-fixes). - spi: spi-fsl-lpspi: remove redundant spi_controller_put call (git-fixes). - spi: spi-mt65xx: Fix NULL pointer access in interrupt handler (git-fixes). - spi: stm32: Do not warn about spurious interrupts (git-fixes). - spi: xilinx: Fix kernel documentation in the xilinx_spi.h (git-fixes). - spmi: hisi-spmi-controller: Do not override device identifier (git-fixes). - staging: vc04_services: changen strncpy() to strscpy_pad() (stable-fixes). - staging: vc04_services: fix information leak in create_component() (git-fixes). - staging: vt6655: Remove unused declaration of RFbAL7230SelectChannelPostProcess() (git-fixes). - stmmac: Clear variable when destroying workqueue (git-fixes). - SUNRPC: fix a memleak in gss_import_v2_context (git-fixes). - SUNRPC: fix some memleaks in gssx_dec_option_array (git-fixes). - supported.conf: support tcp_dctcp module (jsc#PED-8111) - swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331) - swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331) - swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331) - swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331) - swiotlb: use the calculated number of areas (git-fixes). - Temporarily drop KVM patch that caused a regression (bsc#1226158). - thermal: devfreq_cooling: Fix perf state when calculate dfc res_util (git-fixes). - thermal/drivers/qcom/lmh: Check for SCM availability at probe (git-fixes). - thermal/drivers/tsens: Fix null pointer dereference (git-fixes). - thermal/of: Assume polling-delay(-passive) 0 when absent (stable-fixes). - thunderbolt: Avoid notify PM core about runtime PM resume (stable-fixes). - thunderbolt: Do not create DisplayPort tunnels on adapters of the same router (git-fixes). - thunderbolt: Fix wake configurations after device unplug (stable-fixes). - thunderbolt: Introduce tb_path_deactivate_hop() (stable-fixes). - thunderbolt: Introduce tb_port_reset() (stable-fixes). - thunderbolt: Make tb_switch_reset() support Thunderbolt 2, 3 and USB4 routers (stable-fixes). - thunderbolt: Reset only non-USB4 host routers in resume (git-fixes). - tls: break out of main loop when PEEK gets a non-data record (bsc#1221858). - tls: do not skip over different type records from the rx_list (bsc#1221858). - tls: fix peeking with sync+async decryption (bsc#1221858). - tls: stop recv() if initial process_rx_list gave us non-DATA (bsc#1221858). - tools/arch/x86/intel_sdsi: Fix maximum meter bundle length (git-fixes). - tools/arch/x86/intel_sdsi: Fix meter_certificate decoding (git-fixes). - tools/arch/x86/intel_sdsi: Fix meter_show display (git-fixes). - tools/latency-collector: Fix -Wformat-security compile warns (git-fixes). - tools/power turbostat: Expand probe_intel_uncore_frequency() (bsc#1221765). - tools/power/turbostat: Fix uncore frequency file string (bsc#1221765). - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (git-fixes). - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (git-fixes). - tracing: Have saved_cmdlines arrays all in one allocation (git-fixes). - tracing: hide unused ftrace_event_id_fops (git-fixes). - tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string (git-fixes). - tracing: Remove precision vsnprintf() check from print event (git-fixes). - tracing/ring-buffer: Fix wait_on_pipe() race (git-fixes). - tracing: Use .flush() call to wake up readers (git-fixes). - tty: n_gsm: fix missing receive state reset after mode switch (git-fixes). - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (git-fixes). - tty: serial: samsung: fix tx_empty() to return TIOCSER_TEMT (git-fixes). - tty: vt: fix 20 vs 0x20 typo in EScsiignore (git-fixes). - ubifs: dbg_check_idx_size: Fix kmemleak if loading znode failed (git-fixes). - ubifs: fix sort function prototype (git-fixes). - ubifs: Queue up space reservation tasks if retrying many times (git-fixes). - ubifs: Remove unreachable code in dbg_check_ltab_lnum (git-fixes). - ubifs: Set page uptodate in the correct place (git-fixes). - Update config files. Disable N_GSM (jsc#PED-8240). - Update patches.suse/nvme-ensure-disabling-pairs-with-unquiesce.patch (jsc#PED-6252 jsc#PED-5728 jsc#PED-5062 jsc#PED-3535 bsc#1224534). - usb: aqc111: stop lying about skb->truesize (git-fixes). - usb: audio-v2: Correct comments for struct uac_clock_selector_descriptor (git-fixes). - usb: cdc-wdm: close race between read and workqueue (git-fixes). - USB: core: Add hub_get() and hub_put() routines (stable-fixes). - USB: core: Fix access violation during port device removal (git-fixes). - USB: core: Fix deadlock in port 'disable' sysfs attribute (stable-fixes). - USB: core: Fix deadlock in usb_deauthorize_interface() (git-fixes). - usb: Disable USB3 LPM at shutdown (stable-fixes). - usb: dwc2: gadget: Fix exiting from clock gating (git-fixes). - usb: dwc2: gadget: LPM flow fix (git-fixes). - usb: dwc2: host: Fix dereference issue in DDMA completion flow (git-fixes). - usb: dwc2: host: Fix hibernation flow (git-fixes). - usb: dwc2: host: Fix ISOC flow in DDMA mode (git-fixes). - usb: dwc2: host: Fix remote wakeup from hibernation (git-fixes). - usb: dwc3-am62: Disable wakeup at remove (git-fixes). - usb: dwc3-am62: fix module unload/reload behavior (git-fixes). - usb: dwc3-am62: Rename private data (git-fixes). - usb: dwc3: core: Prevent phy suspend during init (Git-fixes). - usb: dwc3: pci: Drop duplicate ID (git-fixes). - usb: dwc3: Properly set system wakeup (git-fixes). - usb: dwc3: Wait unconditionally after issuing EndXfer command (git-fixes). - usb: Fix regression caused by invalid ep0 maxpacket in virtual SuperSpeed device (bsc#1220569). - usb: fotg210: Add missing kernel doc description (git-fixes). - usb: gadget: composite: fix OS descriptors w_value logic (git-fixes). - usb: gadget: f_fs: Fix a race condition when processing setup packets (git-fixes). - usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete (git-fixes). - usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error (stable-fixes). - usb: gadget: net2272: Use irqflags in the call to net2272_probe_fin (git-fixes). - usb: gadget: u_audio: Clear uac pointer when freed (git-fixes). - usb: gadget: u_audio: Fix race condition use of controls after free during gadget unbind (git-fixes). - usb: gadget: uvc: mark incomplete frames with UVC_STREAM_ERR (stable-fixes). - usb: gadget: uvc: use correct buffer size when parsing configfs lists (git-fixes). - usb: ohci: Prevent missed ohci interrupts (git-fixes). - usb: phy: generic: Get the vbus supply (git-fixes). - USB: serial: add device ID for VeriFone adapter (stable-fixes). - USB: serial: cp210x: add ID for MGP Instruments PDS100 (stable-fixes). - USB: serial: cp210x: add pid/vid for TDK NC0110013M and MM0110113M (stable-fixes). - USB: serial: ftdi_sio: add support for GMC Z216C Adapter IR-USB (stable-fixes). - USB: serial: option: add Fibocom FM135-GL variants (stable-fixes). - USB: serial: option: add Lonsung U8300/U9300 product (stable-fixes). - USB: serial: option: add MeiG Smart SLM320 product (stable-fixes). - USB: serial: option: add Rolling RW101-GL and RW135-GL support (stable-fixes). - USB: serial: option: add support for Fibocom FM650/FG650 (stable-fixes). - USB: serial: option: add Telit FN920C04 rmnet compositions (stable-fixes). - USB: serial: option: support Quectel EM060K sub-models (stable-fixes). - usb: sl811-hcd: only defined function checkdone if QUIRK2 is defined (stable-fixes). - usb: typec: Return size of buffer if pd_set operation succeeds (git-fixes). - usb: typec: tcpci: add generic tcpci fallback compatible (stable-fixes). - usb: typec: tcpm: Check for port partner validity before consuming it (git-fixes). - usb: typec: tcpm: clear pd_event queue in PORT_RESET (git-fixes). - usb: typec: tcpm: Correct port source pdo array in pd_set callback (git-fixes). - usb: typec: tcpm: Correct the PDO counting in pd_set (git-fixes). - usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd() (git-fixes). - usb: typec: tcpm: unregister existing source caps before re-registration (git-fixes). - usb: typec: tipd: fix event checking for tps6598x (git-fixes). - usb: typec: ucsi: Ack unsupported commands (stable-fixes). - usb: typec: ucsi_acpi: Refactor and fix DELL quirk (git-fixes). - usb: typec: ucsi: always register a link to USB PD device (git-fixes). - usb: typec: ucsi: Check for notifications after init (git-fixes). - usb: typec: ucsi: Clean up UCSI_CABLE_PROP macros (git-fixes). - usb: typec: ucsi: Clear EVENT_PENDING under PPM lock (git-fixes). - usb: typec: ucsi: Clear UCSI_CCI_RESET_COMPLETE before reset (stable-fixes). - usb: typec: ucsi: displayport: Fix potential deadlock (git-fixes). - usb: typec: ucsi: Fix connector check on init (git-fixes). - usb: typec: ucsi: Fix race between typec_switch and role_switch (git-fixes). - usb: typec: ucsi: Limit read size on v1.2 (stable-fixes). - usb: typec: ucsi: simplify partner's PD caps registration (git-fixes). - USB: UAS: return ENODEV when submit urbs fail with device not attached (stable-fixes). - usb: udc: remove warning when queue disabled ep (stable-fixes). - usb: xhci: Add error handling in xhci_map_urb_for_dma (git-fixes). - usb: xhci: correct return value in case of STS_HCE (git-fixes). - usb: xhci: Implement xhci_handshake_check_state() helper. - usb: xhci-plat: Do not include xhci.h (stable-fixes). - vboxsf: Avoid an spurious warning if load_nls_xxx() fails (git-fixes). - vboxsf: explicitly deny setlease attempts (stable-fixes). - vdpa/mlx5: Allow CVQ size changes (git-fixes). - vdpa_sim: reset must not run (git-fixes). - veth: try harder when allocating queue memory (git-fixes). - vhost: Add smp_rmb() in vhost_enable_notify() (git-fixes). - vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes). - virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes). - virtio_net: Do not send RSS key if it is not supported (git-fixes). - virtio: treat alloc_dax() -EOPNOTSUPP failure as non-fatal (bsc#1223944). - VMCI: Fix an error handling path in vmci_guest_probe_device() (git-fixes). - VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (stable-fixes). - vmci: prevent speculation leaks by sanitizing event in event_deliver() (git-fixes). - vsock/virtio: fix packet delivery to tap device (git-fixes). - watchdog: bd9576: Drop 'always-running' property (git-fixes). - watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (git-fixes). - watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (git-fixes). - watchdog: sa1100: Fix PTR_ERR_OR_ZERO() vs NULL check in sa1100dog_probe() (git-fixes). - wifi: ar5523: enable proper endpoint verification (git-fixes). - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes). - wifi: ath10k: poll service ready message before failing (git-fixes). - wifi: ath10k: populate board data for WCN3990 (git-fixes). - wifi: ath11k: decrease MHI channel buffer length to 8KB (bsc#1207948). - wifi: ath11k: do not force enable power save on non-running vdevs (git-fixes). - wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() (git-fixes). - wifi: ath9k: fix LNA selection in ath_ant_try_scan() (stable-fixes). - wifi: brcmfmac: Add DMI nvram filename quirk for ACEPC W5 Pro (stable-fixes). - wifi: brcmfmac: add per-vendor feature detection callback (stable-fixes). - wifi: brcmfmac: cfg80211: Use WSEC to set SAE password (stable-fixes). - wifi: brcmfmac: Demote vendor-specific attach/detach messages to info (git-fixes). - wifi: brcmfmac: pcie: handle randbuf allocation failure (git-fixes). - wifi: carl9170: add a proper sanity check for endpoints (git-fixes). - wifi: carl9170: re-fix fortified-memset warning (git-fixes). - wifi: cfg80211: check A-MSDU format more carefully (stable-fixes). - wifi: cfg80211: fix rdev_dump_mpp() arguments order (stable-fixes). - wifi: ieee80211: fix ieee80211_mle_basic_sta_prof_size_ok() (git-fixes). - wifi: iwlwifi: fw: do not always use FW dump trig (git-fixes). - wifi: iwlwifi: fw: fix compile w/o CONFIG_ACPI (git-fixes). - wifi: iwlwifi: mvm: allocate STA links only for active links (git-fixes). - wifi: iwlwifi: mvm: fix active link counting during recovery (git-fixes). - wifi: iwlwifi: mvm: fix check in iwl_mvm_sta_fw_id_mask (git-fixes). - wifi: iwlwifi: mvm: guard against invalid STA ID on removal (stable-fixes). - wifi: iwlwifi: mvm: include link ID when releasing frames (git-fixes). - wifi: iwlwifi: mvm: init vif works only once (git-fixes). - wifi: iwlwifi: mvm: remove old PASN station when adding a new one (git-fixes). - wifi: iwlwifi: mvm: return uid from iwl_mvm_build_scan_cmd (git-fixes). - wifi: iwlwifi: mvm: rfi: fix potential response leaks (git-fixes). - wifi: iwlwifi: mvm: select STA mask only for active links (git-fixes). - wifi: iwlwifi: mvm: use correct address 3 in A-MSDU (stable-fixes). - wifi: iwlwifi: pcie: Add the PCI device id for new hardware (stable-fixes). - wifi: iwlwifi: pcie: fix RB status reading (stable-fixes). - wifi: iwlwifi: read txq->read_ptr under lock (stable-fixes). - wifi: iwlwifi: reconfigure TLC during HW restart (git-fixes). - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (stable-fixes). - wifi: mac80211: clean up assignments to pointer cache (stable-fixes). - wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (stable-fixes). - wifi: mac80211: fix prep_connection error path (stable-fixes). - wifi: mac80211: fix unaligned le16 access (git-fixes). - wifi: mac80211_hwsim: init peer measurement result (git-fixes). - wifi: mac80211: only call drv_sta_rc_update for uploaded stations (stable-fixes). - wifi: mac80211: remove link before AP (git-fixes). - wifi: mt76: mt7603: add wpdma tx eof flag for PSE client reset (git-fixes). - wifi: mt76: mt7603: fix tx queue of loopback packets (git-fixes). - wifi: mt76: mt7915: workaround too long expansion sparse warnings (git-fixes). - wifi: mt76: mt7996: add locking for accessing mapped registers (stable-fixes). - wifi: mt76: mt7996: disable AMSDU for non-data frames (stable-fixes). - wifi: mwl8k: initialize cmd->addr[] properly (git-fixes). - wifi: nl80211: do not free NULL coalescing rule (git-fixes). - wifi: rtw88: 8821cu: Fix connection failure (stable-fixes). - wifi: rtw88: Add missing VID/PIDs for 8811CU and 8821CU (stable-fixes). - wifi: rtw89: fix null pointer access when abort scan (stable-fixes). - wifi: rtw89: pci: correct TX resource checking for PCI DMA channel of firmware command (git-fixes). - wifi: rtw89: pci: enlarge RX DMA buffer to consider size of RX descriptor (stable-fixes). - wireguard: netlink: access device through ctx instead of peer (git-fixes). - wireguard: netlink: check for dangling peer via is_dead instead of empty list (git-fixes). - wireguard: receive: annotate data-race around receiving_counter.counter (git-fixes). - Workaround broken chacha crypto fallback (bsc#1218205). - x86/bugs: Fix BHI retpoline check (git-fixes). - x86/bugs: Fix the SRSO mitigation on Zen3/4 (git-fixes). - x86/bugs: Remove default case for fully switched enums (git-fixes). - x86/calldepth: Rename __x86_return_skl() to call_depth_return_thunk() (git-fixes). - x86/coco: Require seeding RNG with RDRAND on CoCo systems (git-fixes). - x86/cpu: Add model number for Intel Arrow Lake mobile processor (git-fixes). - x86/CPU/AMD: Add models 0x10-0x1f to the Zen5 range (git-fixes). - x86/CPU/AMD: Update the Zenbleed microcode revisions (git-fixes). - x86/cpufeatures: Fix dependencies for GFNI, VAES, and VPCLMULQDQ (git-fixes). - x86/efistub: Add missing boot_params for mixed mode compat entry (git-fixes). - x86/efistub: Call mixed mode boot services on the firmware's stack (git-fixes). - x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (git-fixes). - x86/hyperv: Allow 15-bit APIC IDs for VTL platforms (git-fixes). - x86/hyperv: Use per cpu initial stack for vtl context (git-fixes). - x86/Kconfig: Remove CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT (git-fixes). - x86/kconfig: Select ARCH_WANT_FRAME_POINTERS again when UNWINDER_FRAME_POINTER=y (git-fixes). - x86/kvm/Kconfig: Have KVM_AMD_SEV select ARCH_HAS_CC_PLATFORM (git-fixes). - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes). - x86/nmi: Fix the inverse 'in NMI handler' check (git-fixes). - x86/nospec: Refactor UNTRAIN_RET[_*] (git-fixes). - x86/pm: Work around false positive kmemleak report in msr_build_context() (git-fixes). - x86/purgatory: Switch to the position-independent small code model (git-fixes). - x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (git-fixes). - x86/retpoline: Add NOENDBR annotation to the SRSO dummy return thunk (git-fixes). - x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes). - x86/srso: Disentangle rethunk-dependent options (git-fixes). - x86/srso: Fix unret validation dependencies (git-fixes). - x86/srso: Improve i-cache locality for alias mitigation (git-fixes). - x86/srso: Print actual mitigation if requested mitigation isn't possible (git-fixes). - x86/srso: Remove 'pred_cmd' label (git-fixes). - x86/srso: Unexport untraining functions (git-fixes). - x86/xen: Add some null pointer checking to smp.c (git-fixes). - x86/xen: attempt to inflate the memory balloon on PVH (git-fixes). - xdp, bonding: Fix feature flags when there are no slave devs anymore (git-fixes). - xen/events: drop xen_allocate_irqs_dynamic() (git-fixes). - xen/events: fix error code in xen_bind_pirq_msi_to_irq() (git-fixes). - xen/events: increment refcnt only if event channel is refcounted (git-fixes). - xen/events: modify internal [un]bind interfaces (git-fixes). - xen/events: reduce externally visible helper functions (git-fixes). - xen/events: remove some simple helpers from events_base.c (git-fixes). - xen: evtchn: Allow shared registration of IRQ handers (git-fixes). - xen/evtchn: avoid WARN() when unbinding an event channel (git-fixes). - xen-netfront: Add missing skb_mark_for_recycle (git-fixes). - xfs: add lock protection when remove perag from radix tree (git-fixes). - xfs: allow extent free intents to be retried (git-fixes). - xfs: fix perag leak when growfs fails (git-fixes). - xfs: force all buffers to be written during btree bulk load (git-fixes). - xfs: make xchk_iget safer in the presence of corrupt inode btrees (git-fixes). - xfs: pass the xfs_defer_pending object to iop_recover (git-fixes). - xfs: recompute growfsrtfree transaction reservation while growing rt volume (git-fixes). - xfs: transfer recovered intent item ownership in ->iop_recover (git-fixes). - xfs: use xfs_defer_pending objects to recover intent items (git-fixes). - xhci: add helper that checks for unhandled events on a event ring (git-fixes). - xhci: remove unnecessary event_ring_deq parameter from xhci_handle_event() (git-fixes). - xhci: Simplify event ring dequeue pointer update for port change events (git-fixes). - xhci: simplify event ring dequeue tracking for transfer events (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2214-1 Released: Tue Jun 25 17:11:26 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1225598 This update for util-linux fixes the following issue: - Fix hang of lscpu -e (bsc#1225598) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2234-1 Released: Wed Jun 26 12:54:27 2024 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1224400 This update for suse-module-tools fixes the following issue: - Version update, udevrules: activate CPUs on hotplug for s390, too (bsc#1224400) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2264-1 Released: Tue Jul 2 10:14:25 2024 Summary: Recommended update for python-rpm-macros Type: recommended Severity: moderate References: This update for python-rpm-macros fixes the following issues: - Update to version 20240618.1e386da: * Fix python_clone sed regex - Update to version 20240614.02920b8: * Make sure that RPM_BUILD_ROOT env is set * don't eliminate any cmdline arguments in the shebang line * Create python313 macros - Update to version 20240415.c664b45: * Fix typo 310 -> 312 in default-prjconf - Update to version 20240202.501440e: * SPEC0: Drop python39, add python312 to buildset (#169) - Update to version 20231220.98427f3: * fix python2_compile macro - Update to version 20231207.46c2ec3: * make FLAVOR_compile compatible with python2 - Update to version 20231204.dd64e74: * Combine fix_shebang in one line * New macro FLAVOR_fix_shebang_path * Use realpath in %python_clone macro shebang replacement * Compile and fix_shebang in %python_install macros - Update to version 20231010.0a1f0d9: * Revert 'Compile and fix_shebang in %python_install macros' - Update to version 20231010.a32e110: * Compile and fix_shebang in %python_install macros - Update to version 20231005.bf2d3ab: * Fix shebang also in sbin with macro _fix_shebang - Update to version 20230609.6fe8111: * move compile loop to python * remove python38 The following package changes have been done: - libuuid1-2.39.3-150600.4.6.2 updated - libsmartcols1-2.39.3-150600.4.6.2 updated - libblkid1-2.39.3-150600.4.6.2 updated - libfdisk1-2.39.3-150600.4.6.2 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libmount1-2.39.3-150600.4.6.2 updated - util-linux-2.39.3-150600.4.6.2 updated - kernel-macros-6.4.0-150600.23.7.2 updated - libatomic1-13.3.0+git8781-150000.1.12.1 updated - libgomp1-13.3.0+git8781-150000.1.12.1 updated - libitm1-13.3.0+git8781-150000.1.12.1 updated - liblsan0-13.3.0+git8781-150000.1.12.1 updated - python-rpm-macros-20240618.1e386da-150400.3.13.1 updated - kernel-devel-6.4.0-150600.23.7.2 updated - suse-module-tools-15.6.10-150600.3.6.2 updated - kernel-default-devel-6.4.0-150600.23.7.3 updated - kernel-syms-6.4.0-150600.23.7.1 updated - container:sles15-image-15.0.0-47.5.11 updated From sle-container-updates at lists.suse.com Wed Jul 3 13:01:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 3 Jul 2024 15:01:01 +0200 (CEST) Subject: SUSE-CU-2024:2980-1: Security update of bci/nodejs Message-ID: <20240703130101.D95F6FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2980-1 Container Tags : bci/node:18 , bci/node:18-26.3 , bci/nodejs:18 , bci/nodejs:18-26.3 Container Release : 26.3 Severity : important Type : security References : 1029961 1092100 1121753 1158830 1158830 1158830 1181475 1181976 1185417 1195468 1206412 1206798 1209122 1209122 1214025 1214290 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2023-4016 CVE-2023-4156 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2730-1 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Type: security Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:225-1 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:11-1 Released: Tue Jan 2 13:24:52 2024 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1029961,1158830,1206798,1209122 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-? as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. The following package changes have been done: - libgpg-error0-1.42-150400.1.101 added - libgcrypt20-1.9.4-150500.10.19 added - libgcrypt20-hmac-1.9.4-150500.10.19 added - curl-8.0.1-150400.5.44.1 added - liblz4-1-1.9.3-150400.1.7 added - libsystemd0-249.17-150400.8.40.1 added - libprocps8-3.3.17-150000.7.39.1 added - procps-3.3.17-150000.7.39.1 added - gawk-4.2.1-150000.3.3.1 added - container:sles15-image-15.0.0-36.14.2 updated From sle-container-updates at lists.suse.com Wed Jul 3 13:02:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 3 Jul 2024 15:02:24 +0200 (CEST) Subject: SUSE-CU-2024:2982-1: Recommended update of bci/openjdk-devel Message-ID: <20240703130224.6B8E9FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2982-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-23.5 Container Release : 23.5 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. The following package changes have been done: - libprocps8-3.3.17-150000.7.39.1 updated - procps-3.3.17-150000.7.39.1 updated - container:bci-openjdk-17-15.5.17-24.2 updated From sle-container-updates at lists.suse.com Wed Jul 3 13:03:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 3 Jul 2024 15:03:10 +0200 (CEST) Subject: SUSE-CU-2024:2990-1: Recommended update of bci/bci-init Message-ID: <20240703130310.44B12FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2990-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.17.6 , bci/bci-init:latest Container Release : 17.6 Severity : critical Type : recommended References : 1188441 1225598 1226415 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2214-1 Released: Tue Jun 25 17:11:26 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1225598 This update for util-linux fixes the following issue: - Fix hang of lscpu -e (bsc#1225598) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2239-1 Released: Wed Jun 26 13:09:10 2024 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1226415 This update for systemd contains the following fixes: - testsuite: move a misplaced %endif - Do not remove existing configuration files in /etc. If these files were modified on the systemd, that may cause unwanted side effects (bsc#1226415). - Import upstream commit (merge of v254.13) Use the pty slave fd opened from the namespace when transient service is running in a container. This revert the backport of the broken commit until a fix is released in the v254-stable tree. - Import upstream commit (merge of v254.11) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e8d77af4240894da620de74fbc7823aaaa448fef...85db84ee440eac202c4b5507e96e1704269179bc The following package changes have been done: - libuuid1-2.39.3-150600.4.6.2 updated - libsmartcols1-2.39.3-150600.4.6.2 updated - libblkid1-2.39.3-150600.4.6.2 updated - libfdisk1-2.39.3-150600.4.6.2 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libmount1-2.39.3-150600.4.6.2 updated - libsystemd0-254.13-150600.4.5.1 updated - util-linux-2.39.3-150600.4.6.2 updated - systemd-254.13-150600.4.5.1 updated - container:sles15-image-15.0.0-47.5.12 updated From sle-container-updates at lists.suse.com Wed Jul 3 13:03:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 3 Jul 2024 15:03:14 +0200 (CEST) Subject: SUSE-CU-2024:2991-1: Security update of bci/openjdk-devel Message-ID: <20240703130314.0C1BAFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2991-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-14.5 , bci/openjdk-devel:latest Container Release : 14.5 Severity : critical Type : security References : 1029961 1092100 1121753 1158830 1158830 1158830 1181475 1181976 1185417 1188441 1195468 1206412 1206798 1209122 1209122 1214025 1214290 1224168 1224170 1224171 1224172 1224173 1225598 1226415 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2023-4016 CVE-2023-4156 CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2730-1 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Type: security Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:225-1 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:11-1 Released: Tue Jan 2 13:24:52 2024 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1029961,1158830,1206798,1209122 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-? as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:1664-1 Released: Thu May 16 07:56:10 2024 Summary: Feature update for Java Type: feature Severity: moderate References: This update for byte-buddy, javadoc-parser, jurand, modulemaker-maven-plugin, open-test-reporting, plexus-xml fixes the following issues: byte-buddy: - New RPM package implementation at version 1.14.13 javadoc-parser: - New RPM package implementation at version 0.3.1 jurand: - New RPM package implementation at version 1.3.2 modulemaker-maven-plugin: - New RPM package implementation at version 1.11 open-test-reporting: - New RPM package implementation at version 0.1.0-M2 plexus-xml: - New RPM package implementation at version 3.0.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2000-1 Released: Wed Jun 12 05:43:59 2024 Summary: Recommended update for Java Type: recommended Severity: moderate References: This update for Java fixes the following issues: javadoc-parser: - Deliver javadoc-parser RPM package to meet new dependency requirements (no source changes) maven-filtering was updated to version 3.3.2: - Build against the plexus-build-api0 package containing sonatype plexus build api - Version 3.3.2: * Changes: + pick correct hamcrest dependency + Prefer commons lang to plexus utils + MSHARED-1214: move tag back to HEAD + MSHARED-1216: Use caching output stream + Bump org.codehaus.plexus:plexus-utils from 3.0.16 to 3.0.24 in /src/test/resources + Fix typos and grammar + Fix 'licenced' typo in PR template + refactor IncrementalResourceFilteringTest + MSHARED-1340: Require Maven 3.6.3+ + Bump commons-io:commons-io from 2.11.0 to 2.15.1 + Bump org.apache.commons:commons-lang3 from 3.12.0 to 3.14.0 + MSHARED-1339: Bump org.apache.maven.shared:maven-shared-components from 39 to 41 + MSHARED-1290: Fix PropertyUtils cycle detection results in false positives + MSHARED-1285: use an up-to-date scanner instead the newscanner + Bump org.codehaus.plexus:plexus-testing from 1.2.0 to 1.3.0 + Bump org.codehaus.plexus:plexus-interpolation from 1.26 to 1.27 + Bump org.codehaus.plexus:plexus-utils from 3.5.1 to 4.0.0 + Bump release-drafter/release-drafter from 5 to 6 + Bump org.junit.jupiter:junit-jupiter-api from 5.10.1 to 5.10.2 + MSHARED-1351: Fix console message when origin is baseDir + MSHARED-1050: Fix ConcurrentModificationException for maven-filtering + MSHARED-1330: Always overwrite files - Version 3.3.1: * Changes: + MSHARED-1175: Copying x resources from rel/path to rel/path + MSHARED-1213: Bug: filtering existing but 0 byte file + MSHARED-1199: Upgrade parent pom to 39 + MSHARED-1112: Ignore setting permissions on non existing dest files/symlinks + MSHARED-1144: remove rendundant error message - Version 3.3.0: * Changes: + Fixed cloning of MavenResourcesExecution's instances using copyOf() method + MRESOURCES-258: Copying and filtering logic is delegated to FileUtils + replace deprecated methods + replace deprecated code in favor of Java 7 core and apache commons libraries declare dependencies + MSHARED-1080: Parent POM 36, Java8, drop legacy. maven-plugin-tools: - Build against the plexus-build-api0 package containing sonatype plexus build api - Added dependency on plexus-xml where relevant modello was updated to version 2.4.0: - Build against the new codehaus plexus build api 1.2.0 - Build all modello plugins - Version 2.4.0: * New features and improvements: + Keep license structure + Support addition of license header to generated files + Make generated code - Java 8 based by default + threadsafety * Bugs fixed: + Revert snakeyaml to 1.33 (as 2.x is not fully compatible with 1.x). - Version 2.3.0: * Changes: + Kill off dead Plexus + Fix for #366 - Version 2.2.0: * Changes: + Parse javadoc tags in xdoc generator (only @since is supported atm) + Use generic in Xpp3Reader for JDK 5+ + Get rid of usage deprecated Reader/WriterFactory + Make spotless plugin work with Java 21 + Support java source property being discovered as 1.x + Fix thread safety issues by not using singletons for generators + Improve discovering javaSource based on maven.compiler properties, default as 8 + Switch Plexus Annotation to JSR-330 + Make spotless plugin work with Java 21 - Add dependency on plexus-xml where relevant plexus-build-api was updated to version 1.2.0: - Version 1.2.0: * Potentially breaking changes: + change package to org.codehaus.plexus.build * New features and improvements: + Convert to JSR 330 component + Bump sisu-maven-plugin from 0.3.5 to 0.9.0.M2 + Switch to parent 13 and reformat + Use a CachingOutputStream when using the build context + Reuse plexus-pom action for CI + Add README and LICENSE + Remove ThreadBuildContext * Bugs fixed: + Store Objects in the DefaultContext in a map + Let the DefaultBuildContext delegate to the legacy build-api plexus-build-api0 was implemented at version 0.0.8: - New package plexus-xml: - Deliver plexus-xml RPM package to meet new dependency requirements (no source changes) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2079-1 Released: Wed Jun 19 05:41:08 2024 Summary: Recommended update for Java Type: recommended Severity: moderate References: This update for Gradle and Maven fixes the following issues: gradle-bootstrap: - Regenerate to account for the new plexus-xml dependency gradle: - Fixed build with the `plexus-xml` split from plexus-utils maven-artifact-transfer: - Added dependency on `plexus-xml` where relevant - Removed unnecessary dependency on xmvn tools and parent pom maven-assembly-plugin, maven-doxia, maven-doxia-sitetools, maven-install-plugin, maven-javadoc-plugin, maven-plugin-testing, maven-resolver, maven: - Added dependency on `plexus-xml` where relevant ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2214-1 Released: Tue Jun 25 17:11:26 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1225598 This update for util-linux fixes the following issue: - Fix hang of lscpu -e (bsc#1225598) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2239-1 Released: Wed Jun 26 13:09:10 2024 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1226415 This update for systemd contains the following fixes: - testsuite: move a misplaced %endif - Do not remove existing configuration files in /etc. If these files were modified on the systemd, that may cause unwanted side effects (bsc#1226415). - Import upstream commit (merge of v254.13) Use the pty slave fd opened from the namespace when transient service is running in a container. This revert the backport of the broken commit until a fix is released in the v254-stable tree. - Import upstream commit (merge of v254.11) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e8d77af4240894da620de74fbc7823aaaa448fef...85db84ee440eac202c4b5507e96e1704269179bc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2255-1 Released: Tue Jul 2 05:25:54 2024 Summary: Recommended update for Java Type: recommended Severity: moderate References: This update for Java fixes the following issues: maven-file-management: - Use sisu-plexus instead of plexus-containers-container-default - Added dependency on plexus-xml where relevant - Removed unnecessary dependency on xmvn tools and parent pom maven-shared-io: - Do not add PROVIDED dependency on plexus-container-default - Use sisu-plexus instead of plexus-containers-container-default - Removed unnecessary dependency on xmvn tools and parent pom maven2: - Use sisu-plexus instead of plexus-containers-container-default - Fixed build with both sisu-plexus and plexus-containers-container-default - Require the new plexus-xml package to fix build maven-shared-utils was updated to version 3.3.4: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact in order to avoid conflict/choise of providers - Checked exception converted to raw runtime - PrettyPrintXmlWriter output is platform dependent - Deprecated StringUtils.unifyLineSeparator - Fixed environment variable with null value - Dependencies upgraded: * Upgraded Jansi to 2.0.1 * Upgraded Jansi to 2.2.0 plexus-ant-factory: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default - Fixed the code to build both with sisu-plexus and plexus-containers-container-default. plexus-bsh-factory: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default plexus-cli: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid conflict/choise of providers plexus-i18n: - Use sisu-plexus instead of plexus-containers-container-default plexus-resources: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default plexus-sec-dispatcher: - Removed unnecessary dependency on plexus-containers-container-default - Add dependency on plexus-xml where relevant - Build with source and target levels 8 plexus-velocity: - Use the org.eclipse.sisu:org.eclipse.sisu.plexus artifact to avoid conflict/choise of providers - Use sisu-plexus instead of plexus-containers-container-default tesla-polyglot: - Fixed build with maven-plugin-plugin - Fixed build with snakeyaml 2.2 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2277-1 Released: Tue Jul 2 17:03:49 2024 Summary: Security update for git Type: security Severity: important References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465 This update for git fixes the following issues: - CVE-2024-32002: Fix recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion. (bsc#1224168) - CVE-2024-32004: Fixed arbitrary code execution during local clones. (bsc#1224170) - CVE-2024-32020: Fix file overwriting vulnerability during local clones. (bsc#1224171) - CVE-2024-32021: Git may create hardlinks to arbitrary user-readable files. (bsc#1224172) - CVE-2024-32465: Fixed arbitrary code execution during clone operations. (bsc#1224173) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. The following package changes have been done: - libuuid1-2.39.3-150600.4.6.2 updated - libsmartcols1-2.39.3-150600.4.6.2 updated - libblkid1-2.39.3-150600.4.6.2 updated - libfdisk1-2.39.3-150600.4.6.2 updated - liblz4-1-1.9.4-150600.1.4 added - libgpg-error0-1.47-150600.1.3 added - libgcrypt20-1.10.3-150600.1.23 added - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libmount1-2.39.3-150600.4.6.2 updated - libsystemd0-254.13-150600.4.5.1 added - libprocps8-3.3.17-150000.7.39.1 added - procps-3.3.17-150000.7.39.1 added - util-linux-2.39.3-150600.4.6.2 updated - curl-8.6.0-150600.2.2 added - gawk-4.2.1-150000.3.3.1 added - maven-resolver-api-1.9.18-150200.3.20.1 updated - plexus-xml-3.0.0-150200.5.5.1 added - maven-shared-utils-3.3.4-150200.3.7.2 updated - maven-resolver-util-1.9.18-150200.3.20.1 updated - maven-resolver-spi-1.9.18-150200.3.20.1 updated - plexus-sec-dispatcher-2.0-150200.3.7.3 updated - maven-resolver-named-locks-1.9.18-150200.3.20.1 updated - maven-resolver-transport-file-1.9.18-150200.3.20.1 updated - maven-resolver-connector-basic-1.9.18-150200.3.20.1 updated - maven-resolver-transport-wagon-1.9.18-150200.3.20.1 updated - git-core-2.43.0-150600.3.3.1 updated - maven-resolver-impl-1.9.18-150200.3.20.1 updated - maven-resolver-transport-http-1.9.18-150200.3.20.1 updated - maven-lib-3.9.6-150200.4.24.2 updated - maven-3.9.6-150200.4.24.2 updated - container:bci-openjdk-21-15.6.21-14.4 updated From sle-container-updates at lists.suse.com Wed Jul 3 13:03:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 3 Jul 2024 15:03:23 +0200 (CEST) Subject: SUSE-CU-2024:2993-1: Recommended update of suse/sle15 Message-ID: <20240703130323.2FF6EFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2993-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.5.12 , suse/sle15:15.6 , suse/sle15:15.6.47.5.12 Container Release : 47.5.12 Severity : critical Type : recommended References : 1188441 1222086 1223430 1223766 1224242 1225598 1226415 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 33664 Released: Thu Jun 13 21:03:11 2024 Summary: Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1222086,1223430,1223766,1224242 This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242) - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2104-1 Released: Thu Jun 20 10:44:39 2024 Summary: Recommended update for google-cloud SDK Type: recommended Severity: moderate References: This update for protobuf and python-grpcio fixes the following issue: - Add python311 binaries to Python Module. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2214-1 Released: Tue Jun 25 17:11:26 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1225598 This update for util-linux fixes the following issue: - Fix hang of lscpu -e (bsc#1225598) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2239-1 Released: Wed Jun 26 13:09:10 2024 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1226415 This update for systemd contains the following fixes: - testsuite: move a misplaced %endif - Do not remove existing configuration files in /etc. If these files were modified on the systemd, that may cause unwanted side effects (bsc#1226415). - Import upstream commit (merge of v254.13) Use the pty slave fd opened from the namespace when transient service is running in a container. This revert the backport of the broken commit until a fix is released in the v254-stable tree. - Import upstream commit (merge of v254.11) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e8d77af4240894da620de74fbc7823aaaa448fef...85db84ee440eac202c4b5507e96e1704269179bc ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. The following package changes have been done: - libblkid1-2.39.3-150600.4.6.2 updated - libfdisk1-2.39.3-150600.4.6.2 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libmount1-2.39.3-150600.4.6.2 updated - libprocps8-3.3.17-150000.7.39.1 updated - libprotobuf-lite25_1_0-25.1-150600.16.4.2 updated - libsmartcols1-2.39.3-150600.4.6.2 updated - libsolv-tools-base-0.7.29-150400.3.22.4 added - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libsystemd0-254.13-150600.4.5.1 updated - libudev1-254.13-150600.4.5.1 updated - libuuid1-2.39.3-150600.4.6.2 updated - libzypp-17.34.1-150600.3.4.6 updated - procps-3.3.17-150000.7.39.1 updated - util-linux-2.39.3-150600.4.6.2 updated - zypper-1.14.71-150600.10.2.7 updated - gio-branding-SLE-15-150600.35.2.1 removed - glib2-tools-2.78.6-150600.4.3.1 removed - libduktape206-2.6.0-150500.4.5.1 removed - libgio-2_0-0-2.78.6-150600.4.3.1 removed - libgmodule-2_0-0-2.78.6-150600.4.3.1 removed - libgobject-2_0-0-2.78.6-150600.4.3.1 removed - libproxy1-0.5.3-150600.2.2 removed - libpxbackend-1_0-0.5.3-150600.2.1 removed - libsolv-tools-0.7.28-150400.3.16.2 removed - shared-mime-info-2.4-150600.1.3 removed From sle-container-updates at lists.suse.com Thu Jul 4 07:01:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:01:50 +0200 (CEST) Subject: SUSE-IU-2024:600-1: Security update of suse/sle-micro/5.5 Message-ID: <20240704070150.D3D57F78C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:600-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.58 , suse/sle-micro/5.5:latest Image Release : 5.5.58 Severity : important Type : security References : 1224282 1225771 1227052 CVE-2024-34459 CVE-2024-5564 CVE-2024-6104 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2283-1 Released: Tue Jul 2 23:12:19 2024 Summary: Security update for libndp Type: security Severity: important References: 1225771,CVE-2024-5564 This update for libndp fixes the following issues: - CVE-2024-5564: Add a check on the route information option length field. (bsc#1225771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2286-1 Released: Wed Jul 3 08:26:16 2024 Summary: Security update for podman Type: security Severity: moderate References: 1227052,CVE-2024-6104 This update for podman fixes the following issues: - CVE-2024-6104: Fixed a potential leak of sensitive information on HTTP log file (bsc#1227052). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2291-1 Released: Wed Jul 3 12:43:47 2024 Summary: Recommended update for elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5, seedimage-builder1.5 Type: recommended Severity: moderate References: This update for elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5, seedimage-builder1.5 contains the following fixes: Changes in elemental-operator1.5: - Update to version 1.5.4: * [BACKPORT] Ensure re-sync is triggered * [BACKPORT] operator: fix ManagedOSVersionChannel sync Changes in elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5, seedimage-builder1.5: - Update to version 1.5.4. The following package changes have been done: - libxml2-2-2.10.3-150500.5.17.1 updated - libndp0-1.6-150000.3.3.1 updated - elemental-register1.5-1.5.4-150500.1.11.1 updated - elemental-support1.5-1.5.4-150500.1.11.1 updated - libltdl7-2.4.6-150000.3.8.1 updated - libprocps8-3.3.17-150000.7.39.1 updated - procps-3.3.17-150000.7.39.1 updated - libxmlsec1-1-1.2.37-150400.14.5.1 updated - libxmlsec1-openssl1-1.2.37-150400.14.5.1 updated - podman-4.9.5-150500.3.15.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.34 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:02:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:02:00 +0200 (CEST) Subject: SUSE-CU-2024:2999-1: Security update of rancher/elemental-channel Message-ID: <20240704070200.CE672F78C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:2999-1 Container Tags : rancher/elemental-channel:1.4.4 , rancher/elemental-channel:1.4.4-4.5.92 , rancher/elemental-channel:latest Container Release : 4.5.92 Severity : important Type : security References : 1221940 1223423 1223424 1223425 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 ----------------------------------------------------------------- The container rancher/elemental-channel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1895-1 Released: Mon Jun 3 09:00:20 2024 Summary: Security update for glibc Type: security Severity: important References: 1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) The following package changes have been done: - glibc-2.31-150300.83.1 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:02:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:02:02 +0200 (CEST) Subject: SUSE-CU-2024:3000-1: Security update of rancher/elemental-channel Message-ID: <20240704070202.415C9F78C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-channel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3000-1 Container Tags : rancher/elemental-channel:1.5.4 , rancher/elemental-channel:1.5.4-1.5.94 , rancher/elemental-channel:latest Container Release : 1.5.94 Severity : important Type : security References : 1221940 1223423 1223424 1223425 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 ----------------------------------------------------------------- The container rancher/elemental-channel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1895-1 Released: Mon Jun 3 09:00:20 2024 Summary: Security update for glibc Type: security Severity: important References: 1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2291-1 Released: Wed Jul 3 12:43:47 2024 Summary: Recommended update for elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5, seedimage-builder1.5 Type: recommended Severity: moderate References: This update for elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5, seedimage-builder1.5 contains the following fixes: Changes in elemental-operator1.5: - Update to version 1.5.4: * [BACKPORT] Ensure re-sync is triggered * [BACKPORT] operator: fix ManagedOSVersionChannel sync Changes in elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5, seedimage-builder1.5: - Update to version 1.5.4. The following package changes have been done: - glibc-2.31-150300.83.1 updated - elemental-register1.5-1.5.4-150500.1.11.1 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:02:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:02:04 +0200 (CEST) Subject: SUSE-CU-2024:3001-1: Security update of rancher/elemental-rt-channel Message-ID: <20240704070204.29F2AF78C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-rt-channel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3001-1 Container Tags : rancher/elemental-rt-channel:1.4.4 , rancher/elemental-rt-channel:1.4.4-3.5.81 , rancher/elemental-rt-channel:latest Container Release : 3.5.81 Severity : important Type : security References : 1221940 1223423 1223424 1223425 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 ----------------------------------------------------------------- The container rancher/elemental-rt-channel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1895-1 Released: Mon Jun 3 09:00:20 2024 Summary: Security update for glibc Type: security Severity: important References: 1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) The following package changes have been done: - glibc-2.31-150300.83.1 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:02:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:02:05 +0200 (CEST) Subject: SUSE-CU-2024:3002-1: Security update of rancher/elemental-rt-channel Message-ID: <20240704070205.3534BF78C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-rt-channel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3002-1 Container Tags : rancher/elemental-rt-channel:1.5.4 , rancher/elemental-rt-channel:1.5.4-1.5.82 , rancher/elemental-rt-channel:latest Container Release : 1.5.82 Severity : important Type : security References : 1221940 1223423 1223424 1223425 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 ----------------------------------------------------------------- The container rancher/elemental-rt-channel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1895-1 Released: Mon Jun 3 09:00:20 2024 Summary: Security update for glibc Type: security Severity: important References: 1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2291-1 Released: Wed Jul 3 12:43:47 2024 Summary: Recommended update for elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5, seedimage-builder1.5 Type: recommended Severity: moderate References: This update for elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5, seedimage-builder1.5 contains the following fixes: Changes in elemental-operator1.5: - Update to version 1.5.4: * [BACKPORT] Ensure re-sync is triggered * [BACKPORT] operator: fix ManagedOSVersionChannel sync Changes in elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5, seedimage-builder1.5: - Update to version 1.5.4. The following package changes have been done: - glibc-2.31-150300.83.1 updated - elemental-register1.5-1.5.4-150500.1.11.1 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:02:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:02:06 +0200 (CEST) Subject: SUSE-CU-2024:3003-1: Security update of rancher/elemental-operator Message-ID: <20240704070206.8C076F78C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3003-1 Container Tags : rancher/elemental-operator:1.5.4 , rancher/elemental-operator:1.5.4-1.13.1 , rancher/elemental-operator:latest Container Release : 1.13.1 Severity : important Type : security References : 1188441 1209627 1221940 1222548 1223423 1223424 1223425 1225551 CVE-2024-2511 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2024-4741 ----------------------------------------------------------------- The container rancher/elemental-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1895-1 Released: Mon Jun 3 09:00:20 2024 Summary: Security update for glibc Type: security Severity: important References: 1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2051-1 Released: Tue Jun 18 09:16:01 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. The following package changes have been done: - glibc-2.31-150300.83.1 updated - libjitterentropy3-3.4.1-150000.1.12.1 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libopenssl1_1-1.1.1l-150500.17.31.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.31.1 updated - openssl-1_1-1.1.1l-150500.17.31.1 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:02:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:02:10 +0200 (CEST) Subject: SUSE-CU-2024:3004-1: Security update of rancher/elemental-operator Message-ID: <20240704070210.78FF5F78C@maintenance.suse.de> SUSE Container Update Advisory: rancher/elemental-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3004-1 Container Tags : rancher/elemental-operator:1.4.4 , rancher/elemental-operator:1.4.4-4.8.18 , rancher/elemental-operator:latest Container Release : 4.8.18 Severity : important Type : security References : 1188441 1209627 1221940 1222548 1223423 1223424 1223425 1225551 CVE-2024-2511 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2024-4741 ----------------------------------------------------------------- The container rancher/elemental-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1895-1 Released: Mon Jun 3 09:00:20 2024 Summary: Security update for glibc Type: security Severity: important References: 1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2051-1 Released: Tue Jun 18 09:16:01 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. The following package changes have been done: - glibc-2.31-150300.83.1 updated - libjitterentropy3-3.4.1-150000.1.12.1 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libopenssl1_1-1.1.1l-150500.17.31.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.31.1 updated - openssl-1_1-1.1.1l-150500.17.31.1 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:02:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:02:11 +0200 (CEST) Subject: SUSE-CU-2024:3005-1: Security update of rancher/seedimage-builder Message-ID: <20240704070211.F1E67F78C@maintenance.suse.de> SUSE Container Update Advisory: rancher/seedimage-builder ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3005-1 Container Tags : rancher/seedimage-builder:1.5.4 , rancher/seedimage-builder:1.5.4-1.11.1 , rancher/seedimage-builder:latest Container Release : 1.11.1 Severity : important Type : security References : 1188441 1209627 1218609 1220117 1221361 1221940 1222548 1223423 1223424 1223425 1223596 1223605 1225551 CVE-2024-2511 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2024-4741 ----------------------------------------------------------------- The container rancher/seedimage-builder was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1810-1 Released: Wed May 29 08:58:01 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1218609,1220117,1223605 This update for util-linux fixes the following issues: - Processes not cleaned up after failed SSH session are using up 100% CPU (bsc#1220117) - lscpu: Add more ARM cores (bsc#1223605) - Document that chcpu -g is not supported on IBM z/VM (bsc#1218609) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1876-1 Released: Fri May 31 06:47:32 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1221361 This update for aaa_base fixes the following issues: - Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1895-1 Released: Mon Jun 3 09:00:20 2024 Summary: Security update for glibc Type: security Severity: important References: 1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2051-1 Released: Tue Jun 18 09:16:01 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. The following package changes have been done: - glibc-2.31-150300.83.1 updated - libuuid1-2.37.4-150500.9.11.1 updated - libsmartcols1-2.37.4-150500.9.11.1 updated - libblkid1-2.37.4-150500.9.11.1 updated - libfdisk1-2.37.4-150500.9.11.1 updated - libcom_err2-1.46.4-150400.3.6.2 updated - libjitterentropy3-3.4.1-150000.1.12.1 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libopenssl1_1-1.1.1l-150500.17.31.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.31.1 updated - libmount1-2.37.4-150500.9.11.1 updated - util-linux-2.37.4-150500.9.11.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.20.1 updated - openssl-1_1-1.1.1l-150500.17.31.1 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:02:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:02:15 +0200 (CEST) Subject: SUSE-CU-2024:3006-1: Security update of rancher/seedimage-builder Message-ID: <20240704070215.CE452F78C@maintenance.suse.de> SUSE Container Update Advisory: rancher/seedimage-builder ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3006-1 Container Tags : rancher/seedimage-builder:1.4.4 , rancher/seedimage-builder:1.4.4-4.8.18 , rancher/seedimage-builder:latest Container Release : 4.8.18 Severity : important Type : security References : 1188441 1209627 1221940 1222548 1223423 1223424 1223425 1223596 1225551 CVE-2024-2511 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2024-4741 ----------------------------------------------------------------- The container rancher/seedimage-builder was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1808-1 Released: Tue May 28 22:12:38 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1222548,CVE-2024-2511 This update for openssl-1_1 fixes the following issues: - CVE-2024-2511: Fixed unconstrained session cache growth in TLSv1.3 (bsc#1222548). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1895-1 Released: Mon Jun 3 09:00:20 2024 Summary: Security update for glibc Type: security Severity: important References: 1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2051-1 Released: Tue Jun 18 09:16:01 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. The following package changes have been done: - glibc-2.31-150300.83.1 updated - libcom_err2-1.46.4-150400.3.6.2 updated - libjitterentropy3-3.4.1-150000.1.12.1 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libopenssl1_1-1.1.1l-150500.17.31.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.31.1 updated - openssl-1_1-1.1.1l-150500.17.31.1 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:07:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:07:10 +0200 (CEST) Subject: SUSE-CU-2024:3007-1: Security update of suse/sles12sp5 Message-ID: <20240704070710.2E227F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3007-1 Container Tags : suse/sles12sp5:6.8.10 , suse/sles12sp5:latest Container Release : 6.8.10 Severity : low Type : security References : 1224282 CVE-2024-34459 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2288-1 Released: Wed Jul 3 08:26:46 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). The following package changes have been done: - libxml2-2-2.9.4-46.75.1 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:01:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:01:36 +0200 (CEST) Subject: SUSE-IU-2024:598-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20240704070136.4C74EF78C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:598-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.69 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.69 Severity : important Type : security References : 1065729 1141539 1174585 1181674 1185882 1187716 1188441 1190569 1191949 1192107 1193983 1194288 1194557 1194869 1196956 1197915 1199093 1200465 1205205 1207284 1207361 1207948 1208149 1209627 1209657 1209799 1209834 1209980 1210335 1213863 1214852 1215322 1215702 1216358 1216702 1216717 1217169 1217339 1217515 1218447 1220021 1220267 1220363 1220783 1221044 1221081 1221361 1221615 1221777 1221816 1221829 1221940 1222011 1222374 1222385 1222413 1222464 1222513 1222559 1222561 1222608 1222619 1222627 1222721 1222765 1222770 1222783 1222793 1222870 1222893 1222960 1222961 1222974 1222975 1222976 1223011 1223023 1223027 1223031 1223043 1223046 1223048 1223049 1223084 1223113 1223119 1223137 1223138 1223140 1223188 1223203 1223207 1223278 1223315 1223360 1223384 1223390 1223423 1223424 1223425 1223432 1223489 1223505 1223532 1223575 1223595 1223626 1223627 1223628 1223631 1223633 1223638 1223650 1223653 1223666 1223670 1223671 1223675 1223677 1223678 1223679 1223698 1223712 1223715 1223717 1223718 1223737 1223738 1223741 1223744 1223747 1223748 1223750 1223752 1223754 1223756 1223757 1223762 1223769 1223770 1223779 1223780 1223781 1223788 1223802 1223819 1223823 1223826 1223828 1223829 1223837 1223842 1223843 1223844 1223847 1223858 1223875 1223879 1223895 1223959 1223961 1223991 1223996 1224020 1224076 1224096 1224098 1224099 1224137 1224166 1224174 1224177 1224180 1224181 1224187 1224282 1224320 1224331 1224346 1224423 1224432 1224437 1224438 1224442 1224443 1224445 1224449 1224479 1224482 1224487 1224488 1224492 1224494 1224495 1224502 1224508 1224509 1224511 1224519 1224524 1224525 1224530 1224531 1224534 1224535 1224537 1224541 1224543 1224549 1224550 1224558 1224559 1224566 1224567 1224571 1224575 1224576 1224579 1224580 1224581 1224582 1224586 1224587 1224592 1224598 1224601 1224607 1224608 1224611 1224615 1224617 1224618 1224621 1224622 1224624 1224627 1224628 1224629 1224632 1224636 1224637 1224638 1224640 1224643 1224644 1224645 1224647 1224648 1224649 1224650 1224651 1224657 1224659 1224660 1224663 1224664 1224665 1224666 1224667 1224668 1224671 1224672 1224676 1224678 1224679 1224680 1224681 1224682 1224685 1224686 1224692 1224697 1224699 1224701 1224703 1224705 1224707 1224717 1224718 1224721 1224722 1224723 1224725 1224727 1224728 1224729 1224730 1224731 1224732 1224733 1224736 1224738 1224739 1224740 1224747 1224749 1224759 1224763 1224764 1224765 1224766 1224794 1224795 1224796 1224803 1224816 1224895 1224898 1224900 1224901 1224902 1224903 1224904 1224905 1224907 1224909 1224910 1224911 1224912 1224913 1224914 1224915 1224920 1224928 1224929 1224930 1224931 1224932 1224936 1224937 1224941 1224942 1224944 1224945 1224947 1224956 1224988 1224992 1225000 1225003 1225005 1225008 1225009 1225022 1225031 1225032 1225036 1225041 1225044 1225053 1225076 1225077 1225082 1225085 1225086 1225092 1225095 1225096 1225097 1225106 1225108 1225109 1225114 1225118 1225121 1225122 1225123 1225125 1225126 1225127 1225129 1225131 1225132 1225138 1225139 1225145 1225151 1225153 1225156 1225158 1225160 1225161 1225164 1225167 1225180 1225183 1225184 1225186 1225187 1225189 1225190 1225191 1225192 1225193 1225195 1225198 1225201 1225203 1225205 1225206 1225207 1225208 1225209 1225210 1225214 1225222 1225223 1225224 1225225 1225227 1225228 1225229 1225230 1225232 1225233 1225235 1225236 1225237 1225238 1225239 1225240 1225241 1225242 1225243 1225244 1225245 1225246 1225247 1225248 1225249 1225250 1225251 1225252 1225253 1225254 1225255 1225256 1225257 1225258 1225259 1225260 1225261 1225262 1225263 1225268 1225301 1225303 1225304 1225306 1225316 1225318 1225320 1225321 1225322 1225323 1225326 1225327 1225328 1225329 1225330 1225331 1225332 1225333 1225334 1225335 1225336 1225337 1225338 1225339 1225341 1225342 1225344 1225346 1225347 1225351 1225353 1225354 1225355 1225357 1225358 1225360 1225361 1225366 1225367 1225368 1225369 1225370 1225372 1225373 1225374 1225375 1225376 1225377 1225379 1225380 1225382 1225383 1225384 1225386 1225387 1225388 1225390 1225392 1225393 1225396 1225400 1225404 1225405 1225408 1225409 1225410 1225411 1225424 1225425 1225427 1225431 1225435 1225436 1225437 1225438 1225439 1225441 1225442 1225443 1225444 1225445 1225446 1225447 1225450 1225453 1225455 1225461 1225463 1225464 1225466 1225467 1225468 1225471 1225472 1225478 1225479 1225480 1225482 1225483 1225486 1225488 1225490 1225492 1225495 1225499 1225500 1225501 1225502 1225506 1225508 1225510 1225513 1225515 1225529 1225530 1225532 1225534 1225535 1225548 1225549 1225550 1225551 1225553 1225554 1225555 1225556 1225557 1225559 1225560 1225565 1225566 1225568 1225569 1225570 1225571 1225572 1225577 1225583 1225584 1225587 1225588 1225589 1225590 1225591 1225592 1225593 1225595 1225599 1225616 1225640 1225642 1225705 1225708 1225715 1225720 1225722 1225734 1225735 1225747 1225748 1225756 1225761 1225766 1225771 1225775 1225810 1225820 1225829 1225835 1225842 CVE-2020-36788 CVE-2021-4148 CVE-2021-43527 CVE-2021-47358 CVE-2021-47359 CVE-2021-47360 CVE-2021-47361 CVE-2021-47362 CVE-2021-47363 CVE-2021-47364 CVE-2021-47365 CVE-2021-47366 CVE-2021-47367 CVE-2021-47368 CVE-2021-47369 CVE-2021-47370 CVE-2021-47371 CVE-2021-47372 CVE-2021-47373 CVE-2021-47374 CVE-2021-47375 CVE-2021-47376 CVE-2021-47378 CVE-2021-47379 CVE-2021-47380 CVE-2021-47381 CVE-2021-47382 CVE-2021-47383 CVE-2021-47384 CVE-2021-47385 CVE-2021-47386 CVE-2021-47387 CVE-2021-47388 CVE-2021-47389 CVE-2021-47390 CVE-2021-47391 CVE-2021-47392 CVE-2021-47393 CVE-2021-47394 CVE-2021-47395 CVE-2021-47396 CVE-2021-47397 CVE-2021-47398 CVE-2021-47399 CVE-2021-47400 CVE-2021-47401 CVE-2021-47402 CVE-2021-47403 CVE-2021-47404 CVE-2021-47405 CVE-2021-47406 CVE-2021-47407 CVE-2021-47408 CVE-2021-47409 CVE-2021-47410 CVE-2021-47412 CVE-2021-47413 CVE-2021-47414 CVE-2021-47415 CVE-2021-47416 CVE-2021-47417 CVE-2021-47418 CVE-2021-47419 CVE-2021-47420 CVE-2021-47421 CVE-2021-47422 CVE-2021-47423 CVE-2021-47424 CVE-2021-47425 CVE-2021-47426 CVE-2021-47427 CVE-2021-47428 CVE-2021-47429 CVE-2021-47430 CVE-2021-47431 CVE-2021-47433 CVE-2021-47434 CVE-2021-47435 CVE-2021-47436 CVE-2021-47437 CVE-2021-47438 CVE-2021-47439 CVE-2021-47440 CVE-2021-47441 CVE-2021-47442 CVE-2021-47443 CVE-2021-47444 CVE-2021-47445 CVE-2021-47446 CVE-2021-47447 CVE-2021-47448 CVE-2021-47449 CVE-2021-47450 CVE-2021-47451 CVE-2021-47452 CVE-2021-47453 CVE-2021-47454 CVE-2021-47455 CVE-2021-47456 CVE-2021-47457 CVE-2021-47458 CVE-2021-47459 CVE-2021-47460 CVE-2021-47461 CVE-2021-47462 CVE-2021-47463 CVE-2021-47464 CVE-2021-47465 CVE-2021-47466 CVE-2021-47467 CVE-2021-47468 CVE-2021-47469 CVE-2021-47470 CVE-2021-47471 CVE-2021-47472 CVE-2021-47473 CVE-2021-47474 CVE-2021-47475 CVE-2021-47476 CVE-2021-47477 CVE-2021-47478 CVE-2021-47479 CVE-2021-47480 CVE-2021-47481 CVE-2021-47482 CVE-2021-47483 CVE-2021-47484 CVE-2021-47485 CVE-2021-47486 CVE-2021-47488 CVE-2021-47489 CVE-2021-47490 CVE-2021-47491 CVE-2021-47492 CVE-2021-47493 CVE-2021-47494 CVE-2021-47495 CVE-2021-47496 CVE-2021-47497 CVE-2021-47498 CVE-2021-47499 CVE-2021-47500 CVE-2021-47501 CVE-2021-47502 CVE-2021-47503 CVE-2021-47504 CVE-2021-47505 CVE-2021-47506 CVE-2021-47507 CVE-2021-47508 CVE-2021-47509 CVE-2021-47510 CVE-2021-47511 CVE-2021-47512 CVE-2021-47513 CVE-2021-47514 CVE-2021-47516 CVE-2021-47518 CVE-2021-47520 CVE-2021-47521 CVE-2021-47522 CVE-2021-47523 CVE-2021-47524 CVE-2021-47525 CVE-2021-47526 CVE-2021-47528 CVE-2021-47529 CVE-2021-47530 CVE-2021-47531 CVE-2021-47532 CVE-2021-47533 CVE-2021-47534 CVE-2021-47535 CVE-2021-47536 CVE-2021-47537 CVE-2021-47540 CVE-2021-47541 CVE-2021-47542 CVE-2021-47544 CVE-2021-47548 CVE-2021-47549 CVE-2021-47550 CVE-2021-47551 CVE-2021-47552 CVE-2021-47553 CVE-2021-47554 CVE-2021-47555 CVE-2021-47556 CVE-2021-47557 CVE-2021-47558 CVE-2021-47559 CVE-2021-47560 CVE-2021-47562 CVE-2021-47563 CVE-2021-47564 CVE-2021-47565 CVE-2021-47569 CVE-2022-48633 CVE-2022-48662 CVE-2022-48669 CVE-2022-48689 CVE-2022-48691 CVE-2022-48699 CVE-2022-48705 CVE-2022-48708 CVE-2022-48709 CVE-2022-48710 CVE-2023-0160 CVE-2023-1829 CVE-2023-42755 CVE-2023-47233 CVE-2023-52586 CVE-2023-52591 CVE-2023-52618 CVE-2023-52642 CVE-2023-52643 CVE-2023-52644 CVE-2023-52646 CVE-2023-52650 CVE-2023-52653 CVE-2023-52654 CVE-2023-52655 CVE-2023-52656 CVE-2023-52657 CVE-2023-52659 CVE-2023-52660 CVE-2023-52661 CVE-2023-52662 CVE-2023-52664 CVE-2023-52669 CVE-2023-52671 CVE-2023-52674 CVE-2023-52676 CVE-2023-52678 CVE-2023-52679 CVE-2023-52680 CVE-2023-52683 CVE-2023-52685 CVE-2023-52686 CVE-2023-52690 CVE-2023-52691 CVE-2023-52692 CVE-2023-52693 CVE-2023-52694 CVE-2023-52696 CVE-2023-52698 CVE-2023-52699 CVE-2023-52702 CVE-2023-52703 CVE-2023-52705 CVE-2023-52707 CVE-2023-52708 CVE-2023-52730 CVE-2023-52731 CVE-2023-52732 CVE-2023-52733 CVE-2023-52736 CVE-2023-52738 CVE-2023-52739 CVE-2023-52740 CVE-2023-52741 CVE-2023-52742 CVE-2023-52743 CVE-2023-52744 CVE-2023-52745 CVE-2023-52746 CVE-2023-52747 CVE-2023-52753 CVE-2023-52754 CVE-2023-52756 CVE-2023-52757 CVE-2023-52759 CVE-2023-52763 CVE-2023-52764 CVE-2023-52766 CVE-2023-52773 CVE-2023-52774 CVE-2023-52777 CVE-2023-52781 CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52795 CVE-2023-52796 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800 CVE-2023-52803 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806 CVE-2023-52807 CVE-2023-52808 CVE-2023-52809 CVE-2023-52810 CVE-2023-52811 CVE-2023-52814 CVE-2023-52815 CVE-2023-52816 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52821 CVE-2023-52825 CVE-2023-52826 CVE-2023-52832 CVE-2023-52833 CVE-2023-52834 CVE-2023-52838 CVE-2023-52840 CVE-2023-52841 CVE-2023-52844 CVE-2023-52847 CVE-2023-52851 CVE-2023-52853 CVE-2023-52854 CVE-2023-52855 CVE-2023-52856 CVE-2023-52858 CVE-2023-52860 CVE-2023-52861 CVE-2023-52864 CVE-2023-52865 CVE-2023-52867 CVE-2023-52868 CVE-2023-52870 CVE-2023-52871 CVE-2023-52872 CVE-2023-52873 CVE-2023-52875 CVE-2023-52876 CVE-2023-52877 CVE-2023-52878 CVE-2023-52880 CVE-2023-6531 CVE-2024-2201 CVE-2024-26597 CVE-2024-26643 CVE-2024-26679 CVE-2024-26692 CVE-2024-26698 CVE-2024-26700 CVE-2024-26715 CVE-2024-26739 CVE-2024-26742 CVE-2024-26748 CVE-2024-26758 CVE-2024-26764 CVE-2024-26775 CVE-2024-26777 CVE-2024-26778 CVE-2024-26788 CVE-2024-26791 CVE-2024-26801 CVE-2024-26822 CVE-2024-26828 CVE-2024-26829 CVE-2024-26838 CVE-2024-26839 CVE-2024-26840 CVE-2024-26846 CVE-2024-26859 CVE-2024-26870 CVE-2024-26874 CVE-2024-26876 CVE-2024-26877 CVE-2024-26880 CVE-2024-26889 CVE-2024-26894 CVE-2024-26900 CVE-2024-26907 CVE-2024-26915 CVE-2024-26916 CVE-2024-26919 CVE-2024-26920 CVE-2024-26921 CVE-2024-26922 CVE-2024-26925 CVE-2024-26928 CVE-2024-26929 CVE-2024-26930 CVE-2024-26931 CVE-2024-26933 CVE-2024-26934 CVE-2024-26935 CVE-2024-26937 CVE-2024-26938 CVE-2024-26939 CVE-2024-26940 CVE-2024-26943 CVE-2024-26957 CVE-2024-26958 CVE-2024-26964 CVE-2024-26974 CVE-2024-26977 CVE-2024-26979 CVE-2024-26984 CVE-2024-26988 CVE-2024-26989 CVE-2024-26994 CVE-2024-26996 CVE-2024-26997 CVE-2024-26999 CVE-2024-27000 CVE-2024-27001 CVE-2024-27004 CVE-2024-27008 CVE-2024-27028 CVE-2024-27037 CVE-2024-27042 CVE-2024-27045 CVE-2024-27047 CVE-2024-27051 CVE-2024-27052 CVE-2024-27053 CVE-2024-27054 CVE-2024-27059 CVE-2024-27072 CVE-2024-27073 CVE-2024-27074 CVE-2024-27075 CVE-2024-27076 CVE-2024-27077 CVE-2024-27078 CVE-2024-27388 CVE-2024-27393 CVE-2024-27395 CVE-2024-27396 CVE-2024-27398 CVE-2024-27399 CVE-2024-27400 CVE-2024-27401 CVE-2024-27405 CVE-2024-27410 CVE-2024-27412 CVE-2024-27413 CVE-2024-27416 CVE-2024-27417 CVE-2024-27419 CVE-2024-27431 CVE-2024-27435 CVE-2024-27436 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2024-34459 CVE-2024-35789 CVE-2024-35791 CVE-2024-35796 CVE-2024-35799 CVE-2024-35801 CVE-2024-35804 CVE-2024-35806 CVE-2024-35809 CVE-2024-35811 CVE-2024-35812 CVE-2024-35813 CVE-2024-35815 CVE-2024-35817 CVE-2024-35821 CVE-2024-35822 CVE-2024-35823 CVE-2024-35825 CVE-2024-35828 CVE-2024-35829 CVE-2024-35830 CVE-2024-35833 CVE-2024-35845 CVE-2024-35847 CVE-2024-35849 CVE-2024-35851 CVE-2024-35852 CVE-2024-35854 CVE-2024-35860 CVE-2024-35861 CVE-2024-35862 CVE-2024-35863 CVE-2024-35864 CVE-2024-35865 CVE-2024-35866 CVE-2024-35867 CVE-2024-35868 CVE-2024-35869 CVE-2024-35870 CVE-2024-35872 CVE-2024-35875 CVE-2024-35877 CVE-2024-35878 CVE-2024-35879 CVE-2024-35885 CVE-2024-35887 CVE-2024-35895 CVE-2024-35901 CVE-2024-35904 CVE-2024-35905 CVE-2024-35907 CVE-2024-35912 CVE-2024-35914 CVE-2024-35915 CVE-2024-35922 CVE-2024-35924 CVE-2024-35930 CVE-2024-35932 CVE-2024-35933 CVE-2024-35935 CVE-2024-35936 CVE-2024-35938 CVE-2024-35939 CVE-2024-35940 CVE-2024-35943 CVE-2024-35944 CVE-2024-35947 CVE-2024-35950 CVE-2024-35951 CVE-2024-35952 CVE-2024-35955 CVE-2024-35959 CVE-2024-35963 CVE-2024-35964 CVE-2024-35965 CVE-2024-35966 CVE-2024-35967 CVE-2024-35969 CVE-2024-35973 CVE-2024-35976 CVE-2024-35978 CVE-2024-35982 CVE-2024-35984 CVE-2024-35989 CVE-2024-35990 CVE-2024-35998 CVE-2024-35999 CVE-2024-36006 CVE-2024-36007 CVE-2024-36012 CVE-2024-36014 CVE-2024-36015 CVE-2024-36016 CVE-2024-36026 CVE-2024-36029 CVE-2024-36032 CVE-2024-36880 CVE-2024-36893 CVE-2024-36896 CVE-2024-36897 CVE-2024-36906 CVE-2024-36918 CVE-2024-36924 CVE-2024-36926 CVE-2024-36928 CVE-2024-36931 CVE-2024-36938 CVE-2024-36940 CVE-2024-36941 CVE-2024-36942 CVE-2024-36944 CVE-2024-36947 CVE-2024-36950 CVE-2024-36952 CVE-2024-36955 CVE-2024-36959 CVE-2024-4741 CVE-2024-5564 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1876-1 Released: Fri May 31 06:47:32 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1221361 This update for aaa_base fixes the following issues: - Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1888-1 Released: Fri May 31 19:09:00 2024 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1216717,1223278,1224320 This update for suse-module-tools fixes the following issues: - Include unblacklist in initramfs (bsc#1224320) - regenerate-initrd-posttrans: run update-bootloader --refresh for XEN (bsc#1223278) - 60-io-scheduler.rules: test for 'scheduler' sysfs attribute (bsc#1216717) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1895-1 Released: Mon Jun 3 09:00:20 2024 Summary: Security update for glibc Type: security Severity: important References: 1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2051-1 Released: Tue Jun 18 09:16:01 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2190-1 Released: Tue Jun 25 10:50:51 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1141539,1174585,1181674,1187716,1190569,1191949,1192107,1193983,1194288,1194869,1196956,1197915,1200465,1205205,1207284,1207361,1207948,1208149,1209657,1209799,1209834,1209980,1210335,1213863,1214852,1215322,1215702,1216358,1216702,1217169,1217339,1217515,1218447,1220021,1220267,1220363,1220783,1221044,1221081,1221615,1221777,1221816,1221829,1222011,1222374,1222385,1222413,1222464,1222513,1222559,1222561,1222608,1222619,1222627,1222721,1222765,1222770,1222783,1222793,1222870,1222893,1222960,1222961,1222974,1222975,1222976,1223011,1223023,1223027,1223031,1223043,1223046,1223048,1223049,1223084,1223113,1223119,1223137,1223138,1223140,1223188,1223203,1223207,1223315,1223360,1223384,1223390,1223432,1223489,1223505,1223532,1223575,1223595,1223626,1223627,1223628,1223631,1223633,1223638,1223650,1223653,1223666,1223670,1223671,1223675,1223677,1223678,1223679,1223698,1223712,1223715,1223717,1223718,1223737,1223738,1223741,1223744,1223747,1223748,1223750,1223752,1223754,1 223756,1223757,1223762,1223769,1223770,1223779,1223780,1223781,1223788,1223802,1223819,1223823,1223826,1223828,1223829,1223837,1223842,1223843,1223844,1223847,1223858,1223875,1223879,1223895,1223959,1223961,1223991,1223996,1224020,1224076,1224096,1224098,1224099,1224137,1224166,1224174,1224177,1224180,1224181,1224187,1224331,1224346,1224423,1224432,1224437,1224438,1224442,1224443,1224445,1224449,1224479,1224482,1224487,1224488,1224492,1224494,1224495,1224502,1224508,1224509,1224511,1224519,1224524,1224525,1224530,1224531,1224534,1224535,1224537,1224541,1224543,1224549,1224550,1224558,1224559,1224566,1224567,1224571,1224575,1224576,1224579,1224580,1224581,1224582,1224586,1224587,1224592,1224598,1224601,1224607,1224608,1224611,1224615,1224617,1224618,1224621,1224622,1224624,1224627,1224628,1224629,1224632,1224636,1224637,1224638,1224640,1224643,1224644,1224645,1224647,1224648,1224649,1224650,1224651,1224657,1224659,1224660,1224663,1224664,1224665,1224666,1224667,1224668,1224671,122467 2,1224676,1224678,1224679,1224680,1224681,1224682,1224685,1224686,1224692,1224697,1224699,1224701,1224703,1224705,1224707,1224717,1224718,1224721,1224722,1224723,1224725,1224727,1224728,1224729,1224730,1224731,1224732,1224733,1224736,1224738,1224739,1224740,1224747,1224749,1224759,1224763,1224764,1224765,1224766,1224794,1224795,1224796,1224803,1224816,1224895,1224898,1224900,1224901,1224902,1224903,1224904,1224905,1224907,1224909,1224910,1224911,1224912,1224913,1224914,1224915,1224920,1224928,1224929,1224930,1224931,1224932,1224936,1224937,1224941,1224942,1224944,1224945,1224947,1224956,1224988,1224992,1225000,1225003,1225005,1225008,1225009,1225022,1225031,1225032,1225036,1225041,1225044,1225053,1225076,1225077,1225082,1225085,1225086,1225092,1225095,1225096,1225097,1225106,1225108,1225109,1225114,1225118,1225121,1225122,1225123,1225125,1225126,1225127,1225129,1225131,1225132,1225138,1225139,1225145,1225151,1225153,1225156,1225158,1225160,1225161,1225164,1225167,1225180,1225183,122 5184,1225186,1225187,1225189,1225190,1225191,1225192,1225193,1225195,1225198,1225201,1225203,1225205,1225206,1225207,1225208,1225209,1225210,1225214,1225222,1225223,1225224,1225225,1225227,1225228,1225229,1225230,1225232,1225233,1225235,1225236,1225237,1225238,1225239,1225240,1225241,1225242,1225243,1225244,1225245,1225246,1225247,1225248,1225249,1225250,1225251,1225252,1225253,1225254,1225255,1225256,1225257,1225258,1225259,1225260,1225261,1225262,1225263,1225268,1225301,1225303,1225304,1225306,1225316,1225318,1225320,1225321,1225322,1225323,1225326,1225327,1225328,1225329,1225330,1225331,1225332,1225333,1225334,1225335,1225336,1225337,1225338,1225339,1225341,1225342,1225344,1225346,1225347,1225351,1225353,1225354,1225355,1225357,1225358,1225360,1225361,1225366,1225367,1225368,1225369,1225370,1225372,1225373,1225374,1225375,1225376,1225377,1225379,1225380,1225382,1225383,1225384,1225386,1225387,1225388,1225390,1225392,1225393,1225396,1225400,1225404,1225405,1225408,1225409,1225410, 1225411,1225424,1225425,1225427,1225431,1225435,1225436,1225437,1225438,1225439,1225441,1225442,1225443,1225444,1225445,1225446,1225447,1225450,1225453,1225455,1225461,1225463,1225464,1225466,1225467,1225468,1225471,1225472,1225478,1225479,1225480,1225482,1225483,1225486,1225488,1225490,1225492,1225495,1225499,1225500,1225501,1225502,1225506,1225508,1225510,1225513,1225515,1225529,1225530,1225532,1225534,1225535,1225548,1225549,1225550,1225553,1225554,1225555,1225556,1225557,1225559,1225560,1225565,1225566,1225568,1225569,1225570,1225571,1225572,1225577,1225583,1225584,1225587,1225588,1225589,1225590,1225591,1225592,1225593,1225595,1225599,1225616,1225640,1225642,1225705,1225708,1225715,1225720,1225722,1225734,1225735,1225747,1225748,1225756,1225761,1225766,1225775,1225810,1225820,1225829,1225835,1225842,CVE-2020-36788,CVE-2021-4148,CVE-2021-43527,CVE-2021-47358,CVE-2021-47359,CVE-2021-47360,CVE-2021-47361,CVE-2021-47362,CVE-2021-47363,CVE-2021-47364,CVE-2021-47365,CVE-2021-47366,CV E-2021-47367,CVE-2021-47368,CVE-2021-47369,CVE-2021-47370,CVE-2021-47371,CVE-2021-47372,CVE-2021-47373,CVE-2021-47374,CVE-2021-47375,CVE-2021-47376,CVE-2021-47378,CVE-2021-47379,CVE-2021-47380,CVE-2021-47381,CVE-2021-47382,CVE-2021-47383,CVE-2021-47384,CVE-2021-47385,CVE-2021-47386,CVE-2021-47387,CVE-2021-47388,CVE-2021-47389,CVE-2021-47390,CVE-2021-47391,CVE-2021-47392,CVE-2021-47393,CVE-2021-47394,CVE-2021-47395,CVE-2021-47396,CVE-2021-47397,CVE-2021-47398,CVE-2021-47399,CVE-2021-47400,CVE-2021-47401,CVE-2021-47402,CVE-2021-47403,CVE-2021-47404,CVE-2021-47405,CVE-2021-47406,CVE-2021-47407,CVE-2021-47408,CVE-2021-47409,CVE-2021-47410,CVE-2021-47412,CVE-2021-47413,CVE-2021-47414,CVE-2021-47415,CVE-2021-47416,CVE-2021-47417,CVE-2021-47418,CVE-2021-47419,CVE-2021-47420,CVE-2021-47421,CVE-2021-47422,CVE-2021-47423,CVE-2021-47424,CVE-2021-47425,CVE-2021-47426,CVE-2021-47427,CVE-2021-47428,CVE-2021-47429,CVE-2021-47430,CVE-2021-47431,CVE-2021-47433,CVE-2021-47434,CVE-2021-47435,CVE-2021- 47436,CVE-2021-47437,CVE-2021-47438,CVE-2021-47439,CVE-2021-47440,CVE-2021-47441,CVE-2021-47442,CVE-2021-47443,CVE-2021-47444,CVE-2021-47445,CVE-2021-47446,CVE-2021-47447,CVE-2021-47448,CVE-2021-47449,CVE-2021-47450,CVE-2021-47451,CVE-2021-47452,CVE-2021-47453,CVE-2021-47454,CVE-2021-47455,CVE-2021-47456,CVE-2021-47457,CVE-2021-47458,CVE-2021-47459,CVE-2021-47460,CVE-2021-47461,CVE-2021-47462,CVE-2021-47463,CVE-2021-47464,CVE-2021-47465,CVE-2021-47466,CVE-2021-47467,CVE-2021-47468,CVE-2021-47469,CVE-2021-47470,CVE-2021-47471,CVE-2021-47472,CVE-2021-47473,CVE-2021-47474,CVE-2021-47475,CVE-2021-47476,CVE-2021-47477,CVE-2021-47478,CVE-2021-47479,CVE-2021-47480,CVE-2021-47481,CVE-2021-47482,CVE-2021-47483,CVE-2021-47484,CVE-2021-47485,CVE-2021-47486,CVE-2021-47488,CVE-2021-47489,CVE-2021-47490,CVE-2021-47491,CVE-2021-47492,CVE-2021-47493,CVE-2021-47494,CVE-2021-47495,CVE-2021-47496,CVE-2021-47497,CVE-2021-47498,CVE-2021-47499,CVE-2021-47500,CVE-2021-47501,CVE-2021-47502,CVE-2021-47503,C VE-2021-47504,CVE-2021-47505,CVE-2021-47506,CVE-2021-47507,CVE-2021-47508,CVE-2021-47509,CVE-2021-47510,CVE-2021-47511,CVE-2021-47512,CVE-2021-47513,CVE-2021-47514,CVE-2021-47516,CVE-2021-47518,CVE-2021-47520,CVE-2021-47521,CVE-2021-47522,CVE-2021-47523,CVE-2021-47524,CVE-2021-47525,CVE-2021-47526,CVE-2021-47528,CVE-2021-47529,CVE-2021-47530,CVE-2021-47531,CVE-2021-47532,CVE-2021-47533,CVE-2021-47534,CVE-2021-47535,CVE-2021-47536,CVE-2021-47537,CVE-2021-47540,CVE-2021-47541,CVE-2021-47542,CVE-2021-47544,CVE-2021-47548,CVE-2021-47549,CVE-2021-47550,CVE-2021-47551,CVE-2021-47552,CVE-2021-47553,CVE-2021-47554,CVE-2021-47555,CVE-2021-47556,CVE-2021-47557,CVE-2021-47558,CVE-2021-47559,CVE-2021-47560,CVE-2021-47562,CVE-2021-47563,CVE-2021-47564,CVE-2021-47565,CVE-2021-47569,CVE-2022-48633,CVE-2022-48662,CVE-2022-48669,CVE-2022-48689,CVE-2022-48691,CVE-2022-48699,CVE-2022-48705,CVE-2022-48708,CVE-2022-48709,CVE-2022-48710,CVE-2023-0160,CVE-2023-1829,CVE-2023-42755,CVE-2023-47233,CVE-2023-5 2586,CVE-2023-52591,CVE-2023-52618,CVE-2023-52642,CVE-2023-52643,CVE-2023-52644,CVE-2023-52646,CVE-2023-52650,CVE-2023-52653,CVE-2023-52654,CVE-2023-52655,CVE-2023-52656,CVE-2023-52657,CVE-2023-52659,CVE-2023-52660,CVE-2023-52661,CVE-2023-52662,CVE-2023-52664,CVE-2023-52669,CVE-2023-52671,CVE-2023-52674,CVE-2023-52676,CVE-2023-52678,CVE-2023-52679,CVE-2023-52680,CVE-2023-52683,CVE-2023-52685,CVE-2023-52686,CVE-2023-52690,CVE-2023-52691,CVE-2023-52692,CVE-2023-52693,CVE-2023-52694,CVE-2023-52696,CVE-2023-52698,CVE-2023-52699,CVE-2023-52702,CVE-2023-52703,CVE-2023-52705,CVE-2023-52707,CVE-2023-52708,CVE-2023-52730,CVE-2023-52731,CVE-2023-52732,CVE-2023-52733,CVE-2023-52736,CVE-2023-52738,CVE-2023-52739,CVE-2023-52740,CVE-2023-52741,CVE-2023-52742,CVE-2023-52743,CVE-2023-52744,CVE-2023-52745,CVE-2023-52746,CVE-2023-52747,CVE-2023-52753,CVE-2023-52754,CVE-2023-52756,CVE-2023-52757,CVE-2023-52759,CVE-2023-52763,CVE-2023-52764,CVE-2023-52766,CVE-2023-52773,CVE-2023-52774,CVE-2023-52777,CV E-2023-52781,CVE-2023-52788,CVE-2023-52789,CVE-2023-52791,CVE-2023-52795,CVE-2023-52796,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52803,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52807,CVE-2023-52808,CVE-2023-52809,CVE-2023-52810,CVE-2023-52811,CVE-2023-52814,CVE-2023-52815,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52844,CVE-2023-52847,CVE-2023-52851,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-2023-52856,CVE-2023-52858,CVE-2023-52860,CVE-2023-52861,CVE-2023-52864,CVE-2023-52865,CVE-2023-52867,CVE-2023-52868,CVE-2023-52870,CVE-2023-52871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52880,CVE-2023-6531,CVE-2024-2201,CVE-2024-26597,CVE-2024-26643,CVE-2024-26679,CVE-2024-26692,CVE-2024-26698,CVE-2024-26700,CVE-2024-26715,CVE-2024-26739,CVE-2024-26 742,CVE-2024-26748,CVE-2024-26758,CVE-2024-26764,CVE-2024-26775,CVE-2024-26777,CVE-2024-26778,CVE-2024-26788,CVE-2024-26791,CVE-2024-26801,CVE-2024-26822,CVE-2024-26828,CVE-2024-26829,CVE-2024-26838,CVE-2024-26839,CVE-2024-26840,CVE-2024-26846,CVE-2024-26859,CVE-2024-26870,CVE-2024-26874,CVE-2024-26876,CVE-2024-26877,CVE-2024-26880,CVE-2024-26889,CVE-2024-26894,CVE-2024-26900,CVE-2024-26907,CVE-2024-26915,CVE-2024-26916,CVE-2024-26919,CVE-2024-26920,CVE-2024-26921,CVE-2024-26922,CVE-2024-26925,CVE-2024-26928,CVE-2024-26929,CVE-2024-26930,CVE-2024-26931,CVE-2024-26933,CVE-2024-26934,CVE-2024-26935,CVE-2024-26937,CVE-2024-26938,CVE-2024-26939,CVE-2024-26940,CVE-2024-26943,CVE-2024-26957,CVE-2024-26958,CVE-2024-26964,CVE-2024-26974,CVE-2024-26977,CVE-2024-26979,CVE-2024-26984,CVE-2024-26988,CVE-2024-26989,CVE-2024-26994,CVE-2024-26996,CVE-2024-26997,CVE-2024-26999,CVE-2024-27000,CVE-2024-27001,CVE-2024-27004,CVE-2024-27008,CVE-2024-27028,CVE-2024-27037,CVE-2024-27042,CVE-2024-27045,CVE -2024-27047,CVE-2024-27051,CVE-2024-27052,CVE-2024-27053,CVE-2024-27054,CVE-2024-27059,CVE-2024-27072,CVE-2024-27073,CVE-2024-27074,CVE-2024-27075,CVE-2024-27076,CVE-2024-27077,CVE-2024-27078,CVE-2024-27388,CVE-2024-27393,CVE-2024-27395,CVE-2024-27396,CVE-2024-27398,CVE-2024-27399,CVE-2024-27400,CVE-2024-27401,CVE-2024-27405,CVE-2024-27410,CVE-2024-27412,CVE-2024-27413,CVE-2024-27416,CVE-2024-27417,CVE-2024-27419,CVE-2024-27431,CVE-2024-27435,CVE-2024-27436,CVE-2024-35789,CVE-2024-35791,CVE-2024-35796,CVE-2024-35799,CVE-2024-35801,CVE-2024-35804,CVE-2024-35806,CVE-2024-35809,CVE-2024-35811,CVE-2024-35812,CVE-2024-35813,CVE-2024-35815,CVE-2024-35817,CVE-2024-35821,CVE-2024-35822,CVE-2024-35823,CVE-2024-35825,CVE-2024-35828,CVE-2024-35829,CVE-2024-35830,CVE-2024-35833,CVE-2024-35845,CVE-2024-35847,CVE-2024-35849,CVE-2024-35851,CVE-2024-35852,CVE-2024-35854,CVE-2024-35860,CVE-2024-35861,CVE-2024-35862,CVE-2024-35863,CVE-2024-35864,CVE-2024-35865,CVE-2024-35866,CVE-2024-35867,CVE-2024-3 5868,CVE-2024-35869,CVE-2024-35870,CVE-2024-35872,CVE-2024-35875,CVE-2024-35877,CVE-2024-35878,CVE-2024-35879,CVE-2024-35885,CVE-2024-35887,CVE-2024-35895,CVE-2024-35901,CVE-2024-35904,CVE-2024-35905,CVE-2024-35907,CVE-2024-35912,CVE-2024-35914,CVE-2024-35915,CVE-2024-35922,CVE-2024-35924,CVE-2024-35930,CVE-2024-35932,CVE-2024-35933,CVE-2024-35935,CVE-2024-35936,CVE-2024-35938,CVE-2024-35939,CVE-2024-35940,CVE-2024-35943,CVE-2024-35944,CVE-2024-35947,CVE-2024-35950,CVE-2024-35951,CVE-2024-35952,CVE-2024-35955,CVE-2024-35959,CVE-2024-35963,CVE-2024-35964,CVE-2024-35965,CVE-2024-35966,CVE-2024-35967,CVE-2024-35969,CVE-2024-35973,CVE-2024-35976,CVE-2024-35978,CVE-2024-35982,CVE-2024-35984,CVE-2024-35989,CVE-2024-35990,CVE-2024-35998,CVE-2024-35999,CVE-2024-36006,CVE-2024-36007,CVE-2024-36012,CVE-2024-36014,CVE-2024-36015,CVE-2024-36016,CVE-2024-36026,CVE-2024-36029,CVE-2024-36032,CVE-2024-36880,CVE-2024-36893,CVE-2024-36896,CVE-2024-36897,CVE-2024-36906,CVE-2024-36918,CVE-2024-36924,CV E-2024-36926,CVE-2024-36928,CVE-2024-36931,CVE-2024-36938,CVE-2024-36940,CVE-2024-36941,CVE-2024-36942,CVE-2024-36944,CVE-2024-36947,CVE-2024-36950,CVE-2024-36952,CVE-2024-36955,CVE-2024-36959 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47548: Fixed a possible array out-of=bounds (bsc#1225506) - CVE-2022-48689: Fixed data-race in lru_add_fn (bsc#1223959) - CVE-2022-48691: Fixed memory leak in netfilter (bsc#1223961) - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-42755: Check user supplied offsets (bsc#1215702). - CVE-2023-52586: Fixed mutex lock in control vblank irq (bsc#1221081). - CVE-2023-52618: Fixed string overflow in block/rnbd-srv (bsc#1221615). - CVE-2023-52655: Check packet for fixup for true limit (bsc#1217169). - CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187). - CVE-2023-52660: Fiedx IRQ handling due to shared interrupts (bsc#1224443). - CVE-2023-52664: Eliminate double free in error handling logic (bsc#1224747). - CVE-2023-52671: Fixed hang/underflow when transitioning to ODM4:1 (bsc#1224729). - CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put() (bsc#1224727). - CVE-2023-52680: Fixed missing error checks to *_ctl_get() (bsc#1224608). - CVE-2023-52692: Fixed missing error check to scarlett2_usb_set_config() (bsc#1224628). - CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (bsc#1224621) - CVE-2023-52746: Prevent potential spectre v1 gadget in xfrm_xlate32_attr() (bsc#1225114) - CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548). - CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085). - CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930). - CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097). - CVE-2023-52860: Fixed null pointer dereference in hisi_hns3 (bsc#1224936). - CVE-2023-6531: Fixed a use-after-free flaw due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic()on the socket that the SKB is queued on (bsc#1218447). - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385). - CVE-2024-26692: Fixed regression in writes when non-standard maximum write size negotiated (bsc#1222464). - CVE-2024-26700: Fixed drm/amd/display: Fix MST Null Ptr for RV (bsc#1222870) - CVE-2024-26715: Fixed NULL pointer dereference in dwc3_gadget_suspend (bsc#1222561). - CVE-2024-26742: Fixed disable_managed_interrupts (git-fixes bsc#1222608). - CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627). - CVE-2024-26777: Error out if pixclock equals zero in fbdev/sis (bsc#1222765) - CVE-2024-26778: Error out if pixclock equals zero in fbdev/savage (bsc#1222770) - CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793) - CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011). - CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084). - CVE-2024-26839: Fixed a memleak in init_credit_return() (bsc#1222975) - CVE-2024-26876: Fixed crash on irq during probe (bsc#1223119). - CVE-2024-26900: Fixed kmemleak of rdev->serial (bsc#1223046). - CVE-2024-26907: Fixed a fortify source warning while accessing Eth segment in mlx5 (bsc#1223203). - CVE-2024-26915: Reset IH OVERFLOW_CLEAR bit (bsc#1223207) - CVE-2024-26919: Fixed debugfs directory leak (bsc#1223847). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390). - CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532). - CVE-2024-26939: Fixed UAF on destroy against retire race (bsc#1223679). - CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653). - CVE-2024-27042: Fixed potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' (bsc#1223823). - CVE-2024-27395: Fixed Use-After-Free in ovs_ct_exit (bsc#1224098). - CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181). - CVE-2024-27413: Fixed incorrect allocation size (bsc#1224438). - CVE-2024-27417: Fixed potential 'struct net' leak in inet6_rtm_getaddr() (bsc#1224721) - CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759) - CVE-2024-27431: Zero-initialise xdp_rxq_info struct before running XDP program (bsc#1224718). - CVE-2024-35791: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (bsc#1224725). - CVE-2024-35799: Prevent crash when disable stream (bsc#1224740). - CVE-2024-35804: Mark target gfn of emulated atomic instruction as dirty (bsc#1224638). - CVE-2024-35817: Set gtt bound flag in amdgpu_ttm_gart_bind (bsc#1224736). - CVE-2024-35852: Fixed memory leak when canceling rehash work (bsc#1224502). - CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636). - CVE-2024-35860: Struct bpf_link and bpf_link_ops kABI workaround (bsc#1224531). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765,). - CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668). - CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key() (bsc#1224667). - CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664). - CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678). - CVE-2024-35869: Guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224020, bsc#1224672). - CVE-2024-35872: Fixed GUP-fast succeeding on secretmem folios (bsc#1224530). - CVE-2024-35875: Require seeding RNG with RDRAND on CoCo systems (bsc#1224665). - CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525). - CVE-2024-35878: Prevent NULL pointer dereference in vsnprintf() (bsc#1224671). - CVE-2024-35879: kABI workaround for drivers/of/dynamic.c (bsc#1224524). - CVE-2024-35885: Stop interface during shutdown (bsc#1224519). - CVE-2024-35904: Fixed dereference of garbage after mount failure (bsc#1224494). - CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488). - CVE-2024-35907: Call request_irq() after NAPI initialized (bsc#1224492). - CVE-2024-35924: Limit read size on v1.2 (bsc#1224657). - CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535). - CVE-2024-35943: Fixed a null pointer dereference in omap_prm_domain_init (bsc#1224649). - CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host() (bsc#1224648). - CVE-2024-35951: Fixed the error path in panfrost_mmu_map_fault_addr() (bsc#1224701). - CVE-2024-35959: Fixed mlx5e_priv_init() cleanup flow (bsc#1224666). - CVE-2024-35964: Fixed not validating setsockopt user input (bsc#1224581). - CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580). - CVE-2024-35973: Fixed header validation in geneve[6]_xmit_skb (bsc#1224586). - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575). - CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549). - CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550). - CVE-2024-36006: Fixed incorrect list API usage (bsc#1224541). - CVE-2024-36007: Fixed warning during rehash (bsc#1224543). - CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761). The following non-security bugs were fixed: - 9p: explicitly deny setlease attempts (git-fixes). - ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes). - ACPI: disable -Wstringop-truncation (git-fixes). - ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes). - ACPI: LPSS: Advertise number of chip selects via property (git-fixes). - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (git-fixes). - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - ALSA: core: Fix NULL module pointer assignment at card init (git-fixes). - ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup (git-fixes). - ALSA: line6: Zero-initialize message buffers (stable-fixes). - ARM: 9381/1: kasan: clear stale stack poison (git-fixes). - ASoC: Intel: avs: Fix ASRC module initialization (git-fixes). - ASoC: Intel: avs: Fix potential integer overflow (git-fixes). - ASoC: Intel: avs: ssm4567: Do not ignore route checks (git-fixes). - ASoC: Intel: Disable route checks for Skylake boards (git-fixes). - ASoC: kirkwood: Fix potential NULL dereference (git-fixes). - ASoC: mediatek: mt8192: fix register configuration for tdm (git-fixes). - ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes). - ASoC: meson: axg-fifo: use threaded irq to check periods (git-fixes). - ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (git-fixes). - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes). - ata: pata_legacy: make legacy_exit() work again (git-fixes). - ata: sata_gemini: Check clk_enable() result (stable-fixes). - autofs: use wake_up() instead of wake_up_interruptible(() (bsc#1224166). - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (git-fixes). - Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() (git-fixes). - Bluetooth: hci_sync: Do not double print name in add/remove adv_monitor (bsc#1216358). - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (git-fixes). - Bluetooth: msft: fix slab-use-after-free in msft_do_close() (git-fixes). - Bluetooth: qca: add missing firmware sanity checks (git-fixes). - Bluetooth: qca: Fix error code in qca_read_fw_build_info() (git-fixes). - Bluetooth: qca: fix firmware check error path (git-fixes). - Bluetooth: qca: fix info leak when fetching fw build id (git-fixes). - Bluetooth: qca: fix NVM configuration parsing (git-fixes). - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes) - bpf: decouple prune and jump points (bsc#1225756). - bpf: fix precision backtracking instruction iteration (bsc#1225756). - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (git-fixes). - bpf: handle ldimm64 properly in check_cfg() (bsc#1225756). - bpf: mostly decouple jump history management from is_state_visited() (bsc#1225756). - bpf: remove unnecessary prune and jump points (bsc#1225756). - btrfs: add error messages to all unrecognized mount options (git-fixes) - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes) - btrfs: extend locking to all space_info members accesses (git-fixes) - btrfs: fix btrfs_submit_compressed_write cgroup attribution (git-fixes) - btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes) - btrfs: fix missing blkdev_put() call in btrfs_scan_one_device() (git-fixes) - btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes) - btrfs: fix qgroup reserve overflow the qgroup limit (git-fixes) - btrfs: fix silent failure when deleting root reference (git-fixes) - btrfs: fix use-after-free after failure to create a snapshot (git-fixes) - btrfs: free exchange changeset on failures (git-fixes) - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: make search_csum_tree return 0 if we get -EFBIG (git-fixes) - btrfs: prevent copying too big compressed lzo segment (git-fixes) - btrfs: remove BUG_ON(!eie) in find_parent_nodes (git-fixes) - btrfs: remove BUG_ON() in find_parent_nodes() (git-fixes) - btrfs: repair super block num_devices automatically (git-fixes) - btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling (git-fixes) - btrfs: send: ensure send_fd is writable (git-fixes) - btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes) - btrfs: send: in case of IO error log it (git-fixes) - btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes) - btrfs: tree-checker: check item_size for dev_item (git-fixes) - btrfs: tree-checker: check item_size for inode_item (git-fixes) - cifs: account for primary channel in the interface list (bsc#1224020). - cifs: cifs_chan_is_iface_active should be called with chan_lock held (bsc#1224020). - cifs: distribute channels across interfaces based on speed (bsc#1224020). - cifs: do not pass cifs_sb when trying to add channels (bsc#1224020). - cifs: failure to add channel on iface should bump up weight (git-fixes, bsc#1224020). - cifs: fix charset issue in reconnection (bsc#1224020). - cifs: fix leak of iface for primary channel (git-fixes, bsc#1224020). - cifs: handle cases where a channel is closed (bsc#1224020). - cifs: handle cases where multiple sessions share connection (bsc#1224020). - cifs: reconnect work should have reference on server struct (bsc#1224020). - clk: Do not hold prepare_lock when calling kref_put() (stable-fixes). - clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes). - counter: stm32-lptimer-cnt: Provide defines for clock polarities (git-fixes). - counter: stm32-timer-cnt: Provide defines for slave mode selection (git-fixes). - cppc_cpufreq: Fix possible null pointer dereference (git-fixes). - cpu/hotplug: Remove the 'cpu' member of cpuhp_cpu_state (git-fixes). - cpumask: Add for_each_cpu_from() (bsc#1225053). - crypto: bcm - Fix pointer arithmetic (git-fixes). - crypto: ccp - drop platform ifdef checks (git-fixes). - crypto: ecdsa - Fix module auto-load on add-key (git-fixes). - crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes). - dmaengine: axi-dmac: fix possible race in remove() (git-fixes). - dmaengine: idma64: Add check for dma_set_max_seg_size (git-fixes). - dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users (git-fixes). - dm-multipath: dont't attempt SG_IO on non-SCSI-disks (bsc#1223575). - docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes). - drivers/nvme: Add quirks for device 126f:2262 (git-fixes). - drm/amd/display: Atom Integrated System Info v2_2 for DCN35 (stable-fixes). - drm/amd/display: Fix division by zero in setup_dsc_config (stable-fixes). - drm/amd/display: Fix potential index out of bounds in color transformation function (git-fixes). - drm/amd/display: Handle Y carry-over in VCP X.Y calculation (stable-fixes). - drm/amd: Flush GFXOFF requests in prepare stage (git-fixes). - drm/amdgpu: Refine IB schedule error logging (stable-fixes). - drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (git-fixes). - drm/arm/malidp: fix a possible null pointer dereference (git-fixes). - drm/bridge: anx7625: Do not log an error when DSI host can't be found (git-fixes). - drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (git-fixes). - drm/bridge: dpc3433: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: icn6211: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt8912b: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt9611: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (git-fixes). - drm/connector: Add \n to message about demoting connector force-probes (git-fixes). - drm/i915/bios: Fix parsing backlight BDB data (git-fixes). - drm/lcdif: Do not disable clocks on already suspended hardware (git-fixes). - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes). - drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes). - drm/meson: dw-hdmi: power up phy on device init (git-fixes). - drm/meson: vclk: fix calculation of 59.94 fractional rates (git-fixes). - drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes). - drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes). - drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (git-fixes). - drm/nouveau/dp: Do not probe eDP ports twice harder (stable-fixes). - drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD does not assert (git-fixes). - drm/panel: novatek-nt35950: Do not log an error when DSI host can't be found (git-fixes). - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (git-fixes). - drm: vc4: Fix possible null pointer dereference (git-fixes). - dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes) - dyndbg: fix old BUG_ON in >control parser (stable-fixes). - efi: libstub: only free priv.runtime_map when allocated (git-fixes). - extcon: max8997: select IRQ_DOMAIN instead of depending on it (git-fixes). - fail_function: fix wrong use of fei_attr_remove(). - fbdev: savage: Handle err return when savagefb_check_var failed (git-fixes). - fbdev: shmobile: fix snprintf truncation (git-fixes). - fbdev: sisfb: hide unused variables (git-fixes). - firewire: ohci: mask bus reset interrupts between ISR and bottom half (stable-fixes). - firmware: dmi-id: add a release callback function (git-fixes). - firmware: raspberrypi: Use correct device for DMA mappings (git-fixes). - fs/9p: drop inodes immediately on non-.L too (git-fixes). - fs/9p: only translate RWX permissions for plain 9P2000 (git-fixes). - fs/9p: translate O_TRUNC into OTRUNC (git-fixes). - gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes). - gpio: wcove: Use -ENOTSUPP consistently (stable-fixes). - gpu: host1x: Do not setup DMA for virtual devices (stable-fixes). - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (git-fixes). - hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock (git-fixes). - hwmon: (corsair-cpro) Use a separate buffer for sending commands (git-fixes). - hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() (git-fixes). - hwmon: (lm70) fix links in doc and comments (git-fixes). - hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us (git-fixes). - i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame (git-fixes). - i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (git-fixes). - IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes) - idpf: extend tx watchdog timeout (bsc#1224137). - iio: core: Leave private pointer NULL when no private data supplied (git-fixes). - iio: pressure: dps310: support negative temperature values (git-fixes). - Input: cyapa - add missing input core locking to suspend/resume functions (git-fixes). - Input: ims-pcu - fix printf string overflow (git-fixes). - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (git-fixes). - iomap: Fix inline extent handling in iomap_readpage (git-fixes) - iomap: iomap: fix memory corruption when recording errors during writeback (git-fixes) - iomap: Support partial direct I/O on user copy failures (git-fixes) - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331) - io_uring/unix: drop usage of io_uring socket (git-fixes). - irqchip/gic-v3-its: Prevent double free on error (git-fixes). - jffs2: prevent xattr node from overflowing the eraseblock (git-fixes). - kABI: bpf: struct bpf_insn_aux_data kABI workaround (bsc#1225756). - kcm: do not sense pfmemalloc status in kcm_sendpage() (git-fixes bsc#1223959) - KEYS: trusted: Do not use WARN when encode fails (git-fixes). - KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes). - KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1224794). - leds: pwm: Disable PWM when going to suspend (git-fixes). - libsubcmd: Fix parse-options memory leak (git-fixes). - locking/atomic: Make test_and_*_bit() ordered on failure (git-fixes). - media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (git-fixes). - media: dt-bindings: ovti,ov2680: Fix the power supply names (git-fixes). - media: mc: mark the media devnode as registered from the, start (git-fixes). - media: ngene: Add dvb_ca_en50221_init return value check (git-fixes). - media: stk1160: fix bounds checking in stk1160_copy_video() (git-fixes). - mei: me: add lunar lake point M DID (stable-fixes). - mfd: intel-lpss: Revert 'Add missing check for platform_get_resource' (git-fixes). - mfd: ti_am335x_tscadc: Support the correctly spelled DT property (git-fixes). - mfd: tqmx86: Specify IO port register range more precisely (git-fixes). - mlxbf_gige: Enable the GigE port in mlxbf_gige_open (git-fixes). - mlxbf_gige: Fix intermittent no ip issue (git-fixes). - mlxbf_gige: stop PHY during open() error paths (git-fixes). - mmc: sdhci_am654: Add tuning algorithm for delay chain (git-fixes). - mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes). - Move upstreamed patches into sorted section - mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (git-fixes). - mtd: rawnand: hynix: fixed typo (git-fixes). - net: do not sense pfmemalloc status in skb_append_pagefrags() (git-fixes bsc#1223959) - netfilter: nf_tables: bail out early if hardware offload is not supported (git-fixes bsc#1223961) - net: introduce __skb_fill_page_desc_noacc (git-fixes bsc#1223959) - net: nfc: remove inappropriate attrs check (stable-fixes). - net: qualcomm: rmnet: fix global oob in rmnet_policy (git-fixes). - net: usb: ax88179_178a: fix link status when link is set to down/up (git-fixes). - net:usb:qmi_wwan: support Rolling modules (stable-fixes). - net: usb: smsc95xx: stop lying about skb->truesize (git-fixes). - net: usb: sr9700: stop lying about skb->truesize (git-fixes). - net: vmxnet3: Fix NULL pointer dereference in vmxnet3_rq_rx_complete() (bsc#1223360). - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes). - nfc: nci: Fix uninit-value in nci_rx_work (git-fixes). - nilfs2: fix out-of-range warning (git-fixes). - nilfs2: fix unexpected freezing of nilfs_segctor_sync() (git-fixes). - nilfs2: fix use-after-free of timer for log writer thread (git-fixes). - nilfs2: make superblock data array index computation sparse friendly (git-fixes). - nvme: ensure disabling pairs with unquiesce (bsc#1224534). - nvme: fix miss command type check (git-fixes). - nvme: fix multipath batched completion accounting (git-fixes). - nvme-multipath: fix io accounting on failover (git-fixes). - nvmet: fix ns enable/disable possible hang (git-fixes). - PCI: dwc: Detect iATU settings after getting 'addr_space' resource (git-fixes). - PCI: dwc: ep: Fix DBI access failure for drivers requiring refclk from host (git-fixes). - PCI: dwc: Use the bitmap API to allocate bitmaps (git-fixes). - PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (git-fixes). - PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (git-fixes). - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (git-fixes). - PCI: tegra194: Fix probe path for Endpoint mode (git-fixes). - pinctrl: armada-37xx: remove an unused variable (git-fixes). - pinctrl: core: delete incorrect free in pinctrl_enable() (git-fixes). - pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() (stable-fixes). - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (git-fixes). - pinctrl/meson: fix typo in PDM's pin name (git-fixes). - pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T (git-fixes). - platform/x86/intel-uncore-freq: Do not present root domain on error (git-fixes). - platform/x86: xiaomi-wmi: Fix race condition when reporting key events (git-fixes). - powerpc/eeh: Permanently disable the removed device (bsc#1223991 ltc#205740). - powerpc/eeh: Small refactor of eeh_handle_normal_event() (bsc#1223991 ltc#205740). - powerpc/eeh: Use a goto for recovery failures (bsc#1223991 ltc#205740). - powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729). - powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes). - powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783). - powerpc/uaccess: Fix build errors seen with GCC 13/14 (bsc#1194869). - powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869). - power: rt9455: hide unused rt9455_boost_voltage_values (git-fixes). - ppdev: Add an error check in register_device (git-fixes). - printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1225616). - qibfs: fix dentry leak (git-fixes) - RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes) - RDMA/hns: Fix deadlock on SRQ async events. (git-fixes) - RDMA/hns: Fix GMV table pagesize (git-fixes) - RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes) - RDMA/hns: Fix UAF for cq async event (git-fixes) - RDMA/hns: Modify the print level of CQE error (git-fixes) - RDMA/hns: Use complete parentheses in macros (git-fixes) - RDMA/IPoIB: Fix format truncation compilation errors (git-fixes) - RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes) - RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes) - RDMA/rxe: Add ibdev_dbg macros for rxe (git-fixes) - RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes) - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes) - RDMA/rxe: Fix the problem 'mutex_destroy missing' (git-fixes) - RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c (git-fixes) - RDMA/rxe: Split rxe_run_task() into two subroutines (git-fixes) - regulator: bd71828: Do not overwrite runtime voltages (git-fixes). - regulator: core: fix debugfs creation regression (git-fixes). - regulator: mt6360: De-capitalize devicetree regulator subnodes (git-fixes). - remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (git-fixes). - Revert 'cifs: reconnect work should have reference on server struct' (git-fixes, bsc#1224020). - Revert 'drm/bridge: ti-sn65dsi83: Fix enable error path' (git-fixes). - ring-buffer: Fix a race between readers and resize checks (git-fixes). - s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes bsc#1224795). - s390/cio: fix tracepoint subchannel type field (git-fixes bsc#1224796). - s390/cpum_cf: make crypto counters upward compatible across machine types (bsc#1224346). - s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (git-fixes bsc#1225139). - s390/ipl: Fix incorrect initialization of nvme dump block (git-fixes bsc#1225138). - sched/topology: Optimize topology_span_sane() (bsc#1225053). - scsi: arcmsr: Support new PCI device IDs 1883 and 1886 (git-fixes). - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes). - scsi: core: Consult supported VPD page list prior to fetching page (git-fixes). - scsi: core: Fix unremoved procfs host directory regression (git-fixes). - scsi: csiostor: Avoid function pointer casts (git-fixes). - scsi: libfc: Do not schedule abort twice (git-fixes). - scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (git-fixes). - scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842). - scsi: lpfc: Change default logging level for unsolicited CT MIB commands (bsc#1225842). - scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask (bsc#1225842). - scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (bsc#1225842). - scsi: lpfc: Copyright updates for 14.4.0.2 patches (bsc#1225842). - scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (bsc#1225842). - scsi: lpfc: Update logging of protection type for T10 DIF I/O (bsc#1225842). - scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842). - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (git-fixes). - scsi: mylex: Fix sysfs buffer lengths (git-fixes). - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (git-fixes). - scsi: sd: Unregister device if device_add_disk() failed in sd_probe() (git-fixes). - selftests/pidfd: Fix config for pidfd_setns_test (git-fixes). - serial: 8250_bcm7271: use default_mux_rate if possible (git-fixes). - serial: kgdboc: Fix NMI-safety problems from keyboard reset code (stable-fixes). - serial: max3100: Fix bitwise types (git-fixes). - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (git-fixes). - serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (git-fixes). - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (git-fixes). - serial: sh-sci: protect invalidating RXDMA on shutdown (git-fixes). - smb3: show beginning time for per share stats (bsc#1224020). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - smb: client: fix mount when dns_resolver key is not available (git-fixes, bsc#1224020). - smb: client: get rid of dfs code dep in namespace.c (bsc#1224020). - smb: client: get rid of dfs naming in automount code (bsc#1224020). - smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1224020). - smb: client: reduce stack usage in cifs_try_adding_channels() (bsc#1224020). - smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (bsc#1224020). - smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1224020). - soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes). - soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (git-fixes). - Sort recent BHI patches - speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes). - spmi: Add a check for remove callback when removing a SPMI driver (git-fixes). - spmi: hisi-spmi-controller: Do not override device identifier (git-fixes). - swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331). - swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331) - swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331) - swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331) - sysv: do not call sb_bread() with pointers_lock held (git-fixes). - thermal/drivers/tsens: Fix null pointer dereference (git-fixes). - tools/latency-collector: Fix -Wformat-security compile warns (git-fixes). - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer (bsc#1225535) - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (git-fixes). - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (git-fixes). - tracing: hide unused ftrace_event_id_fops (git-fixes). - tty: n_gsm: fix missing receive state reset after mode switch (git-fixes). - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (git-fixes). - usb: aqc111: stop lying about skb->truesize (git-fixes). - USB: core: Add hub_get() and hub_put() routines (git-fixes). - USB: core: Fix access violation during port device removal (git-fixes). - USB: core: Fix deadlock in port 'disable' sysfs attribute (git-fixes). - usb: dwc3: core: Prevent phy suspend during init (Git-fixes). - usb: gadget: u_audio: Clear uac pointer when freed (git-fixes). - usb: typec: tipd: fix event checking for tps6598x (git-fixes). - usb: typec: ucsi: displayport: Fix potential deadlock (git-fixes). - VMCI: Fix an error handling path in vmci_guest_probe_device() (git-fixes). - VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (stable-fixes). - vmci: prevent speculation leaks by sanitizing event in event_deliver() (git-fixes). - watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (git-fixes). - watchdog: ixp4xx: Make sure restart always works (git-fixes). - watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (git-fixes). - wifi: ar5523: enable proper endpoint verification (git-fixes). - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes). - wifi: ath10k: poll service ready message before failing (git-fixes). - wifi: ath10k: populate board data for WCN3990 (git-fixes). - wifi: ath11k: do not force enable power save on non-running vdevs (git-fixes). - wifi: carl9170: add a proper sanity check for endpoints (git-fixes). - wifi: carl9170: re-fix fortified-memset warning (git-fixes). - wifi: cfg80211: fix rdev_dump_mpp() arguments order (stable-fixes). - wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (stable-fixes). - wifi: mwl8k: initialize cmd->addr[] properly (git-fixes). - x86/boot: Ignore NMIs during very early boot (git-fixes). - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes). - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (git-fixes). - x86/bugs: Fix BHI documentation (git-fixes). - x86/bugs: Fix BHI handling of RRSBA (git-fixes). - x86/bugs: Fix BHI retpoline check (git-fixes). - x86/bugs: Fix return type of spectre_bhi_state() (git-fixes). - x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes). - x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes). - x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes). - x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (git-fixes). - x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes). - x86/lib: Fix overflow when counting digits (git-fixes). - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes). - x86/nmi: Drop unused declaration of proc_nmi_enabled() (git-fixes). - x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes). - x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes). - x86/sme: Fix memory encryption setting if enabled by default and not overridden (git-fixes). - x86/tdx: Preserve shared bit on mprotect() (git-fixes). - xfs: fix exception caused by unexpected illegal bestcount in leaf dir (git-fixes). - xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork (git-fixes). - xfs: fix imprecise logic in xchk_btree_check_block_owner (git-fixes). - xfs: fix inode reservation space for removing transaction (git-fixes). - xfs: shrink failure needs to hold AGI buffer (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2236-1 Released: Wed Jun 26 13:01:03 2024 Summary: Recommended update for sysconfig Type: recommended Severity: important References: 1185882,1194557,1199093 This update for sysconfig fixes the following issues: - Update to version 0.85.9 - Revert to recommend wicked-service on <= 15.4 - netconfig: remove sed dependency - netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093) - netconfig: cleanup /var/run leftovers (bsc#1194557) - netconfig: update ntp man page documentation, fix typos - spec: drop legacy migration (from sle11) and rpm-utils - netconfig: revert NM default policy change change (bsc#1185882) With the change to the default policy, netconfig with NetworkManager as network.service accepted settings from all services/programs directly instead only from NetworkManager, where plugins/services have to deliver their settings to apply them ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2283-1 Released: Tue Jul 2 23:12:19 2024 Summary: Security update for libndp Type: security Severity: important References: 1225771,CVE-2024-5564 This update for libndp fixes the following issues: - CVE-2024-5564: Add a check on the route information option length field. (bsc#1225771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2291-1 Released: Wed Jul 3 12:43:47 2024 Summary: Recommended update for elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5, seedimage-builder1.5 Type: recommended Severity: moderate References: This update for elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5, seedimage-builder1.5 contains the following fixes: Changes in elemental-operator1.5: - Update to version 1.5.4: * [BACKPORT] Ensure re-sync is triggered * [BACKPORT] operator: fix ManagedOSVersionChannel sync Changes in elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5, seedimage-builder1.5: - Update to version 1.5.4. The following package changes have been done: - glibc-2.31-150300.83.1 updated - libjitterentropy3-3.4.1-150000.1.12.1 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libxml2-2-2.10.3-150500.5.17.1 updated - libopenssl1_1-1.1.1l-150500.17.31.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.20.1 updated - suse-module-tools-15.5.5-150500.3.12.2 updated - kernel-default-base-5.14.21-150500.55.68.1.150500.6.31.1 updated - libndp0-1.6-150000.3.3.1 updated - sysconfig-0.85.9-150500.3.4.1 updated - sysconfig-netconfig-0.85.9-150500.3.4.1 updated - elemental-register1.5-1.5.4-150500.1.11.1 updated - elemental-support1.5-1.5.4-150500.1.11.1 updated - glibc-locale-base-2.31-150300.83.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.34 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:01:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:01:38 +0200 (CEST) Subject: SUSE-IU-2024:599-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20240704070138.B881EF78C@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:599-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.76 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.76 Severity : important Type : security References : 1065729 1141539 1174585 1181674 1185882 1187716 1188441 1190569 1191949 1192107 1193983 1194288 1194557 1194869 1196956 1197915 1199093 1200465 1205205 1207284 1207361 1207948 1208149 1209627 1209657 1209799 1209834 1209980 1210335 1213863 1214852 1215322 1215702 1216358 1216702 1216717 1217169 1217339 1217515 1218447 1220021 1220267 1220363 1220783 1221044 1221081 1221361 1221615 1221777 1221816 1221829 1221940 1222011 1222374 1222385 1222413 1222464 1222513 1222559 1222561 1222608 1222619 1222627 1222721 1222765 1222770 1222783 1222793 1222838 1222870 1222893 1222960 1222961 1222974 1222975 1222976 1223011 1223023 1223027 1223031 1223043 1223046 1223048 1223049 1223084 1223113 1223119 1223137 1223138 1223140 1223188 1223203 1223207 1223278 1223315 1223360 1223384 1223390 1223423 1223424 1223425 1223432 1223489 1223505 1223532 1223575 1223595 1223626 1223627 1223628 1223631 1223633 1223638 1223650 1223653 1223666 1223670 1223671 1223675 1223677 1223678 1223679 1223698 1223712 1223715 1223717 1223718 1223737 1223738 1223741 1223744 1223747 1223748 1223750 1223752 1223754 1223756 1223757 1223762 1223769 1223770 1223779 1223780 1223781 1223788 1223802 1223819 1223823 1223826 1223828 1223829 1223837 1223842 1223843 1223844 1223847 1223858 1223875 1223879 1223895 1223959 1223961 1223991 1223996 1224020 1224076 1224096 1224098 1224099 1224137 1224166 1224174 1224177 1224180 1224181 1224187 1224282 1224320 1224331 1224346 1224423 1224432 1224437 1224438 1224442 1224443 1224445 1224449 1224479 1224482 1224487 1224488 1224492 1224494 1224495 1224502 1224508 1224509 1224511 1224519 1224524 1224525 1224530 1224531 1224534 1224535 1224537 1224541 1224543 1224549 1224550 1224558 1224559 1224566 1224567 1224571 1224575 1224576 1224579 1224580 1224581 1224582 1224586 1224587 1224592 1224598 1224601 1224607 1224608 1224611 1224615 1224617 1224618 1224621 1224622 1224624 1224627 1224628 1224629 1224632 1224636 1224637 1224638 1224640 1224643 1224644 1224645 1224647 1224648 1224649 1224650 1224651 1224657 1224659 1224660 1224663 1224664 1224665 1224666 1224667 1224668 1224671 1224672 1224676 1224678 1224679 1224680 1224681 1224682 1224685 1224686 1224692 1224697 1224699 1224701 1224703 1224705 1224707 1224717 1224718 1224721 1224722 1224723 1224725 1224727 1224728 1224729 1224730 1224731 1224732 1224733 1224736 1224738 1224739 1224740 1224747 1224749 1224759 1224763 1224764 1224765 1224766 1224794 1224795 1224796 1224803 1224816 1224895 1224898 1224900 1224901 1224902 1224903 1224904 1224905 1224907 1224909 1224910 1224911 1224912 1224913 1224914 1224915 1224920 1224928 1224929 1224930 1224931 1224932 1224936 1224937 1224941 1224942 1224944 1224945 1224947 1224956 1224988 1224992 1225000 1225003 1225005 1225008 1225009 1225022 1225031 1225032 1225036 1225041 1225044 1225053 1225076 1225077 1225082 1225085 1225086 1225092 1225095 1225096 1225097 1225106 1225108 1225109 1225114 1225118 1225121 1225122 1225123 1225125 1225126 1225127 1225129 1225131 1225132 1225138 1225139 1225145 1225151 1225153 1225156 1225158 1225160 1225161 1225164 1225167 1225180 1225183 1225184 1225186 1225187 1225189 1225190 1225191 1225192 1225193 1225195 1225198 1225201 1225203 1225205 1225206 1225207 1225208 1225209 1225210 1225214 1225222 1225223 1225224 1225225 1225227 1225228 1225229 1225230 1225232 1225233 1225235 1225236 1225237 1225238 1225239 1225240 1225241 1225242 1225243 1225244 1225245 1225246 1225247 1225248 1225249 1225250 1225251 1225252 1225253 1225254 1225255 1225256 1225257 1225258 1225259 1225260 1225261 1225262 1225263 1225268 1225301 1225303 1225304 1225306 1225316 1225318 1225320 1225321 1225322 1225323 1225326 1225327 1225328 1225329 1225330 1225331 1225332 1225333 1225334 1225335 1225336 1225337 1225338 1225339 1225341 1225342 1225344 1225346 1225347 1225351 1225353 1225354 1225355 1225357 1225358 1225360 1225361 1225366 1225367 1225368 1225369 1225370 1225372 1225373 1225374 1225375 1225376 1225377 1225379 1225380 1225382 1225383 1225384 1225386 1225387 1225388 1225390 1225392 1225393 1225396 1225400 1225404 1225405 1225408 1225409 1225410 1225411 1225424 1225425 1225427 1225431 1225435 1225436 1225437 1225438 1225439 1225441 1225442 1225443 1225444 1225445 1225446 1225447 1225450 1225453 1225455 1225461 1225463 1225464 1225466 1225467 1225468 1225471 1225472 1225478 1225479 1225480 1225482 1225483 1225486 1225488 1225490 1225492 1225495 1225499 1225500 1225501 1225502 1225506 1225508 1225510 1225513 1225515 1225529 1225530 1225532 1225534 1225535 1225548 1225549 1225550 1225551 1225553 1225554 1225555 1225556 1225557 1225559 1225560 1225565 1225566 1225568 1225569 1225570 1225571 1225572 1225577 1225583 1225584 1225587 1225588 1225589 1225590 1225591 1225592 1225593 1225595 1225599 1225616 1225640 1225642 1225705 1225708 1225715 1225720 1225722 1225734 1225735 1225747 1225748 1225756 1225761 1225766 1225771 1225775 1225810 1225820 1225829 1225835 1225842 CVE-2020-36788 CVE-2021-39698 CVE-2021-4148 CVE-2021-42327 CVE-2021-43056 CVE-2021-43527 CVE-2021-47200 CVE-2021-47358 CVE-2021-47359 CVE-2021-47360 CVE-2021-47361 CVE-2021-47362 CVE-2021-47363 CVE-2021-47364 CVE-2021-47365 CVE-2021-47366 CVE-2021-47367 CVE-2021-47368 CVE-2021-47369 CVE-2021-47370 CVE-2021-47371 CVE-2021-47372 CVE-2021-47373 CVE-2021-47374 CVE-2021-47375 CVE-2021-47376 CVE-2021-47378 CVE-2021-47379 CVE-2021-47380 CVE-2021-47381 CVE-2021-47382 CVE-2021-47383 CVE-2021-47384 CVE-2021-47385 CVE-2021-47386 CVE-2021-47387 CVE-2021-47388 CVE-2021-47389 CVE-2021-47390 CVE-2021-47391 CVE-2021-47392 CVE-2021-47393 CVE-2021-47394 CVE-2021-47395 CVE-2021-47396 CVE-2021-47397 CVE-2021-47398 CVE-2021-47399 CVE-2021-47400 CVE-2021-47401 CVE-2021-47402 CVE-2021-47403 CVE-2021-47404 CVE-2021-47405 CVE-2021-47406 CVE-2021-47407 CVE-2021-47408 CVE-2021-47409 CVE-2021-47410 CVE-2021-47412 CVE-2021-47413 CVE-2021-47414 CVE-2021-47415 CVE-2021-47416 CVE-2021-47417 CVE-2021-47418 CVE-2021-47419 CVE-2021-47420 CVE-2021-47421 CVE-2021-47422 CVE-2021-47423 CVE-2021-47424 CVE-2021-47425 CVE-2021-47426 CVE-2021-47427 CVE-2021-47428 CVE-2021-47429 CVE-2021-47430 CVE-2021-47431 CVE-2021-47433 CVE-2021-47434 CVE-2021-47435 CVE-2021-47436 CVE-2021-47437 CVE-2021-47438 CVE-2021-47439 CVE-2021-47440 CVE-2021-47441 CVE-2021-47442 CVE-2021-47443 CVE-2021-47444 CVE-2021-47445 CVE-2021-47446 CVE-2021-47447 CVE-2021-47448 CVE-2021-47449 CVE-2021-47450 CVE-2021-47451 CVE-2021-47452 CVE-2021-47453 CVE-2021-47454 CVE-2021-47455 CVE-2021-47456 CVE-2021-47457 CVE-2021-47458 CVE-2021-47459 CVE-2021-47460 CVE-2021-47461 CVE-2021-47462 CVE-2021-47463 CVE-2021-47464 CVE-2021-47465 CVE-2021-47466 CVE-2021-47467 CVE-2021-47468 CVE-2021-47469 CVE-2021-47470 CVE-2021-47471 CVE-2021-47472 CVE-2021-47473 CVE-2021-47474 CVE-2021-47475 CVE-2021-47476 CVE-2021-47477 CVE-2021-47478 CVE-2021-47479 CVE-2021-47480 CVE-2021-47481 CVE-2021-47482 CVE-2021-47483 CVE-2021-47484 CVE-2021-47485 CVE-2021-47486 CVE-2021-47488 CVE-2021-47489 CVE-2021-47490 CVE-2021-47491 CVE-2021-47492 CVE-2021-47493 CVE-2021-47494 CVE-2021-47495 CVE-2021-47496 CVE-2021-47497 CVE-2021-47498 CVE-2021-47499 CVE-2021-47500 CVE-2021-47501 CVE-2021-47502 CVE-2021-47503 CVE-2021-47504 CVE-2021-47505 CVE-2021-47506 CVE-2021-47507 CVE-2021-47508 CVE-2021-47509 CVE-2021-47510 CVE-2021-47511 CVE-2021-47512 CVE-2021-47513 CVE-2021-47514 CVE-2021-47516 CVE-2021-47518 CVE-2021-47520 CVE-2021-47521 CVE-2021-47522 CVE-2021-47523 CVE-2021-47524 CVE-2021-47525 CVE-2021-47526 CVE-2021-47528 CVE-2021-47529 CVE-2021-47530 CVE-2021-47531 CVE-2021-47532 CVE-2021-47533 CVE-2021-47534 CVE-2021-47535 CVE-2021-47536 CVE-2021-47537 CVE-2021-47540 CVE-2021-47541 CVE-2021-47542 CVE-2021-47544 CVE-2021-47548 CVE-2021-47549 CVE-2021-47550 CVE-2021-47551 CVE-2021-47552 CVE-2021-47553 CVE-2021-47554 CVE-2021-47555 CVE-2021-47556 CVE-2021-47557 CVE-2021-47558 CVE-2021-47559 CVE-2021-47560 CVE-2021-47562 CVE-2021-47563 CVE-2021-47564 CVE-2021-47565 CVE-2021-47569 CVE-2022-48633 CVE-2022-48662 CVE-2022-48669 CVE-2022-48689 CVE-2022-48691 CVE-2022-48699 CVE-2022-48705 CVE-2022-48708 CVE-2022-48709 CVE-2022-48710 CVE-2023-0160 CVE-2023-1829 CVE-2023-42755 CVE-2023-47233 CVE-2023-52586 CVE-2023-52591 CVE-2023-52618 CVE-2023-52642 CVE-2023-52643 CVE-2023-52644 CVE-2023-52646 CVE-2023-52650 CVE-2023-52653 CVE-2023-52654 CVE-2023-52655 CVE-2023-52656 CVE-2023-52657 CVE-2023-52659 CVE-2023-52660 CVE-2023-52661 CVE-2023-52662 CVE-2023-52664 CVE-2023-52669 CVE-2023-52671 CVE-2023-52674 CVE-2023-52676 CVE-2023-52678 CVE-2023-52679 CVE-2023-52680 CVE-2023-52683 CVE-2023-52685 CVE-2023-52686 CVE-2023-52690 CVE-2023-52691 CVE-2023-52692 CVE-2023-52693 CVE-2023-52694 CVE-2023-52696 CVE-2023-52698 CVE-2023-52699 CVE-2023-52702 CVE-2023-52703 CVE-2023-52705 CVE-2023-52707 CVE-2023-52708 CVE-2023-52730 CVE-2023-52731 CVE-2023-52732 CVE-2023-52733 CVE-2023-52736 CVE-2023-52738 CVE-2023-52739 CVE-2023-52740 CVE-2023-52741 CVE-2023-52742 CVE-2023-52743 CVE-2023-52744 CVE-2023-52745 CVE-2023-52746 CVE-2023-52747 CVE-2023-52753 CVE-2023-52754 CVE-2023-52756 CVE-2023-52757 CVE-2023-52759 CVE-2023-52763 CVE-2023-52764 CVE-2023-52766 CVE-2023-52773 CVE-2023-52774 CVE-2023-52777 CVE-2023-52781 CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52795 CVE-2023-52796 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800 CVE-2023-52803 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806 CVE-2023-52807 CVE-2023-52808 CVE-2023-52809 CVE-2023-52810 CVE-2023-52811 CVE-2023-52814 CVE-2023-52815 CVE-2023-52816 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52821 CVE-2023-52825 CVE-2023-52826 CVE-2023-52832 CVE-2023-52833 CVE-2023-52834 CVE-2023-52838 CVE-2023-52840 CVE-2023-52841 CVE-2023-52844 CVE-2023-52847 CVE-2023-52851 CVE-2023-52853 CVE-2023-52854 CVE-2023-52855 CVE-2023-52856 CVE-2023-52858 CVE-2023-52860 CVE-2023-52861 CVE-2023-52864 CVE-2023-52865 CVE-2023-52867 CVE-2023-52868 CVE-2023-52870 CVE-2023-52871 CVE-2023-52872 CVE-2023-52873 CVE-2023-52875 CVE-2023-52876 CVE-2023-52877 CVE-2023-52878 CVE-2023-52880 CVE-2023-6531 CVE-2024-2201 CVE-2024-26597 CVE-2024-26643 CVE-2024-26679 CVE-2024-26692 CVE-2024-26698 CVE-2024-26700 CVE-2024-26715 CVE-2024-26739 CVE-2024-26742 CVE-2024-26748 CVE-2024-26758 CVE-2024-26764 CVE-2024-26775 CVE-2024-26777 CVE-2024-26778 CVE-2024-26788 CVE-2024-26791 CVE-2024-26801 CVE-2024-26822 CVE-2024-26828 CVE-2024-26829 CVE-2024-26838 CVE-2024-26839 CVE-2024-26840 CVE-2024-26846 CVE-2024-26859 CVE-2024-26870 CVE-2024-26874 CVE-2024-26876 CVE-2024-26877 CVE-2024-26880 CVE-2024-26889 CVE-2024-26894 CVE-2024-26900 CVE-2024-26907 CVE-2024-26915 CVE-2024-26916 CVE-2024-26919 CVE-2024-26920 CVE-2024-26921 CVE-2024-26922 CVE-2024-26925 CVE-2024-26928 CVE-2024-26929 CVE-2024-26930 CVE-2024-26931 CVE-2024-26933 CVE-2024-26934 CVE-2024-26935 CVE-2024-26937 CVE-2024-26938 CVE-2024-26939 CVE-2024-26940 CVE-2024-26943 CVE-2024-26957 CVE-2024-26958 CVE-2024-26964 CVE-2024-26974 CVE-2024-26977 CVE-2024-26979 CVE-2024-26984 CVE-2024-26988 CVE-2024-26989 CVE-2024-26994 CVE-2024-26996 CVE-2024-26997 CVE-2024-26999 CVE-2024-27000 CVE-2024-27001 CVE-2024-27004 CVE-2024-27008 CVE-2024-27028 CVE-2024-27037 CVE-2024-27042 CVE-2024-27045 CVE-2024-27047 CVE-2024-27051 CVE-2024-27052 CVE-2024-27053 CVE-2024-27054 CVE-2024-27059 CVE-2024-27072 CVE-2024-27073 CVE-2024-27074 CVE-2024-27075 CVE-2024-27076 CVE-2024-27077 CVE-2024-27078 CVE-2024-27388 CVE-2024-27393 CVE-2024-27395 CVE-2024-27396 CVE-2024-27398 CVE-2024-27399 CVE-2024-27400 CVE-2024-27401 CVE-2024-27405 CVE-2024-27410 CVE-2024-27412 CVE-2024-27413 CVE-2024-27416 CVE-2024-27417 CVE-2024-27419 CVE-2024-27431 CVE-2024-27435 CVE-2024-27436 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 CVE-2024-34459 CVE-2024-35789 CVE-2024-35791 CVE-2024-35796 CVE-2024-35799 CVE-2024-35801 CVE-2024-35804 CVE-2024-35806 CVE-2024-35809 CVE-2024-35811 CVE-2024-35812 CVE-2024-35813 CVE-2024-35815 CVE-2024-35817 CVE-2024-35821 CVE-2024-35822 CVE-2024-35823 CVE-2024-35825 CVE-2024-35828 CVE-2024-35829 CVE-2024-35830 CVE-2024-35833 CVE-2024-35845 CVE-2024-35847 CVE-2024-35849 CVE-2024-35851 CVE-2024-35852 CVE-2024-35854 CVE-2024-35860 CVE-2024-35861 CVE-2024-35862 CVE-2024-35863 CVE-2024-35864 CVE-2024-35865 CVE-2024-35866 CVE-2024-35867 CVE-2024-35868 CVE-2024-35869 CVE-2024-35870 CVE-2024-35872 CVE-2024-35875 CVE-2024-35877 CVE-2024-35878 CVE-2024-35879 CVE-2024-35885 CVE-2024-35887 CVE-2024-35895 CVE-2024-35901 CVE-2024-35904 CVE-2024-35905 CVE-2024-35907 CVE-2024-35912 CVE-2024-35914 CVE-2024-35915 CVE-2024-35922 CVE-2024-35924 CVE-2024-35930 CVE-2024-35932 CVE-2024-35933 CVE-2024-35935 CVE-2024-35936 CVE-2024-35938 CVE-2024-35939 CVE-2024-35940 CVE-2024-35943 CVE-2024-35944 CVE-2024-35947 CVE-2024-35950 CVE-2024-35951 CVE-2024-35952 CVE-2024-35955 CVE-2024-35959 CVE-2024-35963 CVE-2024-35964 CVE-2024-35965 CVE-2024-35966 CVE-2024-35967 CVE-2024-35969 CVE-2024-35973 CVE-2024-35976 CVE-2024-35978 CVE-2024-35982 CVE-2024-35984 CVE-2024-35989 CVE-2024-35990 CVE-2024-35998 CVE-2024-35999 CVE-2024-36006 CVE-2024-36007 CVE-2024-36012 CVE-2024-36014 CVE-2024-36015 CVE-2024-36016 CVE-2024-36026 CVE-2024-36029 CVE-2024-36032 CVE-2024-36880 CVE-2024-36893 CVE-2024-36896 CVE-2024-36897 CVE-2024-36906 CVE-2024-36918 CVE-2024-36924 CVE-2024-36926 CVE-2024-36928 CVE-2024-36931 CVE-2024-36938 CVE-2024-36940 CVE-2024-36941 CVE-2024-36942 CVE-2024-36944 CVE-2024-36947 CVE-2024-36950 CVE-2024-36952 CVE-2024-36955 CVE-2024-36959 CVE-2024-4741 CVE-2024-5564 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1876-1 Released: Fri May 31 06:47:32 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1221361 This update for aaa_base fixes the following issues: - Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1888-1 Released: Fri May 31 19:09:00 2024 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1216717,1223278,1224320 This update for suse-module-tools fixes the following issues: - Include unblacklist in initramfs (bsc#1224320) - regenerate-initrd-posttrans: run update-bootloader --refresh for XEN (bsc#1223278) - 60-io-scheduler.rules: test for 'scheduler' sysfs attribute (bsc#1216717) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1895-1 Released: Mon Jun 3 09:00:20 2024 Summary: Security update for glibc Type: security Severity: important References: 1221940,1223423,1223424,1223425,CVE-2024-33599,CVE-2024-33600,CVE-2024-33601,CVE-2024-33602 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2008-1 Released: Wed Jun 12 13:33:42 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1065729,1141539,1174585,1181674,1187716,1190569,1191949,1192107,1193983,1194288,1194869,1196956,1197915,1200465,1205205,1207284,1207361,1207948,1208149,1209657,1209799,1209834,1209980,1210335,1213863,1214852,1215322,1215702,1216358,1216702,1217169,1217339,1217515,1218447,1220021,1220267,1220363,1220783,1221044,1221081,1221615,1221777,1221816,1221829,1222011,1222374,1222385,1222413,1222464,1222513,1222559,1222561,1222608,1222619,1222627,1222721,1222765,1222770,1222783,1222793,1222838,1222870,1222893,1222960,1222961,1222974,1222975,1222976,1223011,1223023,1223027,1223031,1223043,1223046,1223048,1223049,1223084,1223113,1223119,1223137,1223138,1223140,1223188,1223203,1223207,1223315,1223360,1223384,1223390,1223432,1223489,1223505,1223532,1223575,1223595,1223626,1223627,1223628,1223631,1223633,1223638,1223650,1223653,1223666,1223670,1223671,1223675,1223677,1223678,1223679,1223698,1223712,1223715,1223717,1223718,1223737,1223738,1223741,1223744,1223747,1223748,1223750,1223752,1 223754,1223756,1223757,1223762,1223769,1223770,1223779,1223780,1223781,1223788,1223802,1223819,1223823,1223826,1223828,1223829,1223837,1223842,1223843,1223844,1223847,1223858,1223875,1223879,1223895,1223959,1223961,1223991,1223996,1224020,1224076,1224096,1224098,1224099,1224137,1224166,1224174,1224177,1224180,1224181,1224187,1224331,1224346,1224423,1224432,1224437,1224438,1224442,1224443,1224445,1224449,1224479,1224482,1224487,1224488,1224492,1224494,1224495,1224502,1224508,1224509,1224511,1224519,1224524,1224525,1224530,1224531,1224534,1224535,1224537,1224541,1224543,1224549,1224550,1224558,1224559,1224566,1224567,1224571,1224575,1224576,1224579,1224580,1224581,1224582,1224586,1224587,1224592,1224598,1224601,1224607,1224608,1224611,1224615,1224617,1224618,1224621,1224622,1224624,1224627,1224628,1224629,1224632,1224636,1224637,1224638,1224640,1224643,1224644,1224645,1224647,1224648,1224649,1224650,1224651,1224657,1224659,1224660,1224663,1224664,1224665,1224666,1224667,1224668,122467 1,1224672,1224676,1224678,1224679,1224680,1224681,1224682,1224685,1224686,1224692,1224697,1224699,1224701,1224703,1224705,1224707,1224717,1224718,1224721,1224722,1224723,1224725,1224727,1224728,1224729,1224730,1224731,1224732,1224733,1224736,1224738,1224739,1224740,1224747,1224749,1224759,1224763,1224764,1224765,1224766,1224794,1224795,1224796,1224803,1224816,1224895,1224898,1224900,1224901,1224902,1224903,1224904,1224905,1224907,1224909,1224910,1224911,1224912,1224913,1224914,1224915,1224920,1224928,1224929,1224930,1224931,1224932,1224936,1224937,1224941,1224942,1224944,1224945,1224947,1224956,1224988,1224992,1225000,1225003,1225005,1225008,1225009,1225022,1225031,1225032,1225036,1225041,1225044,1225053,1225076,1225077,1225082,1225085,1225086,1225092,1225095,1225096,1225097,1225106,1225108,1225109,1225114,1225118,1225121,1225122,1225123,1225125,1225126,1225127,1225129,1225131,1225132,1225138,1225139,1225145,1225151,1225153,1225156,1225158,1225160,1225161,1225164,1225167,1225180,122 5183,1225184,1225186,1225187,1225189,1225190,1225191,1225192,1225193,1225195,1225198,1225201,1225203,1225205,1225206,1225207,1225208,1225209,1225210,1225214,1225222,1225223,1225224,1225225,1225227,1225228,1225229,1225230,1225232,1225233,1225235,1225236,1225237,1225238,1225239,1225240,1225241,1225242,1225243,1225244,1225245,1225246,1225247,1225248,1225249,1225250,1225251,1225252,1225253,1225254,1225255,1225256,1225257,1225258,1225259,1225260,1225261,1225262,1225263,1225268,1225301,1225303,1225304,1225306,1225316,1225318,1225320,1225321,1225322,1225323,1225326,1225327,1225328,1225329,1225330,1225331,1225332,1225333,1225334,1225335,1225336,1225337,1225338,1225339,1225341,1225342,1225344,1225346,1225347,1225351,1225353,1225354,1225355,1225357,1225358,1225360,1225361,1225366,1225367,1225368,1225369,1225370,1225372,1225373,1225374,1225375,1225376,1225377,1225379,1225380,1225382,1225383,1225384,1225386,1225387,1225388,1225390,1225392,1225393,1225396,1225400,1225404,1225405,1225408,1225409, 1225410,1225411,1225424,1225425,1225427,1225431,1225435,1225436,1225437,1225438,1225439,1225441,1225442,1225443,1225444,1225445,1225446,1225447,1225450,1225453,1225455,1225461,1225463,1225464,1225466,1225467,1225468,1225471,1225472,1225478,1225479,1225480,1225482,1225483,1225486,1225488,1225490,1225492,1225495,1225499,1225500,1225501,1225502,1225506,1225508,1225510,1225513,1225515,1225529,1225530,1225532,1225534,1225535,1225548,1225549,1225550,1225553,1225554,1225555,1225556,1225557,1225559,1225560,1225565,1225566,1225568,1225569,1225570,1225571,1225572,1225577,1225583,1225584,1225587,1225588,1225589,1225590,1225591,1225592,1225593,1225595,1225599,1225616,1225640,1225642,1225705,1225708,1225715,1225720,1225722,1225734,1225735,1225747,1225748,1225756,1225761,1225766,1225775,1225810,1225820,1225829,1225835,1225842,CVE-2020-36788,CVE-2021-39698,CVE-2021-4148,CVE-2021-42327,CVE-2021-43056,CVE-2021-43527,CVE-2021-47200,CVE-2021-47358,CVE-2021-47359,CVE-2021-47360,CVE-2021-47361,CVE-2021- 47362,CVE-2021-47363,CVE-2021-47364,CVE-2021-47365,CVE-2021-47366,CVE-2021-47367,CVE-2021-47368,CVE-2021-47369,CVE-2021-47370,CVE-2021-47371,CVE-2021-47372,CVE-2021-47373,CVE-2021-47374,CVE-2021-47375,CVE-2021-47376,CVE-2021-47378,CVE-2021-47379,CVE-2021-47380,CVE-2021-47381,CVE-2021-47382,CVE-2021-47383,CVE-2021-47384,CVE-2021-47385,CVE-2021-47386,CVE-2021-47387,CVE-2021-47388,CVE-2021-47389,CVE-2021-47390,CVE-2021-47391,CVE-2021-47392,CVE-2021-47393,CVE-2021-47394,CVE-2021-47395,CVE-2021-47396,CVE-2021-47397,CVE-2021-47398,CVE-2021-47399,CVE-2021-47400,CVE-2021-47401,CVE-2021-47402,CVE-2021-47403,CVE-2021-47404,CVE-2021-47405,CVE-2021-47406,CVE-2021-47407,CVE-2021-47408,CVE-2021-47409,CVE-2021-47410,CVE-2021-47412,CVE-2021-47413,CVE-2021-47414,CVE-2021-47415,CVE-2021-47416,CVE-2021-47417,CVE-2021-47418,CVE-2021-47419,CVE-2021-47420,CVE-2021-47421,CVE-2021-47422,CVE-2021-47423,CVE-2021-47424,CVE-2021-47425,CVE-2021-47426,CVE-2021-47427,CVE-2021-47428,CVE-2021-47429,CVE-2021-47430,C VE-2021-47431,CVE-2021-47433,CVE-2021-47434,CVE-2021-47435,CVE-2021-47436,CVE-2021-47437,CVE-2021-47438,CVE-2021-47439,CVE-2021-47440,CVE-2021-47441,CVE-2021-47442,CVE-2021-47443,CVE-2021-47444,CVE-2021-47445,CVE-2021-47446,CVE-2021-47447,CVE-2021-47448,CVE-2021-47449,CVE-2021-47450,CVE-2021-47451,CVE-2021-47452,CVE-2021-47453,CVE-2021-47454,CVE-2021-47455,CVE-2021-47456,CVE-2021-47457,CVE-2021-47458,CVE-2021-47459,CVE-2021-47460,CVE-2021-47461,CVE-2021-47462,CVE-2021-47463,CVE-2021-47464,CVE-2021-47465,CVE-2021-47466,CVE-2021-47467,CVE-2021-47468,CVE-2021-47469,CVE-2021-47470,CVE-2021-47471,CVE-2021-47472,CVE-2021-47473,CVE-2021-47474,CVE-2021-47475,CVE-2021-47476,CVE-2021-47477,CVE-2021-47478,CVE-2021-47479,CVE-2021-47480,CVE-2021-47481,CVE-2021-47482,CVE-2021-47483,CVE-2021-47484,CVE-2021-47485,CVE-2021-47486,CVE-2021-47488,CVE-2021-47489,CVE-2021-47490,CVE-2021-47491,CVE-2021-47492,CVE-2021-47493,CVE-2021-47494,CVE-2021-47495,CVE-2021-47496,CVE-2021-47497,CVE-2021-47498,CVE-2021 -47499,CVE-2021-47500,CVE-2021-47501,CVE-2021-47502,CVE-2021-47503,CVE-2021-47504,CVE-2021-47505,CVE-2021-47506,CVE-2021-47507,CVE-2021-47508,CVE-2021-47509,CVE-2021-47510,CVE-2021-47511,CVE-2021-47512,CVE-2021-47513,CVE-2021-47514,CVE-2021-47516,CVE-2021-47518,CVE-2021-47520,CVE-2021-47521,CVE-2021-47522,CVE-2021-47523,CVE-2021-47524,CVE-2021-47525,CVE-2021-47526,CVE-2021-47528,CVE-2021-47529,CVE-2021-47530,CVE-2021-47531,CVE-2021-47532,CVE-2021-47533,CVE-2021-47534,CVE-2021-47535,CVE-2021-47536,CVE-2021-47537,CVE-2021-47540,CVE-2021-47541,CVE-2021-47542,CVE-2021-47544,CVE-2021-47548,CVE-2021-47549,CVE-2021-47550,CVE-2021-47551,CVE-2021-47552,CVE-2021-47553,CVE-2021-47554,CVE-2021-47555,CVE-2021-47556,CVE-2021-47557,CVE-2021-47558,CVE-2021-47559,CVE-2021-47560,CVE-2021-47562,CVE-2021-47563,CVE-2021-47564,CVE-2021-47565,CVE-2021-47569,CVE-2022-48633,CVE-2022-48662,CVE-2022-48669,CVE-2022-48689,CVE-2022-48691,CVE-2022-48699,CVE-2022-48705,CVE-2022-48708,CVE-2022-48709,CVE-2022-48710, CVE-2023-0160,CVE-2023-1829,CVE-2023-42755,CVE-2023-47233,CVE-2023-52586,CVE-2023-52591,CVE-2023-52618,CVE-2023-52642,CVE-2023-52643,CVE-2023-52644,CVE-2023-52646,CVE-2023-52650,CVE-2023-52653,CVE-2023-52654,CVE-2023-52655,CVE-2023-52656,CVE-2023-52657,CVE-2023-52659,CVE-2023-52660,CVE-2023-52661,CVE-2023-52662,CVE-2023-52664,CVE-2023-52669,CVE-2023-52671,CVE-2023-52674,CVE-2023-52676,CVE-2023-52678,CVE-2023-52679,CVE-2023-52680,CVE-2023-52683,CVE-2023-52685,CVE-2023-52686,CVE-2023-52690,CVE-2023-52691,CVE-2023-52692,CVE-2023-52693,CVE-2023-52694,CVE-2023-52696,CVE-2023-52698,CVE-2023-52699,CVE-2023-52702,CVE-2023-52703,CVE-2023-52705,CVE-2023-52707,CVE-2023-52708,CVE-2023-52730,CVE-2023-52731,CVE-2023-52732,CVE-2023-52733,CVE-2023-52736,CVE-2023-52738,CVE-2023-52739,CVE-2023-52740,CVE-2023-52741,CVE-2023-52742,CVE-2023-52743,CVE-2023-52744,CVE-2023-52745,CVE-2023-52746,CVE-2023-52747,CVE-2023-52753,CVE-2023-52754,CVE-2023-52756,CVE-2023-52757,CVE-2023-52759,CVE-2023-52763,CVE-2023- 52764,CVE-2023-52766,CVE-2023-52773,CVE-2023-52774,CVE-2023-52777,CVE-2023-52781,CVE-2023-52788,CVE-2023-52789,CVE-2023-52791,CVE-2023-52795,CVE-2023-52796,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52803,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52807,CVE-2023-52808,CVE-2023-52809,CVE-2023-52810,CVE-2023-52811,CVE-2023-52814,CVE-2023-52815,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52844,CVE-2023-52847,CVE-2023-52851,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-2023-52856,CVE-2023-52858,CVE-2023-52860,CVE-2023-52861,CVE-2023-52864,CVE-2023-52865,CVE-2023-52867,CVE-2023-52868,CVE-2023-52870,CVE-2023-52871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52880,CVE-2023-6531,CVE-2024-2201,CVE-2024-26597,CVE-2024-26643,CVE-2024-26679,CVE-2024-26692,CVE -2024-26698,CVE-2024-26700,CVE-2024-26715,CVE-2024-26739,CVE-2024-26742,CVE-2024-26748,CVE-2024-26758,CVE-2024-26764,CVE-2024-26775,CVE-2024-26777,CVE-2024-26778,CVE-2024-26788,CVE-2024-26791,CVE-2024-26801,CVE-2024-26822,CVE-2024-26828,CVE-2024-26829,CVE-2024-26838,CVE-2024-26839,CVE-2024-26840,CVE-2024-26846,CVE-2024-26859,CVE-2024-26870,CVE-2024-26874,CVE-2024-26876,CVE-2024-26877,CVE-2024-26880,CVE-2024-26889,CVE-2024-26894,CVE-2024-26900,CVE-2024-26907,CVE-2024-26915,CVE-2024-26916,CVE-2024-26919,CVE-2024-26920,CVE-2024-26921,CVE-2024-26922,CVE-2024-26925,CVE-2024-26928,CVE-2024-26929,CVE-2024-26930,CVE-2024-26931,CVE-2024-26933,CVE-2024-26934,CVE-2024-26935,CVE-2024-26937,CVE-2024-26938,CVE-2024-26939,CVE-2024-26940,CVE-2024-26943,CVE-2024-26957,CVE-2024-26958,CVE-2024-26964,CVE-2024-26974,CVE-2024-26977,CVE-2024-26979,CVE-2024-26984,CVE-2024-26988,CVE-2024-26989,CVE-2024-26994,CVE-2024-26996,CVE-2024-26997,CVE-2024-26999,CVE-2024-27000,CVE-2024-27001,CVE-2024-27004,CVE-2024-2 7008,CVE-2024-27028,CVE-2024-27037,CVE-2024-27042,CVE-2024-27045,CVE-2024-27047,CVE-2024-27051,CVE-2024-27052,CVE-2024-27053,CVE-2024-27054,CVE-2024-27059,CVE-2024-27072,CVE-2024-27073,CVE-2024-27074,CVE-2024-27075,CVE-2024-27076,CVE-2024-27077,CVE-2024-27078,CVE-2024-27388,CVE-2024-27393,CVE-2024-27395,CVE-2024-27396,CVE-2024-27398,CVE-2024-27399,CVE-2024-27400,CVE-2024-27401,CVE-2024-27405,CVE-2024-27410,CVE-2024-27412,CVE-2024-27413,CVE-2024-27416,CVE-2024-27417,CVE-2024-27419,CVE-2024-27431,CVE-2024-27435,CVE-2024-27436,CVE-2024-35789,CVE-2024-35791,CVE-2024-35796,CVE-2024-35799,CVE-2024-35801,CVE-2024-35804,CVE-2024-35806,CVE-2024-35809,CVE-2024-35811,CVE-2024-35812,CVE-2024-35813,CVE-2024-35815,CVE-2024-35817,CVE-2024-35821,CVE-2024-35822,CVE-2024-35823,CVE-2024-35825,CVE-2024-35828,CVE-2024-35829,CVE-2024-35830,CVE-2024-35833,CVE-2024-35845,CVE-2024-35847,CVE-2024-35849,CVE-2024-35851,CVE-2024-35852,CVE-2024-35854,CVE-2024-35860,CVE-2024-35861,CVE-2024-35862,CVE-2024-35863,CV E-2024-35864,CVE-2024-35865,CVE-2024-35866,CVE-2024-35867,CVE-2024-35868,CVE-2024-35869,CVE-2024-35870,CVE-2024-35872,CVE-2024-35875,CVE-2024-35877,CVE-2024-35878,CVE-2024-35879,CVE-2024-35885,CVE-2024-35887,CVE-2024-35895,CVE-2024-35901,CVE-2024-35904,CVE-2024-35905,CVE-2024-35907,CVE-2024-35912,CVE-2024-35914,CVE-2024-35915,CVE-2024-35922,CVE-2024-35924,CVE-2024-35930,CVE-2024-35932,CVE-2024-35933,CVE-2024-35935,CVE-2024-35936,CVE-2024-35938,CVE-2024-35939,CVE-2024-35940,CVE-2024-35943,CVE-2024-35944,CVE-2024-35947,CVE-2024-35950,CVE-2024-35951,CVE-2024-35952,CVE-2024-35955,CVE-2024-35959,CVE-2024-35963,CVE-2024-35964,CVE-2024-35965,CVE-2024-35966,CVE-2024-35967,CVE-2024-35969,CVE-2024-35973,CVE-2024-35976,CVE-2024-35978,CVE-2024-35982,CVE-2024-35984,CVE-2024-35989,CVE-2024-35990,CVE-2024-35998,CVE-2024-35999,CVE-2024-36006,CVE-2024-36007,CVE-2024-36012,CVE-2024-36014,CVE-2024-36015,CVE-2024-36016,CVE-2024-36026,CVE-2024-36029,CVE-2024-36032,CVE-2024-36880,CVE-2024-36893,CVE-2024- 36896,CVE-2024-36897,CVE-2024-36906,CVE-2024-36918,CVE-2024-36924,CVE-2024-36926,CVE-2024-36928,CVE-2024-36931,CVE-2024-36938,CVE-2024-36940,CVE-2024-36941,CVE-2024-36942,CVE-2024-36944,CVE-2024-36947,CVE-2024-36950,CVE-2024-36952,CVE-2024-36955,CVE-2024-36959 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2021-47548: Fixed a possible array out-of=bounds (bsc#1225506) - CVE-2022-48689: Fixed data-race in lru_add_fn (bsc#1223959) - CVE-2022-48691: Fixed memory leak in netfilter (bsc#1223961) - CVE-2023-1829: Fixed a use-after-free vulnerability in the control index filter (tcindex) (bsc#1210335). - CVE-2023-42755: Check user supplied offsets (bsc#1215702). - CVE-2023-52586: Fixed mutex lock in control vblank irq (bsc#1221081). - CVE-2023-52618: Fixed string overflow in block/rnbd-srv (bsc#1221615). - CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187). - CVE-2023-52660: Fiedx IRQ handling due to shared interrupts (bsc#1224443). - CVE-2023-52664: Eliminate double free in error handling logic (bsc#1224747). - CVE-2023-52671: Fixed hang/underflow when transitioning to ODM4:1 (bsc#1224729). - CVE-2023-52674: Add clamp() in scarlett2_mixer_ctl_put() (bsc#1224727). - CVE-2023-52680: Fixed missing error checks to *_ctl_get() (bsc#1224608). - CVE-2023-52692: Fixed missing error check to scarlett2_usb_set_config() (bsc#1224628). - CVE-2023-52698: Fixed memory leak in netlbl_calipso_add_pass() (CVE-2023-52698 bsc#1224621) - CVE-2023-52746: Prevent potential spectre v1 gadget in xfrm_xlate32_attr() (bsc#1225114) - CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548). - CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085). - CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930). - CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097). - CVE-2023-52860: Fixed null pointer dereference in hisi_hns3 (bsc#1224936). - CVE-2024-2201: Fixed information leak in x86/BHI (bsc#1217339). - CVE-2024-26643: Fixed mark set as dead when unbinding anonymous set with timeout (bsc#1221829). - CVE-2024-26679: Fixed read sk->sk_family once in inet_recv_error() (bsc#1222385). - CVE-2024-26692: Fixed regression in writes when non-standard maximum write size negotiated (bsc#1222464). - CVE-2024-26715: Fixed NULL pointer dereference in dwc3_gadget_suspend (bsc#1222561). - CVE-2024-26742: Fixed disable_managed_interrupts (git-fixes bsc#1222608). - CVE-2024-26775: Fixed potential deadlock at set_capacity (bsc#1222627). - CVE-2024-26791: Fixed properly validate device names in btrfs (bsc#1222793) - CVE-2024-26822: Set correct id, uid and cruid for multiuser automounts (bsc#1223011). - CVE-2024-26828: Fixed underflow in parse_server_interfaces() (bsc#1223084). - CVE-2024-26876: Fixed crash on irq during probe (bsc#1223119). - CVE-2024-26900: Fixed kmemleak of rdev->serial (bsc#1223046). - CVE-2024-26915: Reset IH OVERFLOW_CLEAR bit (bsc#1223207) - CVE-2024-26919: Fixed debugfs directory leak (bsc#1223847). - CVE-2024-26921: Preserve kabi for sk_buff (bsc#1223138). - CVE-2024-26925: Release mutex after nft_gc_seq_end from abort path (bsc#1223390). - CVE-2024-26928: Fixed potential UAF in cifs_debug_files_proc_show() (bsc#1223532). - CVE-2024-26939: Fixed UAF on destroy against retire race (bsc#1223679). - CVE-2024-26958: Fixed UAF in direct writes (bsc#1223653). - CVE-2024-27042: Fixed potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' (bsc#1223823). - CVE-2024-27395: Fixed Use-After-Free in ovs_ct_exit (bsc#1224098). - CVE-2024-27396: Fixed Use-After-Free in gtp_dellink (bsc#1224096). - CVE-2024-27398: Fixed use-after-free bugs caused by sco_sock_timeout (bsc#1224174). - CVE-2024-27401: Fixed user_length taken into account when fetching packet contents (bsc#1224181). - CVE-2024-27417: Fixed potential 'struct net' leak in inet6_rtm_getaddr() (bsc#1224721) - CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759) - CVE-2024-27431: Fixed Zero-initialise xdp_rxq_info struct before running XDP program (bsc#1224718). - CVE-2024-35791: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() (bsc#1224725). - CVE-2024-35799: Prevent crash when disable stream (bsc#1224740). - CVE-2024-35804: Mark target gfn of emulated atomic instruction as dirty (bsc#1224638). - CVE-2024-35852: Fixed memory leak when canceling rehash work (bsc#1224502). - CVE-2024-35854: Fixed possible use-after-free during rehash (bsc#1224636). - CVE-2024-35860: struct bpf_link and bpf_link_ops kABI workaround (bsc#1224531). - CVE-2024-35861: Fixed potential UAF in cifs_signal_cifsd_for_reconnect() (bsc#1224766). - CVE-2024-35862: Fixed potential UAF in smb2_is_network_name_deleted() (bsc#1224764). - CVE-2024-35863: Fixed potential UAF in is_valid_oplock_break() (bsc#1224763). - CVE-2024-35864: Fixed potential UAF in smb2_is_valid_lease_break() (bsc#1224765). - CVE-2024-35865: Fixed potential UAF in smb2_is_valid_oplock_break() (bsc#1224668). - CVE-2024-35866: Fixed potential UAF in cifs_dump_full_key() (bsc#1224667). - CVE-2024-35867: Fixed potential UAF in cifs_stats_proc_show() (bsc#1224664). - CVE-2024-35868: Fixed potential UAF in cifs_stats_proc_write() (bsc#1224678). - CVE-2024-35869: Guarantee refcounted children from parent session (bsc#1224679). - CVE-2024-35870: Fixed UAF in smb2_reconnect_server() (bsc#1224672). - CVE-2024-35872: Fixed GUP-fast succeeding on secretmem folios (bsc#1224530). - CVE-2024-35875: Require seeding RNG with RDRAND on CoCo systems (bsc#1224665). - CVE-2024-35877: Fixed VM_PAT handling in COW mappings (bsc#1224525). - CVE-2024-35878: Prevent NULL pointer dereference in vsnprintf() (bsc#1224671). - CVE-2024-35879: kABI workaround for drivers/of/dynamic.c (bsc#1224524). - CVE-2024-35885: Stop interface during shutdown (bsc#1224519). - CVE-2024-35904: Fixed dereference of garbage after mount failure (bsc#1224494). - CVE-2024-35905: Fixed int overflow for stack access size (bsc#1224488). - CVE-2024-35907: Call request_irq() after NAPI initialized (bsc#1224492). - CVE-2024-35924: Limit read size on v1.2 (bsc#1224657). - CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535). - CVE-2024-35943: Fixed a null pointer dereference in omap_prm_domain_init (bsc#1224649). - CVE-2024-35944: Fixed memcpy() run-time warning in dg_dispatch_as_host() (bsc#1224648). - CVE-2024-35951: Fixed the error path in panfrost_mmu_map_fault_addr() (bsc#1224701). - CVE-2024-35959: Fixed mlx5e_priv_init() cleanup flow (bsc#1224666). - CVE-2024-35964: Fixed not validating setsockopt user input (bsc#1224581). - CVE-2024-35969: Fixed race condition between ipv6_get_ifaddr and ipv6_del_addr (bsc#1224580). - CVE-2024-35973: Fixed header validation in geneve[6]_xmit_skb (bsc#1224586). - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575). - CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549). - CVE-2024-35999: Fixed missing lock when picking channel (bsc#1224550). - CVE-2024-36006: Fixed incorrect list API usage (bsc#1224541). - CVE-2024-36007: Fixed warning during rehash (bsc#1224543). - CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761). The following non-security bugs were fixed: - 9p: explicitly deny setlease attempts (git-fixes). - ACPI: bus: Indicate support for _TFP thru _OSC (git-fixes). - ACPI: disable -Wstringop-truncation (git-fixes). - ACPI: Fix Generic Initiator Affinity _OSC bit (git-fixes). - ACPI: LPSS: Advertise number of chip selects via property (git-fixes). - admin-guide/hw-vuln/core-scheduling: fix return type of PR_SCHED_CORE_GET (git-fixes). - af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress (bsc#1223384). - af_unix: Do not use atomic ops for unix_sk(sk)->inflight (bsc#1223384). - af_unix: Replace BUG_ON() with WARN_ON_ONCE() (bsc#1223384). - ALSA: core: Fix NULL module pointer assignment at card init (git-fixes). - ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup (git-fixes). - ALSA: line6: Zero-initialize message buffers (stable-fixes). - ARM: 9381/1: kasan: clear stale stack poison (git-fixes). - ASoC: Intel: avs: Fix ASRC module initialization (git-fixes). - ASoC: Intel: avs: Fix potential integer overflow (git-fixes). - ASoC: Intel: avs: ssm4567: Do not ignore route checks (git-fixes). - ASoC: Intel: Disable route checks for Skylake boards (git-fixes). - ASoC: kirkwood: Fix potential NULL dereference (git-fixes). - ASoC: mediatek: mt8192: fix register configuration for tdm (git-fixes). - ASoC: meson: axg-fifo: use FIELD helpers (stable-fixes). - ASoC: meson: axg-fifo: use threaded irq to check periods (git-fixes). - ASoC: tas2552: Add TX path for capturing AUDIO-OUT data (git-fixes). - ASoC: tracing: Export SND_SOC_DAPM_DIR_OUT to its value (git-fixes). - ata: pata_legacy: make legacy_exit() work again (git-fixes). - ata: sata_gemini: Check clk_enable() result (stable-fixes). - autofs: use wake_up() instead of wake_up_interruptible(() (bsc#1224166). - Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout (git-fixes). - Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_add_adv_monitor() (git-fixes). - Bluetooth: hci_sync: Do not double print name in add/remove adv_monitor (bsc#1216358). - Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (git-fixes). - Bluetooth: msft: fix slab-use-after-free in msft_do_close() (git-fixes). - Bluetooth: qca: add missing firmware sanity checks (git-fixes). - Bluetooth: qca: Fix error code in qca_read_fw_build_info() (git-fixes). - Bluetooth: qca: fix firmware check error path (git-fixes). - Bluetooth: qca: fix info leak when fetching fw build id (git-fixes). - Bluetooth: qca: fix NVM configuration parsing (git-fixes). - bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (git-fixes) - bpf: decouple prune and jump points (bsc#1225756). - bpf: fix precision backtracking instruction iteration (bsc#1225756). - bpf: Fix precision tracking for BPF_ALU | BPF_TO_BE | BPF_END (git-fixes). - bpf: handle ldimm64 properly in check_cfg() (bsc#1225756). - bpf: mostly decouple jump history management from is_state_visited() (bsc#1225756). - bpf: remove unnecessary prune and jump points (bsc#1225756). - btrfs: add error messages to all unrecognized mount options (git-fixes) - btrfs: add missing mutex_unlock in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: export: handle invalid inode or root reference in btrfs_get_parent() (git-fixes) - btrfs: extend locking to all space_info members accesses (git-fixes) - btrfs: fix btrfs_submit_compressed_write cgroup attribution (git-fixes) - btrfs: fix fallocate to use file_modified to update permissions consistently (git-fixes) - btrfs: fix information leak in btrfs_ioctl_logical_to_ino() (git-fixes) - btrfs: fix missing blkdev_put() call in btrfs_scan_one_device() (git-fixes) - btrfs: fix off-by-one chunk length calculation at contains_pending_extent() (git-fixes) - btrfs: fix qgroup reserve overflow the qgroup limit (git-fixes) - btrfs: fix silent failure when deleting root reference (git-fixes) - btrfs: fix use-after-free after failure to create a snapshot (git-fixes) - btrfs: free exchange changeset on failures (git-fixes) - btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() (git-fixes) - btrfs: make search_csum_tree return 0 if we get -EFBIG (git-fixes) - btrfs: prevent copying too big compressed lzo segment (git-fixes) - btrfs: remove BUG_ON(!eie) in find_parent_nodes (git-fixes) - btrfs: remove BUG_ON() in find_parent_nodes() (git-fixes) - btrfs: repair super block num_devices automatically (git-fixes) - btrfs: replace the BUG_ON in btrfs_del_root_ref with proper error handling (git-fixes) - btrfs: send: ensure send_fd is writable (git-fixes) - btrfs: send: handle path ref underflow in header iterate_inode_ref() (git-fixes) - btrfs: send: in case of IO error log it (git-fixes) - btrfs: send: return EOPNOTSUPP on unknown flags (git-fixes) - btrfs: tree-checker: check item_size for dev_item (git-fixes) - btrfs: tree-checker: check item_size for inode_item (git-fixes) - cifs: account for primary channel in the interface list (bsc#1224020). - cifs: cifs_chan_is_iface_active should be called with chan_lock held (bsc#1224020). - cifs: distribute channels across interfaces based on speed (bsc#1224020). - cifs: do not pass cifs_sb when trying to add channels (bsc#1224020). - cifs: failure to add channel on iface should bump up weight (git-fixes, bsc#1224020). - cifs: fix charset issue in reconnection (bsc#1224020). - cifs: fix leak of iface for primary channel (git-fixes, bsc#1224020). - cifs: handle cases where a channel is closed (bsc#1224020). - cifs: handle cases where multiple sessions share connection (bsc#1224020). - cifs: reconnect work should have reference on server struct (bsc#1224020). - clk: Do not hold prepare_lock when calling kref_put() (stable-fixes). - clk: qcom: mmcc-msm8998: fix venus clock issue (git-fixes). - counter: stm32-lptimer-cnt: Provide defines for clock polarities (git-fixes). - counter: stm32-timer-cnt: Provide defines for slave mode selection (git-fixes). - cppc_cpufreq: Fix possible null pointer dereference (git-fixes). - cpu/hotplug: Remove the 'cpu' member of cpuhp_cpu_state (git-fixes). - cpumask: Add for_each_cpu_from() (bsc#1225053). - crypto: bcm - Fix pointer arithmetic (git-fixes). - crypto: ccp - drop platform ifdef checks (git-fixes). - crypto: ecdsa - Fix module auto-load on add-key (git-fixes). - crypto: x86/nh-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha256-avx2 - add missing vzeroupper (git-fixes). - crypto: x86/sha512-avx2 - add missing vzeroupper (git-fixes). - dmaengine: axi-dmac: fix possible race in remove() (git-fixes). - dmaengine: idma64: Add check for dma_set_max_seg_size (git-fixes). - dm/amd/pm: Fix problems with reboot/shutdown for some SMU 13.0.4/13.0.11 users (git-fixes). - dm-multipath: dont't attempt SG_IO on non-SCSI-disks (bsc#1223575). - docs: kernel_include.py: Cope with docutils 0.21 (stable-fixes). - drivers/nvme: Add quirks for device 126f:2262 (git-fixes). - drm/amd/display: Atom Integrated System Info v2_2 for DCN35 (stable-fixes). - drm/amd/display: Fix division by zero in setup_dsc_config (stable-fixes). - drm/amd/display: Fix potential index out of bounds in color transformation function (git-fixes). - drm/amd/display: Handle Y carry-over in VCP X.Y calculation (stable-fixes). - drm/amd: Flush GFXOFF requests in prepare stage (git-fixes). - drm/amdgpu: Refine IB schedule error logging (stable-fixes). - drm/amdkfd: do not allow mapping the MMIO HDP page with large pages (git-fixes). - drm/arm/malidp: fix a possible null pointer dereference (git-fixes). - drm/bridge: anx7625: Do not log an error when DSI host can't be found (git-fixes). - drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference (git-fixes). - drm/bridge: dpc3433: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: icn6211: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt8912b: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: lt9611: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: Do not log an error when DSI host can't be found (git-fixes). - drm/bridge: tc358775: fix support for jeida-18 and jeida-24 (git-fixes). - drm/connector: Add \n to message about demoting connector force-probes (git-fixes). - drm/i915/bios: Fix parsing backlight BDB data (git-fixes). - drm/lcdif: Do not disable clocks on already suspended hardware (git-fixes). - drm/mediatek: Add 0 size check to mtk_drm_gem_obj (git-fixes). - drm/meson: dw-hdmi: add bandgap setting for g12 (git-fixes). - drm/meson: dw-hdmi: power up phy on device init (git-fixes). - drm/meson: vclk: fix calculation of 59.94 fractional rates (git-fixes). - drm/msm/dp: allow voltage swing / pre emphasis of 3 (git-fixes). - drm/msm/dpu: Always flush the slave INTF on the CTL (git-fixes). - drm/msm/dsi: Print dual-DSI-adjusted pclk instead of original mode pclk (git-fixes). - drm/nouveau/dp: Do not probe eDP ports twice harder (stable-fixes). - drm/panel: atna33xc20: Fix unbalanced regulator in the case HPD does not assert (git-fixes). - drm/panel: novatek-nt35950: Do not log an error when DSI host can't be found (git-fixes). - drm/panel: simple: Add missing Innolux G121X1-L03 format, flags, connector (git-fixes). - drm: vc4: Fix possible null pointer dereference (git-fixes). - dt-bindings: clock: qcom: Add missing UFS QREF clocks (git-fixes) - dyndbg: fix old BUG_ON in >control parser (stable-fixes). - efi: libstub: only free priv.runtime_map when allocated (git-fixes). - extcon: max8997: select IRQ_DOMAIN instead of depending on it (git-fixes). - fail_function: fix wrong use of fei_attr_remove(). - fbdev: savage: Handle err return when savagefb_check_var failed (git-fixes). - fbdev: shmobile: fix snprintf truncation (git-fixes). - fbdev: sisfb: hide unused variables (git-fixes). - firewire: ohci: mask bus reset interrupts between ISR and bottom half (stable-fixes). - firmware: dmi-id: add a release callback function (git-fixes). - firmware: raspberrypi: Use correct device for DMA mappings (git-fixes). - fs/9p: drop inodes immediately on non-.L too (git-fixes). - fs/9p: only translate RWX permissions for plain 9P2000 (git-fixes). - fs/9p: translate O_TRUNC into OTRUNC (git-fixes). - gpio: crystalcove: Use -ENOTSUPP consistently (stable-fixes). - gpio: wcove: Use -ENOTSUPP consistently (stable-fixes). - gpu: host1x: Do not setup DMA for virtual devices (stable-fixes). - HID: intel-ish-hid: ipc: Add check for pci_alloc_irq_vectors (git-fixes). - hwmon: (corsair-cpro) Protect ccp->wait_input_report with a spinlock (git-fixes). - hwmon: (corsair-cpro) Use a separate buffer for sending commands (git-fixes). - hwmon: (corsair-cpro) Use complete_all() instead of complete() in ccp_raw_event() (git-fixes). - hwmon: (lm70) fix links in doc and comments (git-fixes). - hwmon: (pmbus/ucd9000) Increase delay from 250 to 500us (git-fixes). - i3c: master: svc: change ENXIO to EAGAIN when IBI occurs during start frame (git-fixes). - i3c: master: svc: fix invalidate IBI type and miss call client IBI handler (git-fixes). - IB/mlx5: Use __iowrite64_copy() for write combining stores (git-fixes) - idpf: extend tx watchdog timeout (bsc#1224137). - iio: core: Leave private pointer NULL when no private data supplied (git-fixes). - iio: pressure: dps310: support negative temperature values (git-fixes). - Input: cyapa - add missing input core locking to suspend/resume functions (git-fixes). - Input: ims-pcu - fix printf string overflow (git-fixes). - Input: pm8xxx-vibrator - correct VIB_MAX_LEVELS calculation (git-fixes). - iomap: Fix inline extent handling in iomap_readpage (git-fixes) - iomap: iomap: fix memory corruption when recording errors during writeback (git-fixes) - iomap: Support partial direct I/O on user copy failures (git-fixes) - iommu/dma: Force swiotlb_max_mapping_size on an untrusted device (bsc#1224331) - io_uring/unix: drop usage of io_uring socket (git-fixes). - irqchip/gic-v3-its: Prevent double free on error (git-fixes). - jffs2: prevent xattr node from overflowing the eraseblock (git-fixes). - kABI: bpf: struct bpf_insn_aux_data kABI workaround (bsc#1225756). - kcm: do not sense pfmemalloc status in kcm_sendpage() (git-fixes bsc#1223959) - KEYS: trusted: Do not use WARN when encode fails (git-fixes). - KEYS: trusted: Fix memory leak in tpm2_key_encode() (git-fixes). - KVM: s390: Check kvm pointer when testing KVM_CAP_S390_HPAGE_1M (git-fixes bsc#1224794). - KVM: x86: Delete duplicate documentation for KVM_X86_SET_MSR_FILTER (git-fixes). - leds: pwm: Disable PWM when going to suspend (git-fixes). - libsubcmd: Fix parse-options memory leak (git-fixes). - locking/atomic: Make test_and_*_bit() ordered on failure (git-fixes). - media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries (git-fixes). - media: dt-bindings: ovti,ov2680: Fix the power supply names (git-fixes). - media: mc: mark the media devnode as registered from the, start (git-fixes). - media: ngene: Add dvb_ca_en50221_init return value check (git-fixes). - media: stk1160: fix bounds checking in stk1160_copy_video() (git-fixes). - mei: me: add lunar lake point M DID (stable-fixes). - mfd: intel-lpss: Revert 'Add missing check for platform_get_resource' (git-fixes). - mfd: ti_am335x_tscadc: Support the correctly spelled DT property (git-fixes). - mfd: tqmx86: Specify IO port register range more precisely (git-fixes). - mlxbf_gige: Enable the GigE port in mlxbf_gige_open (git-fixes). - mlxbf_gige: Fix intermittent no ip issue (git-fixes). - mlxbf_gige: stop PHY during open() error paths (git-fixes). - mmc: sdhci_am654: Add tuning algorithm for delay chain (git-fixes). - mmc: sdhci_am654: Write ITAPDLY for DDR52 timing (git-fixes). - mtd: core: Report error if first mtd_otp_size() call fails in mtd_otp_nvmem_add() (git-fixes). - mtd: rawnand: hynix: fixed typo (git-fixes). - net: do not sense pfmemalloc status in skb_append_pagefrags() (git-fixes bsc#1223959) - netfilter: nf_tables: bail out early if hardware offload is not supported (git-fixes bsc#1223961) - net: introduce __skb_fill_page_desc_noacc (git-fixes bsc#1223959) - net: nfc: remove inappropriate attrs check (stable-fixes). - net: qualcomm: rmnet: fix global oob in rmnet_policy (git-fixes). - net: usb: ax88179_178a: fix link status when link is set to down/up (git-fixes). - net:usb:qmi_wwan: support Rolling modules (stable-fixes). - net: usb: smsc95xx: stop lying about skb->truesize (git-fixes). - net: usb: sr9700: stop lying about skb->truesize (git-fixes). - net: vmxnet3: Fix NULL pointer dereference in vmxnet3_rq_rx_complete() (bsc#1223360). - nfc: nci: Fix handling of zero-length payload packets in nci_rx_work() (git-fixes). - nfc: nci: Fix uninit-value in nci_rx_work (git-fixes). - nilfs2: fix out-of-range warning (git-fixes). - nilfs2: fix unexpected freezing of nilfs_segctor_sync() (git-fixes). - nilfs2: fix use-after-free of timer for log writer thread (git-fixes). - nilfs2: make superblock data array index computation sparse friendly (git-fixes). - nvme: ensure disabling pairs with unquiesce (bsc#1224534). - nvme: fix miss command type check (git-fixes). - nvme: fix multipath batched completion accounting (git-fixes). - nvme-multipath: fix io accounting on failover (git-fixes). - nvmet: fix ns enable/disable possible hang (git-fixes). - PCI: dwc: Detect iATU settings after getting 'addr_space' resource (git-fixes). - PCI: dwc: ep: Fix DBI access failure for drivers requiring refclk from host (git-fixes). - PCI: dwc: Use the bitmap API to allocate bitmaps (git-fixes). - PCI/EDR: Align EDR_PORT_DPC_ENABLE_DSM with PCI Firmware r3.3 (git-fixes). - PCI/EDR: Align EDR_PORT_LOCATE_DSM with PCI Firmware r3.3 (git-fixes). - PCI: rockchip-ep: Remove wrong mask on subsys_vendor_id (git-fixes). - PCI: tegra194: Fix probe path for Endpoint mode (git-fixes). - pinctrl: armada-37xx: remove an unused variable (git-fixes). - pinctrl: core: delete incorrect free in pinctrl_enable() (git-fixes). - pinctrl: core: handle radix_tree_insert() errors in pinctrl_register_one_pin() (stable-fixes). - pinctrl: devicetree: fix refcount leak in pinctrl_dt_to_map() (git-fixes). - pinctrl/meson: fix typo in PDM's pin name (git-fixes). - pinctrl: pinctrl-aspeed-g6: Fix register offset for pinconf of GPIOR-T (git-fixes). - platform/x86/intel-uncore-freq: Do not present root domain on error (git-fixes). - platform/x86: xiaomi-wmi: Fix race condition when reporting key events (git-fixes). - powerpc/eeh: Permanently disable the removed device (bsc#1223991 ltc#205740). - powerpc/eeh: Small refactor of eeh_handle_normal_event() (bsc#1223991 ltc#205740). - powerpc/eeh: Use a goto for recovery failures (bsc#1223991 ltc#205740). - powerpc/powernv: Add a null pointer check in opal_event_init() (bsc#1065729). - powerpc/pseries/lparcfg: drop error message from guest name lookup (bsc#1187716 ltc#193451 git-fixes). - powerpc/pseries/vio: Do not return ENODEV if node or compatible missing (bsc#1220783). - powerpc/uaccess: Fix build errors seen with GCC 13/14 (bsc#1194869). - powerpc/uaccess: Use YZ asm constraint for ld (bsc#1194869). - power: rt9455: hide unused rt9455_boost_voltage_values (git-fixes). - ppdev: Add an error check in register_device (git-fixes). - printk: Update @console_may_schedule in console_trylock_spinning() (bsc#1225616). - qibfs: fix dentry leak (git-fixes) - RDMA/hns: Add max_ah and cq moderation capacities in query_device() (git-fixes) - RDMA/hns: Fix deadlock on SRQ async events. (git-fixes) - RDMA/hns: Fix GMV table pagesize (git-fixes) - RDMA/hns: Fix return value in hns_roce_map_mr_sg (git-fixes) - RDMA/hns: Fix UAF for cq async event (git-fixes) - RDMA/hns: Modify the print level of CQE error (git-fixes) - RDMA/hns: Use complete parentheses in macros (git-fixes) - RDMA/IPoIB: Fix format truncation compilation errors (git-fixes) - RDMA/mlx5: Adding remote atomic access flag to updatable flags (git-fixes) - RDMA/mlx5: Fix port number for counter query in multi-port configuration (git-fixes) - RDMA/rxe: Add ibdev_dbg macros for rxe (git-fixes) - RDMA/rxe: Fix incorrect rxe_put in error path (git-fixes) - RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt (git-fixes) - RDMA/rxe: Fix the problem 'mutex_destroy missing' (git-fixes) - RDMA/rxe: Replace pr_xxx by rxe_dbg_xxx in rxe_net.c (git-fixes) - RDMA/rxe: Split rxe_run_task() into two subroutines (git-fixes) - regulator: bd71828: Do not overwrite runtime voltages (git-fixes). - regulator: core: fix debugfs creation regression (git-fixes). - regulator: mt6360: De-capitalize devicetree regulator subnodes (git-fixes). - remoteproc: mediatek: Make sure IPI buffer fits in L2TCM (git-fixes). - Rename colliding patches before origin/cve/linux-5.14-LTSS -> SLE15-SP5 merge - Revert 'cifs: reconnect work should have reference on server struct' (git-fixes, bsc#1224020). - Revert 'drm/bridge: ti-sn65dsi83: Fix enable error path' (git-fixes). - ring-buffer: Fix a race between readers and resize checks (git-fixes). - s390/bpf: Emit a barrier for BPF_FETCH instructions (git-fixes bsc#1224795). - s390/cio: fix tracepoint subchannel type field (git-fixes bsc#1224796). - s390/cpum_cf: make crypto counters upward compatible across machine types (bsc#1224346). - s390/ipl: Fix incorrect initialization of len fields in nvme reipl block (git-fixes bsc#1225139). - s390/ipl: Fix incorrect initialization of nvme dump block (git-fixes bsc#1225138). - sched/topology: Optimize topology_span_sane() (bsc#1225053). - scsi: arcmsr: Support new PCI device IDs 1883 and 1886 (git-fixes). - scsi: bfa: Fix function pointer type mismatch for hcb_qe->cbfn (git-fixes). - scsi: core: Consult supported VPD page list prior to fetching page (git-fixes). - scsi: core: Fix unremoved procfs host directory regression (git-fixes). - scsi: csiostor: Avoid function pointer casts (git-fixes). - scsi: libfc: Do not schedule abort twice (git-fixes). - scsi: libfc: Fix up timeout error in fc_fcp_rec_error() (git-fixes). - scsi: lpfc: Add support for 32 byte CDBs (bsc#1225842). - scsi: lpfc: Change default logging level for unsolicited CT MIB commands (bsc#1225842). - scsi: lpfc: Change lpfc_hba hba_flag member into a bitmask (bsc#1225842). - scsi: lpfc: Clear deferred RSCN processing flag when driver is unloading (bsc#1225842). - scsi: lpfc: Copyright updates for 14.4.0.2 patches (bsc#1225842). - scsi: lpfc: Introduce rrq_list_lock to protect active_rrq_list (bsc#1225842). - scsi: lpfc: Update logging of protection type for T10 DIF I/O (bsc#1225842). - scsi: lpfc: Update lpfc version to 14.4.0.2 (bsc#1225842). - scsi: mpt3sas: Prevent sending diag_reset when the controller is ready (git-fixes). - scsi: mylex: Fix sysfs buffer lengths (git-fixes). - scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (git-fixes). - scsi: sd: Unregister device if device_add_disk() failed in sd_probe() (git-fixes). - selftests/pidfd: Fix config for pidfd_setns_test (git-fixes). - serial: 8250_bcm7271: use default_mux_rate if possible (git-fixes). - serial: kgdboc: Fix NMI-safety problems from keyboard reset code (stable-fixes). - serial: max3100: Fix bitwise types (git-fixes). - serial: max3100: Lock port->lock when calling uart_handle_cts_change() (git-fixes). - serial: max3100: Update uart_driver_registered on driver removal (git-fixes). - serial: sc16is7xx: add proper sched.h include for sched_set_fifo() (git-fixes). - serial: sc16is7xx: fix bug in sc16is7xx_set_baud() when using prescaler (git-fixes). - serial: sh-sci: protect invalidating RXDMA on shutdown (git-fixes). - smb3: show beginning time for per share stats (bsc#1224020). - smb: client: ensure to try all targets when finding nested links (bsc#1224020). - smb: client: fix mount when dns_resolver key is not available (git-fixes, bsc#1224020). - smb: client: get rid of dfs code dep in namespace.c (bsc#1224020). - smb: client: get rid of dfs naming in automount code (bsc#1224020). - smb: client: introduce DFS_CACHE_TGT_LIST() (bsc#1224020). - smb: client: reduce stack usage in cifs_try_adding_channels() (bsc#1224020). - smb: client: remove extra @chan_count check in __cifs_put_smb_ses() (bsc#1224020). - smb: client: rename cifs_dfs_ref.c to namespace.c (bsc#1224020). - soc: mediatek: cmdq: Fix typo of CMDQ_JUMP_RELATIVE (git-fixes). - soc: qcom: rpmh-rsc: Enhance check for VRM in-flight request (git-fixes). - Sort recent BHI patches - speakup: Fix sizeof() vs ARRAY_SIZE() bug (git-fixes). - spmi: Add a check for remove callback when removing a SPMI driver (git-fixes). - spmi: hisi-spmi-controller: Do not override device identifier (git-fixes). - swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (bsc#1224331). - swiotlb: Fix alignment checks when both allocation and DMA masks are (bsc#1224331) - swiotlb: Fix double-allocation of slots due to broken alignment (bsc#1224331) - swiotlb: Honour dma_alloc_coherent() alignment in swiotlb_alloc() (bsc#1224331) - sysv: do not call sb_bread() with pointers_lock held (git-fixes). - thermal/drivers/tsens: Fix null pointer dereference (git-fixes). - tools/latency-collector: Fix -Wformat-security compile warns (git-fixes). - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer (bsc#1225535) - tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer (git-fixes). - tracing: Add MODULE_DESCRIPTION() to preemptirq_delay_test (git-fixes). - tracing: hide unused ftrace_event_id_fops (git-fixes). - tty: n_gsm: fix missing receive state reset after mode switch (git-fixes). - tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (git-fixes). - Update patches.suse/ring-buffer-Fix-a-race-between-readers-and-resize-checks.patch (bsc#1222893). - Update patches.suse/scsi-qedf-Don-t-process-stag-work-during-unload.patch (bsc#1214852) - Update patches.suse/scsi-qedf-Wait-for-stag-work-during-unload.patch (bsc#1214852) - usb: aqc111: stop lying about skb->truesize (git-fixes). - USB: core: Add hub_get() and hub_put() routines (git-fixes). - USB: core: Fix access violation during port device removal (git-fixes). - USB: core: Fix deadlock in port 'disable' sysfs attribute (git-fixes). - usb: dwc3: core: Prevent phy suspend during init (Git-fixes). - usb: gadget: u_audio: Clear uac pointer when freed (git-fixes). - usb: typec: tipd: fix event checking for tps6598x (git-fixes). - usb: typec: ucsi: displayport: Fix potential deadlock (git-fixes). - VMCI: Fix an error handling path in vmci_guest_probe_device() (git-fixes). - VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (stable-fixes). - vmci: prevent speculation leaks by sanitizing event in event_deliver() (git-fixes). - watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger (git-fixes). - watchdog: ixp4xx: Make sure restart always works (git-fixes). - watchdog: rti_wdt: Set min_hw_heartbeat_ms to accommodate a safety margin (git-fixes). - wifi: ar5523: enable proper endpoint verification (git-fixes). - wifi: ath10k: Fix an error code problem in ath10k_dbg_sta_write_peer_debug_trigger() (git-fixes). - wifi: ath10k: poll service ready message before failing (git-fixes). - wifi: ath10k: populate board data for WCN3990 (git-fixes). - wifi: ath11k: do not force enable power save on non-running vdevs (git-fixes). - wifi: carl9170: add a proper sanity check for endpoints (git-fixes). - wifi: carl9170: re-fix fortified-memset warning (git-fixes). - wifi: cfg80211: fix rdev_dump_mpp() arguments order (stable-fixes). - wifi: mac80211: fix ieee80211_bss_*_flags kernel-doc (stable-fixes). - wifi: mwl8k: initialize cmd->addr[] properly (git-fixes). - x86/boot: Ignore NMIs during very early boot (git-fixes). - x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (git-fixes). - x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (git-fixes). - x86/bugs: Fix BHI documentation (git-fixes). - x86/bugs: Fix BHI handling of RRSBA (git-fixes). - x86/bugs: Fix BHI retpoline check (git-fixes). - x86/bugs: Fix return type of spectre_bhi_state() (git-fixes). - x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (git-fixes). - x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (git-fixes). - x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (git-fixes). - x86: Fix CPUIDLE_FLAG_IRQ_ENABLE leaking timer reprogram (git-fixes). - x86/kvm: Do not try to disable kvmclock if it was not enabled (git-fixes). - x86/lib: Fix overflow when counting digits (git-fixes). - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (git-fixes). - x86/nmi: Drop unused declaration of proc_nmi_enabled() (git-fixes). - x86/retpoline: Do the necessary fixup to the Zen3/4 srso return thunk for !SRSO (git-fixes). - x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes). - x86/sme: Fix memory encryption setting if enabled by default and not overridden (git-fixes). - x86/tdx: Preserve shared bit on mprotect() (git-fixes). - xfs: add missing cmap->br_state = XFS_EXT_NORM update (git-fixes). - xfs: fix exception caused by unexpected illegal bestcount in leaf dir (git-fixes). - xfs: Fix false ENOSPC when performing direct write on a delalloc extent in cow fork (git-fixes). - xfs: fix imprecise logic in xchk_btree_check_block_owner (git-fixes). - xfs: fix inode reservation space for removing transaction (git-fixes). - xfs: shrink failure needs to hold AGI buffer (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2051-1 Released: Tue Jun 18 09:16:01 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2236-1 Released: Wed Jun 26 13:01:03 2024 Summary: Recommended update for sysconfig Type: recommended Severity: important References: 1185882,1194557,1199093 This update for sysconfig fixes the following issues: - Update to version 0.85.9 - Revert to recommend wicked-service on <= 15.4 - netconfig: remove sed dependency - netconfig/dns-resolver: remove search limit of 6 domains (bsc#1199093) - netconfig: cleanup /var/run leftovers (bsc#1194557) - netconfig: update ntp man page documentation, fix typos - spec: drop legacy migration (from sle11) and rpm-utils - netconfig: revert NM default policy change change (bsc#1185882) With the change to the default policy, netconfig with NetworkManager as network.service accepted settings from all services/programs directly instead only from NetworkManager, where plugins/services have to deliver their settings to apply them ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2283-1 Released: Tue Jul 2 23:12:19 2024 Summary: Security update for libndp Type: security Severity: important References: 1225771,CVE-2024-5564 This update for libndp fixes the following issues: - CVE-2024-5564: Add a check on the route information option length field. (bsc#1225771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2291-1 Released: Wed Jul 3 12:43:47 2024 Summary: Recommended update for elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5, seedimage-builder1.5 Type: recommended Severity: moderate References: This update for elemental-operator1.5, elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5, seedimage-builder1.5 contains the following fixes: Changes in elemental-operator1.5: - Update to version 1.5.4: * [BACKPORT] Ensure re-sync is triggered * [BACKPORT] operator: fix ManagedOSVersionChannel sync Changes in elemental-operator1.5-crds-helm, elemental-operator1.5-helm, operator-image1.5, seedimage-builder1.5: - Update to version 1.5.4. The following package changes have been done: - glibc-2.31-150300.83.1 updated - libjitterentropy3-3.4.1-150000.1.12.1 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libxml2-2-2.10.3-150500.5.17.1 updated - libopenssl1_1-1.1.1l-150500.17.31.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.20.1 updated - suse-module-tools-15.5.5-150500.3.12.2 updated - libndp0-1.6-150000.3.3.1 updated - sysconfig-0.85.9-150500.3.4.1 updated - sysconfig-netconfig-0.85.9-150500.3.4.1 updated - elemental-register1.5-1.5.4-150500.1.11.1 updated - elemental-support1.5-1.5.4-150500.1.11.1 updated - glibc-locale-base-2.31-150300.83.1 updated - kernel-rt-5.14.21-150500.13.58.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.58 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:12:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:12:12 +0200 (CEST) Subject: SUSE-CU-2024:3010-1: Recommended update of bci/openjdk-devel Message-ID: <20240704071212.2B6B2F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3010-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-21.8 Container Release : 21.8 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. The following package changes have been done: - libprocps8-3.3.17-150000.7.39.1 updated - procps-3.3.17-150000.7.39.1 updated - container:bci-openjdk-11-15.5.11-22.8 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:13:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:13:57 +0200 (CEST) Subject: SUSE-CU-2024:3025-1: Recommended update of bci/openjdk Message-ID: <20240704071357.C66A6F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3025-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-14.5 , bci/openjdk:latest Container Release : 14.5 Severity : moderate Type : recommended References : 1188441 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. The following package changes have been done: - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - container:sles15-image-15.0.0-47.5.13 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:14:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:14:04 +0200 (CEST) Subject: SUSE-CU-2024:3032-1: Security update of bci/python Message-ID: <20240704071404.D4ED6F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3032-1 Container Tags : bci/python:3 , bci/python:3-42.5 , bci/python:3.12 , bci/python:3.12-42.5 Container Release : 42.5 Severity : critical Type : security References : 1029961 1092100 1121753 1158830 1158830 1158830 1181475 1181976 1185417 1188441 1195468 1206412 1206798 1209122 1209122 1214025 1214290 1224168 1224170 1224171 1224172 1224173 1225598 1226415 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2023-4016 CVE-2023-4156 CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2730-1 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Type: security Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:225-1 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:11-1 Released: Tue Jan 2 13:24:52 2024 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1029961,1158830,1206798,1209122 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-? as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2214-1 Released: Tue Jun 25 17:11:26 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1225598 This update for util-linux fixes the following issue: - Fix hang of lscpu -e (bsc#1225598) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2239-1 Released: Wed Jun 26 13:09:10 2024 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1226415 This update for systemd contains the following fixes: - testsuite: move a misplaced %endif - Do not remove existing configuration files in /etc. If these files were modified on the systemd, that may cause unwanted side effects (bsc#1226415). - Import upstream commit (merge of v254.13) Use the pty slave fd opened from the namespace when transient service is running in a container. This revert the backport of the broken commit until a fix is released in the v254-stable tree. - Import upstream commit (merge of v254.11) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e8d77af4240894da620de74fbc7823aaaa448fef...85db84ee440eac202c4b5507e96e1704269179bc ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2277-1 Released: Tue Jul 2 17:03:49 2024 Summary: Security update for git Type: security Severity: important References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465 This update for git fixes the following issues: - CVE-2024-32002: Fix recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion. (bsc#1224168) - CVE-2024-32004: Fixed arbitrary code execution during local clones. (bsc#1224170) - CVE-2024-32020: Fix file overwriting vulnerability during local clones. (bsc#1224171) - CVE-2024-32021: Git may create hardlinks to arbitrary user-readable files. (bsc#1224172) - CVE-2024-32465: Fixed arbitrary code execution during clone operations. (bsc#1224173) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. The following package changes have been done: - libuuid1-2.39.3-150600.4.6.2 updated - liblz4-1-1.9.4-150600.1.4 added - libgpg-error0-1.47-150600.1.3 added - libgcrypt20-1.10.3-150600.1.23 added - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libsystemd0-254.13-150600.4.5.1 added - libprocps8-3.3.17-150000.7.39.1 added - procps-3.3.17-150000.7.39.1 added - gawk-4.2.1-150000.3.3.1 added - git-core-2.43.0-150600.3.3.1 updated - container:sles15-image-15.0.0-47.5.13 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:14:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:14:08 +0200 (CEST) Subject: SUSE-CU-2024:3036-1: Security update of suse/rmt-server Message-ID: <20240704071408.080BBF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3036-1 Container Tags : suse/rmt-server:2.17 , suse/rmt-server:2.17-36.4 , suse/rmt-server:latest Container Release : 36.4 Severity : low Type : security References : 1224282 CVE-2024-34459 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). The following package changes have been done: - libxml2-2-2.10.3-150500.5.17.1 updated - container:sles15-image-15.0.0-47.5.13 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:14:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:14:15 +0200 (CEST) Subject: SUSE-CU-2024:3040-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240704071415.713DDF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3040-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.17.9 , bci/bci-sle15-kernel-module-devel:latest Container Release : 17.9 Severity : low Type : security References : 1224282 CVE-2024-34459 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). The following package changes have been done: - libxml2-2-2.10.3-150500.5.17.1 updated - container:sles15-image-15.0.0-47.5.13 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:14:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:14:19 +0200 (CEST) Subject: SUSE-CU-2024:3041-1: Security update of suse/sle15 Message-ID: <20240704071419.63AC6F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3041-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.5.13 , suse/sle15:15.6 , suse/sle15:15.6.47.5.13 Container Release : 47.5.13 Severity : low Type : security References : 1224282 CVE-2024-34459 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). The following package changes have been done: - libxml2-2-2.10.3-150500.5.17.1 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:14:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:14:20 +0200 (CEST) Subject: SUSE-CU-2024:3042-1: Security update of bci/spack Message-ID: <20240704071420.58F6BF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3042-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-8.6 , bci/spack:0.21.2 , bci/spack:0.21.2-8.6 , bci/spack:latest Container Release : 8.6 Severity : low Type : security References : 1224282 CVE-2024-34459 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). The following package changes have been done: - libxml2-2-2.10.3-150500.5.17.1 updated - container:sles15-image-15.0.0-47.5.13 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:15:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:15:16 +0200 (CEST) Subject: SUSE-CU-2024:3044-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240704071516.4CF4DF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3044-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.12 , suse/manager/4.3/proxy-salt-broker:4.3.12.9.42.25 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.42.25 Severity : low Type : security References : 1224282 CVE-2024-34459 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2279-1 Released: Tue Jul 2 18:33:22 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). The following package changes have been done: - libxml2-2-2.9.14-150400.5.32.1 updated - container:sles15-ltss-image-15.0.0-3.44 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:15:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:15:35 +0200 (CEST) Subject: SUSE-CU-2024:3045-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20240704071535.362EFF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3045-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.12 , suse/manager/4.3/proxy-squid:4.3.12.9.51.15 , suse/manager/4.3/proxy-squid:latest Container Release : 9.51.15 Severity : low Type : security References : 1224282 CVE-2024-34459 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2279-1 Released: Tue Jul 2 18:33:22 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). The following package changes have been done: - libxml2-2-2.9.14-150400.5.32.1 updated - container:sles15-ltss-image-15.0.0-3.44 updated From sle-container-updates at lists.suse.com Thu Jul 4 07:45:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 4 Jul 2024 09:45:55 +0200 (CEST) Subject: SUSE-CU-2024:3045-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20240704074555.08062F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3045-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.12 , suse/manager/4.3/proxy-squid:4.3.12.9.51.15 , suse/manager/4.3/proxy-squid:latest Container Release : 9.51.15 Severity : low Type : security References : 1224282 CVE-2024-34459 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2279-1 Released: Tue Jul 2 18:33:22 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). The following package changes have been done: - libxml2-2-2.9.14-150400.5.32.1 updated - container:sles15-ltss-image-15.0.0-3.44 updated From sle-container-updates at lists.suse.com Fri Jul 5 07:06:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 5 Jul 2024 09:06:05 +0200 (CEST) Subject: SUSE-CU-2024:3050-1: Security update of suse/sles12sp5 Message-ID: <20240705070605.C7EC8F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3050-1 Container Tags : suse/sles12sp5:6.8.11 , suse/sles12sp5:latest Container Release : 6.8.11 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2300-1 Released: Thu Jul 4 11:03:50 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.16.3-46.15.1 updated From sle-container-updates at lists.suse.com Fri Jul 5 08:59:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 5 Jul 2024 10:59:54 +0200 (CEST) Subject: SUSE-CU-2024:3055-1: Security update of suse/sle15 Message-ID: <20240705085954.EAD0EF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3055-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.14 Container Release : 9.8.14 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2305-1 Released: Fri Jul 5 00:13:02 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.16.3-150100.3.36.1 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:06:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:06:48 +0200 (CEST) Subject: SUSE-CU-2024:3056-1: Security update of suse/389-ds Message-ID: <20240706070648.75610F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3056-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-36.5 , suse/389-ds:latest Container Release : 36.5 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - krb5-client-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:06:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:06:51 +0200 (CEST) Subject: SUSE-CU-2024:3059-1: Security update of suse/registry Message-ID: <20240706070651.D8815F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3059-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-19.8 , suse/registry:latest Container Release : 19.8 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:06:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:06:58 +0200 (CEST) Subject: SUSE-CU-2024:3064-1: Security update of suse/git Message-ID: <20240706070658.B2B5FF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3064-1 Container Tags : suse/git:2.43 , suse/git:2.43-17.9 , suse/git:latest Container Release : 17.9 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:06:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:06:59 +0200 (CEST) Subject: SUSE-CU-2024:3065-1: Security update of bci/golang Message-ID: <20240706070659.B27F0F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3065-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-2.34.7 , bci/golang:oldstable , bci/golang:oldstable-2.34.7 Container Release : 34.7 Severity : important Type : security References : 1212475 1227186 1227187 1227314 CVE-2024-24791 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2308-1 Released: Fri Jul 5 12:05:07 2024 Summary: Security update for go1.21 Type: security Severity: important References: 1212475,1227314,CVE-2024-24791 This update for go1.21 fixes the following issues: Updated to version 1.21.12 (bsc#1212475): - CVE-2024-24791: Fixed a potential denial of service due to improper handling of HTTP 100-continue headers (bsc#1227314). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - go1.21-doc-1.21.12-150000.1.39.1 updated - go1.21-1.21.12-150000.1.39.1 updated - go1.21-race-1.21.12-150000.1.39.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:07:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:07:00 +0200 (CEST) Subject: SUSE-CU-2024:3066-1: Security update of bci/golang Message-ID: <20240706070700.BB182F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3066-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-34.7 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-34.7 Container Release : 34.7 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:07:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:07:01 +0200 (CEST) Subject: SUSE-CU-2024:3067-1: Security update of bci/golang Message-ID: <20240706070701.CFE36F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3067-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-1.34.7 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.34.7 Container Release : 34.7 Severity : important Type : security References : 1218424 1227186 1227187 1227314 CVE-2024-24791 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2309-1 Released: Fri Jul 5 12:05:37 2024 Summary: Security update for go1.22 Type: security Severity: important References: 1218424,1227314,CVE-2024-24791 This update for go1.22 fixes the following issues: Updated to version 1.22.5 (bsc#1218424): - CVE-2024-24791: Fixed a potential denial of service due to improper handling of HTTP 100-continue headers (bsc#1227314). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - go1.22-doc-1.22.5-150000.1.21.1 updated - go1.22-1.22.5-150000.1.21.1 updated - go1.22-race-1.22.5-150000.1.21.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:07:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:07:02 +0200 (CEST) Subject: SUSE-CU-2024:3068-1: Security update of bci/golang Message-ID: <20240706070702.B62D2F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3068-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-34.7 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-34.7 Container Release : 34.7 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:07:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:07:07 +0200 (CEST) Subject: SUSE-CU-2024:3069-1: Security update of bci/bci-init Message-ID: <20240706070707.52374F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3069-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.17.9 , bci/bci-init:latest Container Release : 17.9 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:07:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:07:08 +0200 (CEST) Subject: SUSE-CU-2024:3070-1: Security update of suse/nginx Message-ID: <20240706070708.669F9F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3070-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-36.6 , suse/nginx:latest Container Release : 36.6 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:07:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:07:09 +0200 (CEST) Subject: SUSE-CU-2024:3071-1: Security update of bci/nodejs Message-ID: <20240706070709.7618BF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3071-1 Container Tags : bci/node:20 , bci/node:20-31.7 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-31.7 , bci/nodejs:latest Container Release : 31.7 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:07:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:07:13 +0200 (CEST) Subject: SUSE-CU-2024:3072-1: Security update of bci/openjdk-devel Message-ID: <20240706070713.A596FF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3072-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-14.9 , bci/openjdk-devel:latest Container Release : 14.9 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:bci-openjdk-21-15.6.21-14.6 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:07:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:07:18 +0200 (CEST) Subject: SUSE-CU-2024:3074-1: Security update of suse/pcp Message-ID: <20240706070718.3064BF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3074-1 Container Tags : suse/pcp:5 , suse/pcp:5-36.8 , suse/pcp:5.3 , suse/pcp:5.3-36.8 , suse/pcp:5.3.7 , suse/pcp:5.3.7-36.8 , suse/pcp:latest Container Release : 36.8 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:bci-bci-init-15.6-15.6-17.9 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:07:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:07:19 +0200 (CEST) Subject: SUSE-CU-2024:3075-1: Security update of bci/php-apache Message-ID: <20240706070719.334EDF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3075-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-31.6 , bci/php-apache:latest Container Release : 31.6 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:07:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:07:20 +0200 (CEST) Subject: SUSE-CU-2024:3076-1: Security update of bci/php-fpm Message-ID: <20240706070720.3C9C6F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3076-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-31.6 , bci/php-fpm:latest Container Release : 31.6 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:07:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:07:22 +0200 (CEST) Subject: SUSE-CU-2024:3078-1: Security update of suse/postgres Message-ID: <20240706070722.2B0E5FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3078-1 Container Tags : suse/postgres:16 , suse/postgres:16-36.6 , suse/postgres:16.2 , suse/postgres:16.2-36.6 , suse/postgres:latest Container Release : 36.6 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:07:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:07:23 +0200 (CEST) Subject: SUSE-CU-2024:3079-1: Security update of bci/python Message-ID: <20240706070723.42AE0FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3079-1 Container Tags : bci/python:3 , bci/python:3-42.7 , bci/python:3.11 , bci/python:3.11-42.7 , bci/python:latest Container Release : 42.7 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:07:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:07:29 +0200 (CEST) Subject: SUSE-CU-2024:3083-1: Security update of suse/rmt-mariadb Message-ID: <20240706070729.D49FCFD57@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3083-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-36.3 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-36.3 , suse/rmt-mariadb:latest Container Release : 36.3 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:07:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:07:21 +0200 (CEST) Subject: SUSE-CU-2024:3077-1: Security update of bci/php Message-ID: <20240706070721.1F330F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3077-1 Container Tags : bci/php:8 , bci/php:8-31.6 , bci/php:latest Container Release : 31.6 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:07:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:07:27 +0200 (CEST) Subject: SUSE-CU-2024:3081-1: Security update of bci/python Message-ID: <20240706070727.ABD8AFD1A@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3081-1 Container Tags : bci/python:3 , bci/python:3-42.7 , bci/python:3.6 , bci/python:3.6-42.7 Container Release : 42.7 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:07:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:07:26 +0200 (CEST) Subject: SUSE-CU-2024:3080-1: Security update of bci/python Message-ID: <20240706070726.AE171FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3080-1 Container Tags : bci/python:3 , bci/python:3-42.7 , bci/python:3.12 , bci/python:3.12-42.7 Container Release : 42.7 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sat Jul 6 07:07:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 6 Jul 2024 09:07:28 +0200 (CEST) Subject: SUSE-CU-2024:3082-1: Security update of suse/rmt-mariadb-client Message-ID: <20240706070728.C10E3FD1B@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3082-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11-37.3 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11-37.3 , suse/rmt-mariadb-client:latest Container Release : 37.3 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sun Jul 7 07:07:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 7 Jul 2024 09:07:20 +0200 (CEST) Subject: SUSE-CU-2024:3083-1: Security update of suse/rmt-mariadb Message-ID: <20240707070720.52FFDFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3083-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-36.3 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-36.3 , suse/rmt-mariadb:latest Container Release : 36.3 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sun Jul 7 07:07:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 7 Jul 2024 09:07:22 +0200 (CEST) Subject: SUSE-CU-2024:3084-1: Security update of suse/rmt-server Message-ID: <20240707070722.08A39FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3084-1 Container Tags : suse/rmt-server:2.17 , suse/rmt-server:2.17-36.6 , suse/rmt-server:latest Container Release : 36.6 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/rmt-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sun Jul 7 07:07:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 7 Jul 2024 09:07:22 +0200 (CEST) Subject: SUSE-CU-2024:3085-1: Security update of bci/ruby Message-ID: <20240707070722.E5898FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3085-1 Container Tags : bci/ruby:2 , bci/ruby:2-17.7 , bci/ruby:2.5 , bci/ruby:2.5-17.7 , bci/ruby:latest Container Release : 17.7 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sun Jul 7 07:07:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 7 Jul 2024 09:07:23 +0200 (CEST) Subject: SUSE-CU-2024:3086-1: Security update of bci/rust Message-ID: <20240707070723.B829EFBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3086-1 Container Tags : bci/rust:1.78 , bci/rust:1.78-2.3.5 , bci/rust:oldstable , bci/rust:oldstable-2.3.5 Container Release : 3.5 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sun Jul 7 07:07:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 7 Jul 2024 09:07:24 +0200 (CEST) Subject: SUSE-CU-2024:3087-1: Security update of bci/rust Message-ID: <20240707070724.848B4FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3087-1 Container Tags : bci/rust:1.79 , bci/rust:1.79-1.4.5 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.4.5 Container Release : 4.5 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sun Jul 7 07:07:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 7 Jul 2024 09:07:30 +0200 (CEST) Subject: SUSE-CU-2024:3088-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240707070730.EFBB2FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3088-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.17.11 , bci/bci-sle15-kernel-module-devel:latest Container Release : 17.11 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Sun Jul 7 07:07:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 7 Jul 2024 09:07:35 +0200 (CEST) Subject: SUSE-CU-2024:3089-1: Security update of suse/sle15 Message-ID: <20240707070735.1D84DFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3089-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.5.14 , suse/sle15:15.6 , suse/sle15:15.6.47.5.14 Container Release : 47.5.14 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated From sle-container-updates at lists.suse.com Sun Jul 7 07:07:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 7 Jul 2024 09:07:36 +0200 (CEST) Subject: SUSE-CU-2024:3090-1: Security update of bci/spack Message-ID: <20240707070736.3E8AEFBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3090-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-8.8 , bci/spack:0.21.2 , bci/spack:0.21.2-8.8 , bci/spack:latest Container Release : 8.8 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150600.11.3.1 updated - container:sles15-image-15.0.0-47.5.14 updated From sle-container-updates at lists.suse.com Tue Jul 9 07:01:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Jul 2024 09:01:36 +0200 (CEST) Subject: SUSE-IU-2024:624-1: Security update of suse/sle-micro/5.5 Message-ID: <20240709070136.CEEE2F788@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:624-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.62 , suse/sle-micro/5.5:latest Image Release : 5.5.62 Severity : important Type : security References : 1227150 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2302-1 Released: Thu Jul 4 16:21:10 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2325-1 Released: Mon Jul 8 15:07:46 2024 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1227150 This update for xfsprogs fixes the following issue: - xfs_copy: don't use cached buffer reads until after libxfs_mount (bsc#1227150) The following package changes have been done: - krb5-1.20.1-150500.3.9.1 updated - xfsprogs-5.13.0-150400.3.10.2 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.36 updated From sle-container-updates at lists.suse.com Tue Jul 9 07:05:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Jul 2024 09:05:50 +0200 (CEST) Subject: SUSE-CU-2024:3093-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20240709070550.21FC3F788@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3093-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.1 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. The following package changes have been done: - libprocps8-3.3.17-150000.7.39.1 added - procps-3.3.17-150000.7.39.1 added From sle-container-updates at lists.suse.com Tue Jul 9 07:08:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 9 Jul 2024 09:08:20 +0200 (CEST) Subject: SUSE-CU-2024:3094-1: Recommended update of suse/sle15 Message-ID: <20240709070820.561EFF788@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3094-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.16 Container Release : 9.8.16 Severity : moderate Type : recommended References : 1227396 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2310-1 Released: Mon Jul 8 09:15:35 2024 Summary: Recommended update for libssh Type: recommended Severity: moderate References: 1227396 This update for libssh fixes the following issue: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1227396) The following package changes have been done: - libssh-config-0.9.8-150200.13.6.2 updated - libssh4-0.9.8-150200.13.6.2 updated From sle-container-updates at lists.suse.com Wed Jul 10 07:01:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Jul 2024 09:01:15 +0200 (CEST) Subject: SUSE-IU-2024:630-1: Security update of suse-sles-15-sp6-chost-byos-v20240708-x86_64-gen2 Message-ID: <20240710070115.C10F7F788@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20240708-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:630-1 Image Tags : suse-sles-15-sp6-chost-byos-v20240708-x86_64-gen2:20240708 Image Release : Severity : important Type : security References : 1224282 1226642 1227186 1227187 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 CVE-2024-6387 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20240708-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2253-1 Released: Mon Jul 1 18:33:02 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: This update for containerd fixes the following issues: - Revert the noarch change for devel subpackage Switching to noarch causes issues on SLES maintenance updates, reverting it fixes our image builds ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2275-1 Released: Tue Jul 2 16:33:30 2024 Summary: Security update for openssh Type: security Severity: important References: 1226642,CVE-2024-6387 This update for openssh fixes the following issues: - CVE-2024-6387: Fixed race condition in a signal handler (bsc#1226642) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:27 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - containerd-ctr-1.7.17-150000.114.1 updated - containerd-1.7.17-150000.114.1 updated - krb5-1.20.1-150600.11.3.1 updated - libprocps8-3.3.17-150000.7.39.1 updated - libxml2-2-2.10.3-150500.5.17.1 updated - openssh-clients-9.6p1-150600.6.3.1 updated - openssh-common-9.6p1-150600.6.3.1 updated - openssh-server-9.6p1-150600.6.3.1 updated - openssh-9.6p1-150600.6.3.1 updated - procps-3.3.17-150000.7.39.1 updated From sle-container-updates at lists.suse.com Wed Jul 10 07:01:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Jul 2024 09:01:18 +0200 (CEST) Subject: SUSE-IU-2024:632-1: Security update of sles-15-sp6-chost-byos-v20240708-arm64 Message-ID: <20240710070118.58A23FCBE@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp6-chost-byos-v20240708-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:632-1 Image Tags : sles-15-sp6-chost-byos-v20240708-arm64:20240708 Image Release : Severity : important Type : security References : 1224282 1226642 1227186 1227187 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 CVE-2024-6387 ----------------------------------------------------------------- The container sles-15-sp6-chost-byos-v20240708-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2253-1 Released: Mon Jul 1 18:33:02 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: This update for containerd fixes the following issues: - Revert the noarch change for devel subpackage Switching to noarch causes issues on SLES maintenance updates, reverting it fixes our image builds ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2275-1 Released: Tue Jul 2 16:33:30 2024 Summary: Security update for openssh Type: security Severity: important References: 1226642,CVE-2024-6387 This update for openssh fixes the following issues: - CVE-2024-6387: Fixed race condition in a signal handler (bsc#1226642) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:27 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - containerd-ctr-1.7.17-150000.114.1 updated - containerd-1.7.17-150000.114.1 updated - krb5-1.20.1-150600.11.3.1 updated - libprocps8-3.3.17-150000.7.39.1 updated - libxml2-2-2.10.3-150500.5.17.1 updated - openssh-clients-9.6p1-150600.6.3.1 updated - openssh-common-9.6p1-150600.6.3.1 updated - openssh-server-9.6p1-150600.6.3.1 updated - openssh-9.6p1-150600.6.3.1 updated - procps-3.3.17-150000.7.39.1 updated From sle-container-updates at lists.suse.com Wed Jul 10 07:01:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 10 Jul 2024 09:01:17 +0200 (CEST) Subject: SUSE-IU-2024:631-1: Security update of suse-sles-15-sp6-chost-byos-v20240708-hvm-ssd-x86_64 Message-ID: <20240710070117.0C063FBA1@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20240708-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:631-1 Image Tags : suse-sles-15-sp6-chost-byos-v20240708-hvm-ssd-x86_64:20240708 Image Release : Severity : important Type : security References : 1224282 1226642 1227186 1227187 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 CVE-2024-6387 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20240708-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2253-1 Released: Mon Jul 1 18:33:02 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: This update for containerd fixes the following issues: - Revert the noarch change for devel subpackage Switching to noarch causes issues on SLES maintenance updates, reverting it fixes our image builds ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2275-1 Released: Tue Jul 2 16:33:30 2024 Summary: Security update for openssh Type: security Severity: important References: 1226642,CVE-2024-6387 This update for openssh fixes the following issues: - CVE-2024-6387: Fixed race condition in a signal handler (bsc#1226642) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:27 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - containerd-ctr-1.7.17-150000.114.1 updated - containerd-1.7.17-150000.114.1 updated - krb5-1.20.1-150600.11.3.1 updated - libprocps8-3.3.17-150000.7.39.1 updated - libxml2-2-2.10.3-150500.5.17.1 updated - openssh-clients-9.6p1-150600.6.3.1 updated - openssh-common-9.6p1-150600.6.3.1 updated - openssh-server-9.6p1-150600.6.3.1 updated - openssh-9.6p1-150600.6.3.1 updated - procps-3.3.17-150000.7.39.1 updated From sle-container-updates at lists.suse.com Thu Jul 11 07:02:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Jul 2024 09:02:16 +0200 (CEST) Subject: SUSE-CU-2024:3099-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20240711070216.0EC4EFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3099-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.4.75 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.4.75 Container Release : 4.75 Severity : important Type : security References : 1227186 1227187 1227396 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2303-1 Released: Thu Jul 4 16:25:35 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2310-1 Released: Mon Jul 8 09:15:35 2024 Summary: Recommended update for libssh Type: recommended Severity: moderate References: 1227396 This update for libssh fixes the following issue: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1227396) The following package changes have been done: - krb5-1.19.2-150300.19.1 updated - libssh-config-0.9.8-150200.13.6.2 updated - libssh4-0.9.8-150200.13.6.2 updated From sle-container-updates at lists.suse.com Thu Jul 11 07:05:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Jul 2024 09:05:01 +0200 (CEST) Subject: SUSE-CU-2024:3100-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240711070501.62F6BFBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3100-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.18.3 Container Release : 18.3 Severity : important Type : security References : 1224282 1227186 1227187 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2302-1 Released: Thu Jul 4 16:21:10 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - libxml2-2-2.10.3-150500.5.17.1 updated - krb5-1.20.1-150500.3.9.1 updated - container:sles15-image-15.0.0-36.14.4 updated From sle-container-updates at lists.suse.com Thu Jul 11 07:05:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Jul 2024 09:05:05 +0200 (CEST) Subject: SUSE-CU-2024:3101-1: Security update of suse/git Message-ID: <20240711070505.262ACFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3101-1 Container Tags : suse/git:2.43 , suse/git:2.43-17.10 , suse/git:latest Container Release : 17.10 Severity : moderate Type : security References : 1218215 1224392 1225904 1227318 1227350 CVE-2023-51385 CVE-2024-39894 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2393-1 Released: Wed Jul 10 17:33:47 2024 Summary: Security update for openssh Type: security Severity: moderate References: 1218215,1224392,1225904,1227318,1227350,CVE-2023-51385,CVE-2024-39894 This update for openssh fixes the following issues: Security fixes: - CVE-2024-39894: Fixed timing attacks against echo-off password entry (bsc#1227318). Other fixes: - Add obsoletes for openssh-server-config-rootlogin (bsc#1227350). - Add #include in some files added by the ldap patch to fix build with gcc14 (bsc#1225904). - Remove the recommendation for openssh-server-config-rootlogin from openssh-server (bsc#1224392). The following package changes have been done: - openssh-clients-9.6p1-150600.6.6.1 updated - openssh-common-9.6p1-150600.6.6.1 updated From sle-container-updates at lists.suse.com Thu Jul 11 11:49:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Jul 2024 13:49:13 +0200 (CEST) Subject: SUSE-CU-2024:3104-1: Security update of bci/bci-init Message-ID: <20240711114913.052FFF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3104-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.23.6 Container Release : 23.6 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2302-1 Released: Thu Jul 4 16:21:10 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150500.3.9.1 updated - container:sles15-image-15.0.0-36.14.4 updated From sle-container-updates at lists.suse.com Thu Jul 11 11:46:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 11 Jul 2024 13:46:41 +0200 (CEST) Subject: SUSE-CU-2024:3103-1: Security update of suse/ltss/sle15.4/sle15 Message-ID: <20240711114641.22CE1F788@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3103-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.45 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.45 Container Release : 3.45 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2322-1 Released: Mon Jul 8 14:54:00 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.19.2-150400.3.12.1 updated From sle-container-updates at lists.suse.com Fri Jul 12 07:01:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Jul 2024 09:01:35 +0200 (CEST) Subject: SUSE-IU-2024:642-1: Security update of suse/sle-micro/5.5 Message-ID: <20240712070135.CB4B4F788@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:642-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.63 , suse/sle-micro/5.5:latest Image Release : 5.5.63 Severity : moderate Type : security References : 1141157 CVE-2019-13225 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2401-1 Released: Thu Jul 11 06:36:43 2024 Summary: Security update for oniguruma Type: security Severity: moderate References: 1141157,CVE-2019-13225 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). The following package changes have been done: - libonig4-6.7.0-150000.3.6.1 updated From sle-container-updates at lists.suse.com Fri Jul 12 07:05:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Jul 2024 09:05:03 +0200 (CEST) Subject: SUSE-CU-2024:3106-1: Recommended update of suse/sle15 Message-ID: <20240712070503.D15C9F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3106-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.17 Container Release : 9.8.17 Severity : moderate Type : recommended References : 1227429 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key The following package changes have been done: - suse-build-key-12.0-150000.8.46.2 updated From sle-container-updates at lists.suse.com Fri Jul 12 07:05:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Jul 2024 09:05:20 +0200 (CEST) Subject: SUSE-CU-2024:3107-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20240712070520.14E16F788@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3107-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.4.76 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.4.76 Container Release : 4.76 Severity : moderate Type : recommended References : 1227429 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key The following package changes have been done: - suse-build-key-12.0-150000.8.46.2 updated From sle-container-updates at lists.suse.com Fri Jul 12 07:05:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Jul 2024 09:05:39 +0200 (CEST) Subject: SUSE-CU-2024:3108-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240712070539.21F20F788@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3108-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.3.46 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.3.46 Container Release : 3.46 Severity : moderate Type : recommended References : 1227429 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key The following package changes have been done: - suse-build-key-12.0-150000.8.46.2 updated From sle-container-updates at lists.suse.com Fri Jul 12 07:09:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Jul 2024 09:09:02 +0200 (CEST) Subject: SUSE-CU-2024:3111-1: Security update of bci/nodejs Message-ID: <20240712070902.4A664F788@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3111-1 Container Tags : bci/node:18 , bci/node:18-26.8 , bci/nodejs:18 , bci/nodejs:18-26.8 Container Release : 26.8 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2302-1 Released: Thu Jul 4 16:21:10 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150500.3.9.1 updated - container:sles15-image-15.0.0-36.14.5 updated From sle-container-updates at lists.suse.com Fri Jul 12 07:09:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Jul 2024 09:09:45 +0200 (CEST) Subject: SUSE-CU-2024:3112-1: Security update of bci/openjdk-devel Message-ID: <20240712070945.BD3B1F788@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3112-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-22.3 Container Release : 22.3 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2302-1 Released: Thu Jul 4 16:21:10 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150500.3.9.1 updated - container:bci-openjdk-11-15.5.11-23.1 updated From sle-container-updates at lists.suse.com Fri Jul 12 07:11:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Jul 2024 09:11:04 +0200 (CEST) Subject: SUSE-CU-2024:3114-1: Security update of bci/openjdk-devel Message-ID: <20240712071104.B2915F788@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3114-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-24.3 Container Release : 24.3 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2302-1 Released: Thu Jul 4 16:21:10 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150500.3.9.1 updated - container:bci-openjdk-17-15.5.17-25.1 updated From sle-container-updates at lists.suse.com Fri Jul 12 07:12:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Jul 2024 09:12:43 +0200 (CEST) Subject: SUSE-CU-2024:3135-1: Security update of bci/php-apache Message-ID: <20240712071243.3673DF788@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3135-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-31.10 , bci/php-apache:latest Container Release : 31.10 Severity : important Type : security References : 1141157 1227270 1227271 CVE-2019-13225 CVE-2024-38477 CVE-2024-39573 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2401-1 Released: Thu Jul 11 06:36:43 2024 Summary: Security update for oniguruma Type: security Severity: moderate References: 1141157,CVE-2019-13225 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2405-1 Released: Thu Jul 11 10:21:19 2024 Summary: Security update for apache2 Type: security Severity: important References: 1227270,1227271,CVE-2024-38477,CVE-2024-39573 This update for apache2 fixes the following issues: - CVE-2024-38477: Fixed null pointer dereference in mod_proxy (bsc#1227270) - CVE-2024-39573: Fixed potential SSRF in mod_rewrite (bsc#1227271) The following package changes have been done: - libonig4-6.7.0-150000.3.6.1 updated - apache2-prefork-2.4.58-150600.5.11.1 updated - apache2-2.4.58-150600.5.11.1 updated - container:sles15-image-15.0.0-47.5.15 updated From sle-container-updates at lists.suse.com Fri Jul 12 07:12:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Jul 2024 09:12:44 +0200 (CEST) Subject: SUSE-CU-2024:3136-1: Security update of bci/php-fpm Message-ID: <20240712071244.5675CF788@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3136-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-31.9 , bci/php-fpm:latest Container Release : 31.9 Severity : moderate Type : security References : 1141157 CVE-2019-13225 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2401-1 Released: Thu Jul 11 06:36:43 2024 Summary: Security update for oniguruma Type: security Severity: moderate References: 1141157,CVE-2019-13225 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). The following package changes have been done: - libonig4-6.7.0-150000.3.6.1 updated - container:sles15-image-15.0.0-47.5.15 updated From sle-container-updates at lists.suse.com Fri Jul 12 07:12:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Jul 2024 09:12:45 +0200 (CEST) Subject: SUSE-CU-2024:3137-1: Security update of bci/php Message-ID: <20240712071245.79E6AF788@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3137-1 Container Tags : bci/php:8 , bci/php:8-31.9 , bci/php:latest Container Release : 31.9 Severity : moderate Type : security References : 1141157 CVE-2019-13225 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2401-1 Released: Thu Jul 11 06:36:43 2024 Summary: Security update for oniguruma Type: security Severity: moderate References: 1141157,CVE-2019-13225 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). The following package changes have been done: - libonig4-6.7.0-150000.3.6.1 updated - container:sles15-image-15.0.0-47.5.15 updated From sle-container-updates at lists.suse.com Fri Jul 12 07:13:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Jul 2024 09:13:10 +0200 (CEST) Subject: SUSE-CU-2024:3148-1: Recommended update of suse/sle15 Message-ID: <20240712071310.50AE5F788@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3148-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.5.15 , suse/sle15:15.6 , suse/sle15:15.6.47.5.15 Container Release : 47.5.15 Severity : moderate Type : recommended References : 1227429 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key The following package changes have been done: - suse-build-key-12.0-150000.8.46.2 updated From sle-container-updates at lists.suse.com Fri Jul 12 07:13:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Jul 2024 09:13:42 +0200 (CEST) Subject: SUSE-CU-2024:3150-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20240712071342.4D9F5F788@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3150-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.23 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.52.23 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2322-1 Released: Mon Jul 8 14:54:00 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.19.2-150400.3.12.1 updated - container:sles15-ltss-image-15.0.0-3.45 updated From sle-container-updates at lists.suse.com Fri Jul 12 07:14:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Jul 2024 09:14:00 +0200 (CEST) Subject: SUSE-CU-2024:3151-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240712071400.3D99FF788@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3151-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.12 , suse/manager/4.3/proxy-salt-broker:4.3.12.9.42.27 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.42.27 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2322-1 Released: Mon Jul 8 14:54:00 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.19.2-150400.3.12.1 updated - container:sles15-ltss-image-15.0.0-3.45 updated From sle-container-updates at lists.suse.com Fri Jul 12 07:14:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Jul 2024 09:14:17 +0200 (CEST) Subject: SUSE-CU-2024:3152-1: Security update of suse/manager/4.3/proxy-squid Message-ID: <20240712071417.5DBC8F788@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3152-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.12 , suse/manager/4.3/proxy-squid:4.3.12.9.51.17 , suse/manager/4.3/proxy-squid:latest Container Release : 9.51.17 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2322-1 Released: Mon Jul 8 14:54:00 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.19.2-150400.3.12.1 updated - container:sles15-ltss-image-15.0.0-3.45 updated From sle-container-updates at lists.suse.com Fri Jul 12 07:14:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Jul 2024 09:14:35 +0200 (CEST) Subject: SUSE-CU-2024:3153-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20240712071435.0757AF788@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3153-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.12 , suse/manager/4.3/proxy-ssh:4.3.12.9.42.13 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.42.13 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2322-1 Released: Mon Jul 8 14:54:00 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.19.2-150400.3.12.1 updated - container:sles15-ltss-image-15.0.0-3.45 updated From sle-container-updates at lists.suse.com Fri Jul 12 07:14:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 12 Jul 2024 09:14:53 +0200 (CEST) Subject: SUSE-CU-2024:3155-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20240712071453.6B7B8F788@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3155-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.12 , suse/manager/4.3/proxy-tftpd:4.3.12.9.42.14 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.42.14 Severity : important Type : security References : 1227186 1227187 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2322-1 Released: Mon Jul 8 14:54:00 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.19.2-150400.3.12.1 updated - container:sles15-ltss-image-15.0.0-3.45 updated From sle-container-updates at lists.suse.com Mon Jul 15 15:22:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Jul 2024 17:22:11 +0200 (CEST) Subject: SUSE-CU-2024:3166-1: Security update of suse/389-ds Message-ID: <20240715152211.97D55F788@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3166-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-37.2 , suse/389-ds:latest Container Release : 37.2 Severity : important Type : security References : 1219559 1220664 1221563 1221854 1222075 1226447 1226448 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-4032 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) The following package changes have been done: - python3-base-3.6.15-150300.10.65.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - python3-3.6.15-150300.10.65.2 updated From sle-container-updates at lists.suse.com Mon Jul 15 15:22:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Jul 2024 17:22:13 +0200 (CEST) Subject: SUSE-CU-2024:3167-1: Security update of bci/spack Message-ID: <20240715152213.6591FF788@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3167-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-3.3 , bci/spack:0.21.2 , bci/spack:0.21.2-3.3 , bci/spack:latest Container Release : 3.3 Severity : important Type : security References : 1219559 1220664 1221563 1221854 1222075 1226447 1226448 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-4032 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - python3-base-3.6.15-150300.10.65.1 updated From sle-container-updates at lists.suse.com Mon Jul 15 15:22:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Jul 2024 17:22:49 +0200 (CEST) Subject: SUSE-CU-2024:3168-1: Security update of suse/manager/4.3/proxy-httpd Message-ID: <20240715152249.9D9E9F788@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3168-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.12 , suse/manager/4.3/proxy-httpd:4.3.12.9.52.25 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.52.25 Severity : important Type : security References : 1219559 1220664 1221563 1221854 1222075 1226447 1226448 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-4032 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) The following package changes have been done: - python3-base-3.6.15-150300.10.65.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - python3-3.6.15-150300.10.65.2 updated From sle-container-updates at lists.suse.com Mon Jul 15 15:23:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Jul 2024 17:23:13 +0200 (CEST) Subject: SUSE-CU-2024:3169-1: Security update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240715152313.1DDD2F788@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3169-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.12 , suse/manager/4.3/proxy-salt-broker:4.3.12.9.42.29 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.42.29 Severity : important Type : security References : 1219559 1220664 1221563 1221854 1222075 1226447 1226448 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-4032 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-3.6.15-150300.10.65.2 updated From sle-container-updates at lists.suse.com Mon Jul 15 15:23:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Jul 2024 17:23:35 +0200 (CEST) Subject: SUSE-CU-2024:3170-1: Security update of suse/manager/4.3/proxy-ssh Message-ID: <20240715152335.0A151F788@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3170-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.12 , suse/manager/4.3/proxy-ssh:4.3.12.9.42.15 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.42.15 Severity : important Type : security References : 1219559 1220664 1221563 1221854 1222075 1226447 1226448 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-4032 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-3.6.15-150300.10.65.2 updated From sle-container-updates at lists.suse.com Mon Jul 15 15:23:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 15 Jul 2024 17:23:56 +0200 (CEST) Subject: SUSE-CU-2024:3171-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20240715152356.95F44F788@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3171-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.12 , suse/manager/4.3/proxy-tftpd:4.3.12.9.42.16 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.42.16 Severity : important Type : security References : 1219559 1220664 1221563 1221854 1222075 1226447 1226448 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-4032 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-3.6.15-150300.10.65.2 updated From sle-container-updates at lists.suse.com Tue Jul 16 07:02:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Jul 2024 09:02:12 +0200 (CEST) Subject: SUSE-CU-2024:3173-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20240716070212.A57AAF788@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3173-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.3 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.3 Severity : important Type : security References : 1219559 1220664 1221563 1221854 1222075 1226447 1226448 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-4032 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - python3-base-3.6.15-150300.10.65.1 updated From sle-container-updates at lists.suse.com Tue Jul 16 07:04:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Jul 2024 09:04:41 +0200 (CEST) Subject: SUSE-CU-2024:3174-1: Security update of bci/python Message-ID: <20240716070441.7602EF788@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3174-1 Container Tags : bci/python:3 , bci/python:3-42.10 , bci/python:3.6 , bci/python:3.6-42.10 Container Release : 42.10 Severity : important Type : security References : 1219559 1220664 1221563 1221854 1222075 1226447 1226448 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-4032 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-3.6.15-150300.10.65.2 updated - python3-devel-3.6.15-150300.10.65.1 updated From sle-container-updates at lists.suse.com Tue Jul 16 07:04:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 16 Jul 2024 09:04:43 +0200 (CEST) Subject: SUSE-CU-2024:3175-1: Security update of suse/rmt-mariadb Message-ID: <20240716070443.983F6F788@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3175-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-36.6 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-36.6 , suse/rmt-mariadb:latest Container Release : 36.6 Severity : important Type : security References : 1219559 1220664 1221563 1221854 1222075 1226447 1226448 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-4032 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) The following package changes have been done: - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - python3-base-3.6.15-150300.10.65.1 updated From sle-container-updates at lists.suse.com Wed Jul 17 07:06:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Jul 2024 09:06:02 +0200 (CEST) Subject: SUSE-CU-2024:3178-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20240717070602.ACAE9F788@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3178-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.4 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.4 Severity : important Type : security References : 1224282 1227186 1227187 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2302-1 Released: Thu Jul 4 16:21:10 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - krb5-1.20.1-150500.3.9.1 updated - libxml2-2-2.10.3-150500.5.17.1 updated - container:sles15-image-15.0.0-36.14.5 updated From sle-container-updates at lists.suse.com Wed Jul 17 07:09:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Jul 2024 09:09:07 +0200 (CEST) Subject: SUSE-CU-2024:3179-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240717070907.20F7CF788@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3179-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.18.5 Container Release : 18.5 Severity : important Type : security References : 1219559 1220664 1221563 1221854 1222075 1226447 1226448 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-4032 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) The following package changes have been done: - python3-base-3.6.15-150300.10.65.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated From sle-container-updates at lists.suse.com Wed Jul 17 07:09:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Jul 2024 09:09:39 +0200 (CEST) Subject: SUSE-CU-2024:3180-1: Security update of suse/sle15 Message-ID: <20240717070939.06768F788@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3180-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.5 , suse/sle15:15.5 , suse/sle15:15.5.36.14.5 Container Release : 36.14.5 Severity : important Type : security References : 1224282 1227186 1227187 1227429 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2302-1 Released: Thu Jul 4 16:21:10 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key The following package changes have been done: - krb5-1.20.1-150500.3.9.1 updated - libprocps8-3.3.17-150000.7.39.1 updated - libxml2-2-2.10.3-150500.5.17.1 updated - procps-3.3.17-150000.7.39.1 updated - suse-build-key-12.0-150000.8.46.2 updated From sle-container-updates at lists.suse.com Wed Jul 17 07:09:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Jul 2024 09:09:43 +0200 (CEST) Subject: SUSE-CU-2024:3182-1: Security update of suse/registry Message-ID: <20240717070943.73D8CF788@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3182-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-19.9 , suse/registry:latest Container Release : 19.9 Severity : important Type : security References : 1227270 1227271 CVE-2024-38477 CVE-2024-39573 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2405-1 Released: Thu Jul 11 10:21:19 2024 Summary: Security update for apache2 Type: security Severity: important References: 1227270,1227271,CVE-2024-38477,CVE-2024-39573 This update for apache2 fixes the following issues: - CVE-2024-38477: Fixed null pointer dereference in mod_proxy (bsc#1227270) - CVE-2024-39573: Fixed potential SSRF in mod_rewrite (bsc#1227271) The following package changes have been done: - apache2-utils-2.4.58-150600.5.11.1 updated From sle-container-updates at lists.suse.com Wed Jul 17 07:09:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Jul 2024 09:09:58 +0200 (CEST) Subject: SUSE-CU-2024:3186-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240717070958.3B6EAF788@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3186-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.17.14 , bci/bci-sle15-kernel-module-devel:latest Container Release : 17.14 Severity : important Type : security References : 1219559 1220664 1221563 1221854 1222075 1226447 1226448 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-4032 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) The following package changes have been done: - python3-base-3.6.15-150300.10.65.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated From sle-container-updates at lists.suse.com Wed Jul 17 07:10:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 17 Jul 2024 09:10:36 +0200 (CEST) Subject: SUSE-CU-2024:3187-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20240717071036.0ACA6F788@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3187-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.2 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.2 Severity : moderate Type : recommended References : 1216063 1216063 1218724 1218724 1219317 1219317 1219965 1219965 1220221 1220221 1220259 1220259 1220420 1220420 1221629 1221629 1222225 1222225 1222731 1222731 1222996 1222996 1223850 1223855 1224004 1224004 1224786 1224786 1225196 1225196 1225416 1225416 1225634 1225634 1225940 1225940 1226035 1226605 1226913 1226958 1227306 1227306 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2499-1 Released: Tue Jul 16 13:22:51 2024 Summary: Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server Type: recommended Severity: moderate References: 1216063,1218724,1219317,1219965,1220221,1220259,1220420,1221629,1222225,1222731,1222996,1224004,1224786,1225196,1225416,1225634,1225940,1226035,1226605,1226913,1226958,1227306 Maintenance update for SUSE Manager 4.3: Server, Proxy and Retail Branch Server This is a codestream only update ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2520-1 Released: Tue Jul 16 13:47:17 2024 Summary: Maintenance update for SUSE Manager 4.3 Release Notes Type: recommended Severity: moderate References: 1216063,1218724,1219317,1219965,1220221,1220259,1220420,1221629,1222225,1222731,1222996,1223850,1223855,1224004,1224786,1225196,1225416,1225634,1225940,1227306 Maintenance update for SUSE Manager 4.3 Release Notes: This is a codestream only update The following package changes have been done: - release-notes-susemanager-proxy-4.3.13-150400.3.85.3 updated - python3-rhnlib-4.3.6-150400.3.6.9 updated - spacewalk-backend-4.3.29-150400.3.44.11 updated - python3-spacewalk-client-tools-4.3.20-150400.3.30.9 updated - spacewalk-client-tools-4.3.20-150400.3.30.9 updated - mgr-push-4.3.6-150400.3.6.9 updated - python3-mgr-push-4.3.6-150400.3.6.9 updated - spacewalk-proxy-package-manager-4.3.18-150400.3.26.8 updated - spacewalk-proxy-common-4.3.18-150400.3.26.8 updated - spacewalk-proxy-broker-4.3.18-150400.3.26.8 updated - spacewalk-proxy-redirect-4.3.18-150400.3.26.8 updated From sle-container-updates at lists.suse.com Thu Jul 18 07:04:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Jul 2024 09:04:09 +0200 (CEST) Subject: SUSE-CU-2024:3194-1: Security update of bci/nodejs Message-ID: <20240718070409.19712F788@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3194-1 Container Tags : bci/node:18 , bci/node:18-26.9 , bci/nodejs:18 , bci/nodejs:18-26.9 Container Release : 26.9 Severity : moderate Type : security References : 1222665 1227554 1227560 CVE-2024-22020 CVE-2024-27980 CVE-2024-36138 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2542-1 Released: Wed Jul 17 09:51:35 2024 Summary: Security update for nodejs18 Type: security Severity: moderate References: 1222665,1227554,1227560,CVE-2024-22020,CVE-2024-27980,CVE-2024-36138 This update for nodejs18 fixes the following issues: Update to 18.20.4: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass (bsc#1227560) - CVE-2024-22020: Fixed a bypass of network import restriction via data URL (bsc#1227554) Changes in 18.20.3: - This release fixes a regression introduced in Node.js 18.19.0 where http.server.close() was incorrectly closing idle connections. deps: - acorn updated to 8.11.3. - acorn-walk updated to 8.3.2. - ada updated to 2.7.8. - c-ares updated to 1.28.1. - corepack updated to 0.28.0. - nghttp2 updated to 1.61.0. - ngtcp2 updated to 1.3.0. - npm updated to 10.7.0. Includes a fix from npm at 10.5.1 to limit the number of open connections npm/cli#7324. - simdutf updated to 5.2.4. Changes in 18.20.2: - CVE-2024-27980: Fixed command injection via args parameter of child_process.spawn without shell option enabled on Windows (bsc#1222665) The following package changes have been done: - nodejs18-18.20.4-150400.9.24.2 updated - npm18-18.20.4-150400.9.24.2 updated From sle-container-updates at lists.suse.com Thu Jul 18 07:05:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Jul 2024 09:05:19 +0200 (CEST) Subject: SUSE-CU-2024:3196-1: Security update of bci/openjdk Message-ID: <20240718070519.7CA8CF788@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3196-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-24.1 Container Release : 24.1 Severity : important Type : security References : 1029961 1092100 1121753 1158830 1158830 1158830 1168930 1181400 1181475 1181976 1183026 1183580 1185417 1192023 1193722 1195468 1198234 1199232 1199235 1201431 1204455 1204456 1206412 1206798 1207032 1207033 1207815 1208027 1208028 1209122 1209122 1210686 1213514 1214025 1214290 1215533 1216501 1216545 1219901 1220770 1220771 1220772 1221399 1221665 1221667 1222849 1223596 1224168 1224170 1224171 1224172 1224173 1227186 1227187 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2021-21300 CVE-2022-1586 CVE-2022-1587 CVE-2022-23521 CVE-2022-24765 CVE-2022-29187 CVE-2022-39253 CVE-2022-39260 CVE-2022-41409 CVE-2022-41903 CVE-2022-46663 CVE-2022-48624 CVE-2023-22490 CVE-2023-23946 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 CVE-2023-4016 CVE-2023-4156 CVE-2024-2004 CVE-2024-2398 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 CVE-2024-28182 CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 CVE-2024-32487 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2730-1 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Type: security Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:225-1 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2555-1 Released: Thu Jul 29 08:29:55 2021 Summary: Security update for git Type: security Severity: moderate References: 1168930,1183026,1183580,CVE-2021-21300 This update for git fixes the following issues: Update from version 2.26.2 to version 2.31.1 (jsc#SLE-18152) Security fixes: - CVE-2021-21300: On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could run remote code during a clone. (bsc#1183026) Non security changes: - Add `sysusers` file to create `git-daemon` user. - Remove `perl-base` and `openssh-server` dependency on `git-core`and provide a `perl-Git` package. (jsc#SLE-17838) - `fsmonitor` bug fixes - Fix `git bisect` to take an annotated tag as a good/bad endpoint - Fix a corner case in `git mv` on case insensitive systems - Require only `openssh-clients` where possible (like Tumbleweed or SUSE Linux Enterprise >= 15 SP3). (bsc#1183580) - Drop `rsync` requirement, not necessary anymore. - Use of `pack-redundant` command is discouraged and will trigger a warning. The replacement is `repack -d`. - The `--format=%(trailers)` mechanism gets enhanced to make it easier to design output for machine consumption. - No longer give message to choose between rebase or merge upon pull if the history `fast-forwards`. - The configuration variable `core.abbrev` can be set to `no` to force no abbreviation regardless of the hash algorithm - `git rev-parse` can be explicitly told to give output as absolute or relative path with the `--path-format=(absolute|relative)` option. - Bash completion update to make it easier for end-users to add completion for their custom `git` subcommands. - `git maintenance` learned to drive scheduled maintenance on platforms whose native scheduling methods are not 'cron'. - After expiring a reflog and making a single commit, the reflog for the branch would record a single entry that knows both `@{0}` and `@{1}`, but we failed to answer 'what commit were we on?', i.e. `@{1}` - `git bundle` learns `--stdin` option to read its refs from the standard input. Also, it now does not lose refs when they point at the same object. - `git log` learned a new `--diff-merges=` option. - `git ls-files` can and does show multiple entries when the index is unmerged, which is a source for confusion unless `-s/-u` option is in use. A new option `--deduplicate` has been introduced. - `git worktree list` now annotates worktrees as prunable, shows locked and prunable attributes in `--porcelain mode`, and gained a `--verbose` option. - `git clone` tries to locally check out the branch pointed at by HEAD of the remote repository after it is done, but the protocol did not convey the information necessary to do so when copying an empty repository. The protocol v2 learned how to do so. - There are other ways than `..` for a single token to denote a `commit range', namely `^!` and `^-`, but `git range-diff` did not understand them. - The `git range-diff` command learned `--(left|right)-only` option to show only one side of the compared range. - `git mergetool` feeds three versions (base, local and remote) of a conflicted path unmodified. The command learned to optionally prepare these files with unconflicted parts already resolved. - The `.mailmap` is documented to be read only from the root level of a working tree, but a stray file in a bare repository also was read by accident, which has been corrected. - `git maintenance` tool learned a new `pack-refs` maintenance task. - Improved error message given when a configuration variable that is expected to have a boolean value. - Signed commits and tags now allow verification of objects, whose two object names (one in SHA-1, the other in SHA-256) are both signed. - `git rev-list` command learned `--disk-usage` option. - `git diff`, `git log` `--{skip,rotate}-to=` allows the user to discard diff output for early paths or move them to the end of the output. - `git difftool` learned `--skip-to=` option to restart an interrupted session from an arbitrary path. - `git grep` has been tweaked to be limited to the sparse checkout paths. - `git rebase --[no-]fork-point` gained a configuration variable `rebase.forkPoint` so that users do not have to keep specifying a non-default setting. - `git stash` did not work well in a sparsely checked out working tree. - Newline characters in the host and path part of `git://` URL are now forbidden. - `Userdiff` updates for PHP, Rust, CSS - Avoid administrator error leading to data loss with `git push --force-with-lease[=]` by introducing `--force-if-includes` - only pull `asciidoctor` for the default ruby version - The `--committer-date-is-author-date` option of `rebase` and `am` subcommands lost the e-mail address by mistake in 2.29 - The transport protocol v2 has become the default again - `git worktree` gained a `repair` subcommand, `git init --separate-git-dir` no longer corrupts administrative data related to linked worktrees - `git maintenance` introduced for repository maintenance tasks - `fetch.writeCommitGraph` is deemed to be still a bit too risky and is no longer part of the `feature.experimental` set. - The commands in the `diff` family honors the `diff.relative` configuration variable. - `git diff-files` has been taught to say paths that are marked as `intent-to-add` are new files, not modified from an empty blob. - `git gui` now allows opening work trees from the start-up dialog. - `git bugreport` reports what shell is in use. - Some repositories have commits that record wrong committer timezone; `git fast-import` has an option to pass these timestamps intact to allow recreating existing repositories as-is. - `git describe` will always use the `long` version when giving its output based misplaced tags - `git pull` issues a warning message until the `pull.rebase` configuration variable is explicitly given ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3766-1 Released: Tue Nov 23 07:07:43 2021 Summary: Recommended update for git Type: recommended Severity: moderate References: 1192023 This update for git fixes the following issues: - Installation of the 'git-daemon' package needs nogroup group dependency (bsc#1192023) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:227-1 Released: Mon Jan 31 06:05:25 2022 Summary: Recommended update for git Type: recommended Severity: moderate References: 1193722 This update for git fixes the following issues: - update to 2.34.1 (bsc#1193722): * 'git grep' looking in a blob that has non-UTF8 payload was completely broken when linked with certain versions of PCREv2 library in the latest release. * 'git pull' with any strategy when the other side is behind us should succeed as it is a no-op, but doesn't. * An earlier change in 2.34.0 caused JGit application (that abused GIT_EDITOR mechanism when invoking 'git config') to get stuck with a SIGTTOU signal; it has been reverted. * An earlier change that broke .gitignore matching has been reverted. * SubmittingPatches document gained a syntactically incorrect mark-up, which has been corrected. - git 2.33.0: * 'git send-email' learned the '--sendmail-cmd' command line option and the 'sendemail.sendmailCmd' configuration variable, which is a more sensible approach than the current way of repurposing the 'smtp-server' that is meant to name the server to instead name the command to talk to the server. * The userdiff pattern for C# learned the token 'record'. * 'git rev-list' learns to omit the 'commit ' header lines from the output with the `--no-commit-header` option. * 'git worktree add --lock' learned to record why the worktree is locked with a custom message. * internal improvements including performance optimizations * a number of bug fixes - git 2.32.0: * '.gitattributes', '.gitignore', and '.mailmap' files that are symbolic links are ignored * 'git apply --3way' used to first attempt a straight application, and only fell back to the 3-way merge algorithm when the straight application failed. Starting with this version, the command will first try the 3-way merge algorithm and only when it fails (either resulting with conflict or the base versions of blobs are missing), falls back to the usual patch application. * 'git stash show' can now show the untracked part of the stash * Improved 'git repack' strategy * http code can now unlock a certificate with a cached password respectively. * 'git clone --reject-shallow' option fails the clone as soon as we notice that we are cloning from a shallow repository. * 'gitweb' learned 'e-mail privacy' feature * Multiple improvements to output and configuration options * Bug fixes and developer visible fixes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1484-1 Released: Mon May 2 16:47:10 2022 Summary: Security update for git Type: security Severity: important References: 1181400,1198234,CVE-2022-24765 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2550-1 Released: Tue Jul 26 14:00:21 2022 Summary: Security update for git Type: security Severity: important References: 1201431,CVE-2022-29187 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3931-1 Released: Thu Nov 10 11:26:01 2022 Summary: Security update for git Type: security Severity: moderate References: 1204455,1204456,CVE-2022-39253,CVE-2022-39260 This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:110-1 Released: Fri Jan 20 10:18:16 2023 Summary: Security update for git Type: security Severity: important References: 1207032,1207033,CVE-2022-23521,CVE-2022-41903 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the 'git archive' and 'git log --format' commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:348-1 Released: Fri Feb 10 15:08:41 2023 Summary: Security update for less Type: security Severity: moderate References: 1207815,CVE-2022-46663 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:430-1 Released: Wed Feb 15 17:42:25 2023 Summary: Security update for git Type: security Severity: important References: 1208027,1208028,CVE-2023-22490,CVE-2023-23946 This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2038-1 Released: Wed Apr 26 11:06:20 2023 Summary: Security update for git Type: security Severity: moderate References: 1210686,CVE-2023-25652,CVE-2023-25815,CVE-2023-29007 This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). - CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). - CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3994-1 Released: Fri Oct 6 13:44:15 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1215533 This update for git fixes the following issues: - Downgrade openssh dependency to recommends (bsc#1215533) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:11-1 Released: Tue Jan 2 13:24:52 2024 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1029961,1158830,1206798,1209122 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-? as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:960-1 Released: Thu Mar 21 09:35:14 2024 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216545 This update for git fixes the following issues: - Do not replace apparmor configuration (bsc#1216545) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1807-1 Released: Tue May 28 22:11:31 2024 Summary: Security update for git Type: security Severity: important References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465 This update for git fixes the following issues: - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168). - CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170). - CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171). - CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172). - CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2302-1 Released: Thu Jul 4 16:21:10 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 added - libldap-data-2.4.46-150200.14.17.1 added - libgpg-error0-1.42-150400.1.101 added - libsasl2-3-2.1.28-150500.1.1 added - libgcrypt20-1.9.4-150500.10.19 added - libgcrypt20-hmac-1.9.4-150500.10.19 added - libnghttp2-14-1.40.0-150200.17.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libzstd1-1.5.0-150400.3.3.1 added - libcom_err2-1.46.4-150400.3.6.2 added - libunistring2-0.9.10-1.1 added - libkeyutils1-1.6.3-5.6.1 added - libidn2-0-2.2.0-3.6.1 added - libpsl5-0.20.1-150000.3.3.1 added - libverto1-0.2.6-3.20 added - krb5-1.20.1-150500.3.9.1 added - libldap-2_4-2-2.4.46-150200.14.17.1 added - libssh4-0.9.8-150400.3.6.1 added - libcurl4-8.0.1-150400.5.44.1 added - curl-8.0.1-150400.5.44.1 added - liblz4-1-1.9.3-150400.1.7 added - libsystemd0-249.17-150400.8.40.1 added - libprocps8-3.3.17-150000.7.39.1 added - procps-3.3.17-150000.7.39.1 added - libpcre2-8-0-10.39-150400.4.9.1 added - libsha1detectcoll1-1.0.3-2.18 added - which-2.21-2.20 added - gawk-4.2.1-150000.3.3.1 added - less-590-150400.3.9.1 added - git-core-2.35.3-150300.10.39.1 added From sle-container-updates at lists.suse.com Thu Jul 18 07:06:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Jul 2024 09:06:26 +0200 (CEST) Subject: SUSE-CU-2024:3198-1: Security update of bci/openjdk Message-ID: <20240718070626.A1A90F788@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3198-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-26.1 Container Release : 26.1 Severity : important Type : security References : 1029961 1092100 1121753 1158830 1158830 1158830 1168930 1181400 1181475 1181976 1183026 1183580 1185417 1192023 1193722 1195468 1198234 1199232 1199235 1201431 1204455 1204456 1206412 1206798 1207032 1207033 1207815 1208027 1208028 1209122 1209122 1210686 1213514 1214025 1214290 1215533 1216501 1216545 1219901 1220770 1220771 1220772 1221399 1221665 1221667 1222849 1223596 1224168 1224170 1224171 1224172 1224173 1227186 1227187 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2021-21300 CVE-2022-1586 CVE-2022-1587 CVE-2022-23521 CVE-2022-24765 CVE-2022-29187 CVE-2022-39253 CVE-2022-39260 CVE-2022-41409 CVE-2022-41903 CVE-2022-46663 CVE-2022-48624 CVE-2023-22490 CVE-2023-23946 CVE-2023-25652 CVE-2023-25815 CVE-2023-29007 CVE-2023-4016 CVE-2023-4156 CVE-2024-2004 CVE-2024-2398 CVE-2024-26458 CVE-2024-26461 CVE-2024-26462 CVE-2024-28182 CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 CVE-2024-32487 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2730-1 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Type: security Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:225-1 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2555-1 Released: Thu Jul 29 08:29:55 2021 Summary: Security update for git Type: security Severity: moderate References: 1168930,1183026,1183580,CVE-2021-21300 This update for git fixes the following issues: Update from version 2.26.2 to version 2.31.1 (jsc#SLE-18152) Security fixes: - CVE-2021-21300: On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could run remote code during a clone. (bsc#1183026) Non security changes: - Add `sysusers` file to create `git-daemon` user. - Remove `perl-base` and `openssh-server` dependency on `git-core`and provide a `perl-Git` package. (jsc#SLE-17838) - `fsmonitor` bug fixes - Fix `git bisect` to take an annotated tag as a good/bad endpoint - Fix a corner case in `git mv` on case insensitive systems - Require only `openssh-clients` where possible (like Tumbleweed or SUSE Linux Enterprise >= 15 SP3). (bsc#1183580) - Drop `rsync` requirement, not necessary anymore. - Use of `pack-redundant` command is discouraged and will trigger a warning. The replacement is `repack -d`. - The `--format=%(trailers)` mechanism gets enhanced to make it easier to design output for machine consumption. - No longer give message to choose between rebase or merge upon pull if the history `fast-forwards`. - The configuration variable `core.abbrev` can be set to `no` to force no abbreviation regardless of the hash algorithm - `git rev-parse` can be explicitly told to give output as absolute or relative path with the `--path-format=(absolute|relative)` option. - Bash completion update to make it easier for end-users to add completion for their custom `git` subcommands. - `git maintenance` learned to drive scheduled maintenance on platforms whose native scheduling methods are not 'cron'. - After expiring a reflog and making a single commit, the reflog for the branch would record a single entry that knows both `@{0}` and `@{1}`, but we failed to answer 'what commit were we on?', i.e. `@{1}` - `git bundle` learns `--stdin` option to read its refs from the standard input. Also, it now does not lose refs when they point at the same object. - `git log` learned a new `--diff-merges=` option. - `git ls-files` can and does show multiple entries when the index is unmerged, which is a source for confusion unless `-s/-u` option is in use. A new option `--deduplicate` has been introduced. - `git worktree list` now annotates worktrees as prunable, shows locked and prunable attributes in `--porcelain mode`, and gained a `--verbose` option. - `git clone` tries to locally check out the branch pointed at by HEAD of the remote repository after it is done, but the protocol did not convey the information necessary to do so when copying an empty repository. The protocol v2 learned how to do so. - There are other ways than `..` for a single token to denote a `commit range', namely `^!` and `^-`, but `git range-diff` did not understand them. - The `git range-diff` command learned `--(left|right)-only` option to show only one side of the compared range. - `git mergetool` feeds three versions (base, local and remote) of a conflicted path unmodified. The command learned to optionally prepare these files with unconflicted parts already resolved. - The `.mailmap` is documented to be read only from the root level of a working tree, but a stray file in a bare repository also was read by accident, which has been corrected. - `git maintenance` tool learned a new `pack-refs` maintenance task. - Improved error message given when a configuration variable that is expected to have a boolean value. - Signed commits and tags now allow verification of objects, whose two object names (one in SHA-1, the other in SHA-256) are both signed. - `git rev-list` command learned `--disk-usage` option. - `git diff`, `git log` `--{skip,rotate}-to=` allows the user to discard diff output for early paths or move them to the end of the output. - `git difftool` learned `--skip-to=` option to restart an interrupted session from an arbitrary path. - `git grep` has been tweaked to be limited to the sparse checkout paths. - `git rebase --[no-]fork-point` gained a configuration variable `rebase.forkPoint` so that users do not have to keep specifying a non-default setting. - `git stash` did not work well in a sparsely checked out working tree. - Newline characters in the host and path part of `git://` URL are now forbidden. - `Userdiff` updates for PHP, Rust, CSS - Avoid administrator error leading to data loss with `git push --force-with-lease[=]` by introducing `--force-if-includes` - only pull `asciidoctor` for the default ruby version - The `--committer-date-is-author-date` option of `rebase` and `am` subcommands lost the e-mail address by mistake in 2.29 - The transport protocol v2 has become the default again - `git worktree` gained a `repair` subcommand, `git init --separate-git-dir` no longer corrupts administrative data related to linked worktrees - `git maintenance` introduced for repository maintenance tasks - `fetch.writeCommitGraph` is deemed to be still a bit too risky and is no longer part of the `feature.experimental` set. - The commands in the `diff` family honors the `diff.relative` configuration variable. - `git diff-files` has been taught to say paths that are marked as `intent-to-add` are new files, not modified from an empty blob. - `git gui` now allows opening work trees from the start-up dialog. - `git bugreport` reports what shell is in use. - Some repositories have commits that record wrong committer timezone; `git fast-import` has an option to pass these timestamps intact to allow recreating existing repositories as-is. - `git describe` will always use the `long` version when giving its output based misplaced tags - `git pull` issues a warning message until the `pull.rebase` configuration variable is explicitly given ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3766-1 Released: Tue Nov 23 07:07:43 2021 Summary: Recommended update for git Type: recommended Severity: moderate References: 1192023 This update for git fixes the following issues: - Installation of the 'git-daemon' package needs nogroup group dependency (bsc#1192023) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:227-1 Released: Mon Jan 31 06:05:25 2022 Summary: Recommended update for git Type: recommended Severity: moderate References: 1193722 This update for git fixes the following issues: - update to 2.34.1 (bsc#1193722): * 'git grep' looking in a blob that has non-UTF8 payload was completely broken when linked with certain versions of PCREv2 library in the latest release. * 'git pull' with any strategy when the other side is behind us should succeed as it is a no-op, but doesn't. * An earlier change in 2.34.0 caused JGit application (that abused GIT_EDITOR mechanism when invoking 'git config') to get stuck with a SIGTTOU signal; it has been reverted. * An earlier change that broke .gitignore matching has been reverted. * SubmittingPatches document gained a syntactically incorrect mark-up, which has been corrected. - git 2.33.0: * 'git send-email' learned the '--sendmail-cmd' command line option and the 'sendemail.sendmailCmd' configuration variable, which is a more sensible approach than the current way of repurposing the 'smtp-server' that is meant to name the server to instead name the command to talk to the server. * The userdiff pattern for C# learned the token 'record'. * 'git rev-list' learns to omit the 'commit ' header lines from the output with the `--no-commit-header` option. * 'git worktree add --lock' learned to record why the worktree is locked with a custom message. * internal improvements including performance optimizations * a number of bug fixes - git 2.32.0: * '.gitattributes', '.gitignore', and '.mailmap' files that are symbolic links are ignored * 'git apply --3way' used to first attempt a straight application, and only fell back to the 3-way merge algorithm when the straight application failed. Starting with this version, the command will first try the 3-way merge algorithm and only when it fails (either resulting with conflict or the base versions of blobs are missing), falls back to the usual patch application. * 'git stash show' can now show the untracked part of the stash * Improved 'git repack' strategy * http code can now unlock a certificate with a cached password respectively. * 'git clone --reject-shallow' option fails the clone as soon as we notice that we are cloning from a shallow repository. * 'gitweb' learned 'e-mail privacy' feature * Multiple improvements to output and configuration options * Bug fixes and developer visible fixes ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1484-1 Released: Mon May 2 16:47:10 2022 Summary: Security update for git Type: security Severity: important References: 1181400,1198234,CVE-2022-24765 This update for git fixes the following issues: - Updated to version 2.35.3: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2550-1 Released: Tue Jul 26 14:00:21 2022 Summary: Security update for git Type: security Severity: important References: 1201431,CVE-2022-29187 This update for git fixes the following issues: - CVE-2022-29187: Incomplete fix for CVE-2022-24765: potential command injection via git worktree (bsc#1201431). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2566-1 Released: Wed Jul 27 15:04:49 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199235,CVE-2022-1587 This update for pcre2 fixes the following issues: - CVE-2022-1587: Fixed out-of-bounds read due to bug in recursions (bsc#1199235). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:3931-1 Released: Thu Nov 10 11:26:01 2022 Summary: Security update for git Type: security Severity: moderate References: 1204455,1204456,CVE-2022-39253,CVE-2022-39260 This update for git fixes the following issues: - CVE-2022-39260: Fixed overflow in split_cmdline() (bsc#1204456). - CVE-2022-39253: Fixed dereference issue with symbolic links via the `--local` clone mechanism (bsc#1204455). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:110-1 Released: Fri Jan 20 10:18:16 2023 Summary: Security update for git Type: security Severity: important References: 1207032,1207033,CVE-2022-23521,CVE-2022-41903 This update for git fixes the following issues: - CVE-2022-41903: Fixed a heap overflow in the 'git archive' and 'git log --format' commands (bsc#1207033). - CVE-2022-23521: Fixed an integer overflow that could be triggered when parsing a gitattributes file (bsc#1207032). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:348-1 Released: Fri Feb 10 15:08:41 2023 Summary: Security update for less Type: security Severity: moderate References: 1207815,CVE-2022-46663 This update for less fixes the following issues: - CVE-2022-46663: Fixed denial-of-service by printing specially crafted escape sequences to the terminal (bsc#1207815). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:430-1 Released: Wed Feb 15 17:42:25 2023 Summary: Security update for git Type: security Severity: important References: 1208027,1208028,CVE-2023-22490,CVE-2023-23946 This update for git fixes the following issues: - CVE-2023-22490: Fixed incorrectly usable local clone optimization even when using a non-local transport (bsc#1208027). - CVE-2023-23946: Fixed issue where a path outside the working tree can be overwritten as the user who is running 'git apply' (bsc#1208028). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2038-1 Released: Wed Apr 26 11:06:20 2023 Summary: Security update for git Type: security Severity: moderate References: 1210686,CVE-2023-25652,CVE-2023-25815,CVE-2023-29007 This update for git fixes the following issues: - CVE-2023-25652: Fixed partial overwrite of paths outside the working tree (bsc#1210686). - CVE-2023-25815: Fixed malicious placemtn of crafted message (bsc#1210686). - CVE-2023-29007: Fixed arbitrary configuration injection (bsc#1210686). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3327-1 Released: Wed Aug 16 08:45:25 2023 Summary: Security update for pcre2 Type: security Severity: moderate References: 1213514,CVE-2022-41409 This update for pcre2 fixes the following issues: - CVE-2022-41409: Fixed integer overflow vulnerability in pcre2test that allows attackers to cause a denial of service via negative input (bsc#1213514). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:3994-1 Released: Fri Oct 6 13:44:15 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1215533 This update for git fixes the following issues: - Downgrade openssh dependency to recommends (bsc#1215533) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:4716-1 Released: Mon Dec 11 18:38:23 2023 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216501 This update for git fixes the following issues: - Add rule for /etc/gitconfig in gitweb.cgi apparmor profile (bsc#1216501). - gitweb.cgi AppArmor profile - make the profile a named profile - add local/include to make custom additions easier ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:11-1 Released: Tue Jan 2 13:24:52 2024 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1029961,1158830,1206798,1209122 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-? as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:960-1 Released: Thu Mar 21 09:35:14 2024 Summary: Recommended update for git Type: recommended Severity: moderate References: 1216545 This update for git fixes the following issues: - Do not replace apparmor configuration (bsc#1216545) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:997-1 Released: Tue Mar 26 11:03:37 2024 Summary: Security update for krb5 Type: security Severity: important References: 1220770,1220771,1220772,CVE-2024-26458,CVE-2024-26461,CVE-2024-26462 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). - CVE-2024-26462: Fixed memory leak at /krb5/src/kdc/ndr.c (bsc#1220772). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1151-1 Released: Mon Apr 8 11:36:23 2024 Summary: Security update for curl Type: security Severity: moderate References: 1221665,1221667,CVE-2024-2004,CVE-2024-2398 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1167-1 Released: Mon Apr 8 15:11:11 2024 Summary: Security update for nghttp2 Type: security Severity: important References: 1221399,CVE-2024-28182 This update for nghttp2 fixes the following issues: - CVE-2024-28182: Fixed denial of service via http/2 continuation frames (bsc#1221399) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1192-1 Released: Wed Apr 10 09:14:37 2024 Summary: Security update for less Type: security Severity: important References: 1219901,CVE-2022-48624 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1598-1 Released: Fri May 10 11:50:36 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1802-1 Released: Tue May 28 16:20:18 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: EA Inode handling fixes: - ext2fs: avoid re-reading inode multiple times (bsc#1223596) - e2fsck: fix potential out-of-bounds read in inc_ea_inode_refs() (bsc#1223596) - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1807-1 Released: Tue May 28 22:11:31 2024 Summary: Security update for git Type: security Severity: important References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465 This update for git fixes the following issues: - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168). - CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170). - CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171). - CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172). - CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2302-1 Released: Thu Jul 4 16:21:10 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - libssh-config-0.9.8-150400.3.6.1 added - libldap-data-2.4.46-150200.14.17.1 added - libgpg-error0-1.42-150400.1.101 added - libsasl2-3-2.1.28-150500.1.1 added - libgcrypt20-1.9.4-150500.10.19 added - libgcrypt20-hmac-1.9.4-150500.10.19 added - libnghttp2-14-1.40.0-150200.17.1 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libzstd1-1.5.0-150400.3.3.1 added - libcom_err2-1.46.4-150400.3.6.2 added - libunistring2-0.9.10-1.1 added - libkeyutils1-1.6.3-5.6.1 added - libidn2-0-2.2.0-3.6.1 added - libpsl5-0.20.1-150000.3.3.1 added - libverto1-0.2.6-3.20 added - krb5-1.20.1-150500.3.9.1 added - libldap-2_4-2-2.4.46-150200.14.17.1 added - libssh4-0.9.8-150400.3.6.1 added - libcurl4-8.0.1-150400.5.44.1 added - curl-8.0.1-150400.5.44.1 added - liblz4-1-1.9.3-150400.1.7 added - libsystemd0-249.17-150400.8.40.1 added - libprocps8-3.3.17-150000.7.39.1 added - procps-3.3.17-150000.7.39.1 added - libpcre2-8-0-10.39-150400.4.9.1 added - libsha1detectcoll1-1.0.3-2.18 added - which-2.21-2.20 added - gawk-4.2.1-150000.3.3.1 added - less-590-150400.3.9.1 added - git-core-2.35.3-150300.10.39.1 added From sle-container-updates at lists.suse.com Thu Jul 18 07:06:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Jul 2024 09:06:41 +0200 (CEST) Subject: SUSE-CU-2024:3203-1: Security update of suse/manager/5.0/x86_64/proxy-httpd Message-ID: <20240718070641.EB7ABF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3203-1 Container Tags : suse/manager/5.0/x86_64/proxy-httpd:5.0.0 , suse/manager/5.0/x86_64/proxy-httpd:5.0.0.5.24 , suse/manager/5.0/x86_64/proxy-httpd:latest Container Release : 5.24 Severity : critical Type : security References : 1209627 1221401 1222330 1222332 1224282 1225551 1226217 1226415 CVE-2023-38709 CVE-2024-24795 CVE-2024-27316 CVE-2024-34459 CVE-2024-4741 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1963-1 Released: Mon Jun 10 13:09:41 2024 Summary: Security update for apache2 Type: security Severity: important References: 1221401,1222330,1222332,CVE-2023-38709,CVE-2024-24795,CVE-2024-27316 This update for apache2 fixes the following issues: - CVE-2023-38709: Fixed HTTP response splitting (bsc#1222330). - CVE-2024-24795: Fixed HTTP response splitting in multiple modules (bsc#1222332). - CVE-2024-27316: Fixed HTTP/2 CONTINUATION frames can be utilized for DoS attacks (bsc#1221401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2059-1 Released: Tue Jun 18 13:11:29 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2229-1 Released: Wed Jun 26 08:20:55 2024 Summary: Recommended update for apache2 Type: recommended Severity: important References: 1226217 This update for apache2 fixes the following issues: - Apache ignores headers sent by CGI scripts (bsc#1226217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2239-1 Released: Wed Jun 26 13:09:10 2024 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1226415 This update for systemd contains the following fixes: - testsuite: move a misplaced %endif - Do not remove existing configuration files in /etc. If these files were modified on the systemd, that may cause unwanted side effects (bsc#1226415). - Import upstream commit (merge of v254.13) Use the pty slave fd opened from the namespace when transient service is running in a container. This revert the backport of the broken commit until a fix is released in the v254-stable tree. - Import upstream commit (merge of v254.11) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e8d77af4240894da620de74fbc7823aaaa448fef...85db84ee440eac202c4b5507e96e1704269179bc ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 updated - release-notes-susemanager-proxy-5.0.0-150600.16.1 updated - libopenssl1_1-1.1.1w-150600.5.3.1 updated - apache2-prefork-2.4.58-150600.5.6.1 updated - systemd-254.13-150600.4.5.1 updated - python3-uyuni-common-libs-5.0.4-150600.1.42.1 updated - apache2-2.4.58-150600.5.6.1 updated - python3-libxml2-2.10.3-150500.5.17.1 updated - python3-rhnlib-5.0.3-150600.3.45.1 updated - spacewalk-backend-5.0.8-150600.3.44.7 updated - python3-spacewalk-client-tools-5.0.6-150600.3.90.8 updated - spacewalk-client-tools-5.0.6-150600.3.90.8 updated - spacewalk-proxy-package-manager-5.0.3-150600.1.1 updated - spacewalk-proxy-common-5.0.3-150600.1.1 updated - spacewalk-proxy-broker-5.0.3-150600.1.1 updated - spacewalk-proxy-redirect-5.0.3-150600.1.1 updated - libduktape206-2.6.0-150500.4.5.1 removed - libproxy1-0.5.3-150600.2.2 removed - libpxbackend-1_0-0.5.3-150600.2.1 removed - libsolv-tools-0.7.28-150400.3.16.2 removed From sle-container-updates at lists.suse.com Thu Jul 18 07:06:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Jul 2024 09:06:46 +0200 (CEST) Subject: SUSE-CU-2024:3206-1: Security update of suse/manager/5.0/x86_64/proxy-ssh Message-ID: <20240718070646.7D87AFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3206-1 Container Tags : suse/manager/5.0/x86_64/proxy-ssh:5.0.0 , suse/manager/5.0/x86_64/proxy-ssh:5.0.0.5.8 , suse/manager/5.0/x86_64/proxy-ssh:latest Container Release : 5.8 Severity : important Type : security References : 1209627 1218215 1224392 1225551 1225904 1226642 1227318 1227350 CVE-2023-51385 CVE-2024-39894 CVE-2024-4741 CVE-2024-6387 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2059-1 Released: Tue Jun 18 13:11:29 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2275-1 Released: Tue Jul 2 16:33:30 2024 Summary: Security update for openssh Type: security Severity: important References: 1226642,CVE-2024-6387 This update for openssh fixes the following issues: - CVE-2024-6387: Fixed race condition in a signal handler (bsc#1226642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2393-1 Released: Wed Jul 10 17:33:47 2024 Summary: Security update for openssh Type: security Severity: moderate References: 1218215,1224392,1225904,1227318,1227350,CVE-2023-51385,CVE-2024-39894 This update for openssh fixes the following issues: Security fixes: - CVE-2024-39894: Fixed timing attacks against echo-off password entry (bsc#1227318). Other fixes: - Add obsoletes for openssh-server-config-rootlogin (bsc#1227350). - Add #include in some files added by the ldap patch to fix build with gcc14 (bsc#1225904). - Remove the recommendation for openssh-server-config-rootlogin from openssh-server (bsc#1224392). The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 updated - openssh-common-9.6p1-150600.6.6.1 updated - libopenssl1_1-1.1.1w-150600.5.3.1 updated - openssh-fips-9.6p1-150600.6.6.1 updated - openssh-server-9.6p1-150600.6.6.1 updated - openssh-clients-9.6p1-150600.6.6.1 updated - openssh-9.6p1-150600.6.6.1 updated From sle-container-updates at lists.suse.com Thu Jul 18 07:06:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Jul 2024 09:06:48 +0200 (CEST) Subject: SUSE-CU-2024:3207-1: Security update of suse/manager/5.0/x86_64/proxy-tftpd Message-ID: <20240718070648.18B1BFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3207-1 Container Tags : suse/manager/5.0/x86_64/proxy-tftpd:5.0.0 , suse/manager/5.0/x86_64/proxy-tftpd:5.0.0.5.8 , suse/manager/5.0/x86_64/proxy-tftpd:latest Container Release : 5.8 Severity : important Type : security References : 1209627 1224788 1225551 1225912 CVE-2024-35195 CVE-2024-4741 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1880-1 Released: Fri May 31 08:45:12 2024 Summary: Security update for python-requests Type: security Severity: moderate References: 1224788,CVE-2024-35195 This update for python-requests fixes the following issues: - CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2059-1 Released: Tue Jun 18 13:11:29 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2085-1 Released: Wed Jun 19 11:36:00 2024 Summary: recommended update for python-requests Type: recommended Severity: moderate References: 1225912 This update for python-requests fixes the following issue: - Allow the usage of 'verify' parameter as a directory. (bsc#1225912) The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 updated - libopenssl1_1-1.1.1w-150600.5.3.1 updated - python3-fbtftp-0.5-150600.1.2 updated - python3-requests-2.25.1-150300.3.12.2 updated From sle-container-updates at lists.suse.com Thu Jul 18 07:06:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Jul 2024 09:06:49 +0200 (CEST) Subject: SUSE-CU-2024:3208-1: Security update of suse/manager/5.0/x86_64/server-attestation Message-ID: <20240718070649.940F4FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-attestation ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3208-1 Container Tags : suse/manager/5.0/x86_64/server-attestation:5.0.0 , suse/manager/5.0/x86_64/server-attestation:5.0.0.4.5 , suse/manager/5.0/x86_64/server-attestation:latest Container Release : 4.5 Severity : important Type : security References : 1188441 1209627 1221482 1223428 1224044 1224388 1225291 1225551 CVE-2024-34397 CVE-2024-4603 CVE-2024-4741 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-attestation was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1764-1 Released: Thu May 23 04:56:40 2024 Summary: Recommended update for jackson Type: recommended Severity: moderate References: This update for jackson fixes the following issues: jackson-annotations was upgraded to version 2.16.1: - Added new OptBoolean valued property in @JsonTypeInfo to allow per-type configuration of strict type id handling - Allow per-type configuration of strict type id handling - Added JsonTypeInfo.Value object (backport from 3.0) - Added new JsonTypeInfo.Id.SIMPLE_NAME jackson-bom was upgraded to version 2.16.1: - Added dependency for jackson-module-android-record. This new module offers support for Record type on Android platform, where Java records are supported through 'de-sugaring' jackson-core was upgraded to version 2.16.1: - NPE in Version.equals() if snapshot-info null - NPE in 'FastDoubleParser', method 'JavaBigDecimalParser.parseBigDecimal()' - JsonPointer.append(JsonPointer.tail()) includes the original pointer - Change StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION default to false in Jackson 2.16 - Improve error message for StreamReadConstraints violations - JsonFactory implementations should respect CANONICALIZE_FIELD_NAMES - Root cause for failing test for testMangledIntsBytes() in ParserErrorHandlingTest - Allow all array elements in JsonPointerBasedFilter - Indicate explicitly blocked sources as 'REDACTED' instead of 'UNKNOWN' in JsonLocation - Start using AssertJ in unit tests - Allow configuring spaces before and/or after the colon in DefaultPrettyPrinter (for Canonical JSON) - Add configurable limit for the maximum number of bytes/chars of content to parse before failing - Add configurable limit for the maximum length of Object property names to parse before failing - Add configurable processing limits for JSON generator (StreamWriteConstraints) - Compare _snapshotInfo in Version - Add JsonGeneratorDecorator to allow decorating JsonGenerators - Add full set of BufferRecyclerPool implementations - Add configurable error report behavior via ErrorReportConfiguration - Make ByteSourceJsonBootstrapper use StringReader for < 8KiB byte[] inputs - Allow pluggable buffer recycling via new RecyclerPool extension point - Change parsing error message to mention -INF jackson-databind was upgraded to version 2.16.1: - JsonSetter(contentNulls = FAIL) is ignored in delegating @JsonCreator argument - Primitive array deserializer not being captured by DeserializerModifier - JsonNode.findValues() and findParents() missing expected values in 2.16.0 - Incorrect deserialization for BigDecimal numbers - Add a way to configure caches Jackson uses - Mix-ins do not work for Enums - Map deserialization results in different numeric classes based on json ordering (BigDecimal / Double) when used in combination with @JsonSubTypes - Generic class with generic field of runtime type Double is deserialized as BigDecimal when used with @JsonTypeInfo and JsonTypeInfo.As.EXISTING_PROPERTY - Combination of @JsonUnwrapped and @JsonAnySetter results in BigDecimal instead of Double - @JsonIgnoreProperties not working with @JsonValue - Deprecated JsonNode.with(String) suggests using JsonNode.withObject(String) but it is not the same thing - Difference in the handling of ObjectId-property inJsonIdentityInfo depending on the deserialization route - Add new OptBoolean valued property in @JsonTypeInfo, handling, to allow per-polymorphic type loose Type Id handling - Fixed regression in 2.15.0 that reaks deserialization for records when mapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE) - Incorrect target type when disabling coercion, trying to deserialize String from Array/Object - @JsonProperty on constructor parameter changes default field serialization order - Create new JavaType subtype IterationType (extending SimpleType) - Use JsonTypeInfo.Value for annotation handling - Add JsonNodeFeature.WRITE_PROPERTIES_SORTED for sorting ObjectNode properties on serialization (for Canonical JSON) - Optimize ObjectNode findValue(s) and findParent(s) fast paths - Locale '' is deserialised as null if ACCEPT_EMPTY_STRING_AS_NULL_OBJECT is enabled - Add guardrail setting for TypeParser handling of type parameters - Use @JsonProperty for Enum values also when READ_ENUMS USING_TO_STRING enabled - Fix Enum deserialization to use @JsonProperty, @JsonAlias even if EnumNamingStrategy used - Use @JsonProperty and lowercase feature when serializing Enums despite using toString() - Use @JsonProperty over EnumNamingStrategy for Enum serialization - Actually cache EnumValues#internalMap - ObjectMapper.valueToTree() will ignore the configuration SerializationFeature.WRAP_ROOT_VALUE - Provide the 'ObjectMapper.treeToValue(TreeNode, TypeReference)' method - Expose NativeImageUtil.isRunningInNativeImage() method - Add JsonTypeInfo.Id.SIMPLE_NAME which defaults type id to Class.getSimpleName() - Impossible to deserialize custom Throwable sub-classes that do not have single-String constructors - java.desktop module is no longer optional - ClassUtil fails with java.lang.reflect.InaccessibleObjectException trying to setAccessible on OptionalInt with JDK 17+ - Support sequenced collections (JDK 21) - Add withObjectProperty(String), withArrayProperty(String) in JsonNode - Change JsonNode.withObject(String) to work similar to withArray() wrt argument - Log WARN if deprecated subclasses of PropertyNamingStrategy is used - NPE when transforming a tree to a model class object, at ArrayNode.elements() - Deprecated ObjectReader.withType(Type) has no direct replacement; need forType(Type) - Add new DefaultTyping.NON_FINAL_AND_ENUMS to allow Default Typing for Enums - Do not rewind position when serializing direct ByteBuffer - Exception when deserialization of private record with default constructor - BeanDeserializer updates currentValue incorrectly when deserialising empty Object jackson-dataformats-binary was upgraded to version 2.16.1: - (ion) NullPointerException in IonParser.nextToken() - (smile) Remove Smile-specific buffer-recycling jackson-modules-base was upgraded to version 2.16.1: - (afterburner) Disable when running in native-image - (afterburner) IncompatibleClassChangeError when deserializing a class implementing an interface with default get/set implementations - (blackbird) BlackBird proxy object error in Java 17 - (blackbird) Disable when running in native-image - (guice) Add guice7 (jakarta.inject) module jackson-parent was upgraded to version 2.16: - Upgrade to oss-parent 56 (tons of plugin updates to resolve Maven warnings, new Moditect plugin) jackson-parent, fasterxml-oss-parent: - Added to SUSE Manager 4.3 as it is needed by `jackson-modules-base` ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2066-1 Released: Tue Jun 18 13:16:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1223428,1224388,1225291,1225551,CVE-2024-4603,CVE-2024-4741 This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388) - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Other issues fixed: - Enable livepatching support (bsc#1223428) - Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, + gh#openssl/openssl#23456) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. The following package changes have been done: - glibc-2.38-150600.14.5.1 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.7.1 updated - libjitterentropy3-3.4.1-150000.1.12.1 updated - libglib-2_0-0-2.78.6-150600.4.3.1 updated - libopenssl3-3.1.4-150600.5.7.1 updated - openssl-3-3.1.4-150600.5.7.1 updated - jackson-core-2.16.1-150200.3.14.7 updated - jackson-annotations-2.16.1-150200.3.14.4 updated - jackson-databind-2.16.1-150200.3.18.1 updated From sle-container-updates at lists.suse.com Thu Jul 18 07:06:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Jul 2024 09:06:51 +0200 (CEST) Subject: SUSE-CU-2024:3209-1: Security update of suse/manager/5.0/x86_64/server-hub-xmlrpc-api Message-ID: <20240718070651.6FB4FFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-hub-xmlrpc-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3209-1 Container Tags : suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.0 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:5.0.0.4.9 , suse/manager/5.0/x86_64/server-hub-xmlrpc-api:latest Container Release : 4.9 Severity : critical Type : security References : 1205604 1218609 1218668 1218926 1219108 1220117 1221831 1223605 1224100 1225598 1226415 CVE-2024-28085 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-hub-xmlrpc-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1852-1 Released: Thu May 30 14:02:02 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1205604,1218926,1219108,1224100 This update for wicked fixes the following issues: - client: fix ifreload to pull UP ports/links again when the config of their master/lower changed (bsc#1224100, gh#openSUSE/wicked#1014) - cleanup: fix ni_fsm_state_t enum-int-mismatch warnings - cleanup: fix overflow warnings in a socket testcase on i586 - ifcheck: report new and deleted configs as changed (bsc#1218926) - man: improve ARP configuration options in the wicked-config.5 - bond: add ports when master is UP to avoid port MTU revert (bsc#1219108) - cleanup: fix interface dependencies and shutdown order (bsc#1205604) - removed patches included in the source archive ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1943-1 Released: Fri Jun 7 17:04:06 2024 Summary: Security update for util-linux Type: security Severity: important References: 1218609,1220117,1221831,1223605,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2214-1 Released: Tue Jun 25 17:11:26 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1225598 This update for util-linux fixes the following issue: - Fix hang of lscpu -e (bsc#1225598) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2239-1 Released: Wed Jun 26 13:09:10 2024 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1226415 This update for systemd contains the following fixes: - testsuite: move a misplaced %endif - Do not remove existing configuration files in /etc. If these files were modified on the systemd, that may cause unwanted side effects (bsc#1226415). - Import upstream commit (merge of v254.13) Use the pty slave fd opened from the namespace when transient service is running in a container. This revert the backport of the broken commit until a fix is released in the v254-stable tree. - Import upstream commit (merge of v254.11) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e8d77af4240894da620de74fbc7823aaaa448fef...85db84ee440eac202c4b5507e96e1704269179bc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2241-1 Released: Wed Jun 26 15:37:28 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1218668 This update for wicked fixes the following issues: - Fix VLANs/bonds randomly not coming up after reboot or wicked restart. [bsc#1218668] The following package changes have been done: - systemd-254.13-150600.4.5.1 updated - util-linux-systemd-2.39.3-150600.4.6.2 updated - wicked-0.6.75-150600.11.6.1 updated - wicked-service-0.6.75-150600.11.6.1 updated - hub-xmlrpc-api-0.7-150600.1.13 updated From sle-container-updates at lists.suse.com Thu Jul 18 07:06:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Jul 2024 09:06:56 +0200 (CEST) Subject: SUSE-CU-2024:3213-1: Security update of suse/manager/5.0/x86_64/server-migration-14-16 Message-ID: <20240718070656.25AC4FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server-migration-14-16 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3213-1 Container Tags : suse/manager/5.0/x86_64/server-migration-14-16:5.0.0 , suse/manager/5.0/x86_64/server-migration-14-16:5.0.0.5.27 , suse/manager/5.0/x86_64/server-migration-14-16:latest Container Release : 5.27 Severity : important Type : security References : 1209627 1221482 1221632 1224038 1224038 1224051 1224051 1225551 CVE-2024-4317 CVE-2024-4317 CVE-2024-4741 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server-migration-14-16 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1665-1 Released: Thu May 16 08:00:09 2024 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1221632 This update for coreutils fixes the following issues: - ls: avoid triggering automounts (bsc#1221632) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2059-1 Released: Tue Jun 18 13:11:29 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2262-1 Released: Tue Jul 2 10:04:07 2024 Summary: Security update for postgresql14 Type: security Severity: moderate References: 1224038,1224051,CVE-2024-4317 This update for postgresql14 fixes the following issues: - Upgrade to 14.12 (bsc#1224051): - CVE-2024-4317: Restrict visibility of pg_stats_ext and pg_stats_ext_exprs entries to the table owner. See release notes for the steps that have to be taken to fix existing PostgreSQL instances. (bsc#1224038) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2266-1 Released: Tue Jul 2 10:14:58 2024 Summary: Security update for postgresql16 Type: security Severity: moderate References: 1224038,1224051,CVE-2024-4317 This update for postgresql16 fixes the following issues: PostgreSQL upgrade to version 16.3 (bsc#1224051): - CVE-2024-4317: Fixed visibility restriction of pg_stats_ext and pg_stats_ext_exprs entries to the table owner (bsc#1224038). Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 17. - Make sure all compilation and doc generation happens in %build. - Require LLVM <= 17 for now, because LLVM 18 doesn't seem to work. - Remove constraints file because improved memory usage for s390x - Use %patch -P N instead of deprecated %patchN. Release notes: - https://www.postgresql.org/docs/release/16.3/ The following package changes have been done: - perl-base-5.26.1-150300.17.17.1 updated - coreutils-8.32-150400.9.6.1 updated - libjitterentropy3-3.4.1-150000.1.12.1 updated - glibc-locale-base-2.38-150600.14.5.1 updated - libpq5-16.2-150600.16.2.1 updated - glibc-locale-2.38-150600.14.5.1 updated - libopenssl1_1-1.1.1w-150600.5.3.1 updated - postgresql14-14.12-150600.16.3.1 updated - postgresql16-16.2-150600.16.2.1 updated - postgresql14-server-14.12-150600.16.3.1 updated - postgresql16-server-16.2-150600.16.2.1 updated - postgresql16-contrib-16.2-150600.16.2.1 updated - postgresql14-contrib-14.12-150600.16.3.1 updated - container:suse-manager-5.0-init-5.0.0-5.0.0-5.19 added - container:suse-manager-5.0-init-5.0.0-rc-5.0.0-rc-4.58 removed From sle-container-updates at lists.suse.com Thu Jul 18 07:06:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Jul 2024 09:06:37 +0200 (CEST) Subject: SUSE-CU-2024:3202-1: Security update of bci/openjdk Message-ID: <20240718070637.C6387F788@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3202-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-16.1 , bci/openjdk:latest Container Release : 16.1 Severity : critical Type : security References : 1029961 1029961 1092100 1113013 1121753 1154884 1154887 1158830 1158830 1158830 1175825 1180138 1180603 1181475 1181976 1185417 1187654 1195468 1197771 1206412 1206798 1209122 1209122 1214025 1214290 1222849 1223596 1224168 1224170 1224171 1224172 1224173 1226415 1227186 1227187 CVE-2018-1122 CVE-2018-1123 CVE-2018-1124 CVE-2018-1125 CVE-2018-1126 CVE-2019-12290 CVE-2019-18224 CVE-2020-8927 CVE-2023-4016 CVE-2023-4156 CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 CVE-2024-32487 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2730-1 Released: Mon Oct 21 16:04:57 2019 Summary: Security update for procps Type: security Severity: important References: 1092100,1121753,CVE-2018-1122,CVE-2018-1123,CVE-2018-1124,CVE-2018-1125,CVE-2018-1126 This update for procps fixes the following issues: procps was updated to 3.3.15. (bsc#1092100) Following security issues were fixed: - CVE-2018-1122: Prevent local privilege escalation in top. If a user ran top with HOME unset in an attacker-controlled directory, the attacker could have achieved privilege escalation by exploiting one of several vulnerabilities in the config_file() function (bsc#1092100). - CVE-2018-1123: Prevent denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maped a guard page at the end of the overflowed buffer, ensuring that the impact of this flaw is limited to a crash (temporary denial of service) (bsc#1092100). - CVE-2018-1124: Prevent multiple integer overflows leading to a heap corruption in file2strvec function. This allowed a privilege escalation for a local attacker who can create entries in procfs by starting processes, which could result in crashes or arbitrary code execution in proc utilities run by other users (bsc#1092100). - CVE-2018-1125: Prevent stack buffer overflow in pgrep. This vulnerability was mitigated by FORTIFY limiting the impact to a crash (bsc#1092100). - CVE-2018-1126: Ensure correct integer size in proc/alloc.* to prevent truncation/integer overflow issues (bsc#1092100). Also this non-security issue was fixed: - Fix CPU summary showing old data. (bsc#1121753) The update to 3.3.15 contains the following fixes: * library: Increment to 8:0:1 No removals, no new functions Changes: slab and pid structures * library: Just check for SIGLOST and don't delete it * library: Fix integer overflow and LPE in file2strvec CVE-2018-1124 * library: Use size_t for alloc functions CVE-2018-1126 * library: Increase comm size to 64 * pgrep: Fix stack-based buffer overflow CVE-2018-1125 * pgrep: Remove >15 warning as comm can be longer * ps: Fix buffer overflow in output buffer, causing DOS CVE-2018-1123 * ps: Increase command name selection field to 64 * top: Don't use cwd for location of config CVE-2018-1122 * update translations * library: build on non-glibc systems * free: fix scaling on 32-bit systems * Revert 'Support running with child namespaces' * library: Increment to 7:0:1 No changes, no removals New fuctions: numa_init, numa_max_node, numa_node_of_cpu, numa_uninit, xalloc_err_handler * doc: Document I idle state in ps.1 and top.1 * free: fix some of the SI multiples * kill: -l space between name parses correctly * library: dont use vm_min_free on non Linux * library: don't strip off wchan prefixes (ps & top) * pgrep: warn about 15+ char name only if -f not used * pgrep/pkill: only match in same namespace by default * pidof: specify separator between pids * pkill: Return 0 only if we can kill process * pmap: fix duplicate output line under '-x' option * ps: avoid eip/esp address truncations * ps: recognizes SCHED_DEADLINE as valid CPU scheduler * ps: display NUMA node under which a thread ran * ps: Add seconds display for cputime and time * ps: Add LUID field * sysctl: Permit empty string for value * sysctl: Don't segv when file not available * sysctl: Read and write large buffers * top: add config file support for XDG specification * top: eliminated minor libnuma memory leak * top: show fewer memory decimal places (configurable) * top: provide command line switch for memory scaling * top: provide command line switch for CPU States * top: provides more accurate cpu usage at startup * top: display NUMA node under which a thread ran * top: fix argument parsing quirk resulting in SEGV * top: delay interval accepts non-locale radix point * top: address a wishlist man page NLS suggestion * top: fix potential distortion in 'Mem' graph display * top: provide proper multi-byte string handling * top: startup defaults are fully customizable * watch: define HOST_NAME_MAX where not defined * vmstat: Fix alignment for disk partition format * watch: Support ANSI 39,49 reset sequences ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:3086-1 Released: Thu Nov 28 10:02:24 2019 Summary: Security update for libidn2 Type: security Severity: moderate References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224 This update for libidn2 to version 2.2.0 fixes the following issues: - CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884). - CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:225-1 Released: Fri Jan 24 06:49:07 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fix for 'ps -C' allowing to accept any arguments longer than 15 characters anymore. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:2958-1 Released: Tue Oct 20 12:24:55 2020 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1158830 This update for procps fixes the following issues: - Fixes an issue when command 'ps -C' does not allow anymore an argument longer than 15 characters. (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3942-1 Released: Mon Dec 6 14:46:05 2021 Summary: Security update for brotli Type: security Severity: moderate References: 1175825,CVE-2020-8927 This update for brotli fixes the following issues: - CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1658-1 Released: Fri May 13 15:40:20 2022 Summary: Recommended update for libpsl Type: recommended Severity: important References: 1197771 This update for libpsl fixes the following issues: - Fix libpsl compilation issues (bsc#1197771) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2944-1 Released: Wed Aug 31 05:39:14 2022 Summary: Recommended update for procps Type: recommended Severity: important References: 1181475 This update for procps fixes the following issues: - Fix 'free' command reporting misleading 'used' value (bsc#1181475) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:181-1 Released: Thu Jan 26 21:55:43 2023 Summary: Recommended update for procps Type: recommended Severity: low References: 1206412 This update for procps fixes the following issues: - Improve memory handling/usage (bsc#1206412) - Make sure that correct library version is installed (bsc#1206412) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2023:2104-1 Released: Thu May 4 21:05:30 2023 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1209122 This update for procps fixes the following issue: - Allow - as leading character to ignore possible errors on systctl entries (bsc#1209122) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3472-1 Released: Tue Aug 29 10:55:16 2023 Summary: Security update for procps Type: security Severity: low References: 1214290,CVE-2023-4016 This update for procps fixes the following issues: - CVE-2023-4016: Fixed ps buffer overflow (bsc#1214290). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:11-1 Released: Tue Jan 2 13:24:52 2024 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1029961,1158830,1206798,1209122 This update for procps fixes the following issues: - Update procps to 3.3.17 (jsc#PED-3244 jsc#PED-6369) - For support up to 2048 CPU as well (bsc#1185417) - Allow `-? as leading character to ignore possible errors on systctl entries (bsc#1209122) - Get the first CPU summary correct (bsc#1121753) - Enable pidof for SLE-15 as this is provided by sysvinit-tools - Use a check on syscall __NR_pidfd_open to decide if the pwait tool and its manual page will be build - Do not truncate output of w with option -n - Prefer logind over utmp (jsc#PED-3144) - Don't install translated man pages for non-installed binaries (uptime, kill). - Fix directory for Ukrainian man pages translations. - Move localized man pages to lang package. - Update to procps-ng-3.3.17 * library: Incremented to 8:3:0 (no removals or additions, internal changes only) * all: properly handle utf8 cmdline translations * kill: Pass int to signalled process * pgrep: Pass int to signalled process * pgrep: Check sanity of SG_ARG_MAX * pgrep: Add older than selection * pidof: Quiet mode * pidof: show worker threads * ps.1: Mention stime alias * ps: check also match on truncated 16 char comm names * ps: Add exe output option * ps: A lot more sorting available * pwait: New command waits for a process * sysctl: Match systemd directory order * sysctl: Document directory order * top: ensure config file backward compatibility * top: add command line 'e' for symmetry with 'E' * top: add '4' toggle for two abreast cpu display * top: add '!' toggle for combining multiple cpus * top: fix potential SEGV involving -p switch * vmstat: Wide mode gives wider proc columns * watch: Add environment variable for interval * watch: Add no linewrap option * watch: Support more colors * free,uptime,slabtop: complain about extra ops - Package translations in procps-lang. - Fix pgrep: cannot allocate 4611686018427387903 bytes when ulimit -s is unlimited. - Enable pidof by default - Update to procps-ng-3.3.16 * library: Increment to 8:2:0 No removals or functions Internal changes only, so revision is incremented. Previous version should have been 8:1:0 not 8:0:1 * docs: Use correct symbols for -h option in free.1 * docs: ps.1 now warns about command name length * docs: install translated man pages * pgrep: Match on runstate * snice: Fix matching on pid * top: can now exploit 256-color terminals * top: preserves 'other filters' in configuration file * top: can now collapse/expand forest view children * top: parent %CPU time includes collapsed children * top: improve xterm support for vim navigation keys * top: avoid segmentation fault at program termination * 'ps -C' does not allow anymore an argument longer than 15 characters (bsc#1158830) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1997-1 Released: Tue Jun 11 17:24:32 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: - EA Inode handling fixes: - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2060-1 Released: Tue Jun 18 13:11:47 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed OS command injection via a newline character in the file name. (bsc#1222849) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2239-1 Released: Wed Jun 26 13:09:10 2024 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1226415 This update for systemd contains the following fixes: - testsuite: move a misplaced %endif - Do not remove existing configuration files in /etc. If these files were modified on the systemd, that may cause unwanted side effects (bsc#1226415). - Import upstream commit (merge of v254.13) Use the pty slave fd opened from the namespace when transient service is running in a container. This revert the backport of the broken commit until a fix is released in the v254-stable tree. - Import upstream commit (merge of v254.11) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e8d77af4240894da620de74fbc7823aaaa448fef...85db84ee440eac202c4b5507e96e1704269179bc ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2277-1 Released: Tue Jul 2 17:03:49 2024 Summary: Security update for git Type: security Severity: important References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465 This update for git fixes the following issues: - CVE-2024-32002: Fix recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion. (bsc#1224168) - CVE-2024-32004: Fixed arbitrary code execution during local clones. (bsc#1224170) - CVE-2024-32020: Fix file overwriting vulnerability during local clones. (bsc#1224171) - CVE-2024-32021: Git may create hardlinks to arbitrary user-readable files. (bsc#1224172) - CVE-2024-32465: Fixed arbitrary code execution during clone operations. (bsc#1224173) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - libldap-data-2.4.46-150600.23.21 added - libssh-config-0.9.8-150600.9.1 added - libcom_err2-1.47.0-150600.4.3.2 added - libzstd1-1.5.5-150600.1.3 added - libsasl2-3-2.1.28-150600.5.3 added - libnghttp2-14-1.40.0-150600.23.2 added - liblz4-1-1.9.4-150600.1.4 added - libgpg-error0-1.47-150600.1.3 added - libgcrypt20-1.10.3-150600.1.23 added - libbrotlicommon1-1.0.7-3.3.1 added - libbrotlidec1-1.0.7-3.3.1 added - libunistring2-0.9.10-1.1 added - libkeyutils1-1.6.3-5.6.1 added - libidn2-0-2.2.0-3.6.1 added - libpsl5-0.20.1-150000.3.3.1 added - libverto1-0.2.6-3.20 added - libsystemd0-254.13-150600.4.5.1 added - krb5-1.20.1-150600.11.3.1 added - libldap-2_4-2-2.4.46-150600.23.21 added - libssh4-0.9.8-150600.9.1 added - libcurl4-8.6.0-150600.2.2 added - libprocps8-3.3.17-150000.7.39.1 added - procps-3.3.17-150000.7.39.1 added - curl-8.6.0-150600.2.2 added - libsha1detectcoll1-1.0.3-2.18 added - which-2.21-2.20 added - gawk-4.2.1-150000.3.3.1 added - less-643-150600.3.3.1 added - git-core-2.43.0-150600.3.3.1 added From sle-container-updates at lists.suse.com Thu Jul 18 07:06:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Jul 2024 09:06:43 +0200 (CEST) Subject: SUSE-CU-2024:3204-1: Security update of suse/manager/5.0/x86_64/proxy-salt-broker Message-ID: <20240718070643.94525F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3204-1 Container Tags : suse/manager/5.0/x86_64/proxy-salt-broker:5.0.0 , suse/manager/5.0/x86_64/proxy-salt-broker:5.0.0.5.22 , suse/manager/5.0/x86_64/proxy-salt-broker:latest Container Release : 5.22 Severity : important Type : security References : 1209627 1225551 CVE-2024-4741 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2059-1 Released: Tue Jun 18 13:11:29 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) The following package changes have been done: - libjitterentropy3-3.4.1-150000.1.12.1 updated - libopenssl1_1-1.1.1w-150600.5.3.1 updated - libduktape206-2.6.0-150500.4.5.1 removed - libproxy1-0.5.3-150600.2.2 removed - libpxbackend-1_0-0.5.3-150600.2.1 removed - libsolv-tools-0.7.28-150400.3.16.2 removed From sle-container-updates at lists.suse.com Sat Jul 20 07:01:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Jul 2024 09:01:31 +0200 (CEST) Subject: SUSE-IU-2024:664-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20240720070131.888AEF788@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:664-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.38 , suse/sle-micro/base-5.5:latest Image Release : 5.8.38 Severity : important Type : security References : 1224282 1227186 1227187 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2302-1 Released: Thu Jul 4 16:21:10 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). The following package changes have been done: - libxml2-2-2.10.3-150500.5.17.1 updated - krb5-1.20.1-150500.3.9.1 updated From sle-container-updates at lists.suse.com Sat Jul 20 07:02:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Jul 2024 09:02:40 +0200 (CEST) Subject: SUSE-CU-2024:3226-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20240720070240.7290AF788@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3226-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.6.1 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.6.1 Container Release : 6.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. The following package changes have been done: - liblz4-1-1.9.2-3.3.1 added - libprocps8-3.3.17-150000.7.39.1 added - libsystemd0-246.16-150300.7.57.1 added - procps-3.3.17-150000.7.39.1 added From sle-container-updates at lists.suse.com Sat Jul 20 07:03:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Jul 2024 09:03:07 +0200 (CEST) Subject: SUSE-CU-2024:3228-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240720070307.C41ACF788@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3228-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.5.1 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.5.1 Container Release : 5.1 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. The following package changes have been done: - liblz4-1-1.9.3-150400.1.7 added - libprocps8-3.3.17-150000.7.39.1 added - libsystemd0-249.17-150400.8.40.1 added - procps-3.3.17-150000.7.39.1 added From sle-container-updates at lists.suse.com Sat Jul 20 07:06:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 20 Jul 2024 09:06:25 +0200 (CEST) Subject: SUSE-CU-2024:3230-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20240720070625.10A8EF788@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3230-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.3 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.3 Severity : moderate Type : recommended References : ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. The following package changes have been done: - liblz4-1-1.9.3-150400.1.7 added - libsystemd0-249.17-150400.8.40.1 added - libprocps8-3.3.17-150000.7.39.1 added - procps-3.3.17-150000.7.39.1 added - container:sles15-ltss-image-15.0.0-5.1 updated From sle-container-updates at lists.suse.com Tue Jul 23 07:02:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Jul 2024 09:02:26 +0200 (CEST) Subject: SUSE-CU-2024:3234-1: Security update of suse/sle-micro/5.3/toolbox Message-ID: <20240723070226.05915F788@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3234-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.1 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.1 Severity : important Type : security References : 1188441 1219559 1220664 1221563 1221854 1222075 1222086 1223430 1223766 1224242 1224282 1225551 1225963 1226447 1226448 1227186 1227187 1227429 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 CVE-2024-4032 CVE-2024-4741 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 33664 Released: Thu Jun 13 21:03:09 2024 Summary: Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1222086,1223430,1223766,1224242 This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242) - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2089-1 Released: Wed Jun 19 12:38:06 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2232-1 Released: Wed Jun 26 08:23:03 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: 1225963 This update for iputils fixes the following issues: - Fix exit code if receive more replies than sent (bsc#1225963) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2279-1 Released: Tue Jul 2 18:33:22 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2322-1 Released: Mon Jul 8 14:54:00 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) The following package changes have been done: - iputils-20211215-150400.3.14.1 updated - krb5-1.19.2-150400.3.12.1 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.69.1 updated - libopenssl1_1-1.1.1l-150400.7.69.1 updated - libprocps8-3.3.17-150000.7.39.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - libsolv-tools-base-0.7.29-150400.3.22.4 added - libsolv-tools-0.7.29-150400.3.22.4 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libxml2-2-2.9.14-150400.5.32.1 updated - libzypp-17.34.1-150400.3.71.7 updated - openssl-1_1-1.1.1l-150400.7.69.1 updated - procps-3.3.17-150000.7.39.1 updated - python3-base-3.6.15-150300.10.65.1 updated - suse-build-key-12.0-150000.8.46.2 updated - zypper-1.14.73-150400.3.50.10 updated From sle-container-updates at lists.suse.com Tue Jul 23 07:03:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Jul 2024 09:03:19 +0200 (CEST) Subject: SUSE-CU-2024:3235-1: Security update of suse/sle-micro/5.4/toolbox Message-ID: <20240723070319.403A5F788@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3235-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.1 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.1 Severity : important Type : security References : 1188441 1219559 1220664 1221563 1221854 1222075 1222086 1223430 1223766 1224242 1224282 1225551 1225963 1226447 1226448 1227186 1227187 1227429 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 CVE-2024-4032 CVE-2024-4741 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 33664 Released: Thu Jun 13 21:03:09 2024 Summary: Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1222086,1223430,1223766,1224242 This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242) - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2089-1 Released: Wed Jun 19 12:38:06 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2232-1 Released: Wed Jun 26 08:23:03 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: 1225963 This update for iputils fixes the following issues: - Fix exit code if receive more replies than sent (bsc#1225963) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2279-1 Released: Tue Jul 2 18:33:22 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2322-1 Released: Mon Jul 8 14:54:00 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) The following package changes have been done: - iputils-20211215-150400.3.14.1 updated - krb5-1.19.2-150400.3.12.1 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libopenssl1_1-hmac-1.1.1l-150400.7.69.1 updated - libopenssl1_1-1.1.1l-150400.7.69.1 updated - libprocps8-3.3.17-150000.7.39.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - libsolv-tools-base-0.7.29-150400.3.22.4 added - libsolv-tools-0.7.29-150400.3.22.4 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libxml2-2-2.9.14-150400.5.32.1 updated - libzypp-17.34.1-150400.3.71.7 updated - openssl-1_1-1.1.1l-150400.7.69.1 updated - procps-3.3.17-150000.7.39.1 updated - python3-base-3.6.15-150300.10.65.1 updated - suse-build-key-12.0-150000.8.46.2 updated - zypper-1.14.73-150400.3.50.10 updated From sle-container-updates at lists.suse.com Tue Jul 23 07:05:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Jul 2024 09:05:42 +0200 (CEST) Subject: SUSE-CU-2024:3237-1: Security update of bci/golang Message-ID: <20240723070542.1E7CAF78C@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3237-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-2.35.4 , bci/golang:oldstable , bci/golang:oldstable-2.35.4 Container Release : 35.4 Severity : important Type : security References : 1219660 CVE-2024-24577 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2579-1 Released: Mon Jul 22 12:36:34 2024 Summary: Security update for git Type: security Severity: important References: 1219660,CVE-2024-24577 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) The following package changes have been done: - git-core-2.43.0-150600.3.6.1 updated From sle-container-updates at lists.suse.com Tue Jul 23 07:05:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Jul 2024 09:05:43 +0200 (CEST) Subject: SUSE-CU-2024:3238-1: Security update of bci/golang Message-ID: <20240723070543.D362DFBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3238-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-35.4 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-35.4 Container Release : 35.4 Severity : important Type : security References : 1219660 CVE-2024-24577 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2579-1 Released: Mon Jul 22 12:36:34 2024 Summary: Security update for git Type: security Severity: important References: 1219660,CVE-2024-24577 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) The following package changes have been done: - git-core-2.43.0-150600.3.6.1 updated From sle-container-updates at lists.suse.com Tue Jul 23 07:05:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Jul 2024 09:05:45 +0200 (CEST) Subject: SUSE-CU-2024:3239-1: Security update of bci/golang Message-ID: <20240723070545.5B8C5FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3239-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-35.4 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-35.4 Container Release : 35.4 Severity : important Type : security References : 1219660 CVE-2024-24577 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2579-1 Released: Mon Jul 22 12:36:34 2024 Summary: Security update for git Type: security Severity: important References: 1219660,CVE-2024-24577 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) The following package changes have been done: - git-core-2.43.0-150600.3.6.1 updated From sle-container-updates at lists.suse.com Tue Jul 23 07:05:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Jul 2024 09:05:46 +0200 (CEST) Subject: SUSE-CU-2024:3240-1: Security update of bci/nodejs Message-ID: <20240723070546.D9701FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3240-1 Container Tags : bci/node:20 , bci/node:20-31.10 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-31.10 , bci/nodejs:latest Container Release : 31.10 Severity : important Type : security References : 1219660 1227554 1227560 1227561 1227562 1227563 CVE-2024-22018 CVE-2024-22020 CVE-2024-24577 CVE-2024-27980 CVE-2024-36137 CVE-2024-36138 CVE-2024-37372 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2574-1 Released: Mon Jul 22 12:35:14 2024 Summary: Security update for nodejs20 Type: security Severity: moderate References: 1227554,1227560,1227561,1227562,1227563,CVE-2024-22018,CVE-2024-22020,CVE-2024-27980,CVE-2024-36137,CVE-2024-36138,CVE-2024-37372 This update for nodejs20 fixes the following issues: Update to 20.15.1: - CVE-2024-36138: Fixed CVE-2024-27980 fix bypass (bsc#1227560) - CVE-2024-22020: Fixed a bypass of network import restriction via data URL (bsc#1227554) - CVE-2024-22018: Fixed fs.lstat bypasses permission model (bsc#1227562) - CVE-2024-36137: Fixed fs.fchown/fchmod bypasses permission model (bsc#1227561) - CVE-2024-37372: Fixed Permission model improperly processes UNC paths (bsc#1227563) Changes in 20.15.0: - test_runner: support test plans - inspector: introduce the --inspect-wait flag - zlib: expose zlib.crc32() - cli: allow running wasm in limited vmem with --disable-wasm-trap-handler Changes in 20.14.0 - src,permission: throw async errors on async APIs - test_runner: support forced exit Changes in 20.13.1: - buffer: improve base64 and base64url performance - crypto: deprecate implicitly shortened GCM tags - events,doc: mark CustomEvent as stable - fs: add stacktrace to fs/promises - report: add --report-exclude-network option - src: add uv_get_available_memory to report and process - stream: support typed arrays - util: support array of formats in util.styleText - v8: implement v8.queryObjects() for memory leak regression testing - watch: mark as stable ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2579-1 Released: Mon Jul 22 12:36:34 2024 Summary: Security update for git Type: security Severity: important References: 1219660,CVE-2024-24577 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) The following package changes have been done: - nodejs20-20.15.1-150600.3.3.2 updated - npm20-20.15.1-150600.3.3.2 updated - git-core-2.43.0-150600.3.6.1 updated From sle-container-updates at lists.suse.com Tue Jul 23 07:05:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Jul 2024 09:05:51 +0200 (CEST) Subject: SUSE-CU-2024:3241-1: Security update of bci/openjdk-devel Message-ID: <20240723070551.DC075FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3241-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-16.6 , bci/openjdk-devel:latest Container Release : 16.6 Severity : important Type : security References : 1227298 1228046 1228047 1228048 1228051 1228052 CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21145 CVE-2024-21147 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2578-1 Released: Mon Jul 22 12:36:15 2024 Summary: Security update for java-21-openjdk Type: security Severity: important References: 1227298,1228046,1228047,1228048,1228051,1228052,CVE-2024-21131,CVE-2024-21138,CVE-2024-21140,CVE-2024-21145,CVE-2024-21147 This update for java-21-openjdk fixes the following issues: Updated to version 21.0.4+7 (July 2024 CPU): - CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). - CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). - CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). - CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). The following package changes have been done: - java-21-openjdk-headless-21.0.4.0-150600.3.3.1 updated - java-21-openjdk-21.0.4.0-150600.3.3.1 updated - java-21-openjdk-devel-21.0.4.0-150600.3.3.1 updated - container:bci-openjdk-21-15.6.21-16.2 updated From sle-container-updates at lists.suse.com Tue Jul 23 07:05:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Jul 2024 09:05:57 +0200 (CEST) Subject: SUSE-CU-2024:3242-1: Security update of bci/openjdk Message-ID: <20240723070557.D92E0FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3242-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-16.2 , bci/openjdk:latest Container Release : 16.2 Severity : important Type : security References : 1219660 1227298 1228046 1228047 1228048 1228051 1228052 CVE-2024-21131 CVE-2024-21138 CVE-2024-21140 CVE-2024-21145 CVE-2024-21147 CVE-2024-24577 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2578-1 Released: Mon Jul 22 12:36:15 2024 Summary: Security update for java-21-openjdk Type: security Severity: important References: 1227298,1228046,1228047,1228048,1228051,1228052,CVE-2024-21131,CVE-2024-21138,CVE-2024-21140,CVE-2024-21145,CVE-2024-21147 This update for java-21-openjdk fixes the following issues: Updated to version 21.0.4+7 (July 2024 CPU): - CVE-2024-21131: Fixed a potential UTF8 size overflow (bsc#1228046). - CVE-2024-21138: Fixed an infinite loop due to excessive symbol length (bsc#1228047). - CVE-2024-21140: Fixed a pre-loop limit overflow in Range Check Elimination (bsc#1228048). - CVE-2024-21147: Fixed an out-of-bounds access in 2D image handling (bsc#1228052). - CVE-2024-21145: Fixed an index overflow in RangeCheckElimination (bsc#1228051). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2579-1 Released: Mon Jul 22 12:36:34 2024 Summary: Security update for git Type: security Severity: important References: 1219660,CVE-2024-24577 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) The following package changes have been done: - git-core-2.43.0-150600.3.6.1 updated - java-21-openjdk-headless-21.0.4.0-150600.3.3.1 updated - java-21-openjdk-21.0.4.0-150600.3.3.1 updated From sle-container-updates at lists.suse.com Tue Jul 23 07:06:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Jul 2024 09:06:04 +0200 (CEST) Subject: SUSE-CU-2024:3244-1: Security update of bci/python Message-ID: <20240723070604.7EA2AFCF7@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3244-1 Container Tags : bci/python:3 , bci/python:3-43.2 , bci/python:3.12 , bci/python:3.12-43.2 Container Release : 43.2 Severity : important Type : security References : 1219660 1225660 1226447 1226448 1227152 1227378 CVE-2024-0397 CVE-2024-24577 CVE-2024-4030 CVE-2024-4032 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2572-1 Released: Mon Jul 22 12:34:48 2024 Summary: Security update for python312 Type: security Severity: moderate References: 1225660,1226447,1226448,1227152,1227378,CVE-2024-0397,CVE-2024-4030,CVE-2024-4032 This update for python312 fixes the following issues: - CVE-2024-4032: Corrected information about public and private IPv4 and IPv6 address ranges (bsc#1226448). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2579-1 Released: Mon Jul 22 12:36:34 2024 Summary: Security update for git Type: security Severity: important References: 1219660,CVE-2024-24577 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) The following package changes have been done: - libpython3_12-1_0-3.12.4-150600.3.3.1 updated - python312-base-3.12.4-150600.3.3.1 updated - python312-3.12.4-150600.3.3.1 updated - python312-devel-3.12.4-150600.3.3.1 updated - git-core-2.43.0-150600.3.6.1 updated From sle-container-updates at lists.suse.com Tue Jul 23 07:06:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Jul 2024 09:06:06 +0200 (CEST) Subject: SUSE-CU-2024:3245-1: Security update of bci/python Message-ID: <20240723070606.411FEFCF7@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3245-1 Container Tags : bci/python:3 , bci/python:3-42.11 , bci/python:3.6 , bci/python:3.6-42.11 Container Release : 42.11 Severity : important Type : security References : 1219660 CVE-2024-24577 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2579-1 Released: Mon Jul 22 12:36:34 2024 Summary: Security update for git Type: security Severity: important References: 1219660,CVE-2024-24577 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) The following package changes have been done: - git-core-2.43.0-150600.3.6.1 updated From sle-container-updates at lists.suse.com Tue Jul 23 07:06:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Jul 2024 09:06:07 +0200 (CEST) Subject: SUSE-CU-2024:3246-1: Security update of bci/ruby Message-ID: <20240723070607.BE831FCF7@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3246-1 Container Tags : bci/ruby:2 , bci/ruby:2-17.10 , bci/ruby:2.5 , bci/ruby:2.5-17.10 , bci/ruby:latest Container Release : 17.10 Severity : important Type : security References : 1219660 CVE-2024-24577 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2579-1 Released: Mon Jul 22 12:36:34 2024 Summary: Security update for git Type: security Severity: important References: 1219660,CVE-2024-24577 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) The following package changes have been done: - git-core-2.43.0-150600.3.6.1 updated From sle-container-updates at lists.suse.com Tue Jul 23 07:06:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Jul 2024 09:06:14 +0200 (CEST) Subject: SUSE-CU-2024:3247-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240723070614.7A767FCF7@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3247-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.17.15 , bci/bci-sle15-kernel-module-devel:latest Container Release : 17.15 Severity : important Type : security References : 1186716 1195775 1204562 1209834 1217481 1217912 1218442 1219224 1219478 1219596 1219633 1219847 1219953 1221086 1221777 1221958 1222011 1222015 1222080 1222241 1222380 1222588 1222617 1222619 1222809 1222810 1223018 1223265 1224049 1224187 1224439 1224497 1224498 1224515 1224520 1224523 1224539 1224540 1224549 1224572 1224575 1224583 1224584 1224606 1224612 1224614 1224619 1224655 1224659 1224661 1224662 1224670 1224673 1224698 1224735 1224751 1224759 1224928 1224930 1224932 1224933 1224935 1224937 1224939 1224941 1224944 1224946 1224947 1224949 1224951 1224988 1224992 1224998 1225000 1225001 1225004 1225006 1225008 1225009 1225014 1225015 1225022 1225025 1225028 1225029 1225031 1225036 1225041 1225044 1225049 1225050 1225076 1225077 1225078 1225081 1225085 1225086 1225090 1225092 1225096 1225097 1225098 1225101 1225103 1225104 1225105 1225106 1225108 1225120 1225132 1225180 1225300 1225391 1225472 1225475 1225476 1225477 1225478 1225485 1225490 1225527 1225529 1225530 1225532 1225534 1225548 1225550 1225553 1225554 1225555 1225556 1225557 1225559 1225560 1225564 1225565 1225566 1225568 1225569 1225570 1225571 1225572 1225573 1225577 1225581 1225583 1225584 1225585 1225586 1225587 1225588 1225589 1225590 1225591 1225592 1225594 1225595 1225599 1225602 1225605 1225609 1225611 1225681 1225702 1225723 1225726 1225731 1225732 1225737 1225741 1225758 1225759 1225760 1225761 1225762 1225763 1225767 1225770 1225815 1225820 1225823 1225827 1225834 1225866 1225872 1225898 1225903 1226022 1226131 1226145 1226149 1226155 1226158 1226163 1226211 1226212 1226226 1226457 1226503 1226513 1226514 1226520 1226582 1226587 1226588 1226592 1226593 1226594 1226595 1226597 1226607 1226608 1226610 1226612 1226613 1226630 1226632 1226633 1226634 1226637 1226657 1226658 1226734 1226735 1226737 1226738 1226739 1226740 1226741 1226742 1226744 1226746 1226747 1226749 1226754 1226758 1226760 1226761 1226764 1226767 1226768 1226769 1226771 1226772 1226774 1226775 1226776 1226777 1226780 1226781 1226786 1226788 1226789 1226790 1226791 1226796 1226799 1226837 1226839 1226840 1226841 1226842 1226844 1226848 1226852 1226856 1226857 1226859 1226861 1226863 1226864 1226867 1226868 1226875 1226876 1226878 1226879 1226886 1226890 1226891 1226894 1226895 1226905 1226908 1226909 1226911 1226928 1226934 1226938 1226939 1226941 1226948 1226949 1226950 1226962 1226976 1226989 1226990 1226992 1226994 1226995 1226996 1227066 1227072 1227085 1227089 1227090 1227096 1227101 1227190 CVE-2021-47432 CVE-2022-48772 CVE-2023-52622 CVE-2023-52656 CVE-2023-52672 CVE-2023-52699 CVE-2023-52735 CVE-2023-52749 CVE-2023-52750 CVE-2023-52753 CVE-2023-52754 CVE-2023-52757 CVE-2023-52759 CVE-2023-52762 CVE-2023-52763 CVE-2023-52764 CVE-2023-52765 CVE-2023-52766 CVE-2023-52767 CVE-2023-52768 CVE-2023-52769 CVE-2023-52773 CVE-2023-52774 CVE-2023-52776 CVE-2023-52777 CVE-2023-52780 CVE-2023-52781 CVE-2023-52782 CVE-2023-52783 CVE-2023-52784 CVE-2023-52786 CVE-2023-52787 CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52792 CVE-2023-52794 CVE-2023-52795 CVE-2023-52796 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800 CVE-2023-52801 CVE-2023-52803 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806 CVE-2023-52807 CVE-2023-52808 CVE-2023-52809 CVE-2023-52810 CVE-2023-52811 CVE-2023-52812 CVE-2023-52813 CVE-2023-52814 CVE-2023-52815 CVE-2023-52816 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52821 CVE-2023-52825 CVE-2023-52826 CVE-2023-52827 CVE-2023-52829 CVE-2023-52832 CVE-2023-52833 CVE-2023-52834 CVE-2023-52835 CVE-2023-52836 CVE-2023-52837 CVE-2023-52838 CVE-2023-52840 CVE-2023-52841 CVE-2023-52842 CVE-2023-52843 CVE-2023-52844 CVE-2023-52845 CVE-2023-52846 CVE-2023-52847 CVE-2023-52849 CVE-2023-52850 CVE-2023-52851 CVE-2023-52853 CVE-2023-52854 CVE-2023-52855 CVE-2023-52856 CVE-2023-52857 CVE-2023-52858 CVE-2023-52861 CVE-2023-52862 CVE-2023-52863 CVE-2023-52864 CVE-2023-52865 CVE-2023-52866 CVE-2023-52867 CVE-2023-52868 CVE-2023-52869 CVE-2023-52870 CVE-2023-52871 CVE-2023-52872 CVE-2023-52873 CVE-2023-52874 CVE-2023-52875 CVE-2023-52876 CVE-2023-52877 CVE-2023-52878 CVE-2023-52879 CVE-2023-52880 CVE-2023-52881 CVE-2023-52883 CVE-2023-52884 CVE-2024-26482 CVE-2024-26625 CVE-2024-26676 CVE-2024-26750 CVE-2024-26758 CVE-2024-26767 CVE-2024-26780 CVE-2024-26813 CVE-2024-26814 CVE-2024-26845 CVE-2024-26889 CVE-2024-26920 CVE-2024-27414 CVE-2024-27419 CVE-2024-33619 CVE-2024-34777 CVE-2024-35247 CVE-2024-35807 CVE-2024-35827 CVE-2024-35831 CVE-2024-35843 CVE-2024-35848 CVE-2024-35857 CVE-2024-35880 CVE-2024-35884 CVE-2024-35886 CVE-2024-35892 CVE-2024-35896 CVE-2024-35898 CVE-2024-35900 CVE-2024-35925 CVE-2024-35926 CVE-2024-35957 CVE-2024-35962 CVE-2024-35970 CVE-2024-35976 CVE-2024-35979 CVE-2024-35998 CVE-2024-36005 CVE-2024-36008 CVE-2024-36010 CVE-2024-36017 CVE-2024-36024 CVE-2024-36281 CVE-2024-36477 CVE-2024-36478 CVE-2024-36479 CVE-2024-36882 CVE-2024-36887 CVE-2024-36899 CVE-2024-36900 CVE-2024-36903 CVE-2024-36904 CVE-2024-36915 CVE-2024-36916 CVE-2024-36917 CVE-2024-36919 CVE-2024-36923 CVE-2024-36924 CVE-2024-36926 CVE-2024-36934 CVE-2024-36935 CVE-2024-36937 CVE-2024-36938 CVE-2024-36945 CVE-2024-36952 CVE-2024-36957 CVE-2024-36960 CVE-2024-36962 CVE-2024-36964 CVE-2024-36965 CVE-2024-36967 CVE-2024-36969 CVE-2024-36971 CVE-2024-36972 CVE-2024-36973 CVE-2024-36975 CVE-2024-36977 CVE-2024-36978 CVE-2024-37021 CVE-2024-37078 CVE-2024-37353 CVE-2024-37354 CVE-2024-38381 CVE-2024-38384 CVE-2024-38385 CVE-2024-38388 CVE-2024-38390 CVE-2024-38391 CVE-2024-38539 CVE-2024-38540 CVE-2024-38541 CVE-2024-38543 CVE-2024-38544 CVE-2024-38545 CVE-2024-38546 CVE-2024-38547 CVE-2024-38548 CVE-2024-38549 CVE-2024-38550 CVE-2024-38551 CVE-2024-38552 CVE-2024-38553 CVE-2024-38554 CVE-2024-38555 CVE-2024-38556 CVE-2024-38557 CVE-2024-38559 CVE-2024-38560 CVE-2024-38562 CVE-2024-38564 CVE-2024-38565 CVE-2024-38566 CVE-2024-38567 CVE-2024-38568 CVE-2024-38569 CVE-2024-38570 CVE-2024-38571 CVE-2024-38572 CVE-2024-38573 CVE-2024-38575 CVE-2024-38578 CVE-2024-38579 CVE-2024-38580 CVE-2024-38581 CVE-2024-38582 CVE-2024-38583 CVE-2024-38587 CVE-2024-38588 CVE-2024-38590 CVE-2024-38591 CVE-2024-38592 CVE-2024-38594 CVE-2024-38595 CVE-2024-38597 CVE-2024-38599 CVE-2024-38600 CVE-2024-38601 CVE-2024-38602 CVE-2024-38603 CVE-2024-38605 CVE-2024-38608 CVE-2024-38610 CVE-2024-38611 CVE-2024-38615 CVE-2024-38616 CVE-2024-38617 CVE-2024-38618 CVE-2024-38619 CVE-2024-38621 CVE-2024-38622 CVE-2024-38627 CVE-2024-38628 CVE-2024-38629 CVE-2024-38630 CVE-2024-38633 CVE-2024-38634 CVE-2024-38635 CVE-2024-38636 CVE-2024-38661 CVE-2024-38663 CVE-2024-38664 CVE-2024-38780 CVE-2024-39277 CVE-2024-39291 CVE-2024-39296 CVE-2024-39301 CVE-2024-39362 CVE-2024-39371 CVE-2024-39463 CVE-2024-39466 CVE-2024-39469 CVE-2024-39471 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2571-1 Released: Mon Jul 22 12:34:16 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1186716,1195775,1204562,1209834,1217481,1217912,1218442,1219224,1219478,1219596,1219633,1219847,1219953,1221086,1221777,1221958,1222011,1222015,1222080,1222241,1222380,1222588,1222617,1222619,1222809,1222810,1223018,1223265,1224049,1224187,1224439,1224497,1224498,1224515,1224520,1224523,1224539,1224540,1224549,1224572,1224575,1224583,1224584,1224606,1224612,1224614,1224619,1224655,1224659,1224661,1224662,1224670,1224673,1224698,1224735,1224751,1224759,1224928,1224930,1224932,1224933,1224935,1224937,1224939,1224941,1224944,1224946,1224947,1224949,1224951,1224988,1224992,1224998,1225000,1225001,1225004,1225006,1225008,1225009,1225014,1225015,1225022,1225025,1225028,1225029,1225031,1225036,1225041,1225044,1225049,1225050,1225076,1225077,1225078,1225081,1225085,1225086,1225090,1225092,1225096,1225097,1225098,1225101,1225103,1225104,1225105,1225106,1225108,1225120,1225132,1225180,1225300,1225391,1225472,1225475,1225476,1225477,1225478,1225485,1225490,1225527,1225529,1225530,1 225532,1225534,1225548,1225550,1225553,1225554,1225555,1225556,1225557,1225559,1225560,1225564,1225565,1225566,1225568,1225569,1225570,1225571,1225572,1225573,1225577,1225581,1225583,1225584,1225585,1225586,1225587,1225588,1225589,1225590,1225591,1225592,1225594,1225595,1225599,1225602,1225605,1225609,1225611,1225681,1225702,1225723,1225726,1225731,1225732,1225737,1225741,1225758,1225759,1225760,1225761,1225762,1225763,1225767,1225770,1225815,1225820,1225823,1225827,1225834,1225866,1225872,1225898,1225903,1226022,1226131,1226145,1226149,1226155,1226158,1226163,1226211,1226212,1226226,1226457,1226503,1226513,1226514,1226520,1226582,1226587,1226588,1226592,1226593,1226594,1226595,1226597,1226607,1226608,1226610,1226612,1226613,1226630,1226632,1226633,1226634,1226637,1226657,1226658,1226734,1226735,1226737,1226738,1226739,1226740,1226741,1226742,1226744,1226746,1226747,1226749,1226754,1226758,1226760,1226761,1226764,1226767,1226768,1226769,1226771,1226772,1226774,1226775,1226776,122677 7,1226780,1226781,1226786,1226788,1226789,1226790,1226791,1226796,1226799,1226837,1226839,1226840,1226841,1226842,1226844,1226848,1226852,1226856,1226857,1226859,1226861,1226863,1226864,1226867,1226868,1226875,1226876,1226878,1226879,1226886,1226890,1226891,1226894,1226895,1226905,1226908,1226909,1226911,1226928,1226934,1226938,1226939,1226941,1226948,1226949,1226950,1226962,1226976,1226989,1226990,1226992,1226994,1226995,1226996,1227066,1227072,1227085,1227089,1227090,1227096,1227101,1227190,CVE-2021-47432,CVE-2022-48772,CVE-2023-52622,CVE-2023-52656,CVE-2023-52672,CVE-2023-52699,CVE-2023-52735,CVE-2023-52749,CVE-2023-52750,CVE-2023-52753,CVE-2023-52754,CVE-2023-52757,CVE-2023-52759,CVE-2023-52762,CVE-2023-52763,CVE-2023-52764,CVE-2023-52765,CVE-2023-52766,CVE-2023-52767,CVE-2023-52768,CVE-2023-52769,CVE-2023-52773,CVE-2023-52774,CVE-2023-52776,CVE-2023-52777,CVE-2023-52780,CVE-2023-52781,CVE-2023-52782,CVE-2023-52783,CVE-2023-52784,CVE-2023-52786,CVE-2023-52787,CVE-2023-52788,CVE- 2023-52789,CVE-2023-52791,CVE-2023-52792,CVE-2023-52794,CVE-2023-52795,CVE-2023-52796,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52801,CVE-2023-52803,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52807,CVE-2023-52808,CVE-2023-52809,CVE-2023-52810,CVE-2023-52811,CVE-2023-52812,CVE-2023-52813,CVE-2023-52814,CVE-2023-52815,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52827,CVE-2023-52829,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,CVE-2023-52835,CVE-2023-52836,CVE-2023-52837,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52842,CVE-2023-52843,CVE-2023-52844,CVE-2023-52845,CVE-2023-52846,CVE-2023-52847,CVE-2023-52849,CVE-2023-52850,CVE-2023-52851,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-2023-52856,CVE-2023-52857,CVE-2023-52858,CVE-2023-52861,CVE-2023-52862,CVE-2023-52863,CVE-2023-52864,CVE-2023-52865,CVE-2023-52866,CVE-2023-52867,CVE-2023-52868,CVE-2023-52869,CVE-2023-52870,CVE-2023-52 871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52874,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52879,CVE-2023-52880,CVE-2023-52881,CVE-2023-52883,CVE-2023-52884,CVE-2024-26482,CVE-2024-26625,CVE-2024-26676,CVE-2024-26750,CVE-2024-26758,CVE-2024-26767,CVE-2024-26780,CVE-2024-26813,CVE-2024-26814,CVE-2024-26845,CVE-2024-26889,CVE-2024-26920,CVE-2024-27414,CVE-2024-27419,CVE-2024-33619,CVE-2024-34777,CVE-2024-35247,CVE-2024-35807,CVE-2024-35827,CVE-2024-35831,CVE-2024-35843,CVE-2024-35848,CVE-2024-35857,CVE-2024-35880,CVE-2024-35884,CVE-2024-35886,CVE-2024-35892,CVE-2024-35896,CVE-2024-35898,CVE-2024-35900,CVE-2024-35925,CVE-2024-35926,CVE-2024-35957,CVE-2024-35962,CVE-2024-35970,CVE-2024-35976,CVE-2024-35979,CVE-2024-35998,CVE-2024-36005,CVE-2024-36008,CVE-2024-36010,CVE-2024-36017,CVE-2024-36024,CVE-2024-36281,CVE-2024-36477,CVE-2024-36478,CVE-2024-36479,CVE-2024-36882,CVE-2024-36887,CVE-2024-36899,CVE-2024-36900,CVE-2024-36903,CVE-2024-36904,CVE-2024-36915,CVE -2024-36916,CVE-2024-36917,CVE-2024-36919,CVE-2024-36923,CVE-2024-36924,CVE-2024-36926,CVE-2024-36934,CVE-2024-36935,CVE-2024-36937,CVE-2024-36938,CVE-2024-36945,CVE-2024-36952,CVE-2024-36957,CVE-2024-36960,CVE-2024-36962,CVE-2024-36964,CVE-2024-36965,CVE-2024-36967,CVE-2024-36969,CVE-2024-36971,CVE-2024-36972,CVE-2024-36973,CVE-2024-36975,CVE-2024-36977,CVE-2024-36978,CVE-2024-37021,CVE-2024-37078,CVE-2024-37353,CVE-2024-37354,CVE-2024-38381,CVE-2024-38384,CVE-2024-38385,CVE-2024-38388,CVE-2024-38390,CVE-2024-38391,CVE-2024-38539,CVE-2024-38540,CVE-2024-38541,CVE-2024-38543,CVE-2024-38544,CVE-2024-38545,CVE-2024-38546,CVE-2024-38547,CVE-2024-38548,CVE-2024-38549,CVE-2024-38550,CVE-2024-38551,CVE-2024-38552,CVE-2024-38553,CVE-2024-38554,CVE-2024-38555,CVE-2024-38556,CVE-2024-38557,CVE-2024-38559,CVE-2024-38560,CVE-2024-38562,CVE-2024-38564,CVE-2024-38565,CVE-2024-38566,CVE-2024-38567,CVE-2024-38568,CVE-2024-38569,CVE-2024-38570,CVE-2024-38571,CVE-2024-38572,CVE-2024-38573,CVE-2024-3 8575,CVE-2024-38578,CVE-2024-38579,CVE-2024-38580,CVE-2024-38581,CVE-2024-38582,CVE-2024-38583,CVE-2024-38587,CVE-2024-38588,CVE-2024-38590,CVE-2024-38591,CVE-2024-38592,CVE-2024-38594,CVE-2024-38595,CVE-2024-38597,CVE-2024-38599,CVE-2024-38600,CVE-2024-38601,CVE-2024-38602,CVE-2024-38603,CVE-2024-38605,CVE-2024-38608,CVE-2024-38610,CVE-2024-38611,CVE-2024-38615,CVE-2024-38616,CVE-2024-38617,CVE-2024-38618,CVE-2024-38619,CVE-2024-38621,CVE-2024-38622,CVE-2024-38627,CVE-2024-38628,CVE-2024-38629,CVE-2024-38630,CVE-2024-38633,CVE-2024-38634,CVE-2024-38635,CVE-2024-38636,CVE-2024-38661,CVE-2024-38663,CVE-2024-38664,CVE-2024-38780,CVE-2024-39277,CVE-2024-39291,CVE-2024-39296,CVE-2024-39301,CVE-2024-39362,CVE-2024-39371,CVE-2024-39463,CVE-2024-39466,CVE-2024-39469,CVE-2024-39471 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990). - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758). - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101). - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595). - CVE-2023-52834: atl1c: Work around the DMA RX overflow issue (bsc#1225599). - CVE-2023-52875: Add check for mtk_alloc_clk_data (bsc#1225096). - CVE-2023-52865: Add check for mtk_alloc_clk_data (bsc#1225086). - CVE-2023-52821: Fixed a possible null pointer dereference (bsc#1225022). - CVE-2023-52867: Fixed possible buffer overflow (bsc#1225009). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2023-52759: Ignore negated quota changes (bsc#1225560). - CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930). - CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097). - CVE-2023-52864: Fixed opening of char device (bsc#1225132). - CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011). - CVE-2023-52871: Handle a second device without data corruption (bsc#1225534) - CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875). - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994). - CVE-2024-35843: iommu/vt-d: Use device rbtree in iopf reporting path (bsc#1224751). - CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066). - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948). - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949). - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950). - CVE-2024-36281: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules (bsc#1226799). - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610). - CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841). - CVE-2024-38636: f2fs: multidev: fix to recognize valid zero block address (bsc#1226879). - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770). - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857). - CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842). - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). - CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774). - CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781). - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746). - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749). - CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734). - CVE-2024-38569: drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group (bsc#1226772). - CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771). - CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810). - CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809). - CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823). - CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-27414: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back (bsc#1224439). - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670). - CVE-2024-36024: drm/amd/display: Disable idle reallow as part of command/gpint execution (bsc#1225702). - CVE-2024-36903: ipv6: Fix potential uninit-value access in __ip6_make_skb() (bsc#1225741). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572). - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735). - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080). - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951). - CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498). - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758). - CVE-2024-36882: mm: use memalloc_nofs_save() in page_cache_ra_order() (bsc#1225723). - CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759). - CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726). - CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105). - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661). - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2023-52786: ext4: fix racy may inline data check in dio write (bsc#1224939). - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760). - CVE-2024-36935: ice: ensure the copied buf is NUL terminated (bsc#1225763). - CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834). - CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614). - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585). - CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539). - CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018). - CVE-2024-35892: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() (bsc#1224515). - CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612). - CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520). - CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619). - CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475). - CVE-2024-35926: crypto: iaa - Fix async_disable descriptor leak (bsc#1224655). - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575). - CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761). - CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540). - CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549). - CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548). - CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759) - CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762). - CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086) - CVE-2024-35880: io_uring/kbuf: hold io_buffer_list reference over mmap (bsc#1224523). - CVE-2024-35831: io_uring: Fix release of pinned pages when __io_uaddr_map fails (bsc#1224698). - CVE-2024-35827: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() (bsc#1224606). - CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187). - CVE-2023-52699: sysv: don't call sb_bread() with pointers_lock held (bsc#1224659). The following non-security bugs were fixed: - KVM: arm64: Use local TLBI on permission relaxation (bsc#1219478). - KVM: x86/pmu: Prioritize VMX interception over #GP on RDPMC due to bad index (bsc#1226158). - NFS: abort nfs_atomic_open_v23 if name is too long (bsc#1219847). - NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847). - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - PCI: Clear Secondary Status errors after enumeration (bsc#1226928) - RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300). - RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300). - Revert 'build initrd without systemd' (bsc#1195775)' - arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8688). - arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8688). - arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8688). - bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903). - bpf: correct loop detection for iterators convergence (bsc#1225903). - bpf: exact states comparison for iterator convergence checks (bsc#1225903). - bpf: extract __check_reg_arg() utility function (bsc#1225903). - bpf: extract same_callsites() as utility function (bsc#1225903). - bpf: extract setup_func_entry() utility function (bsc#1225903). - bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903). - bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903). - bpf: print full verifier states on infinite loop detection (bsc#1225903). - bpf: verify callbacks as if they are called unknown number of times (bsc#1225903). - bpf: widening for callback iterators (bsc#1225903). - cachefiles: remove requests from xarray during flushing requests (bsc#1226588). - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022). - ceph: always check dir caps asynchronously (bsc#1226022). - ceph: always queue a writeback when revoking the Fb caps (bsc#1226022). - ceph: break the check delayed cap loop every 5s (bsc#1226022). - ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022). - crypto: deflate - Add aliases to deflate (bsc#1227190). - crypto: iaa - Account for cpu-less numa nodes (bsc#1227190). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - kABI: bpf: verifier kABI workaround (bsc#1225903). - net: ena: Fix redundant device NUMA node override (jsc#PED-8688). - net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491). - nfs: Avoid flushing many pages with NFS_FILE_SYNC (bsc#1218442). - nfs: Bump default write congestion size (bsc#1218442). - nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912). - nvme-fabrics: short-circuit reconnect retries (bsc#1186716). - nvme-tcp: Export the nvme_tcp_wq to sysfs (bsc#1224049). - nvme/tcp: Add wq_unbound modparam for nvme_tcp_wq (bsc#1224049). - nvme: do not retry authentication failures (bsc#1186716). - nvme: return kernel error codes for admin queue connect (bsc#1186716). - nvmet: lock config semaphore when accessing DH-HMAC-CHAP key (bsc#1186716). - nvmet: return DHCHAP status codes from nvmet_setup_auth() (bsc#1186716). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212). - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211). - s390/cpacf: Make use of invalid opcode produce a link error (bsc#1227072). - sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791). - selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903). - selftests/bpf: test if state loops are detected in a tricky case (bsc#1225903). - selftests/bpf: test widening for iterating callbacks (bsc#1225903). - selftests/bpf: tests for iterating callbacks (bsc#1225903). - selftests/bpf: tests with delayed read/precision makrs in loop body (bsc#1225903). - selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903). - selftests/bpf: track tcp payload offset as scalar in xdp_synproxy (bsc#1225903). - supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570) - tcp: Dump bound-only sockets in inet_diag (bsc#1204562). - x86/mce: Dynamically size space for machine check records (bsc#1222241). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). The following package changes have been done: - kernel-macros-6.4.0-150600.23.14.2 updated - kernel-devel-6.4.0-150600.23.14.2 updated - kernel-default-devel-6.4.0-150600.23.14.2 updated - kernel-syms-6.4.0-150600.23.14.2 updated From sle-container-updates at lists.suse.com Tue Jul 23 07:06:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Jul 2024 09:06:16 +0200 (CEST) Subject: SUSE-CU-2024:3248-1: Security update of bci/spack Message-ID: <20240723070616.4D936FCF7@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3248-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-3.4 , bci/spack:0.21.2 , bci/spack:0.21.2-3.4 , bci/spack:latest Container Release : 3.4 Severity : important Type : security References : 1219660 CVE-2024-24577 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2579-1 Released: Mon Jul 22 12:36:34 2024 Summary: Security update for git Type: security Severity: important References: 1219660,CVE-2024-24577 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) The following package changes have been done: - git-core-2.43.0-150600.3.6.1 updated - perl-Git-2.43.0-150600.3.6.1 updated - git-2.43.0-150600.3.6.1 updated From sle-container-updates at lists.suse.com Tue Jul 23 07:07:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Jul 2024 09:07:05 +0200 (CEST) Subject: SUSE-CU-2024:3249-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240723070705.91BEEFCF7@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3249-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.1 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.1 Severity : important Type : security References : 1188441 1215918 1219559 1220664 1221563 1221854 1222075 1222086 1223430 1223766 1224044 1224282 1226447 1226448 1227186 1227187 1227396 1227429 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-34397 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 CVE-2024-4032 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 33666 Released: Wed Jun 19 08:36:51 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1222086,1223430,1223766 This update for libsolv, libzypp, zypper fixes the following issues: - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2233-1 Released: Wed Jun 26 10:02:07 2024 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1215918 This update for util-linux fixes the following issue: - fix Xen virtualization type misidentification (bsc#1215918) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2247-1 Released: Sun Jun 30 15:21:38 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2267-1 Released: Tue Jul 2 10:33:36 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2303-1 Released: Thu Jul 4 16:25:35 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2310-1 Released: Mon Jul 8 09:15:35 2024 Summary: Recommended update for libssh Type: recommended Severity: moderate References: 1227396 This update for libssh fixes the following issue: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1227396) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) The following package changes have been done: - krb5-1.19.2-150300.19.1 updated - libblkid1-2.36.2-150300.4.44.12 updated - libfdisk1-2.36.2-150300.4.44.12 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libglib-2_0-0-2.62.6-150200.3.18.1 updated - libgmodule-2_0-0-2.62.6-150200.3.18.1 updated - libmount1-2.36.2-150300.4.44.12 updated - libprocps8-3.3.17-150000.7.39.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - libsmartcols1-2.36.2-150300.4.44.12 updated - libsolv-tools-base-0.7.29-150200.34.1 added - libsolv-tools-0.7.29-150200.34.1 updated - libssh-config-0.9.8-150200.13.6.2 updated - libssh4-0.9.8-150200.13.6.2 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libuuid1-2.36.2-150300.4.44.12 updated - libxml2-2-2.9.7-150000.3.70.1 updated - libzypp-17.34.1-150200.106.2 updated - procps-3.3.17-150000.7.39.1 updated - python3-base-3.6.15-150300.10.65.1 updated - suse-build-key-12.0-150000.8.46.2 updated - util-linux-2.36.2-150300.4.44.12 updated - zypper-1.14.73-150200.81.6 updated From sle-container-updates at lists.suse.com Tue Jul 23 07:05:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Jul 2024 09:05:40 +0200 (CEST) Subject: SUSE-CU-2024:3236-1: Security update of suse/git Message-ID: <20240723070540.18FB0F788@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3236-1 Container Tags : suse/git:2.43 , suse/git:2.43-18.5 , suse/git:latest Container Release : 18.5 Severity : important Type : security References : 1219660 1227456 CVE-2024-24577 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2579-1 Released: Mon Jul 22 12:36:34 2024 Summary: Security update for git Type: security Severity: important References: 1219660,CVE-2024-24577 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2587-1 Released: Mon Jul 22 13:44:54 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1227456 This update for openssh fixes the following issues: - Remove empty line at the end of sshd-sle.pamd (bsc#1227456) The following package changes have been done: - git-core-2.43.0-150600.3.6.1 updated - openssh-clients-9.6p1-150600.6.9.1 updated - openssh-common-9.6p1-150600.6.9.1 updated From sle-container-updates at lists.suse.com Tue Jul 23 07:06:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 23 Jul 2024 09:06:00 +0200 (CEST) Subject: SUSE-CU-2024:3243-1: Security update of bci/python Message-ID: <20240723070600.0A427FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3243-1 Container Tags : bci/python:3 , bci/python:3-43.2 , bci/python:3.11 , bci/python:3.11-43.2 , bci/python:latest Container Release : 43.2 Severity : important Type : security References : 1219660 CVE-2024-24577 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2579-1 Released: Mon Jul 22 12:36:34 2024 Summary: Security update for git Type: security Severity: important References: 1219660,CVE-2024-24577 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) The following package changes have been done: - git-core-2.43.0-150600.3.6.1 updated From sle-container-updates at lists.suse.com Wed Jul 24 07:04:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Jul 2024 09:04:02 +0200 (CEST) Subject: SUSE-CU-2024:3250-1: Security update of suse/registry Message-ID: <20240724070402.0A3DEF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3250-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-20.4 , suse/registry:latest Container Release : 20.4 Severity : important Type : security References : 1227268 1227269 1227272 CVE-2024-36387 CVE-2024-38475 CVE-2024-38476 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2597-1 Released: Tue Jul 23 09:03:59 2024 Summary: Security update for apache2 Type: security Severity: important References: 1227268,1227269,1227272,CVE-2024-36387,CVE-2024-38475,CVE-2024-38476 This update for apache2 fixes the following issues: - CVE-2024-36387: Fixed DoS by null pointer in websocket over HTTP/2 (bsc#1227272) - CVE-2024-38475: Fixed improper escaping of output in mod_rewrite (bsc#1227268) - CVE-2024-38476: Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect (bsc#1227269) The following package changes have been done: - apache2-utils-2.4.58-150600.5.18.1 updated From sle-container-updates at lists.suse.com Wed Jul 24 07:04:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 24 Jul 2024 09:04:03 +0200 (CEST) Subject: SUSE-CU-2024:3251-1: Security update of bci/php-apache Message-ID: <20240724070403.CC868F78C@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3251-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-31.11 , bci/php-apache:latest Container Release : 31.11 Severity : important Type : security References : 1227268 1227269 1227272 CVE-2024-36387 CVE-2024-38475 CVE-2024-38476 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2597-1 Released: Tue Jul 23 09:03:59 2024 Summary: Security update for apache2 Type: security Severity: important References: 1227268,1227269,1227272,CVE-2024-36387,CVE-2024-38475,CVE-2024-38476 This update for apache2 fixes the following issues: - CVE-2024-36387: Fixed DoS by null pointer in websocket over HTTP/2 (bsc#1227272) - CVE-2024-38475: Fixed improper escaping of output in mod_rewrite (bsc#1227268) - CVE-2024-38476: Fixed server may use exploitable/malicious backend application output to run local handlers via internal redirect (bsc#1227269) The following package changes have been done: - apache2-prefork-2.4.58-150600.5.18.1 updated - apache2-2.4.58-150600.5.18.1 updated From sle-container-updates at lists.suse.com Fri Jul 26 11:44:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 26 Jul 2024 13:44:37 +0200 (CEST) Subject: SUSE-CU-2024:3252-1: Security update of bci/golang Message-ID: <20240726114437.19F42FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3252-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-1.35.4 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.35.4 Container Release : 35.4 Severity : important Type : security References : 1219660 CVE-2024-24577 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2579-1 Released: Mon Jul 22 12:36:34 2024 Summary: Security update for git Type: security Severity: important References: 1219660,CVE-2024-24577 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) The following package changes have been done: - git-core-2.43.0-150600.3.6.1 updated From sle-container-updates at lists.suse.com Sat Jul 27 07:04:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 27 Jul 2024 09:04:03 +0200 (CEST) Subject: SUSE-CU-2024:3253-1: Security update of suse/sles12sp5 Message-ID: <20240727070403.CECF9F78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3253-1 Container Tags : suse/sles12sp5:6.8.16 , suse/sles12sp5:latest Container Release : 6.8.16 Severity : important Type : security References : 1224771 916845 CVE-2013-4235 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2569-1 Released: Mon Jul 22 08:08:28 2024 Summary: Recommended update for zypper Type: recommended Severity: important References: 1224771 This update for zypper fixes the following issues: - Show rpm install size before installing (bsc#1224771) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2603-1 Released: Tue Jul 23 12:37:14 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). The following package changes have been done: - shadow-4.2.1-36.12.1 updated - zypper-1.13.67-21.64.1 updated From sle-container-updates at lists.suse.com Sun Jul 28 07:01:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 28 Jul 2024 09:01:24 +0200 (CEST) Subject: SUSE-IU-2024:678-1: Security update of suse-sles-15-sp5-chost-byos-v20240726-x86_64-gen2 Message-ID: <20240728070124.E6B40FBA1@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240726-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:678-1 Image Tags : suse-sles-15-sp5-chost-byos-v20240726-x86_64-gen2:20240726 Image Release : Severity : important Type : security References : 1141157 1219559 1220664 1221563 1221854 1222075 1224282 1226447 1226448 1227150 1227186 1227187 1227429 1227681 CVE-2019-13225 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 CVE-2024-4032 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20240726-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2253-1 Released: Mon Jul 1 18:33:02 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: This update for containerd fixes the following issues: - Revert the noarch change for devel subpackage Switching to noarch causes issues on SLES maintenance updates, reverting it fixes our image builds ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:27 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2302-1 Released: Thu Jul 4 16:21:10 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2325-1 Released: Mon Jul 8 15:07:46 2024 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1227150 This update for xfsprogs fixes the following issue: - xfs_copy: don't use cached buffer reads until after libxfs_mount (bsc#1227150) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2401-1 Released: Thu Jul 11 06:36:43 2024 Summary: Security update for oniguruma Type: security Severity: moderate References: 1141157,CVE-2019-13225 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) The following package changes have been done: - containerd-ctr-1.7.17-150000.114.1 updated - containerd-1.7.17-150000.114.1 updated - krb5-1.20.1-150500.3.9.1 updated - libonig4-6.7.0-150000.3.6.1 updated - libprocps8-3.3.17-150000.7.39.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - libxml2-2-2.10.3-150500.5.17.1 updated - procps-3.3.17-150000.7.39.1 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-3.6.15-150300.10.65.2 updated - suse-build-key-12.0-150000.8.49.2 updated - xfsprogs-5.13.0-150400.3.10.2 updated From sle-container-updates at lists.suse.com Sun Jul 28 07:01:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 28 Jul 2024 09:01:36 +0200 (CEST) Subject: SUSE-IU-2024:679-1: Security update of suse-sles-15-sp5-chost-byos-v20240726-hvm-ssd-x86_64 Message-ID: <20240728070136.335D3FBA1@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20240726-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:679-1 Image Tags : suse-sles-15-sp5-chost-byos-v20240726-hvm-ssd-x86_64:20240726 Image Release : Severity : important Type : security References : 1141157 1219559 1220664 1221563 1221854 1222075 1224282 1226447 1226448 1227150 1227186 1227187 1227429 1227681 CVE-2019-13225 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 CVE-2024-4032 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20240726-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2253-1 Released: Mon Jul 1 18:33:02 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: This update for containerd fixes the following issues: - Revert the noarch change for devel subpackage Switching to noarch causes issues on SLES maintenance updates, reverting it fixes our image builds ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:27 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2302-1 Released: Thu Jul 4 16:21:10 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2325-1 Released: Mon Jul 8 15:07:46 2024 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1227150 This update for xfsprogs fixes the following issue: - xfs_copy: don't use cached buffer reads until after libxfs_mount (bsc#1227150) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2401-1 Released: Thu Jul 11 06:36:43 2024 Summary: Security update for oniguruma Type: security Severity: moderate References: 1141157,CVE-2019-13225 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) The following package changes have been done: - containerd-ctr-1.7.17-150000.114.1 updated - containerd-1.7.17-150000.114.1 updated - krb5-1.20.1-150500.3.9.1 updated - libonig4-6.7.0-150000.3.6.1 updated - libprocps8-3.3.17-150000.7.39.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - libxml2-2-2.10.3-150500.5.17.1 updated - procps-3.3.17-150000.7.39.1 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-3.6.15-150300.10.65.2 updated - suse-build-key-12.0-150000.8.49.2 updated - xfsprogs-5.13.0-150400.3.10.2 updated From sle-container-updates at lists.suse.com Sun Jul 28 07:01:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 28 Jul 2024 09:01:56 +0200 (CEST) Subject: SUSE-IU-2024:680-1: Security update of sles-15-sp5-chost-byos-v20240726-arm64 Message-ID: <20240728070156.3B060FBA1@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20240726-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:680-1 Image Tags : sles-15-sp5-chost-byos-v20240726-arm64:20240726 Image Release : Severity : important Type : security References : 1141157 1219559 1220664 1221563 1221854 1222075 1224282 1226447 1226448 1227150 1227186 1227187 1227429 1227681 CVE-2019-13225 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 CVE-2024-4032 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20240726-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2253-1 Released: Mon Jul 1 18:33:02 2024 Summary: Recommended update for containerd Type: recommended Severity: moderate References: This update for containerd fixes the following issues: - Revert the noarch change for devel subpackage Switching to noarch causes issues on SLES maintenance updates, reverting it fixes our image builds ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:27 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2302-1 Released: Thu Jul 4 16:21:10 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2325-1 Released: Mon Jul 8 15:07:46 2024 Summary: Recommended update for xfsprogs Type: recommended Severity: moderate References: 1227150 This update for xfsprogs fixes the following issue: - xfs_copy: don't use cached buffer reads until after libxfs_mount (bsc#1227150) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2401-1 Released: Thu Jul 11 06:36:43 2024 Summary: Security update for oniguruma Type: security Severity: moderate References: 1141157,CVE-2019-13225 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) The following package changes have been done: - containerd-ctr-1.7.17-150000.114.1 updated - containerd-1.7.17-150000.114.1 updated - krb5-1.20.1-150500.3.9.1 updated - libonig4-6.7.0-150000.3.6.1 updated - libprocps8-3.3.17-150000.7.39.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - libxml2-2-2.10.3-150500.5.17.1 updated - procps-3.3.17-150000.7.39.1 updated - python3-base-3.6.15-150300.10.65.1 updated - python3-3.6.15-150300.10.65.2 updated - suse-build-key-12.0-150000.8.49.2 updated - xfsprogs-5.13.0-150400.3.10.2 updated From sle-container-updates at lists.suse.com Sun Jul 28 07:04:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 28 Jul 2024 09:04:10 +0200 (CEST) Subject: SUSE-CU-2024:3256-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20240728070410.3ED27FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3256-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.2 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.2 Severity : moderate Type : recommended References : 1227681 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) The following package changes have been done: - suse-build-key-12.0-150000.8.49.2 updated From sle-container-updates at lists.suse.com Sun Jul 28 07:05:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 28 Jul 2024 09:05:20 +0200 (CEST) Subject: SUSE-CU-2024:3257-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20240728070520.10F48FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3257-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.2 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.2 Severity : moderate Type : recommended References : 1227681 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) The following package changes have been done: - suse-build-key-12.0-150000.8.49.2 updated From sle-container-updates at lists.suse.com Sun Jul 28 07:09:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 28 Jul 2024 09:09:49 +0200 (CEST) Subject: SUSE-CU-2024:3259-1: Recommended update of suse/sle15 Message-ID: <20240728070949.D841AFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3259-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.20 Container Release : 9.8.20 Severity : moderate Type : recommended References : 1227681 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) The following package changes have been done: - suse-build-key-12.0-150000.8.49.2 updated From sle-container-updates at lists.suse.com Sun Jul 28 07:10:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 28 Jul 2024 09:10:19 +0200 (CEST) Subject: SUSE-CU-2024:3261-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20240728071019.7144AFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3261-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.6.3 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.6.3 Container Release : 6.3 Severity : moderate Type : recommended References : 1227681 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) The following package changes have been done: - suse-build-key-12.0-150000.8.49.2 updated From sle-container-updates at lists.suse.com Sun Jul 28 07:10:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 28 Jul 2024 09:10:43 +0200 (CEST) Subject: SUSE-CU-2024:3263-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20240728071043.EC721FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3263-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.5.2 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.5.2 Container Release : 5.2 Severity : moderate Type : recommended References : 1227681 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) The following package changes have been done: - suse-build-key-12.0-150000.8.49.2 updated From sle-container-updates at lists.suse.com Sun Jul 28 07:20:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 28 Jul 2024 09:20:31 +0200 (CEST) Subject: SUSE-CU-2024:3271-1: Recommended update of suse/sle15 Message-ID: <20240728072031.40B7EFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3271-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.6 , suse/sle15:15.5 , suse/sle15:15.5.36.14.6 Container Release : 36.14.6 Severity : moderate Type : recommended References : 1227681 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) The following package changes have been done: - suse-build-key-12.0-150000.8.49.2 updated From sle-container-updates at lists.suse.com Sun Jul 28 07:20:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 28 Jul 2024 09:20:39 +0200 (CEST) Subject: SUSE-CU-2024:3273-1: Recommended update of suse/sle15 Message-ID: <20240728072039.A372CFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3273-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.8.2 , suse/sle15:15.6 , suse/sle15:15.6.47.8.2 Container Release : 47.8.2 Severity : moderate Type : recommended References : 1227681 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) The following package changes have been done: - suse-build-key-12.0-150000.8.49.2 updated From sle-container-updates at lists.suse.com Sun Jul 28 07:23:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 28 Jul 2024 09:23:30 +0200 (CEST) Subject: SUSE-CU-2024:3279-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20240728072330.BA93CFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3279-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.2 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.2 Severity : moderate Type : recommended References : 1227681 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) The following package changes have been done: - suse-build-key-12.0-150000.8.49.2 updated From sle-container-updates at lists.suse.com Tue Jul 30 07:05:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 30 Jul 2024 09:05:44 +0200 (CEST) Subject: SUSE-CU-2024:3282-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20240730070544.BD5CAF78C@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3282-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.1 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.1 Severity : important Type : security References : 1188441 1215918 1219559 1220664 1221563 1221854 1222075 1222086 1223430 1223766 1224044 1224282 1226447 1226448 1227186 1227187 1227396 1227429 1227681 CVE-2023-52425 CVE-2024-0397 CVE-2024-0450 CVE-2024-34397 CVE-2024-34459 CVE-2024-37370 CVE-2024-37371 CVE-2024-4032 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 33666 Released: Wed Jun 19 08:36:51 2024 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: important References: 1222086,1223430,1223766 This update for libsolv, libzypp, zypper fixes the following issues: - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2233-1 Released: Wed Jun 26 10:02:07 2024 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1215918 This update for util-linux fixes the following issue: - fix Xen virtualization type misidentification (bsc#1215918) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2247-1 Released: Sun Jun 30 15:21:38 2024 Summary: Security update for glib2 Type: security Severity: low References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: - CVE-2024-34397: Fixed signal subscription unicast spoofing vulnerability (bsc#1224044). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2267-1 Released: Tue Jul 2 10:33:36 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2303-1 Released: Thu Jul 4 16:25:35 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2310-1 Released: Mon Jul 8 09:15:35 2024 Summary: Recommended update for libssh Type: recommended Severity: moderate References: 1227396 This update for libssh fixes the following issue: - Fix regression parsing IPv6 addresses provided as hostname (bsc#1227396) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2406-1 Released: Thu Jul 11 11:27:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227429 This update for suse-build-key fixes the following issue: - Added new keys of the SLE Micro 6.0 / SLES 16 series, and auto import them (bsc#1227429) - gpg-pubkey-09d9ea69-645b99ce.asc: Main SLE Micro 6/SLES 16 key - gpg-pubkey-73f03759-626bd414.asc: Backup SLE Micro 6/SLES 16 key ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2479-1 Released: Mon Jul 15 10:33:22 2024 Summary: Security update for python3 Type: security Severity: important References: 1219559,1220664,1221563,1221854,1222075,1226447,1226448,CVE-2023-52425,CVE-2024-0397,CVE-2024-0450,CVE-2024-4032 This update for python3 fixes the following issues: - CVE-2023-52425: Fixed backport so it uses features sniffing, not just comparing version number (bsc#1219559). - CVE-2024-0450: Fixed detecting the vulnerability of 'quoted-overlap' zipbomb (bsc#1221854). - CVE-2024-4032: Rearranging definition of private v global IP. (bsc#1226448) - CVE-2024-0397: Remove a memory race condition in ssl.SSLContext certificate store methods. (bsc#1226447) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) The following package changes have been done: - krb5-1.19.2-150300.19.1 updated - libblkid1-2.36.2-150300.4.44.12 updated - libfdisk1-2.36.2-150300.4.44.12 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libglib-2_0-0-2.62.6-150200.3.18.1 updated - libgmodule-2_0-0-2.62.6-150200.3.18.1 updated - libmount1-2.36.2-150300.4.44.12 updated - libprocps8-3.3.17-150000.7.39.1 updated - libpython3_6m1_0-3.6.15-150300.10.65.1 updated - libsmartcols1-2.36.2-150300.4.44.12 updated - libsolv-tools-base-0.7.29-150200.34.1 added - libsolv-tools-0.7.29-150200.34.1 updated - libssh-config-0.9.8-150200.13.6.2 updated - libssh4-0.9.8-150200.13.6.2 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libuuid1-2.36.2-150300.4.44.12 updated - libxml2-2-2.9.7-150000.3.70.1 updated - libzypp-17.34.1-150200.106.2 updated - procps-3.3.17-150000.7.39.1 updated - python3-base-3.6.15-150300.10.65.1 updated - suse-build-key-12.0-150000.8.49.2 updated - util-linux-2.36.2-150300.4.44.12 updated - zypper-1.14.73-150200.81.6 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:36:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:36:26 +0200 (CEST) Subject: SUSE-CU-2024:3283-1: Security update of suse/ltss/sle15.3/sle15 Message-ID: <20240731113626.06BB0FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3283-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.6.5 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.6.5 Container Release : 6.5 Severity : important Type : security References : 916845 CVE-2013-4235 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2648-1 Released: Tue Jul 30 12:03:47 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). The following package changes have been done: - login_defs-4.8.1-150300.4.15.1 updated - shadow-4.8.1-150300.4.15.1 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:38:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:38:24 +0200 (CEST) Subject: SUSE-CU-2024:3284-1: Security update of suse/389-ds Message-ID: <20240731113824.9AC48FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3284-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-37.3 , suse/389-ds:latest Container Release : 37.3 Severity : important Type : security References : 1222899 1223336 1226463 1227138 916845 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.3.1 updated - shadow-4.8.1-150600.17.3.1 updated - openssl-3-3.1.4-150600.5.10.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:38:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:38:32 +0200 (CEST) Subject: SUSE-CU-2024:3287-1: Security update of suse/registry Message-ID: <20240731113832.3F00EFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3287-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-20.5 , suse/registry:latest Container Release : 20.5 Severity : important Type : security References : 1222899 1223336 1226463 1227138 916845 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.3.1 updated - openssl-3-3.1.4-150600.5.10.1 updated - shadow-4.8.1-150600.17.3.1 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:38:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:38:42 +0200 (CEST) Subject: SUSE-CU-2024:3291-1: Security update of bci/golang Message-ID: <20240731113842.4AB13FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3291-1 Container Tags : bci/golang:1.21 , bci/golang:1.21-2.35.5 , bci/golang:oldstable , bci/golang:oldstable-2.35.5 Container Release : 35.5 Severity : important Type : security References : 1222899 1223336 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:38:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:38:44 +0200 (CEST) Subject: SUSE-CU-2024:3292-1: Security update of bci/golang Message-ID: <20240731113844.9DB87FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3292-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-35.5 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-35.5 Container Release : 35.5 Severity : important Type : security References : 1222899 1223336 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - openssl-3-3.1.4-150600.5.10.1 updated - libopenssl-3-devel-3.1.4-150600.5.10.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:38:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:38:47 +0200 (CEST) Subject: SUSE-CU-2024:3293-1: Security update of bci/golang Message-ID: <20240731113847.02B52FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3293-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-35.5 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-35.5 Container Release : 35.5 Severity : important Type : security References : 1222899 1223336 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - openssl-3-3.1.4-150600.5.10.1 updated - libopenssl-3-devel-3.1.4-150600.5.10.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:38:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:38:54 +0200 (CEST) Subject: SUSE-CU-2024:3295-1: Security update of bci/bci-init Message-ID: <20240731113854.73B4BFCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3295-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.17.12 , bci/bci-init:latest Container Release : 17.12 Severity : important Type : security References : 1222899 1223336 1226463 1227138 916845 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.3.1 updated - shadow-4.8.1-150600.17.3.1 updated - systemd-254.15-150600.4.8.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:38:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:38:58 +0200 (CEST) Subject: SUSE-CU-2024:3297-1: Security update of bci/php-apache Message-ID: <20240731113858.1E835FCF7@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3297-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-31.12 , bci/php-apache:latest Container Release : 31.12 Severity : important Type : security References : 1222899 1223336 1226463 1227138 916845 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.3.1 updated - shadow-4.8.1-150600.17.3.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:38:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:38:59 +0200 (CEST) Subject: SUSE-CU-2024:3298-1: Security update of bci/php-fpm Message-ID: <20240731113859.D65CAFCF7@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3298-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-31.10 , bci/php-fpm:latest Container Release : 31.10 Severity : important Type : security References : 1222899 1223336 1226463 1227138 916845 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.3.1 updated - shadow-4.8.1-150600.17.3.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:39:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:39:01 +0200 (CEST) Subject: SUSE-CU-2024:3299-1: Security update of bci/php Message-ID: <20240731113901.99980FCF7@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3299-1 Container Tags : bci/php:8 , bci/php:8-31.10 , bci/php:latest Container Release : 31.10 Severity : important Type : security References : 1222899 1223336 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:39:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:39:06 +0200 (CEST) Subject: SUSE-CU-2024:3301-1: Security update of bci/python Message-ID: <20240731113906.5F72DFD57@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3301-1 Container Tags : bci/python:3 , bci/python:3-43.3 , bci/python:3.11 , bci/python:3.11-43.3 , bci/python:latest Container Release : 43.3 Severity : important Type : security References : 1222899 1223336 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - openssl-3-3.1.4-150600.5.10.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:39:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:39:15 +0200 (CEST) Subject: SUSE-CU-2024:3304-1: Security update of suse/rmt-mariadb-client Message-ID: <20240731113915.02531FDCB@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3304-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11-37.6 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11-37.6 , suse/rmt-mariadb-client:latest Container Release : 37.6 Severity : important Type : security References : 1222899 1223336 1226463 1227138 916845 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.3.1 updated - shadow-4.8.1-150600.17.3.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:39:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:39:18 +0200 (CEST) Subject: SUSE-CU-2024:3306-1: Security update of bci/rust Message-ID: <20240731113918.EEF76FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3306-1 Container Tags : bci/rust:1.78 , bci/rust:1.78-2.3.8 , bci/rust:oldstable , bci/rust:oldstable-2.3.8 Container Release : 3.8 Severity : important Type : security References : 1222899 1223336 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:39:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:39:20 +0200 (CEST) Subject: SUSE-CU-2024:3307-1: Security update of bci/rust Message-ID: <20240731113920.673E8FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3307-1 Container Tags : bci/rust:1.79 , bci/rust:1.79-1.4.8 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.4.8 Container Release : 4.8 Severity : important Type : security References : 1222899 1223336 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:39:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:39:28 +0200 (CEST) Subject: SUSE-CU-2024:3308-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240731113928.7B674FDCF@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3308-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.17.16 , bci/bci-sle15-kernel-module-devel:latest Container Release : 17.16 Severity : important Type : security References : 1222899 1223336 1226463 1227138 916845 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.3.1 updated - shadow-4.8.1-150600.17.3.1 updated - openssl-3-3.1.4-150600.5.10.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:39:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:39:17 +0200 (CEST) Subject: SUSE-CU-2024:3305-1: Security update of bci/ruby Message-ID: <20240731113917.4E4F8FDCB@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3305-1 Container Tags : bci/ruby:2 , bci/ruby:2-17.11 , bci/ruby:2.5 , bci/ruby:2.5-17.11 , bci/ruby:latest Container Release : 17.11 Severity : important Type : security References : 1222899 1223336 1226463 1227138 916845 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.3.1 updated - shadow-4.8.1-150600.17.3.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:39:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:39:11 +0200 (CEST) Subject: SUSE-CU-2024:3302-1: Security update of bci/python Message-ID: <20240731113911.3D2FCFD85@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3302-1 Container Tags : bci/python:3 , bci/python:3-43.3 , bci/python:3.12 , bci/python:3.12-43.3 Container Release : 43.3 Severity : important Type : security References : 1222899 1223336 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - openssl-3-3.1.4-150600.5.10.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:38:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:38:56 +0200 (CEST) Subject: SUSE-CU-2024:3296-1: Security update of suse/pcp Message-ID: <20240731113856.1F6C0FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3296-1 Container Tags : suse/pcp:5 , suse/pcp:5-36.14 , suse/pcp:5.3 , suse/pcp:5.3-36.14 , suse/pcp:5.3.7 , suse/pcp:5.3.7-36.14 , suse/pcp:latest Container Release : 36.14 Severity : important Type : security References : 1222899 1223336 1226463 1227138 916845 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libudev1-254.15-150600.4.8.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.3.1 updated - shadow-4.8.1-150600.17.3.1 updated - systemd-254.15-150600.4.8.1 updated - container:bci-bci-init-15.6-15.6-17.12 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:39:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:39:13 +0200 (CEST) Subject: SUSE-CU-2024:3303-1: Security update of bci/python Message-ID: <20240731113913.2BC00FDC8@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3303-1 Container Tags : bci/python:3 , bci/python:3-42.12 , bci/python:3.6 , bci/python:3.6-42.12 Container Release : 42.12 Severity : important Type : security References : 1222899 1223336 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - openssl-3-3.1.4-150600.5.10.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:38:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:38:48 +0200 (CEST) Subject: SUSE-CU-2024:3294-1: Security update of suse/helm Message-ID: <20240731113848.D72B1FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3294-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-18.4 , suse/helm:latest Container Release : 18.4 Severity : important Type : security References : 1222899 1223336 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - openssl-3-3.1.4-150600.5.10.1 updated From sle-container-updates at lists.suse.com Wed Jul 31 11:39:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 13:39:03 +0200 (CEST) Subject: SUSE-CU-2024:3300-1: Security update of suse/postgres Message-ID: <20240731113903.9097EFCF7@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3300-1 Container Tags : suse/postgres:16 , suse/postgres:16-36.9 , suse/postgres:16.2 , suse/postgres:16.2-36.9 , suse/postgres:latest Container Release : 36.9 Severity : important Type : security References : 1222899 1223336 1226463 1227138 916845 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.3.1 updated - shadow-4.8.1-150600.17.3.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 13:36:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 15:36:59 +0200 (CEST) Subject: SUSE-CU-2024:3310-1: Security update of suse/git Message-ID: <20240731133659.587FCFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3310-1 Container Tags : suse/git:2.43 , suse/git:2.43-18.6 , suse/git:latest Container Release : 18.6 Severity : important Type : security References : 1222899 1223336 1226463 1227138 CVE-2024-5535 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libudev1-254.15-150600.4.8.1 updated From sle-container-updates at lists.suse.com Wed Jul 31 13:37:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 15:37:01 +0200 (CEST) Subject: SUSE-CU-2024:3311-1: Security update of suse/nginx Message-ID: <20240731133701.4DAFBFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3311-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-36.10 , suse/nginx:latest Container Release : 36.10 Severity : important Type : security References : 1218640 1222899 1223336 1226463 1227138 1228322 916845 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2667-1 Released: Tue Jul 30 16:14:01 2024 Summary: Recommended update for libxkbcommon Type: recommended Severity: moderate References: 1218640,1228322 This update of libxkbcommon fixes the following issue: - ship libxkbregistry0-32bit and libxbkregistry-devel-32bit for use by Wine. (bsc#1218640 bsc#1228322) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.3.1 updated - shadow-4.8.1-150600.17.3.1 updated - libxcb1-1.13-150000.3.11.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 13:37:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 15:37:03 +0200 (CEST) Subject: SUSE-CU-2024:3312-1: Security update of bci/nodejs Message-ID: <20240731133703.7EA8EFBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3312-1 Container Tags : bci/node:20 , bci/node:20-31.11 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-31.11 , bci/nodejs:latest Container Release : 31.11 Severity : important Type : security References : 1222899 1223336 1226463 1227138 916845 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.3.1 updated - shadow-4.8.1-150600.17.3.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 13:37:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 15:37:09 +0200 (CEST) Subject: SUSE-CU-2024:3313-1: Security update of bci/openjdk-devel Message-ID: <20240731133709.2E718FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3313-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-16.14 , bci/openjdk-devel:latest Container Release : 16.14 Severity : important Type : security References : 1218640 1222899 1223336 1226463 1227138 1228322 916845 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-feature-2024:2296-1 Released: Thu Jul 4 06:29:20 2024 Summary: Feature update for jakarta-inject Type: feature Severity: moderate References: This update for jakarta-inject fixes the following issues: - New pacakge implementation at version 2.0.1 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2642-1 Released: Tue Jul 30 10:03:52 2024 Summary: Recommended update for Java Type: recommended Severity: moderate References: This update for Java fixes the following issues: maven-shared-utils was updated to version 3.4.2: - Changes in version 3.4.2: * New features and improvements: + Made Commandline.addSystemEnvironment public and deprecated + Deprecated IsEmpty/IsNotEmpty methods + Deprecated newXmlWriter + Deprecated redundant isEmptyString method + Deprecated join methods now available in Java 8 String class + FileUtils: avoid getCanonicalPath() + Added build() method and document toString() method + Optionally inherit system environment variables by Commandline + Dropped plexus container default * Bugs Fixed: + Removed trim parameter + Fixed blocking in StreamFeeder + Ignore MessageUtilsTest methods on unsupported platforms + Make copyFile succeed with source file having lastModified() = 0 + XmlWriterUtil platform independent and consistent + Poll data from input stream plexus-io was updated to version 3.2.0 to 3.4.2: - New features and improvements: * Drop legacy and make components pure JSR330 * Restore speed improvements * Plexus IO build is now reproducible * Various speed improvements * Plexus IO now requires Java 8 - Dependency updates: * Update sisu.inject to 0.9.0.M2 * Bumped guice from 5.1.0 to 6.0.0 * Bumped commons-io:commons-io from 2.11.0 to 2.15.1 * Bumped plexus-utils from 3.5.0 to 4.0.0 * Bumped org.codehaus.plexus:plexus-testing from 1.1.0 to 1.3.0 - Bugs fixed: * Fix symbolic link are being resolved into absolute path * Fix symbolic links to directories are not recognized as directories * Fix issue related to symbolic link tests issue plexus-interpolation was updated to version 1.27.0: - New features and improvements: * Added support for PPC64LE * Added dependabot and release drafter configuration * Moved to Junit5 - Dependency updates: * Bumped plexus from 7 to 16 * Bumped maven-bundle-plugin from 3.0.1 to 5.1.9 plexus-cli was updated to version 1.7: - Changes: * Bumped plexus-components from 6.5 to 10.0 * Bumped checkstyle from 9.2 to 9.2.1 * Bumped plexus-container-default from 1.0-alpha-34 to 2.1.1 * Bumped checkstyle from 9.2.1 to 9.3 * Bumped commons-cli from 1.0 to 1.5.0 * Bumped maven-checkstyle-plugin from 3.1.2 to 3.3.0 * Bumped maven-shared-resources from 4 to 5 * Bumped apache/maven-gh-actions-shared from 1 to 3 * Updated to Parent pom 15 * Bumped commons-cli:commons-cli from 1.5.0 to 1.6.0 * Reuse plexus-pom action for CI * Bumped org.codehaus.plexus:plexus from 15 to 16 * Replace plexus-container-default with Sisu Plexus * Bumped org.codehaus.plexus:plexus-testing from 1.2.0 to 1.3.0 plexus-cipher was updated to version 2.1.0: - Changes: * Switched to java.util.Base64 * Moved code to Java 8 * Fixed insecure cryptography in PBECipher.java * Enabled missed decryption test and adjust to new algorithm plexus-archiver was updated to version 4.9.2: - New features and improvements: * Allow copy all files without timestamp checking by DirectoryArchiver * Provide fluent setter for usingDefaultExcludes flag in AbstractFileSet * Various dependencies were upgraded plexus-interactivity was updated to version 1.3: - New features and improvements: + Ensure prompter does not double colon + Java 8 as mininum + Moved off plexus - Other changes: * The class previously in plexus-interactivity-jdom artifact is folded into the main plexus-interactivity-api. maven-shared-incremental: - `sisu-plexus` is now used instead of the old `plexus-component-api` - Removed unnecessary dependency on xmvn tools and parent pom ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2647-1 Released: Tue Jul 30 10:44:44 2024 Summary: Recommended update for Java Type: recommended Severity: moderate References: This update for Java fixes the following issues: antinject was updated to version 1.0.5: - Don't distribute as jakarta.inject:jakarta-inject-api artifact to prevent conflicts with the version 2.x that actually has classes in jakarta.inject namespace and thus is incompatible - Switched to sources in https://github.com/jakartaee/inject/ - Changes in version 1.0.5: * This switches the module name back to the java.inject that was used by the 1.0.3 release with automatic module. This is a multi-release jar - Changes in version 1.0.4: * This is a 1.0.4 service release with a multi-release jar that adds the module-info class to META-INF/versions/9/module-info.class using the https://github.com/moditect/moditect plugin for the javax.inject module. - Changes in version 1.0.3: * This release corrects the 1.0.2 release which was incorrectly done from the master branch with the jakarta.* packages. * It adds the Automatic-Module-Name=java.inject to the api jar manifest. - Changes in version 1.0.2: * Set Automatic-Module-Name to java.inject * Added OSGi bundle headers - Changes in version 1.0.1: * Added Automatic-Module-Name of jakarta.inject - Changes in version 1.0: * First Injection API release for Jakarta EE cdi-api: - Use the javax.inject artifact google-guice was updated to version 6.0.0: - Changes in version 6.0.0: * JEE Jakarta Transition: + Guice 6.0 adds support for jakarta.inject, the new namespace for the JSR330 spec (after the javax -> jakarta JEE transition). Guice 6.0 is intended to help users migrate their code to the jakarta namespace. It continues to fully support the javax.inject namespace while also mostly supporting the jakarta.inject namespace. The only part of Guice 6.0 that doesn't support jakarta.inject are the bind(..).toProvider methods. Those methods still require javax.inject or com.google.inject Providers. + The Guice 6.0 servlet & persist extensions only support the javax.servlet and javax.persistence namespaces respectively. + Guice 6.0 can help with incremental migrations to the jakarta.inject namespace, by incrementally replacing javax.inject references to jakarta.inject. This works everywhere, except for code where a jakarta Provider is passed to bind(..).toProvider. * Guice Core: + Adds jakarta.inject support. + Support Java 21 (via updating ASM to 9.5 and other changes). + Improve AOP support on JVMs such as Azul. + Fix a deadlock or crash associated with recursively loading just-in-time bindings. + Make PrivateModule.binder() non-private, to allow subclass customization, such as calling skipSources. + Fix an endloop loop (that can OOM) in singleton lock cycle detection. + Fix tests to pass on Windows, despite the different line separator. + Improvements to OSGi metadata. + Mark the JSR305 dependency as optional (since it's not required at runtime). + Fix Binder.requestInjection(TypeLiteral, T) to use the TypeLiteral. + Honor scoping annotations on concrete types when provisioned by their @ProvidedBy annotation + Add a way to tell if a class is 'enhanced' by Guice, and retrieve the original class. + Ensure the order of bind(...) statements does not matter when referring to JIT bindings. + Implement Matcher.and and Matcher.or as default methods directly in Matcher, so that the AbstractMatcher subclass isn't required. + Mark the error_prone_annotations dependency as optional. * Servlet: + Fix an NPE if contextPath is null * Persist: + Persist had a number of changes, some of which are backwards incompatible. Notably: injection of EntityManager no longer implicitly starts a unit of work (because this led to leaks). Users can opt-in to the legacy behavior by constructing the JpaPersistModule with a JpaPersistOptions that sets setAutoBeginWorkOnEntityManagerCreation to true. + EntityManager provisioning no longer automatically starts an unit of work. + Ignore multiple start/stop calls, rather than throwing an exception. + Support manually initiated rollbacks. + Don't wrap Object-defined methods (e.g: toString, finalize, equals, hashCode) in transactions. gradle-bootstrap: - Package rebuilt to account for the new jakarta-inject dependency gradle: - Fixed build with jakarta-inject, which was introduced as a new google-guice dependency maven-artifact-transfer, maven-doxia-sitetools, maven-doxia, maven-plugin-testing, maven-surefire: - Use plexus-metadata-generator executable directly to simplify build classpath maven-javadoc-plugin: - Removed dependency on plexus-metadata-generator, plexus-component-metadata and on their dependencies, since there is no plexus @Component annotation any more modello: - Added dependency on jakarta-inject, needed by google-guice 6.0.0 plexus-component-metadata and plexus-containers were updated to version 2.2.0: - Added dependency on plexus-xml where relevant * This will be needed for smooth upgrade to plexus-utils 4.0.0 - Changes in version 2.2.0: * Improved documentation to switch to Sisu * Cleaned up poms after parent upgrade * Improved plexus-component metadata - removed dependency to plexus-container-default * Added deprecation information to Plexus components * Require Java 8 * Dropped plexus-container-default artefact * Require Maven 3.6.3+ * Switched to Junit5 * Bumped org.eclipse.sisu.plexus from 0.3.0.M1 to 0.9.0.M2 - Changes in version 2.1.1: * Last version before deprecation * Requires Java 7 and Maven 3.2.5+ * Upgraded ASM to 9.2 * Security upgrade org.jdom:jdom2 from 2.0.6 to 2.0.6.1 plexus-utils was updated to version 4.0.0: - Changes in version 4.0.0: * Starting with version 4, XML classes (in org.codehaus.plexus.util.xml and org.codehaus.plexus.util.xml.pull) have been extracted to a separate plexus-xml: if you need them, just use this new artifact\ * Other changes: + Fixed false difference detected with CachingOutputStream/CachingWriter when streams are flushed + Dependency updates + Switched to Junit 5 plexus-xml was update to version 3.0.1: - Changes in version 3.0.1: * Bugs fixed: + Allow nulls for write elements in MXSerializer + Removed special chars from xml output * Dependency updates: + Bumped org.codehaus.plexus:plexus from 17 to 18 + Bumped release-drafter/release-drafter from 5 to 6 + Bumped parent to 17 and updates * Maintenance: + Switched to Junit 5 + Switched to shared gh actions setup from master branch sbt: - Require the new plexus-xml package to fix build sisu was updated to version 0.9.0.M3: - Provide plexus-containers-container-default for easier update - Add dependency on plexus-xml where relevant - Changes of sisu version 0.9.0.M3: * Annotated new method * Updated workflow to run on Java 21 * Build with final Java 21 on GitHub * Switched to JUnit5 * Disabled annotation processor by default * Do not silently fail in case of class scanning exceptions * Updated to ASM 9.7 * Updated CONTRIBUTING.md * Aligned Plexus ASM version * Renamed release profile * Fixed Jacoco coverage repots in Sonar * Added a method to allow LifecycleManager to free keys * Licence change: From EPL1 to EPL2 * Updated documentation for exposed core extensions, fix anchors * Trigger Sonarcloud analysis from GHA - Changes of sisu version 0.9.0.M2: * Fixed SpaceScanner to use latest ASM API version * 3.7 is not an officially supported version therefore specify3.8 instead * Provide script to help upgrade embedded copy of ASM * ASM_9_4 * Require Java 8 * Sisu specific PreConstruct/PreDestroy annotations * Updated build plugins * ASM 9.5 * Aligned to latest Maven plugins * Moved release elements from oss-parent to local project * Create a 'no_asm' jar at release time which doesn't embed ASM - Changes of sisu.inject version 9.0.M1: * Fixed CDI related issues * Build with Eclipse/Tycho 2.5.0 and Java 11 * Raise problem reporting logs to DEBUG, fixes #36 * Upgraded internal copy of ASM to 9.2 * Implemented PathTypeConverter * Added JUnit 5 annotations to InjectedTest setUp/tearDown * Fixed static parameters binding lookup * Run injection tests against multiple versions of Guice * Support using @priority on Providers * Use read lock when subscribing to publishers??? * Cache binding lookups for single bean providers * Use AtomicReferenceFieldUpdater as it works better for large numbers of instances * Enabled Java CI workflow * Enabled CodeQL analysis * Replaced potentially-expensive regex with simple tokenizer * Allow Main to boot with extra bindings * Re-enabled various resource-related unit tests * Reworked globber pattern strategy to avoid use of regex * Use GlobberStrategy.PATTERN instead of regex for ServiceBindings filtering - Changes of sisu.plexus version 0.9.0.M2: * Make build work with Java17 * Aligned to latest Maven plugins * Moved release elements from oss-parent to local project - Changes of sisu.plexus version 0.9.0.M1: * Aligned logback with sisu.inject * Build with Eclipse/Tycho 2.5.0 and Java 11 * Support configuration of collections with complex generic types * Enabled Java CI workflow * Enabled CodeQL analysis sisu-mojos: - Build sisu-mojos within sisu package, since the sources of sisu-mojos, sisu-inject and sisu-plexus were joined in the same upstream project ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2667-1 Released: Tue Jul 30 16:14:01 2024 Summary: Recommended update for libxkbcommon Type: recommended Severity: moderate References: 1218640,1228322 This update of libxkbcommon fixes the following issue: - ship libxkbregistry0-32bit and libxbkregistry-devel-32bit for use by Wine. (bsc#1218640 bsc#1228322) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.3.1 updated - shadow-4.8.1-150600.17.3.1 updated - openssl-3-3.1.4-150600.5.10.1 updated - libxcb1-1.13-150000.3.11.1 updated - atinject-1+20211017gitd06ce18-150200.3.13.1 updated - jakarta-inject-2.0.1-150200.5.3.3 added - maven-resolver-api-1.9.20-150200.3.23.2 updated - plexus-containers-component-annotations-2.2.0-150200.3.9.2 updated - plexus-interpolation-1.27.0-150200.3.7.2 updated - plexus-utils-4.0.1-150200.3.11.2 updated - plexus-xml-3.0.1-150200.5.8.2 updated - sisu-inject-0.9.0.M3-150200.3.9.2 updated - plexus-cipher-2.1.0-150200.3.7.1 updated - maven-resolver-util-1.9.20-150200.3.23.2 updated - maven-resolver-spi-1.9.20-150200.3.23.2 updated - sisu-plexus-0.9.0.M3-150200.3.9.2 updated - maven-shared-utils-3.4.2-150200.3.10.1 updated - maven-resolver-named-locks-1.9.20-150200.3.23.2 updated - google-guice-6.0.0-150200.3.10.4 updated - maven-resolver-transport-file-1.9.20-150200.3.23.2 updated - maven-resolver-connector-basic-1.9.20-150200.3.23.2 updated - maven-resolver-transport-wagon-1.9.20-150200.3.23.2 updated - maven-resolver-impl-1.9.20-150200.3.23.2 updated - maven-resolver-transport-http-1.9.20-150200.3.23.2 updated - maven-lib-3.9.8-150200.4.27.2 updated - maven-3.9.8-150200.4.27.2 updated - container:bci-openjdk-21-15.6.21-16.4 updated - apache-commons-lang3-3.12.0-150200.3.6.4 removed - cdi-api-2.0.2-150200.3.6.4 removed - jboss-interceptors-1.2-api-1.0.0-150200.3.4.4 removed From sle-container-updates at lists.suse.com Wed Jul 31 13:37:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 15:37:14 +0200 (CEST) Subject: SUSE-CU-2024:3314-1: Security update of bci/openjdk Message-ID: <20240731133714.45590FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3314-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-16.4 , bci/openjdk:latest Container Release : 16.4 Severity : important Type : security References : 1218640 1222899 1223336 1226463 1227138 1228322 CVE-2024-5535 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2667-1 Released: Tue Jul 30 16:14:01 2024 Summary: Recommended update for libxkbcommon Type: recommended Severity: moderate References: 1218640,1228322 This update of libxkbcommon fixes the following issue: - ship libxkbregistry0-32bit and libxbkregistry-devel-32bit for use by Wine. (bsc#1218640 bsc#1228322) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - openssl-3-3.1.4-150600.5.10.1 updated - libxcb1-1.13-150000.3.11.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 13:37:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 15:37:16 +0200 (CEST) Subject: SUSE-CU-2024:3315-1: Security update of suse/rmt-mariadb Message-ID: <20240731133716.B3409FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3315-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-36.7 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-36.7 , suse/rmt-mariadb:latest Container Release : 36.7 Severity : important Type : security References : 1222899 1223336 1226463 1227138 916845 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.3.1 updated - shadow-4.8.1-150600.17.3.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 13:37:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 15:37:17 +0200 (CEST) Subject: SUSE-CU-2024:3316-1: Security update of containers/apache-tomcat Message-ID: <20240731133717.E6921FBA1@maintenance.suse.de> SUSE Container Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3316-1 Container Tags : containers/apache-tomcat:10-jre21 , containers/apache-tomcat:10-jre21-37.2 , containers/apache-tomcat:10.1-jre21 , containers/apache-tomcat:10.1-jre21-37.2 , containers/apache-tomcat:10.1.25-jre21 , containers/apache-tomcat:10.1.25-jre21-37.2 Container Release : 37.2 Severity : important Type : security References : 1218640 1222899 1223336 1226463 1227138 1228322 916845 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2667-1 Released: Tue Jul 30 16:14:01 2024 Summary: Recommended update for libxkbcommon Type: recommended Severity: moderate References: 1218640,1228322 This update of libxkbcommon fixes the following issue: - ship libxkbregistry0-32bit and libxbkregistry-devel-32bit for use by Wine. (bsc#1218640 bsc#1228322) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.3.1 updated - shadow-4.8.1-150600.17.3.1 updated - openssl-3-3.1.4-150600.5.10.1 updated - libxcb1-1.13-150000.3.11.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 13:37:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 15:37:25 +0200 (CEST) Subject: SUSE-CU-2024:3308-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20240731133725.817DBFBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3308-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.17.16 , bci/bci-sle15-kernel-module-devel:latest Container Release : 17.16 Severity : important Type : security References : 1222899 1223336 1226463 1227138 916845 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.3.1 updated - shadow-4.8.1-150600.17.3.1 updated - openssl-3-3.1.4-150600.5.10.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 13:37:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 15:37:32 +0200 (CEST) Subject: SUSE-CU-2024:3317-1: Security update of suse/sle15 Message-ID: <20240731133732.AD498FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3317-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.2 , suse/sle15:15.6 , suse/sle15:15.6.47.11.2 Container Release : 47.11.2 Severity : important Type : security References : 1222899 1223336 1226463 1227138 916845 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer The following package changes have been done: - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - libopenssl3-3.1.4-150600.5.10.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libudev1-254.15-150600.4.8.1 updated - login_defs-4.8.1-150600.17.3.1 updated - openssl-3-3.1.4-150600.5.10.1 updated - shadow-4.8.1-150600.17.3.1 updated From sle-container-updates at lists.suse.com Wed Jul 31 13:37:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 15:37:34 +0200 (CEST) Subject: SUSE-CU-2024:3318-1: Security update of bci/spack Message-ID: <20240731133734.9AEB1FBA1@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3318-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-3.5 , bci/spack:0.21.2 , bci/spack:0.21.2-3.5 , bci/spack:latest Container Release : 3.5 Severity : important Type : security References : 1222899 1223336 1226463 1227138 916845 CVE-2013-4235 CVE-2024-5535 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2630-1 Released: Tue Jul 30 09:12:44 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2635-1 Released: Tue Jul 30 09:14:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1222899,1223336,1226463,1227138,CVE-2024-5535 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2641-1 Released: Tue Jul 30 09:29:36 2024 Summary: Recommended update for systemd Type: recommended Severity: moderate References: This update for systemd fixes the following issues: systemd was updated from version 254.13 to version 254.15: - Changes in version 254.15: * boot: cover for hardware keys on phones/tablets * Conditional PSI check to reflect changes done in 5.13 * core/dbus-manager: refuse SoftReboot() for user managers * core/exec-invoke: reopen OpenFile= fds with O_NOCTTY * core/exec-invoke: use sched_setattr instead of sched_setscheduler * core/unit: follow merged units before updating SourcePath= timestamp too * coredump: correctly take tmpfs size into account for compression * cryptsetup: improve TPM2 blob display * docs: Add section to HACKING.md on distribution packages * docs: fixed dead link to GNOME documentation * docs/CODING_STYLE: document that we nowadays prefer (const char*) for func ret type * Fixed typo in CAP_BPF description * LICENSES/README: expand text to summarize state for binaries and libs * man: fully adopt ~/.local/state/ * man/systemd.exec: list inaccessible files for ProtectKernelTunables * man/tmpfiles: remove outdated behavior regarding symlink ownership * meson: bpf: propagate 'sysroot' for cross compilation * meson: Define __TARGET_ARCH macros required by bpf * mkfs-util: Set sector size for btrfs as well * mkosi: drop CentOS 8 from CI * mkosi: Enable hyperscale-packages-experimental for CentOS * mountpoint-util: do not assume symlinks are not mountpoints * os-util: avoid matching on the wrong extension-release file * README: add missing CONFIG_MEMCG kernel config option for oomd * README: update requirements for signed dm-verity * resolved: allow the full TTL to be used by OPT records * resolved: correct parsing of OPT extended RCODEs * sysusers: handle NSS errors gracefully * TEST-58-REPART: reverse order of diff args * TEST-64-UDEV-STORAGE: Make nvme_subsystem expected pci symlinks more generic * test: fixed TEST-24-CRYPTSETUP on SUSE * test: install /etc/hosts * Use consistent spelling of systemd.condition_first_boot argument * util: make file_read() 64bit offset safe * vmm: make sure we can handle smbios objects without variable part - Changes in version 254.14: * analyze: show pcrs also in sha384 bank * chase: Tighten '.' and './' check * core/service: fixed accept-socket deserialization * efi-api: check /sys/class/tpm/tpm0/tpm_version_major, too * executor: check for all permission related errnos when setting up IPC namespace * install: allow removing symlinks even for units that are gone * json: use secure un{base64,hex}mem for sensitive variants * man,units: drop 'temporary' from description of systemd-tmpfiles * missing_loop.h: fixed LOOP_SET_STATUS_SETTABLE_FLAGS * repart: fixed memory leak * repart: Use CRYPT_ACTIVATE_PRIVATE * resolved: permit dnssec rrtype questions when we aren't validating * rules: Limit the number of device units generated for serial ttys * run: do not pass the pty slave fd to transient service in a machine * sd-dhcp-server: clear buffer before receive * strbuf: use GREEDY_REALLOC to grow the buffer The following package changes have been done: - libopenssl3-3.1.4-150600.5.10.1 updated - libudev1-254.15-150600.4.8.1 updated - libsystemd0-254.15-150600.4.8.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.10.1 updated - login_defs-4.8.1-150600.17.3.1 updated - shadow-4.8.1-150600.17.3.1 updated - openssl-3-3.1.4-150600.5.10.1 updated - libopenssl-3-devel-3.1.4-150600.5.10.1 updated - container:sles15-image-15.6.0-47.11.2 updated From sle-container-updates at lists.suse.com Wed Jul 31 13:37:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 15:37:59 +0200 (CEST) Subject: SUSE-CU-2024:3319-1: Security update of suse/manager/4.3/proxy-tftpd Message-ID: <20240731133759.E0FC4FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3319-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.13 , suse/manager/4.3/proxy-tftpd:4.3.13.9.47.4 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.47.4 Severity : moderate Type : security References : 1226469 CVE-2024-37891 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2662-1 Released: Tue Jul 30 15:41:34 2024 Summary: Security update for python-urllib3 Type: security Severity: moderate References: 1226469,CVE-2024-37891 This update for python-urllib3 fixes the following issues: - CVE-2024-37891: Fixed proxy-authorization request header is not stripped during cross-origin redirects (bsc#1226469) The following package changes have been done: - python3-urllib3-1.25.10-150300.4.12.1 updated From sle-container-updates at lists.suse.com Wed Jul 31 13:38:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 15:38:50 +0200 (CEST) Subject: SUSE-CU-2024:3320-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20240731133850.B26E2FBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3320-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.2 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.2 Severity : important Type : security References : 916845 CVE-2013-4235 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2648-1 Released: Tue Jul 30 12:03:47 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). The following package changes have been done: - login_defs-4.8.1-150300.4.15.1 updated - shadow-4.8.1-150300.4.15.1 updated From sle-container-updates at lists.suse.com Wed Jul 31 13:39:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 31 Jul 2024 15:39:41 +0200 (CEST) Subject: SUSE-CU-2024:3321-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20240731133941.E3FFEFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3321-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.4 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.4 Severity : important Type : security References : 916845 CVE-2013-4235 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2648-1 Released: Tue Jul 30 12:03:47 2024 Summary: Security update for shadow Type: security Severity: important References: 916845,CVE-2013-4235 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). The following package changes have been done: - login_defs-4.8.1-150300.4.15.1 updated - shadow-4.8.1-150300.4.15.1 updated From sle-container-updates at lists.suse.com Thu Jul 18 07:06:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 18 Jul 2024 07:06:57 -0000 Subject: SUSE-CU-2024:3211-1: Security update of suse/manager/5.0/x86_64/server Message-ID: <20240718070653.D9A0CFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/5.0/x86_64/server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3211-1 Container Tags : suse/manager/5.0/x86_64/server:5.0.0 , suse/manager/5.0/x86_64/server:5.0.0.5.44 , suse/manager/5.0/x86_64/server:latest Container Release : 5.44 Severity : critical Type : security References : 1187446 1188441 1192014 1195709 1197484 1204562 1205604 1208283 1209627 1211246 1216594 1216598 1216717 1217979 1218215 1218609 1218668 1218722 1218926 1219108 1219547 1220117 1221101 1221361 1221401 1221482 1221634 1221831 1222086 1222104 1222330 1222332 1222584 1222849 1223050 1223100 1223264 1223278 1223301 1223428 1223430 1223596 1223605 1223766 1223849 1223979 1223980 1224038 1224044 1224051 1224100 1224207 1224242 1224282 1224320 1224388 1224392 1224400 1224410 1224788 1224877 1225291 1225551 1225551 1225598 1225904 1225912 1225971 1225972 1226008 1226217 1226407 1226415 1226492 1226586 1226642 1227186 1227187 1227318 1227333 1227350 CVE-2021-33813 CVE-2023-25577 CVE-2023-30861 CVE-2023-3758 CVE-2023-38469 CVE-2023-38471 CVE-2023-38709 CVE-2023-51385 CVE-2024-20696 CVE-2024-20697 CVE-2024-22195 CVE-2024-24795 CVE-2024-27316 CVE-2024-28085 CVE-2024-32487 CVE-2024-34064 CVE-2024-34069 CVE-2024-34397 CVE-2024-34459 CVE-2024-35195 CVE-2024-37370 CVE-2024-37371 CVE-2024-39894 CVE-2024-4317 CVE-2024-4418 CVE-2024-4603 CVE-2024-4741 CVE-2024-4741 CVE-2024-6387 ----------------------------------------------------------------- The container suse/manager/5.0/x86_64/server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1693-1 Released: Thu Mar 30 10:16:39 2023 Summary: Security update for python-Werkzeug Type: security Severity: important References: 1208283,CVE-2023-25577 This update for python-Werkzeug fixes the following issues: - CVE-2023-25577: Fixed high resource usage when parsing multipart form data with many fields (bsc#1208283). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:2263-1 Released: Mon May 22 12:16:13 2023 Summary: Security update for python-Flask Type: security Severity: important References: 1211246,CVE-2023-30861 This update for python-Flask fixes the following issues: - CVE-2023-30861: Fixed a potential cookie confusion due to incorrect caching (bsc#1211246). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1624-1 Released: Mon May 13 16:26:07 2024 Summary: Security update for python-Werkzeug Type: security Severity: important References: 1223979,CVE-2024-34069 This update for python-Werkzeug fixes the following issues: - CVE-2024-34069: Fixed a remote code execution through debugger when interacting with attacker controlled domain (bsc#1223979). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1764-1 Released: Thu May 23 04:56:40 2024 Summary: Recommended update for jackson Type: recommended Severity: moderate References: This update for jackson fixes the following issues: jackson-annotations was upgraded to version 2.16.1: - Added new OptBoolean valued property in @JsonTypeInfo to allow per-type configuration of strict type id handling - Allow per-type configuration of strict type id handling - Added JsonTypeInfo.Value object (backport from 3.0) - Added new JsonTypeInfo.Id.SIMPLE_NAME jackson-bom was upgraded to version 2.16.1: - Added dependency for jackson-module-android-record. This new module offers support for Record type on Android platform, where Java records are supported through 'de-sugaring' jackson-core was upgraded to version 2.16.1: - NPE in Version.equals() if snapshot-info null - NPE in 'FastDoubleParser', method 'JavaBigDecimalParser.parseBigDecimal()' - JsonPointer.append(JsonPointer.tail()) includes the original pointer - Change StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION default to false in Jackson 2.16 - Improve error message for StreamReadConstraints violations - JsonFactory implementations should respect CANONICALIZE_FIELD_NAMES - Root cause for failing test for testMangledIntsBytes() in ParserErrorHandlingTest - Allow all array elements in JsonPointerBasedFilter - Indicate explicitly blocked sources as 'REDACTED' instead of 'UNKNOWN' in JsonLocation - Start using AssertJ in unit tests - Allow configuring spaces before and/or after the colon in DefaultPrettyPrinter (for Canonical JSON) - Add configurable limit for the maximum number of bytes/chars of content to parse before failing - Add configurable limit for the maximum length of Object property names to parse before failing - Add configurable processing limits for JSON generator (StreamWriteConstraints) - Compare _snapshotInfo in Version - Add JsonGeneratorDecorator to allow decorating JsonGenerators - Add full set of BufferRecyclerPool implementations - Add configurable error report behavior via ErrorReportConfiguration - Make ByteSourceJsonBootstrapper use StringReader for < 8KiB byte[] inputs - Allow pluggable buffer recycling via new RecyclerPool extension point - Change parsing error message to mention -INF jackson-databind was upgraded to version 2.16.1: - JsonSetter(contentNulls = FAIL) is ignored in delegating @JsonCreator argument - Primitive array deserializer not being captured by DeserializerModifier - JsonNode.findValues() and findParents() missing expected values in 2.16.0 - Incorrect deserialization for BigDecimal numbers - Add a way to configure caches Jackson uses - Mix-ins do not work for Enums - Map deserialization results in different numeric classes based on json ordering (BigDecimal / Double) when used in combination with @JsonSubTypes - Generic class with generic field of runtime type Double is deserialized as BigDecimal when used with @JsonTypeInfo and JsonTypeInfo.As.EXISTING_PROPERTY - Combination of @JsonUnwrapped and @JsonAnySetter results in BigDecimal instead of Double - @JsonIgnoreProperties not working with @JsonValue - Deprecated JsonNode.with(String) suggests using JsonNode.withObject(String) but it is not the same thing - Difference in the handling of ObjectId-property inJsonIdentityInfo depending on the deserialization route - Add new OptBoolean valued property in @JsonTypeInfo, handling, to allow per-polymorphic type loose Type Id handling - Fixed regression in 2.15.0 that reaks deserialization for records when mapper.setVisibility(PropertyAccessor.ALL, Visibility.NONE) - Incorrect target type when disabling coercion, trying to deserialize String from Array/Object - @JsonProperty on constructor parameter changes default field serialization order - Create new JavaType subtype IterationType (extending SimpleType) - Use JsonTypeInfo.Value for annotation handling - Add JsonNodeFeature.WRITE_PROPERTIES_SORTED for sorting ObjectNode properties on serialization (for Canonical JSON) - Optimize ObjectNode findValue(s) and findParent(s) fast paths - Locale '' is deserialised as null if ACCEPT_EMPTY_STRING_AS_NULL_OBJECT is enabled - Add guardrail setting for TypeParser handling of type parameters - Use @JsonProperty for Enum values also when READ_ENUMS USING_TO_STRING enabled - Fix Enum deserialization to use @JsonProperty, @JsonAlias even if EnumNamingStrategy used - Use @JsonProperty and lowercase feature when serializing Enums despite using toString() - Use @JsonProperty over EnumNamingStrategy for Enum serialization - Actually cache EnumValues#internalMap - ObjectMapper.valueToTree() will ignore the configuration SerializationFeature.WRAP_ROOT_VALUE - Provide the 'ObjectMapper.treeToValue(TreeNode, TypeReference)' method - Expose NativeImageUtil.isRunningInNativeImage() method - Add JsonTypeInfo.Id.SIMPLE_NAME which defaults type id to Class.getSimpleName() - Impossible to deserialize custom Throwable sub-classes that do not have single-String constructors - java.desktop module is no longer optional - ClassUtil fails with java.lang.reflect.InaccessibleObjectException trying to setAccessible on OptionalInt with JDK 17+ - Support sequenced collections (JDK 21) - Add withObjectProperty(String), withArrayProperty(String) in JsonNode - Change JsonNode.withObject(String) to work similar to withArray() wrt argument - Log WARN if deprecated subclasses of PropertyNamingStrategy is used - NPE when transforming a tree to a model class object, at ArrayNode.elements() - Deprecated ObjectReader.withType(Type) has no direct replacement; need forType(Type) - Add new DefaultTyping.NON_FINAL_AND_ENUMS to allow Default Typing for Enums - Do not rewind position when serializing direct ByteBuffer - Exception when deserialization of private record with default constructor - BeanDeserializer updates currentValue incorrectly when deserialising empty Object jackson-dataformats-binary was upgraded to version 2.16.1: - (ion) NullPointerException in IonParser.nextToken() - (smile) Remove Smile-specific buffer-recycling jackson-modules-base was upgraded to version 2.16.1: - (afterburner) Disable when running in native-image - (afterburner) IncompatibleClassChangeError when deserializing a class implementing an interface with default get/set implementations - (blackbird) BlackBird proxy object error in Java 17 - (blackbird) Disable when running in native-image - (guice) Add guice7 (jakarta.inject) module jackson-parent was upgraded to version 2.16: - Upgrade to oss-parent 56 (tons of plugin updates to resolve Maven warnings, new Moditect plugin) jackson-parent, fasterxml-oss-parent: - Added to SUSE Manager 4.3 as it is needed by `jackson-modules-base` ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1850-1 Released: Thu May 30 13:46:58 2024 Summary: Recommended update for sg3_utils Type: recommended Severity: moderate References: 1219547 This update for sg3_utils fixes the following issue: - sg_inq: re-add Unit serial number field (bsc#1219547) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1851-1 Released: Thu May 30 13:53:44 2024 Summary: Recommended update for dwz Type: recommended Severity: low References: 1221634 This update for dwz fixes the following issues: - Clean up leftover temporary file (bsc#1221634) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1852-1 Released: Thu May 30 14:02:02 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1205604,1218926,1219108,1224100 This update for wicked fixes the following issues: - client: fix ifreload to pull UP ports/links again when the config of their master/lower changed (bsc#1224100, gh#openSUSE/wicked#1014) - cleanup: fix ni_fsm_state_t enum-int-mismatch warnings - cleanup: fix overflow warnings in a socket testcase on i586 - ifcheck: report new and deleted configs as changed (bsc#1218926) - man: improve ARP configuration options in the wicked-config.5 - bond: add ports when master is UP to avoid port MTU revert (bsc#1219108) - cleanup: fix interface dependencies and shutdown order (bsc#1205604) - removed patches included in the source archive ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1863-1 Released: Thu May 30 14:18:27 2024 Summary: Security update for python-Jinja2 Type: security Severity: moderate References: 1218722,1223980,CVE-2024-22195,CVE-2024-34064 This update for python-Jinja2 fixes the following issues: - Fixed HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-34064, bsc#1223980, CVE-2024-22195, bsc#1218722) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1874-1 Released: Fri May 31 05:05:25 2024 Summary: Security update for Java Type: security Severity: important References: 1187446,1224410,CVE-2021-33813 This update for Java fixes thefollowing issues: apiguardian was updated to vesion 1.1.2: - Added LICENSE/NOTICE to the generated jar - Allow @API to be declared at the package level - Explain usage of Status.DEPRECATED - Include OSGi metadata in manifest assertj-core was implemented at version 3.25.3: - New package implementation needed by Junit5 byte-buddy was updated to version v1.14.16: - `byte-buddy` is required by `assertj-core` - Changes in version v1.14.16: * Update ASM and introduce support for Java 23. - Changes in version v1.14.15: * Allow attaching from root on J9. - Changes of v1.14.14: * Adjust type validation to accept additional names that are legal in the class file format. * Fix dynamic attach on Windows when a service user is active. * Avoid failure when using Android's strict mode. dom4j was updated to version 2.1.4: - Improvements and potentially breaking changes: * Added new factory method org.dom4j.io.SAXReader.createDefault(). It has more secure defaults than new SAXReader(), which uses system XMLReaderFactory.createXMLReader() or SAXParserFactory.newInstance().newSAXParser(). * If you use some optional dependency of dom4j (for example Jaxen, xsdlib etc.), you need to specify an explicit dependency on it in your project. They are no longer marked as a mandatory transitive dependency by dom4j. * Following SAX parser features are disabled by default in DocumentHelper.parse() for security reasons (they were enabled in previous versions): + http://xml.org/sax/properties/external-general-entities + http://xml.org/sax/properties/external-parameter-entities - Other changes: * Do not depend on jtidy, since it is not used during build * Fixed license to Plexus * JPMS: Add the Automatic-Module-Name attribute to the manifest. * Make a separate flavour for a minimal `dom4j-bootstrap` package used to build `jaxen` and full `dom4j` * Updated pull-parser version * Reuse the writeAttribute method in writeAttributes * Support build on OS with non-UTF8 as default charset * Gradle: add an automatic module name * Use Correct License Name 'Plexus' * Possible vulnerability of DocumentHelper.parseText() to XML injection * CVS directories left in the source tree * XMLWriter does not escape supplementary unicode characters correctly * writer.writeOpen(x) doesn't write namespaces * Fixed concurrency problem with QNameCache * All dependencies are optional * SAXReader: hardcoded namespace features * Validate QNames * StringIndexOutOfBoundsException in XMLWriter.writeElementContent() * TreeNode has grown some generics * QName serialization fix * DocumentException initialize with nested exception * Accidentally occurring error in a multi-threaded test * Added compatibility with W3C DOM Level 3 * Use Java generics hamcrest: - `hamcrest-core` has been replaced by `hamcrest` (no source changes) junit had the following change: - Require hamcrest >= 2.2 junit5 was updated to version 5.10.2: - Conditional execution based on OS architectures - Configurable cleanup mode for @TempDir - Configurable thread mode for @Timeout - Custom class loader support for class/method selectors, @MethodSource, @EnabledIf, and @DisabledIf - Dry-run mode for test execution - Failure threshold for @RepeatedTest - Fixed build with the latest open-test-reporting milestone - Fixed dependencies in module-info.java files - Fixed unreported exception error that is fatal with JDK 21 - Improved configurability of parallel execution - New @SelectMethod support in test @Suite classes. - New ConsoleLauncher subcommand for test discovery without execution - New convenience base classes for implementing ArgumentsProvider and ArgumentConverter - New IterationSelector - New LauncherInterceptor SPI - New NamespacedHierarchicalStore for use in third-party test engines - New TempDirFactory SPI for customizing how temporary directories are created - New testfeed details mode for ConsoleLauncher - New TestInstancePreConstructCallback extension API - Numerous bug fixes and minor improvements - Parameter injection for @MethodSource methods - Promotion of various experimental APIs to stable - Reusable parameter resolution for custom extension methods via ExecutableInvoker - Stacktrace pruning to hide internal JUnit calls - The binaries are compatible with java 1.8 - Various improvements to ConsoleLauncher - XML reports in new Open Test Reporting format jdom: - Security issues fixed: * CVE-2021-33813: Fixed an XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request (bsc#1187446) - Other changes and bugs fixed: * Fixed wrong entries in changelog (bsc#1224410) * The packages `jaxen`, `saxpath` and `xom` are now separate standalone packages instead of being part of `jdom` jaxen was implemented at version 2.0.0: - New standalone RPM package implementation, originally part of `jdom` source package - Classpaths are much smaller and less complex, and will suppress a lot of noise from static analysis tools. - The Jaxen core code is also a little smaller and has fixed a few minor bugs in XPath evaluation - Despite the major version bump, this should be a drop in replacement for almost every project. The two major possible incompatibilities are: * The minimum supported Java version is now 1.5, up from 1.4 in 1.2.0 and 1.3 in 1.1.6. * dom4j, XOM, and JDOM are now optional dependencies so if a project was depending on them to be loaded transitively it will need to add explicit dependencies to build. jopt-simple: - Included jopt-simple to Package Hub 15 SP5 (no source changes) objectweb-asm was updated to version 9.7: - New Opcodes.V23 constant for Java 23 - Bugs fixed * Fixed unit test regression in dex2jar. * Fixed 'ClassNode#outerClass' with incorrect JavaDocs. * asm-bom packaging should be 'pom'. * The Textifier prints a supplementary space at the end of each method that throws at least one exception. open-test-reporting: - Included `open-test-reporting-events` and `open-test-reporting-schema` to the channels as they are runtime dependencies of Junit5 (no source changes) saxpath was implemented at version 1.0 FCS: - New standalone RPM package implementation, originally part of `jdom` source package (openSUSE Leap 15.5 package only) xom was implemented at version 1.3.9: - New standalone RPM package implementation, originally part of `jdom` source package - The Nodes and Elements classes are iterable so you can use the enhanced for loop syntax on instances of these classes. - The copy() method is now covariant. - Adds Automatic-Moduole-Name to jar - Remove direct dependency on xml-apis:xml-apis artifact since these classes are now available in the core runtime. - Eliminate usage of com.sun classes to make XOM compatible with JDK 16. - Replace remaining usages of StringBuffer with StringBuilder to slightly improve performance. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1876-1 Released: Fri May 31 06:47:32 2024 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1221361 This update for aaa_base fixes the following issues: - Fix the typo to set JAVA_BINDIR in the csh variant of the alljava profile script (bsc#1221361) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1877-1 Released: Fri May 31 06:48:40 2024 Summary: Recommended update for fdupes Type: recommended Severity: moderate References: 1195709,1197484 This update for fdupes fixes the following issues: - Do not use sqlite, as this pulls sqlite into Ring0 at no real benefit performance wise - Update to 2.3.0: * Add --cache option to speed up file comparisons * Use nanosecond precision for file times, if available * Fix compilation issue on OpenBSD * Other changes like fixing typos, wording, etc. - update to 2.2.1: * Fix bug in code meant to skip over the current log file when --log option is given * Updates to copyright notices in source code * Add --deferconfirmation option * Check that files marked as duplicates haven't changed during program execution before deleting them * Update documentation to indicate units for SIZE in command-line options * Move some configuration settings to configure.ac file - Fixes for the new wrapper: * Order duplicates by name, to get a reproducible file set (bsc#1197484) * Remove redundant order parameter from fdupes invocation * Modernize code, significantly reduce allocations * Exit immediately when mandatory parameters are missing * Remove obsolete buildroot parameter * Add some tests for the wrapper - Do not link the files as given by fdupes, but turn them into relative links - Support multiple directories given (as glob to the macro) - Handle symlinks (-s argument) correctly - Simplify macros.fdupes to speed up the process (bsc#1195709) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1880-1 Released: Fri May 31 08:45:12 2024 Summary: Security update for python-requests Type: security Severity: moderate References: 1224788,CVE-2024-35195 This update for python-requests fixes the following issues: - CVE-2024-35195: Fixed cert verification regardless of changes to the value of `verify` (bsc#1224788). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1883-1 Released: Fri May 31 09:31:11 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: 1224877 This update for iputils fixes the following issue: - 'arping: Fix 1s delay on exit for unsolicited arpings', backport upstream fix (bsc#1224877) - Backport proposed fix for regression in upstream commit 4db1de6 (bsc#1224877) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1887-1 Released: Fri May 31 19:08:38 2024 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1192014,1216717,1217979,1223278,1224320 This update for suse-module-tools fixes the following issues: - Include unblacklist in initramfs (bsc#1224320) - regenerate-initrd-posttrans: run update-bootloader --refresh for XEN (bsc#1223278) - 60-io-scheduler.rules: test for 'scheduler' sysfs attribute (bsc#1216717) - README: Update blacklist description (gh#openSUSE/suse-module-tools#71) - macros.initrd: %regenerate_initrd_post: don't fail if mkdir is unavailable (bsc#1217979) - Don't rebuild existing initramfs images if the environment variable SKIP_REGENERATE_ALL=1 is set (bsc#1192014) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1897-1 Released: Mon Jun 3 10:45:08 2024 Summary: Recommended update for postfix Type: recommended Severity: moderate References: 1223264,1224207 This update for postfix fixes the following issues: - config.postfix needs updating (bsc#1224207) * chkconfig to systemctl * Link Cyrus lmtp only if this exsists * /usr/lib64/sasl2 does not need to exist * Fetch timezone via readlink from /etc/localtime - Set inet_interfaces to loopback-only instead of localhost as proposed in man 5 postconf (bsc#1223264) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1941-1 Released: Fri Jun 7 16:33:38 2024 Summary: Security update for sssd Type: security Severity: important References: 1223050,1223100,CVE-2023-3758 This update for sssd fixes the following issues: - CVE-2023-3758: Fixed race condition during authorization leads to GPO policies functioning inconsistently (bsc#1223100). The following non-security bugs were fixed: - Use the name from the cached entries when updating them to avoid capitalization problems (bsc#1223050). - Extend sssctl command line tool to manage the cached GPOs; (jsc#PED-7677). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1943-1 Released: Fri Jun 7 17:04:06 2024 Summary: Security update for util-linux Type: security Severity: important References: 1218609,1220117,1221831,1223605,CVE-2024-28085 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall to avoid potential account takeover. (bsc#1221831) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1950-1 Released: Fri Jun 7 17:20:14 2024 Summary: Security update for glib2 Type: security Severity: moderate References: 1224044,CVE-2024-34397 This update for glib2 fixes the following issues: Update to version 2.78.6: + Fix a regression with IBus caused by the fix for CVE-2024-34397 Changes in version 2.78.5: + Fix CVE-2024-34397: GDBus signal subscriptions for well-known names are vulnerable to unicast spoofing. (bsc#1224044) + Bugs fixed: - gvfs-udisks2-volume-monitor SIGSEGV in g_content_type_guess_for_tree() due to filename with bad encoding - gcontenttype: Make filename valid utf-8 string before processing. - gdbusconnection: Don't deliver signals if the sender doesn't match. Changes in version 2.78.4: + Bugs fixed: - Fix generated RST anchors for methods, signals and properties. - docs/reference: depend on a native gtk-doc. - gobject_gdb.py: Do not break bt on optimized build. - gregex: clean up usage of _GRegex.jit_status. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1951-1 Released: Fri Jun 7 17:27:16 2024 Summary: Recommended update for libbpf Type: recommended Severity: moderate References: 1221101 This update for libbpf fixes the following issues: - Fixed potential null pointer dereference in bpf_object__collect_prog_relos() (bsc#1221101) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1954-1 Released: Fri Jun 7 18:01:06 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1221482 This update for glibc fixes the following issues: - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1956-1 Released: Mon Jun 10 04:50:39 2024 Summary: Recommended update for google-errorprone, guava Type: recommended Severity: moderate References: This update for google-errorprone, guava fixes the following issues: guava: - guava was updated to version 33.1.0: * Changes of version 33.1.0: + Updated our Error Prone dependency to 2.26.1, which includes a JPMS-ready jar of annotations. If you use the Error Prone annotations in a modular build of your own code, you may need to add a requires line for them. + base: Added a Duration overload for Suppliers.memoizeWithExpiration. + base: Deprecated the remaining two overloads of Throwables.propagateIfPossible. They won't be deleted, but we recommend migrating off them. + cache: Fixed a bug that could cause false 'recursive load' reports during refresh. + graph: Changed the return types of transitiveClosure() and reachableNodes() to Immutable* types. reachableNodes() already returned an immutable object (even though that was not reflected in the declared return type); transitiveClosure() used to return a mutable object. The old signatures remain available, so this change does not break binary compatibility. + graph: Changed the behavior of views returned by graph accessor methods that take a graph element as input: They now throw IllegalStateException when that element is removed from the graph. + hash: Optimized Checksum-based hash functions for Java 9+. + testing: Exposed FakeTicker Duration methods to Android users. + util.concurrent: Deprecated the constructors of UncheckedExecutionException and ExecutionError that don't accept a cause. We won't remove these constructors, but we recommend migrating off them, as users of those classes often assume that instances will contain a cause. + util.concurrent: Improved the correctness of racy accesses for J2ObjC users. * Changes of version 33.0.0: + This version of guava-android contains some package-private methods whose signature includes the Java 8 Collector API. This is a test to identify any problems before we expose those methods publicly to users. Please report any problems that you encounter. + Changed various classes to catch Exception instead of RuntimeException even when only RuntimeException is theoretically possible. This can help code that throws undeclared exceptions, as some bytecode rewriters (e.g., Robolectric) and languages (e.g., Kotlin) do. + Added an Automatic-Module-Name to failureaccess, Guava's one strong runtime dependency. + reflect: In guava-android only, removed Invokable.getAnnotatedReturnType() and Parameter.getAnnotatedType(). These methods never worked in an Android VM, and to reflect that, they were born @Deprecated, @Beta, and @DoNotCall. They're now preventing us from rolling out some new Android compatibility testing. This is the only binary-incompatible change in this release, and it should have no effect in practice. Still, we bump the major version number to follow Semantic Versioning. + util.concurrent: Changed our implementations to avoid eagerly initializing loggers during class loading. This can help performance, especially under Android. * Changes of version 32.1.3: + Changed Gradle Metadata to include dependency versions directly. This may address 'Could not find some-dependency' errors that some users have reported (which might be a result of users' excluding guava-parent). + collect: Changed Multisets.unmodifiableMultiset(set) .removeIf(predicate) to throw an exception always, even if nothing matches predicate. + graph: Fixed the behavior of Graph/ValueGraph views for a node when that node is removed from the graph. + io: Fixed Files.createTempDir and FileBackedOutputStream under Windows services, a rare use case. (The fix actually covers only Java 9+ because Java 8 would require an additional approach. Let us know if you need support under Java 8.) + net: Made MediaType.parse allow and skip over whitespace around the / and = separator tokens in addition to the ; separator, for which it was already being allowed. + util.concurrent: Tweaked Futures.getChecked constructor-selection behavior: The method continues to prefer to call constructors with a String parameter, but now it breaks ties based on whether the constructor has a Throwable parameter. Beyond that, the choice of constructor remains undefined. (For this and other reasons, we discourage the use of getChecked.) * Changes of version 32.1.2: + Removed the section of our Gradle metadata that caused Gradle to report conflicts with listenablefuture. + Changed our Maven project to avoid affecting which version of Mockito our Gradle users see. + collect: Under J2CL, exposed ImmutableList and ImmutableSet methods copyOf and of for JavaScript usage. + net: Optimized InternetDomainName construction. * Changes of version 32.1.1: + Fixed our broken Gradle metadata from 32.1.0. Sorry again for the trouble. If you use Gradle, please still read the release notes from that version: You may still see errors from the new checking that the metadata enables, and the release notes discuss how to fix those errors. * Changes of version 32.1.0: + collect: Tweaked more nullness annotations. + hash: Enhanced crc32c() to use Java's hardware-accelerated implementation where available. + util.concurrent: Added Duration-based default methods to ListeningExecutorService. + Began updating Javadoc to focus less on APIs that have been superseded by additions to the JDK. We're also looking to add more documentation that directs users to JDK equivalents for our APIs. Further PRs welcome! + Fixed some problems with using Guava from a Java Agent. (But we don't test that configuration, and we don't know how well we'll be able to keep it working.) + Fixed BootstrapMethodError when using CacheBuilder from a custom system class loader. (As with the previous item, we're not sure how well we'll be able to keep this use case working.) + Suppressed a harmless unusable-by-js warning seen by users of guava-gwt. - Fix version mismatch in the ant build files. - The binaries are compatible with java 1.8 google-errorprone, google-errorprone-annotations: - google-errorprone and google-errorprone-annotations were updated to version 2.26.1: * Changes of version 2.26.1: + Fixes the module name: from 'com.google.errorprone.annotation' to 'com.google.errorprone.annotations'. Amends the OSGi build not to include 'Automatic-Module-Name' in the MANIFEST.MF for the 'annotations' project. * Changes of version 2.26.0: + The 'annotations' artifact now includes a module-info.java for Java Platform Module System support. + Disabled checks passed to -XepPatchChecks are now ignored, instead of causing a crash. + New checks: - SystemConsoleNull: Null-checking System.console() is not a reliable way to detect if the console is connected to a terminal. - EnumOrdinal: Discourage uses of Enum.ordinal() + Closed issues: - Add module-info.java - 2.19.x: Exception thrown when a disabled check is passed to -XepPatchChecks - Ignore disabled checks passed to -XepPatchChecks - feat: add jpms definition for annotations - Add the 'compile' goal for 'compile-java9' * Changes of version 2.25.0: + New checks: - JUnitIncompatibleType: Detects incompatible types passed to an assertion, similar to TruthIncompatibleType - RedundantSetterCall: Detects fields set twice in the same chained expression. Generalization of previous ProtoRedundantSet check to also handle AutoValue. + Closed issues: - Crash in UnnecessaryStringBuilder - Fix typos - Add support for specifying badEnclosingTypes for BadImport via flags - Some BugPattern docs are missing code examples - Remove incorrect statement from BugPattern index doc - Do not report NonFinalStaticField findings for fields modified in @BeforeAll methods * Changes of version 2.24.1: + Add an assertion to try to help debug * Changes of version 2.24.0: + New checks: - MultipleNullnessAnnotations: Discourage multiple nullness annotations - NullableTypeParameter: Discourage nullness annotations on type parameters - NullableWildcard: Discourage nullness annotations on wildcards - SuperCallToObjectMethod: Generalization of SuperEqualsIsObjectEquals, now covers hashCode * Changes of version 2.23.0: + New checks: DuplicateDateFormatField, NonFinalStaticField, StringCharset, StringFormatWithLiteral, SuperEqualsIsObjectEquals + Bug fixes and improvements * Changes of version 2.22.0: + New checks: - ClosingStandardOutputStreams: Prevents accidentally closing System.{out,err} with try-with-resources - TruthContainsExactlyElementsInUsage: containsExactly is preferred over containsExactlyElementsIn when creating new iterables - UnnecessaryAsync: detects unnecessary use of async primitives in local (and hence single-threaded) scopes - ReturnAtTheEndOfVoidFunction: detects unnecessary return statements at the end of void functions - MultimapKeys: Suggests using keySet() instead of iterating over Multimap.keys(), which does not collapse duplicates + Bug fixes and improvements: - Don't complain about literal IP addresses in AddressSelection - Prevent SuggestedFixes#renameMethod from modifying return type declaration - Fix UnusedVariable false positives for private record parameters - When running in conservative mode, no longer assume that implementations of Map.get, etc. return null - CanIgnoreReturnValueSuggester: Support additional exempting method annotations - UnusedVariable: exclude junit5's @RegisterExtension - Support running all available patch checks - Upgrade java-diff-utils 4.0 -> 4.12 - Flag unused Refaster template parameters - Support @SuppressWarnings('all') - Prevent Refaster UMemberSelect from matching method parameters - MissingDefault : Don't require // fall out comments on expression switches - Skip UnnecessaryLambda findings for usages in enhanced for loops - Fix bug where nested MissingBraces violations' suggested fixes result in broken code - Add support for specifying exemptPrefixes/exemptNames for UnusedVariable via flags - UnusedMethod: Added exempting variable annotations * Changes of version 2.21.1: + Handle overlapping ranges in suppressedRegions + Add AddressSelection to discourage APIs that convert a hostname to a single address * Changes of version 2.21.0: + New Checkers: - AttemptedNegativeZero: Prevents accidental use of -0, which is the same as 0. The floating-point negative zero is -0.0. - ICCProfileGetInstance: Warns on uses of ICC_Profile.getInstance(String), due to JDK-8191622. - MutableGuiceModule: Fields in Guice modules should be final. - NullableOptional: Discourages @Nullable-annotated Optionals. - OverridingMethodInconsistentArgumentNamesChecker: Arguments of overriding method are inconsistent with overridden method. + Fixed issues: - Avoid MemberName IOOBE on lambda parameters inside overriding methods - Improve LockOnNonEnclosingClassLiteral documentation - Security scan reported high CVE for com.google.guava:guava:31.1-jre - Upgrade guava to 32.0.1 - Proposal: checker to prevent other checkers from calling javac methods that changed across JDKs - Add support in ASTHelpersSuggestions for getEnclosedElements * Changes of version 2.20.0: + This release is compatible with early-access builds of JDK 21. + New Checkers: InlineTrivialConstant, UnnecessaryStringBuilder, BanClassLoader, DereferenceWithNullBranch, DoNotUseRuleChain, LockOnNonEnclosingClassLiteral, MissingRefasterAnnotation, NamedLikeContextualKeyword, NonApiType + Fixes issues: - Introduce MissingRefasterAnnotation checker - Fix minor typo in URepeated - Drop unused constant Template#AUTOBOXING_DEFAULT - Introduce command-line flag -XepAllSuggestionsAsWarnings - JDK21 compatibility - Add OSGi runtime metadata to error-prone's MANIFEST.MF files - Use EISOP Checker Framework version 3.34.0-eisop1 - NotJavadoc pattern does not allow Javadoc on module declarations - ErrorProneInjector incorrectly picks up the no-args constructor - Several high CVEs related to dependency com.google.protobuf:protobuf-java:3.19.2 - Upgrade protobuf-java to 3.19.6 * Changes of version 2.19.1: + This release fixes a binary compatibility issue when running on JDK 11 * Changes of version 2.19.0: + New Checkers: NotJavadoc, StringCaseLocaleUsage, UnnecessaryTestMethodPrefix + Fixes issues: - Exclude inner classes annotated with @Nested from ClassCanBeStatic rule - Optimize VisitorState#getSymbolFromName - ClassCanBeStatic: Exclude JUnit @Nested classes - BadImport: flag static import of newInstance methods - Support given for enforcing DirectInvocationOnMock: issue 3396 - Handle yield statement case in ASTHelpers#targetType - Should ASTHelpers.getSymbol(Tree) be annotated with @Nullable? - Fix '@' character in javadoc code snippets - Replace guava cache with caffeine - Discourage APIs locale-dependent APIs like String.to{Lower,Upper}Case - Introduce StringCaseLocaleUsage check * Changes of version 2.18.0: + New Checkers: InjectOnBugCheckers, LabelledBreakTarget, UnusedLabel, YodaCondition + Fixes issues: - @SuppressWarnings('InlineFormatString') doesn't work - Refaster: support method invocation type argument inlining - java.lang.IllegalArgumentException: Cannot edit synthetic AST nodes with specific record constructor - Rename class to match filename - Optimize VisitorState#getSymbolFromName - refactor: refactor bad smell UnusedLabel - LambdaFunctionalInterface crash with IllegalArgumentException when processing an enum constructor taking a lambda - Fix JDK 20-ea build compatibility - UngroupedOverloads: ignore generated constructors - [errorprone 2.17.0] NPE in StatementSwitchToExpressionSwitch.analyzeSwitchTree - StatementSwitchToExpressionSwitch: handle empty statement blocks - StatementSwitchToExpressionSwitch: only trigger on compatible target versions - Fix Finalize bugpattern to match protected finalize() - Make MemoizeConstantVisitorStateLookups check suppressible * Changes of version 2.17.0: + New Checkers: AvoidObjectArrays, Finalize, IgnoredPureGetter, ImpossibleNullComparison, MathAbsoluteNegative, NewFileSystem, StatementSwitchToExpressionSwitch, UnqualifiedYield + Fixed issues: - InvalidParam warning on Javadoc for Java record components - UnusedMethod flags @JsonValue methods as unused - UnusedMethod: Add more JPA lifecycle annotations or make annotations configurable - UnusedMethod: Support additional exempting method annotations - Have InvalidParam support records - Fix -XepDisableAllWarnings flag when passed on its own - ASTHelpersSuggestions does not flag call to packge() on com.sun.tools.javac.code.Symbol.ClassSymbol - @SupressWarnings on record compact constructor causes crash * Changes of version 2.16.0: + New Checkers: ASTHelpersSuggestions, CanIgnoreReturnValueSuggester, LenientFormatStringValidation, UnnecessarilyUsedValue + Fixed issues: - Avoid using non-ASCII Unicode characters outside of comments and literals - NullPointerException thrown during analysis - NPE analysing new style switch statement (2.14.0) - ImmutableChecker handles null types - Drop pre-JDK 11 logic from Refaster's Inliner class * Changes of version 2.15.0: + New Checkers: BuilderReturnThis, CanIgnoreReturnValueSuggester, CannotMockFinalClass, CannotMockFinalMethod, DirectInvocationOnMock, ExtendsObject, MockNotUsedInProduction, NoCanIgnoreReturnValueOnClasses, NullArgumentForNonNullParameter, SelfAlwaysReturnsThis, UnsafeWildcard, UnusedTypeParameter * Changes of version 2.14.0: + New checkers: BanJNDI, EmptyTopLevelDeclaration, ErroneousBitwiseExpression, FuzzyEqualsShouldNotBeUsedInEqualsMethod, Interruption, NullableOnContainingClass * Changes of version 2.13.1: + Fix a crash in UnnecessaryBoxedVariable + Include the unicode character in the diagnostic message * Changes of version 2.13.0: + Handle all annotations with the simple name Generated in -XepDisableWarningsInGeneratedCode + Reconcile BugChecker#isSuppressed with suppression handling in ErrorProneScanner + Fix a bug in enclosingPackage + Improve performance of fix application + Implicitly treat @AutoBuilder setter methods as @CanIgnoreReturnValue. + Remove some obsolete checks (PublicConstructorForAbstractClass, HashCodeToString) * Changes of version 2.12.1: + This release adds an infrastructure optimization to AppliedFix source code processing. * Changes of version 2.12.0: + New checks: BoxedPrimitiveEquality, DoubleBraceInitialization, IgnoredPureGetter, LockOnBoxedPrimitive, IncorrectMainMethod, LongDoubleConversion, RobolectricShadowDirectlyOn, StaticAssignmentOfThrowable, UnnecessaryLongToIntConversion, Varifier - Do not require maven-javadoc-plugin as it's not being used ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1962-1 Released: Mon Jun 10 13:09:11 2024 Summary: Security update for libvirt Type: security Severity: moderate References: 1222584,1223849,CVE-2024-4418 This update for libvirt fixes the following issues: - CVE-2024-4418: Fixed a stack use-after-free by ensuring temporary GSource is removed from client event loop. (bsc#1223849) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:1963-1 Released: Mon Jun 10 13:09:41 2024 Summary: Security update for apache2 Type: security Severity: important References: 1221401,1222330,1222332,CVE-2023-38709,CVE-2024-24795,CVE-2024-27316 This update for apache2 fixes the following issues: - CVE-2023-38709: Fixed HTTP response splitting (bsc#1222330). - CVE-2024-24795: Fixed HTTP response splitting in multiple modules (bsc#1222332). - CVE-2024-27316: Fixed HTTP/2 CONTINUATION frames can be utilized for DoS attacks (bsc#1221401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1994-1 Released: Tue Jun 11 15:03:55 2024 Summary: Recommended update for iputils Type: recommended Severity: moderate References: This update for iputils fixes the following issue: - After upstream merged the fix, update git commit hashes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1997-1 Released: Tue Jun 11 17:24:32 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1223596 This update for e2fsprogs fixes the following issues: - EA Inode handling fixes: - e2fsck: add more checks for ea inode consistency (bsc#1223596) - e2fsck: fix golden output of several tests (bsc#1223596) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:1998-1 Released: Tue Jun 11 22:53:43 2024 Summary: Recommended update for yast2-registration Type: recommended Severity: moderate References: 1223301 This update for yast2-registration fixes the following issue: - Ensure add_on_others in autoyast profile are added (bsc#1223301) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2024-1 Released: Thu Jun 13 16:15:18 2024 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate References: 1209627 This update for jitterentropy fixes the following issues: - Fixed a stack corruption on s390x: [bsc#1209627] * Output size of the STCKE command on s390x is 16 bytes, compared to 8 bytes of the STCK command. Fix a stack corruption in the s390x version of jent_get_nstime(). Add some more detailed information on the STCKE command. Updated to 3.4.1 * add FIPS 140 hints to man page * simplify the test tool to search for optimal configurations * fix: jent_loop_shuffle: re-add setting the time that was lost with 3.4.0 * enhancement: add ARM64 assembler code to read high-res timer ----------------------------------------------------------------- Advisory ID: 33664 Released: Thu Jun 13 21:03:11 2024 Summary: Recommended update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1222086,1223430,1223766,1224242 This update for libsolv, libzypp, zypper, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Fix the dependency for Packagekit-backend-zypp in SUMa 4.3 (bsc#1224242) - Improve updating of installed multiversion packages - Fix decision introspection going into an endless loop in some cases - Split libsolv-tools into libsolv-tools-base [jsc#PED-8153] - Improve checks against corrupt rpm - Fixed check for outdated repo metadata as non-root user (bsc#1222086) - Add ZYPP_API for exported functions and switch to visibility=hidden (jsc#PED-8153) - Dynamically resolve libproxy (jsc#PED-8153) - Fix download from gpgkey URL (bsc#1223430) - Delay zypp lock until command options are parsed (bsc#1223766) - Unify message format ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2059-1 Released: Tue Jun 18 13:11:29 2024 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1225551,CVE-2024-4741 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2060-1 Released: Tue Jun 18 13:11:47 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed OS command injection via a newline character in the file name. (bsc#1222849) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2066-1 Released: Tue Jun 18 13:16:09 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1223428,1224388,1225291,1225551,CVE-2024-4603,CVE-2024-4741 This update for openssl-3 fixes the following issues: Security issues fixed: - CVE-2024-4603: Check DSA parameters for excessive sizes before validating (bsc#1224388) - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551) Other issues fixed: - Enable livepatching support (bsc#1223428) - Fix HDKF key derivation (bsc#1225291, gh#openssl/openssl#23448, + gh#openssl/openssl#23456) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2075-1 Released: Tue Jun 18 17:52:50 2024 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1222104,1226008 This update for sudo fixes the following issues: - Revert the 'Match using canonicalized directories where possible.' feature just for SLE-15 This causes a breaking change in behavior for some customers (bsc#1222104, bsc#1226008) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2083-1 Released: Wed Jun 19 08:33:38 2024 Summary: Security update for libarchive Type: security Severity: important References: 1225971,1225972,CVE-2024-20696,CVE-2024-20697 This update for libarchive fixes the following issues: - CVE-2024-20697: Fixed Out of bounds Remote Code Execution Vulnerability (bsc#1225972). - CVE-2024-20696: Fixed heap based out-of-bounds write (bsc#1225971). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2085-1 Released: Wed Jun 19 11:36:00 2024 Summary: recommended update for python-requests Type: recommended Severity: moderate References: 1225912 This update for python-requests fixes the following issue: - Allow the usage of 'verify' parameter as a directory. (bsc#1225912) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2086-1 Released: Wed Jun 19 11:48:24 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1188441 This update for gcc13 fixes the following issues: Update to GCC 13.3 release - Removed Fiji support from the GCN offload compiler as that is requiring Code Object version 3 which is no longer supported by llvm18. - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Make requirement to lld version specific to avoid requiring the meta-package. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2104-1 Released: Thu Jun 20 10:44:39 2024 Summary: Recommended update for google-cloud SDK Type: recommended Severity: moderate References: This update for protobuf and python-grpcio fixes the following issue: - Add python311 binaries to Python Module. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2172-1 Released: Mon Jun 24 05:51:55 2024 Summary: Recommended update for iproute2 Type: recommended Severity: moderate References: 1204562 This update for iproute2 fixes the following issues: iproute2 was updated to version 6.4 (jsc#PED-6820 jsc#PED-6844, jsc#PED-8358): - Fixed display of bound but unconnected sockets (bsc#1204562) - Changes in version 6.4: * bridge: mdb: added underlay destination IP support, UDP destination port support, destination VNI support, source VNI support, outgoing interface support * macvlan: added the 'bclim' parameter - Changes in version 6.3: * New release of iproute2 corresponding to the 6.3 kernel. No large feature improvements only incremental improvements to the bridge mdb support, mostly just bug fixes. - Changes in version 6.2: * f_flower: Introduce L2TPv3 support * bridge: fdb: Add support for locked FDB entries * bridge: link: Add MAC Authentication Bypass (MAB) support * ip: Support --json on `ip neigh get` * tc: Add JSON output to tc-class - Changes in version 6.1: * man: ss.8: fix a typo * testsuite: fix build failure * genl: remove unused vars in Makefile * json: do not escape single quotes * ip-monitor: Do not error out when RTNLGRP_STATS is not available * ip-link: man: Document existence of netns argument in add command * macsec: add Extended Packet Number support * macsec: add user manual description for extended packet number feature * ip: xfrm: support 'external' (`collect_md`) mode in xfrm interfaces * ip: xfrm: support adding xfrm metadata as lwtunnel info in routes * ip: add NLM_F_ECHO support * libnetlink: add offset for nl_dump_ext_ack_done * tc/tc_monitor: print netlink extack message * rtnetlink: add new function rtnl_echo_talk() * ip: fix return value for rtnl_talk failures * iplink_bridge: Add no_linklocal_learn option support * devlink: use dl_no_arg instead of checking dl_argc == 0 * devlink: remove dl_argv_parse_put * mnlg: remove unnused mnlg_socket structure * utils: extract CTRL_ATTR_MAXATTR and save it * devlink: expose nested devlink for a line card object * devlink: load port-ifname map on demand * devlink: fix parallel flash notifications processing * devlink: move use_iec into struct dl * devlink: fix typo in variable name in ifname_map_cb() * devlink: load ifname map on demand from ifname_map_rev_lookup() as well * dcb: unblock mnl_socket_recvfrom if not message received * libnetlink: Fix memory leak in __rtnl_talk_iov() * tc_util: Fix no error return when large parent id used * tc_util: Change datatype for maj to avoid overflow issue * ss: man: add missing entries for MPTCP * ss: man: add missing entries for TIPC * ss: usage: add missing parameters * ss: re-add TIPC query support * devlink: Fix setting parent for 'rate add' * link: display 'allmulti' counter * seg6: add support for flavors in SRv6 End* behaviors * tc: ct: Fix invalid pointer dereference * uapi: update from 6.1 pre rc1 * u32: fix json formatting of flowid * tc_stab: remove dead code * uapi: update for in.h and ip.h * remove #if 0 code * tc: add json support to size table * tc: put size table options in json object * tc/basic: fix json output filter * iplink: support JSON in MPLS output * tc: print errors on stderr * ip: print mpls errors on stderr * tc: make prefix const * man: add missing tc class show * iplink_can: add missing `]' of the bitrate, dbitrate and termination arrays * ip link: add sub-command to view and change DSA conduit interface - Changes in version 6.0: * ipstats: Add param.h for musl * Update kernel headers * libbpf: add xdp program name support * iplink: bond_slave: add per port prio support * seg6: add support for SRv6 Headend Reduced Encapsulation * lib: Introduce ppp protocols * f_flower: Introduce PPPoE support - Changes in version 5.19: * ip/iplink_virt_wifi: add support for virt_wifi * Update kernel headers * libnetlink: Add filtering to rtnl_statsdump_req_filter() * ipstats: Add a 'set' command * ipstats: Add a group 'link' * libbpf: Use bpf_object__load instead of bpf_object__load_xattr * uapi: change name for zerocopy sendfile in tls * bridge: vxlan device vnifilter support * f_flower: Add num of vlans parameter - Changes in version 5.18: * The build issues with libbpf should be fixed now. * Building with clang is now supported. * There are still some warnings with gcc-12 that will need to be fixed in the upstream kernel headers. - Changes in version 5.17: * lib/fs: fix memory leak in get_task_name() * bridge: Remove vlan listing from `bridge link` * bond: add arp_missed_max option * libnetlink: fix socket leak in rtnl_open_byproto() * dcb: Fix error reporting when accessing 'dcb app' * tc_util: Fix parsing action control with space and slash * lib: fix ax25.h include for musl * uapi: add missing rose and ax25 files * rdma: Fix res_print_uint() and add res_print_u64() * tc: Add support for ce_threshold_value/mask in fq_codel - Add tmpfiles.d conf for /run/netns - Changes in version 5.16: * devlink: Fix cmd_dev_param_set() to check configuration mode * ip: add AMT support * iplink_can: fix configuration ranges in print_usage() and add unit * tc: flower: Fix buffer overflow on large labels * ip/ipnexthop: fix unsigned overflow in parse_nh_group_type_res() * tc/m_vlan: fix print_vlan() conditional on TCA_VLAN_ACT_PUSH_ETH * iplink_can: add new CAN FD bittiming parameters: Transmitter Delay Compensation (TDC) - Changes in version 5.15: * lib: bpf_legacy: fix bpffs mount when /sys/fs/bpf exists * man: devlink-port: fix the devlink port add synopsis * man: devlink-port: fix pfnum for devlink port add * iptuntap: fix multi-queue flag display * mptcp: unbreak JSON endpoint list * ipneigh: add support to print brief output of neigh cache in tabular format * ip/bond: add LACP active support * ip/tunnel: always print all known attributes * Add, show, link, remove IOAM namespaces and schemas * New IOAM6 encap type for routes * tc/skbmod: Introduce SKBMOD_F_ECN option * tc/f_flower: fix port range parsing ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2179-1 Released: Mon Jun 24 11:30:16 2024 Summary: Recommended update for sssd Type: recommended Severity: moderate References: 1226407 This update for sssd fixes the following issue: - Reenable pam_sss after upgrade, was removed by sssd-common postun (bsc#1226407) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2200-1 Released: Tue Jun 25 13:53:17 2024 Summary: Security update for avahi Type: security Severity: moderate References: 1216594,1216598,1226586,CVE-2023-38469,CVE-2023-38471 This update for avahi fixes the following issues: - CVE-2023-38471: Fixed a reachable assertion in dbus_set_host_name. (bsc#1216594) - CVE-2023-38469: Fixed a reachable assertion in avahi_dns_packet_append_record. (bsc#1216598) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2214-1 Released: Tue Jun 25 17:11:26 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1225598 This update for util-linux fixes the following issue: - Fix hang of lscpu -e (bsc#1225598) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2229-1 Released: Wed Jun 26 08:20:55 2024 Summary: Recommended update for apache2 Type: recommended Severity: important References: 1226217 This update for apache2 fixes the following issues: - Apache ignores headers sent by CGI scripts (bsc#1226217) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2234-1 Released: Wed Jun 26 12:54:27 2024 Summary: Recommended update for suse-module-tools Type: recommended Severity: moderate References: 1224400 This update for suse-module-tools fixes the following issue: - Version update, udevrules: activate CPUs on hotplug for s390, too (bsc#1224400) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2239-1 Released: Wed Jun 26 13:09:10 2024 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1226415 This update for systemd contains the following fixes: - testsuite: move a misplaced %endif - Do not remove existing configuration files in /etc. If these files were modified on the systemd, that may cause unwanted side effects (bsc#1226415). - Import upstream commit (merge of v254.13) Use the pty slave fd opened from the namespace when transient service is running in a container. This revert the backport of the broken commit until a fix is released in the v254-stable tree. - Import upstream commit (merge of v254.11) For a complete list of changes, visit: https://github.com/openSUSE/systemd/compare/e8d77af4240894da620de74fbc7823aaaa448fef...85db84ee440eac202c4b5507e96e1704269179bc ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2241-1 Released: Wed Jun 26 15:37:28 2024 Summary: Recommended update for wicked Type: recommended Severity: important References: 1218668 This update for wicked fixes the following issues: - Fix VLANs/bonds randomly not coming up after reboot or wicked restart. [bsc#1218668] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2264-1 Released: Tue Jul 2 10:14:25 2024 Summary: Recommended update for python-rpm-macros Type: recommended Severity: moderate References: This update for python-rpm-macros fixes the following issues: - Update to version 20240618.1e386da: * Fix python_clone sed regex - Update to version 20240614.02920b8: * Make sure that RPM_BUILD_ROOT env is set * don't eliminate any cmdline arguments in the shebang line * Create python313 macros - Update to version 20240415.c664b45: * Fix typo 310 -> 312 in default-prjconf - Update to version 20240202.501440e: * SPEC0: Drop python39, add python312 to buildset (#169) - Update to version 20231220.98427f3: * fix python2_compile macro - Update to version 20231207.46c2ec3: * make FLAVOR_compile compatible with python2 - Update to version 20231204.dd64e74: * Combine fix_shebang in one line * New macro FLAVOR_fix_shebang_path * Use realpath in %python_clone macro shebang replacement * Compile and fix_shebang in %python_install macros - Update to version 20231010.0a1f0d9: * Revert 'Compile and fix_shebang in %python_install macros' - Update to version 20231010.a32e110: * Compile and fix_shebang in %python_install macros - Update to version 20231005.bf2d3ab: * Fix shebang also in sbin with macro _fix_shebang - Update to version 20230609.6fe8111: * move compile loop to python * remove python38 ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2266-1 Released: Tue Jul 2 10:14:58 2024 Summary: Security update for postgresql16 Type: security Severity: moderate References: 1224038,1224051,CVE-2024-4317 This update for postgresql16 fixes the following issues: PostgreSQL upgrade to version 16.3 (bsc#1224051): - CVE-2024-4317: Fixed visibility restriction of pg_stats_ext and pg_stats_ext_exprs entries to the table owner (bsc#1224038). Bug fixes: - Fix incompatibility with LLVM 18. - Prepare for PostgreSQL 17. - Make sure all compilation and doc generation happens in %build. - Require LLVM <= 17 for now, because LLVM 18 doesn't seem to work. - Remove constraints file because improved memory usage for s390x - Use %patch -P N instead of deprecated %patchN. Release notes: - https://www.postgresql.org/docs/release/16.3/ ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2275-1 Released: Tue Jul 2 16:33:30 2024 Summary: Security update for openssh Type: security Severity: important References: 1226642,CVE-2024-6387 This update for openssh fixes the following issues: - CVE-2024-6387: Fixed race condition in a signal handler (bsc#1226642) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2282-1 Released: Tue Jul 2 22:41:28 2024 Summary: Optional update for openscap, scap-security-guide Type: optional Severity: moderate References: This update for scap-security-guide and openscap provides the SCAP tooling for SLE Micro 5.3, 5.4, 5.5. This includes shipping openscap dependencies libxmlsec1-1 and libxmlsec1-openssl for SLE Micro. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2284-1 Released: Wed Jul 3 05:27:30 2024 Summary: Recommended update for gmavenplus-plugin, istack-commons, replacer, xmvn Type: recommended Severity: moderate References: This update for gmavenplus-plugin, istack-commons, replacer, xmvn fixes the following issues: gmavenplus-plugin, istack-commons, replacer, xmvn: - Fixed build with `maven-plugin-plugin` ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2290-1 Released: Wed Jul 3 11:35:00 2024 Summary: Security update for libxml2 Type: security Severity: low References: 1224282,CVE-2024-34459 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2306-1 Released: Fri Jul 5 10:28:10 2024 Summary: Recommended update for libvirt Type: recommended Severity: moderate References: 1226492 This update for libvirt fixes the following issue: - qemu: Fix migration with custom XML (bsc#1226492) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2307-1 Released: Fri Jul 5 12:04:34 2024 Summary: Security update for krb5 Type: security Severity: important References: 1227186,1227187,CVE-2024-37370,CVE-2024-37371 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). ----------------------------------------------------------------- Advisory ID: SUSE-OU-2024:2316-1 Released: Mon Jul 8 11:18:56 2024 Summary: Optional update for NetworkManager Type: optional Severity: low References: 1227333 This optional update for NetworkManager fixes the following issue: - No-change rebuild to include NetworkManager-wwan in the SLE-Module-Desktop-Applications_15-SP6 product (bsc#1227333) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2393-1 Released: Wed Jul 10 17:33:47 2024 Summary: Security update for openssh Type: security Severity: moderate References: 1218215,1224392,1225904,1227318,1227350,CVE-2023-51385,CVE-2024-39894 This update for openssh fixes the following issues: Security fixes: - CVE-2024-39894: Fixed timing attacks against echo-off password entry (bsc#1227318). Other fixes: - Add obsoletes for openssh-server-config-rootlogin (bsc#1227350). - Add #include in some files added by the ldap patch to fix build with gcc14 (bsc#1225904). - Remove the recommendation for openssh-server-config-rootlogin from openssh-server (bsc#1224392). The following package changes have been done: - glibc-2.38-150600.14.5.1 updated - libxml2-2-2.10.3-150500.5.17.1 updated - libsmartcols1-2.39.3-150600.4.6.2 updated - libgcc_s1-13.3.0+git8781-150000.1.12.1 updated - libsolv-tools-base-0.7.29-150400.3.22.4 added - libprocps8-3.3.17-150000.7.39.1 updated - procps-3.3.17-150000.7.39.1 updated - libgobject-2_0-0-2.78.6-150600.4.3.1 updated - libglib-2_0-0-2.78.6-150600.4.3.1 updated - grafana-formula-0.10.2-150600.1.1 updated - image-sync-formula-0.1.1713446632.c61236a-150600.1.1 updated - libcom_err2-1.47.0-150600.4.3.2 updated - gio-branding-SLE-15-150600.35.2.1 updated - libblkid1-2.39.3-150600.4.6.2 updated - libprotobuf-lite25_1_0-25.1-150600.16.4.2 updated - libuuid1-2.39.3-150600.4.6.2 updated - libsystemd0-254.13-150600.4.5.1 updated - openssl-3-3.1.4-150600.5.7.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.7.1 updated - krb5-1.20.1-150600.11.3.1 updated - fdupes-2.3.0-150400.3.3.1 updated - libzypp-17.34.1-150600.3.4.6 updated - dwz-0.12-150000.3.8.1 updated - libgio-2_0-0-2.78.6-150600.4.3.1 updated - util-linux-2.39.3-150600.4.6.2 updated - libsolv-tools-0.7.29-150400.3.22.4 updated - zypper-1.14.71-150600.10.2.7 updated - iputils-20221126-150500.3.8.2 updated - libavahi-common3-0.8-150600.15.3.1 updated - aaa_base-84.87+git20180409.04c9dae-150300.10.20.1 updated - libmount1-2.39.3-150600.4.6.2 updated - libfdisk1-2.39.3-150600.4.6.2 updated - systemd-254.13-150600.4.5.1 updated - libopenssl3-3.1.4-150600.5.7.1 updated - libstdc++6-13.3.0+git8781-150000.1.12.1 updated - libudev1-254.13-150600.4.5.1 updated - libarchive13-3.7.2-150600.3.3.1 updated - libatomic1-13.3.0+git8781-150000.1.12.1 updated - libgmodule-2_0-0-2.78.6-150600.4.3.1 updated - glib2-tools-2.78.6-150600.4.3.1 updated - glibc-locale-base-2.38-150600.14.5.1 updated - libbpf1-1.2.2-150600.3.3.1 added - libgomp1-13.3.0+git8781-150000.1.12.1 updated - libipa_hbac0-2.9.3-150600.3.6.2 updated - libitm1-13.3.0+git8781-150000.1.12.1 updated - libjitterentropy3-3.4.1-150000.1.12.1 updated - liblsan0-13.3.0+git8781-150000.1.12.1 updated - libpq5-16.2-150600.16.2.1 updated - libquadmath0-13.3.0+git8781-150000.1.12.1 updated - libsgutils2-1_48-2-1.48+11.56e7b2f-150600.3.3.11 updated - libsss_idmap0-2.9.3-150600.3.6.2 updated - libsss_nss_idmap0-2.9.3-150600.3.6.2 updated - libxml2-tools-2.10.3-150500.5.17.1 updated - openssh-common-9.6p1-150600.6.6.1 updated - python-rpm-macros-20240618.1e386da-150400.3.13.1 updated - release-notes-susemanager-5.0.0-150600.19.1 updated - ruby-solv-0.7.29-150400.3.22.4 updated - sitemesh-2.1-0.150600.8.70 updated - sudo-1.9.15p5-150600.3.3.2 updated - susemanager-schema-utility-5.0.10-150600.1.1 updated - util-linux-systemd-2.39.3-150600.4.6.2 updated - uyuni-config-modules-5.0.9-150600.1.1 updated - woodstox-4.4.2-150600.1.104 updated - libyui16-4.5.3-150500.3.7.8 updated - libyui-ncurses16-4.5.3-150500.3.7.8 updated - glibc-locale-2.38-150600.14.5.1 updated - libavahi-client3-0.8-150600.15.3.1 updated - libopenssl1_1-1.1.1w-150600.5.3.1 updated - postgresql16-16.2-150600.16.2.1 updated - sg3_utils-1.48+11.56e7b2f-150600.3.3.11 updated - libsss_certmap0-2.9.3-150600.3.6.2 updated - iproute2-6.4-150600.7.3.1 updated - glibc-devel-2.38-150600.14.5.1 updated - openssh-fips-9.6p1-150600.6.6.1 updated - susemanager-docs_en-5.0-150600.9.1 updated - spacewalk-java-lib-5.0.11-150600.1.5 updated - uyuni-reportdb-schema-5.0.6-150600.1.4 updated - suse-module-tools-15.6.10-150600.3.6.2 updated - less-643-150600.3.3.1 updated - libyui-ncurses-pkg16-4.5.3-150500.3.7.9 updated - apache2-prefork-2.4.58-150600.5.6.1 updated - openssh-server-9.6p1-150600.6.6.1 updated - openssh-clients-9.6p1-150600.6.6.1 updated - wicked-0.6.75-150600.11.6.1 updated - wicked-service-0.6.75-150600.11.6.1 updated - postgresql16-server-16.2-150600.16.2.1 updated - postfix-3.8.4-150600.3.3.1 updated - susemanager-docs_en-pdf-5.0-150600.9.1 updated - susemanager-schema-5.0.10-150600.1.1 updated - susemanager-sync-data-5.0.5-150600.1.1 updated - udev-254.13-150600.4.5.1 updated - yast2-pkg-bindings-4.6.5-150600.3.2.8 updated - apache2-2.4.58-150600.5.6.1 updated - openssh-9.6p1-150600.6.6.1 updated - grub2-2.12-150600.6.13 updated - grub2-i386-pc-2.12-150600.6.13 updated - python3-uyuni-common-libs-5.0.4-150600.1.42.1 updated - python3-susemanager-retail-1.0.1658330139.861779d-150600.1.2 updated - python3-solv-0.7.29-150400.3.22.4 updated - python3-schema-0.6.7-150600.1.2 updated - python3-looseversion-1.0.2-150600.3.6.2 updated - python3-itsdangerous-1.1.0-1.6 added - python3-click-7.0-1.27 added - python3-Werkzeug-1.0.1-150300.3.8.1 added - prometheus-exporters-formula-1.4.1-150600.1.1 updated - libvirt-libs-10.0.0-150600.8.6.2 updated - postgresql16-contrib-16.2-150600.16.2.1 updated - sssd-ldap-2.9.3-150600.3.6.2 updated - sssd-2.9.3-150600.3.6.2 updated - sssd-krb5-common-2.9.3-150600.3.6.2 updated - libnm0-1.44.2-150600.3.2.1 updated - susemanager-build-keys-15.5.1-150600.3.1 updated - grub2-x86_64-efi-2.12-150600.6.13 updated - susemanager-retail-tools-1.0.1658330139.861779d-150600.1.2 updated - virtual-host-gatherer-1.0.27-150600.7.7.2 updated - python3-libxml2-2.10.3-150500.5.17.1 updated - inter-server-sync-0.3.4-150600.1.3 updated - spacewalk-backend-sql-postgresql-5.0.8-150600.3.44.7 updated - sssd-krb5-2.9.3-150600.3.6.2 updated - sssd-dbus-2.9.3-150600.3.6.2 updated - python3-sssd-config-2.9.3-150600.3.6.2 updated - sssd-ad-2.9.3-150600.3.6.2 updated - typelib-1_0-NM-1_0-1.44.2-150600.3.2.1 updated - jdom-1.1.3-150200.12.8.2 updated - jackson-core-2.16.1-150200.3.14.7 updated - jackson-annotations-2.16.1-150200.3.14.4 updated - dom4j-2.1.4-150200.12.10.2 updated - spacewalk-base-minimal-5.0.9-150600.1.9 updated - susemanager-build-keys-web-15.5.1-150600.3.1 updated - spacecmd-5.0.8-150600.3.118.1 updated - python3-Jinja2-2.10.1-150000.3.13.1 updated - virtual-host-gatherer-Nutanix-1.0.27-150600.7.7.2 updated - virtual-host-gatherer-Libvirt-1.0.27-150600.7.7.2 updated - sssd-tools-2.9.3-150600.3.6.2 updated - sssd-ipa-2.9.3-150600.3.6.2 updated - guava-33.1.0-150200.3.10.1 updated - jackson-databind-2.16.1-150200.3.18.1 updated - istack-commons-runtime-3.0.7-150200.5.8.1 updated - tomcat-taglibs-standard-1_2_5-1.2.5-150600.1.101 updated - quartz-2.3.0-150600.1.104 updated - protobuf-java-25.1-150600.16.4.2 updated - prometheus-client-java-0.3.0-150600.1.100 updated - objectweb-asm-9.7-150200.3.15.2 updated - mvel2-2.2.6.Final-150600.1.102 updated - lucene-2.4.1-150600.1.104 updated - kie-soup-7.17.0.Final-150600.1.95 updated - kie-api-7.17.0-150600.1.94 updated - jpa-api-2.2.2-150600.1.9 updated - ical4j-3.0.18-150600.1.90 updated - hibernate-commons-annotations-5.0.4-150600.1.103 updated - ehcache-2.10.1-150600.1.105 updated - drools-7.17.0-150600.1.91 updated - spacewalk-base-minimal-config-5.0.9-150600.1.9 updated - python3-Flask-1.0.4-150400.7.64 added - pgjdbc-ng-0.8.7-150600.1.99 updated - jackson-module-jaxb-annotations-2.16.1-150200.5.11.1 updated - byte-buddy-dep-1.11.12-150600.1.9 updated - optaplanner-7.17.0-150600.1.92 updated - hibernate-types-2.16.2-150600.1.5 updated - byte-buddy-1.11.12-150600.1.9 updated - xmlsec-2.0.7-150600.1.96 updated - statistics-1.0.2-150600.1.99 updated - spark-core-2.9.3-150600.1.135 updated - python3-rhnlib-5.0.3-150600.3.45.1 updated - subscription-matcher-0.38-150600.1.1 updated - jakarta-commons-validator-1.1.4-21.150600.19.115 updated - python3-requests-2.25.1-150300.3.12.2 updated - spacewalk-backend-5.0.8-150600.3.44.7 updated - python3-spacewalk-client-tools-5.0.6-150600.3.90.8 updated - spacewalk-client-tools-5.0.6-150600.3.90.8 updated - spacewalk-base-5.0.9-150600.1.9 updated - hibernate5-core-5.3.25-150600.1.88 updated - struts-1.2.9-162.150600.33.5 updated - spacewalk-backend-sql-5.0.8-150600.3.44.7 updated - python3-spacewalk-certs-tools-5.0.6-150600.1.1 updated - spacewalk-certs-tools-5.0.6-150600.1.1 updated - spacewalk-admin-5.0.7-150600.1.1 updated - hibernate5-ehcache-5.3.25-150600.1.88 updated - hibernate5-c3p0-5.3.25-150600.1.88 updated - spacewalk-java-postgresql-5.0.11-150600.1.5 updated - virtual-host-gatherer-VMware-1.0.27-150600.7.7.2 updated - virtual-host-gatherer-libcloud-1.0.27-150600.7.7.2 updated - cobbler-3.3.3-150600.3.3 updated - spacewalk-backend-server-5.0.8-150600.3.44.7 updated - susemanager-sls-5.0.9-150600.1.1 updated - spacewalk-html-5.0.9-150600.1.9 updated - yast2-registration-4.6.2-150600.3.3.2 updated - spacewalk-java-config-5.0.11-150600.1.5 updated - spacewalk-backend-xmlrpc-5.0.8-150600.3.44.7 updated - spacewalk-backend-xml-export-libs-5.0.8-150600.3.44.7 updated - spacewalk-backend-package-push-server-5.0.8-150600.3.44.7 updated - spacewalk-backend-iss-5.0.8-150600.3.44.7 updated - spacewalk-backend-app-5.0.8-150600.3.44.7 updated - spacewalk-taskomatic-5.0.11-150600.1.5 updated - spacewalk-java-5.0.11-150600.1.5 updated - spacewalk-backend-iss-export-5.0.8-150600.3.44.7 updated - billing-data-service-5.0.3-150600.1.1 added - spacewalk-common-5.0.3-150600.1.1 updated - susemanager-tools-5.0.8-150600.1.1 updated - spacewalk-backend-tools-5.0.8-150600.3.44.7 updated - spacewalk-setup-5.0.5-150600.1.1 updated - spacewalk-utils-5.0.4-150600.1.1 updated - spacewalk-postgresql-5.0.3-150600.1.1 updated - spacewalk-utils-extras-5.0.4-150600.1.1 updated - susemanager-5.0.8-150600.1.1 updated - container:suse-manager-5.0-init-5.0.0-5.0.0-5.19 added - bea-stax-1.2.0-9.63 removed - bea-stax-api-1.2.0-9.63 removed - container:suse-manager-5.0-init-5.0.0-rc-5.0.0-rc-4.59 removed - geronimo-stax-1_0-api-1.2-150200.15.8.1 removed - golang-github-lusitaniae-apache_exporter-1.0.0-150000.1.20.1 removed - isorelax-0.1-150200.11.4.4 removed - jaxen-1.1.6-150200.12.4.4 removed - libduktape206-2.6.0-150500.4.5.1 removed - libproxy1-0.5.3-150600.2.2 removed - libpxbackend-1_0-0.5.3-150600.2.1 removed - spacewalk-backend-applet-5.0.6-150600.3.42.13 removed - ws-jaxme-0.5.2-150200.12.4.3 removed - xom-1.2b1-150200.12.4.4 removed - xpp2-2.1.10-150200.11.4.3 removed From sle-container-updates at lists.suse.com Sun Jul 28 07:20:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 28 Jul 2024 07:20:34 -0000 Subject: SUSE-CU-2024:3272-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20240728072033.A43EFFBA1@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:3272-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.8 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.8 Severity : important Type : security References : 1186716 1195775 1204562 1209834 1217481 1217912 1218442 1219224 1219458 1219478 1219596 1219633 1219847 1219953 1221086 1221777 1221958 1222011 1222015 1222080 1222241 1222319 1222380 1222588 1222617 1222619 1222809 1222810 1223018 1223265 1224049 1224187 1224439 1224497 1224498 1224515 1224520 1224523 1224539 1224540 1224549 1224572 1224575 1224583 1224584 1224606 1224612 1224614 1224619 1224655 1224659 1224661 1224662 1224670 1224673 1224698 1224735 1224751 1224759 1224928 1224930 1224932 1224933 1224935 1224937 1224939 1224941 1224944 1224946 1224947 1224949 1224951 1224988 1224992 1224998 1225000 1225001 1225004 1225006 1225008 1225009 1225014 1225015 1225022 1225025 1225028 1225029 1225031 1225036 1225041 1225044 1225049 1225050 1225076 1225077 1225078 1225081 1225085 1225086 1225090 1225092 1225096 1225097 1225098 1225101 1225103 1225104 1225105 1225106 1225108 1225120 1225132 1225180 1225300 1225391 1225472 1225475 1225476 1225477 1225478 1225485 1225490 1225527 1225529 1225530 1225532 1225534 1225548 1225550 1225553 1225554 1225555 1225556 1225557 1225559 1225560 1225564 1225565 1225566 1225568 1225569 1225570 1225571 1225572 1225573 1225577 1225581 1225583 1225584 1225585 1225586 1225587 1225588 1225589 1225590 1225591 1225592 1225594 1225595 1225599 1225600 1225601 1225602 1225605 1225609 1225611 1225681 1225702 1225723 1225726 1225731 1225732 1225737 1225741 1225758 1225759 1225760 1225761 1225762 1225763 1225767 1225770 1225815 1225820 1225823 1225827 1225834 1225866 1225872 1225898 1225903 1226022 1226131 1226145 1226149 1226155 1226158 1226163 1226211 1226212 1226226 1226457 1226503 1226513 1226514 1226520 1226582 1226587 1226588 1226592 1226593 1226594 1226595 1226597 1226607 1226608 1226610 1226612 1226613 1226630 1226632 1226633 1226634 1226637 1226657 1226658 1226734 1226735 1226737 1226738 1226739 1226740 1226741 1226742 1226744 1226746 1226747 1226749 1226754 1226758 1226760 1226761 1226764 1226767 1226768 1226769 1226771 1226772 1226774 1226775 1226776 1226777 1226780 1226781 1226786 1226788 1226789 1226790 1226791 1226796 1226799 1226837 1226839 1226840 1226841 1226842 1226844 1226848 1226852 1226856 1226857 1226859 1226861 1226863 1226864 1226867 1226868 1226875 1226876 1226878 1226879 1226886 1226890 1226891 1226894 1226895 1226905 1226908 1226909 1226911 1226928 1226934 1226938 1226939 1226941 1226948 1226949 1226950 1226962 1226976 1226989 1226990 1226992 1226994 1226995 1226996 1227066 1227072 1227085 1227089 1227090 1227096 1227101 1227190 1227456 1227681 CVE-2021-47432 CVE-2022-48772 CVE-2023-38417 CVE-2023-47210 CVE-2023-52622 CVE-2023-52656 CVE-2023-52672 CVE-2023-52699 CVE-2023-52735 CVE-2023-52749 CVE-2023-52750 CVE-2023-52753 CVE-2023-52754 CVE-2023-52757 CVE-2023-52759 CVE-2023-52762 CVE-2023-52763 CVE-2023-52764 CVE-2023-52765 CVE-2023-52766 CVE-2023-52767 CVE-2023-52768 CVE-2023-52769 CVE-2023-52773 CVE-2023-52774 CVE-2023-52776 CVE-2023-52777 CVE-2023-52780 CVE-2023-52781 CVE-2023-52782 CVE-2023-52783 CVE-2023-52784 CVE-2023-52786 CVE-2023-52787 CVE-2023-52788 CVE-2023-52789 CVE-2023-52791 CVE-2023-52792 CVE-2023-52794 CVE-2023-52795 CVE-2023-52796 CVE-2023-52798 CVE-2023-52799 CVE-2023-52800 CVE-2023-52801 CVE-2023-52803 CVE-2023-52804 CVE-2023-52805 CVE-2023-52806 CVE-2023-52807 CVE-2023-52808 CVE-2023-52809 CVE-2023-52810 CVE-2023-52811 CVE-2023-52812 CVE-2023-52813 CVE-2023-52814 CVE-2023-52815 CVE-2023-52816 CVE-2023-52817 CVE-2023-52818 CVE-2023-52819 CVE-2023-52821 CVE-2023-52825 CVE-2023-52826 CVE-2023-52827 CVE-2023-52829 CVE-2023-52832 CVE-2023-52833 CVE-2023-52834 CVE-2023-52835 CVE-2023-52836 CVE-2023-52837 CVE-2023-52838 CVE-2023-52840 CVE-2023-52841 CVE-2023-52842 CVE-2023-52843 CVE-2023-52844 CVE-2023-52845 CVE-2023-52846 CVE-2023-52847 CVE-2023-52849 CVE-2023-52850 CVE-2023-52851 CVE-2023-52853 CVE-2023-52854 CVE-2023-52855 CVE-2023-52856 CVE-2023-52857 CVE-2023-52858 CVE-2023-52861 CVE-2023-52862 CVE-2023-52863 CVE-2023-52864 CVE-2023-52865 CVE-2023-52866 CVE-2023-52867 CVE-2023-52868 CVE-2023-52869 CVE-2023-52870 CVE-2023-52871 CVE-2023-52872 CVE-2023-52873 CVE-2023-52874 CVE-2023-52875 CVE-2023-52876 CVE-2023-52877 CVE-2023-52878 CVE-2023-52879 CVE-2023-52880 CVE-2023-52881 CVE-2023-52883 CVE-2023-52884 CVE-2024-26482 CVE-2024-26625 CVE-2024-26676 CVE-2024-26750 CVE-2024-26758 CVE-2024-26767 CVE-2024-26780 CVE-2024-26813 CVE-2024-26814 CVE-2024-26845 CVE-2024-26889 CVE-2024-26920 CVE-2024-27414 CVE-2024-27419 CVE-2024-33619 CVE-2024-34777 CVE-2024-35247 CVE-2024-35807 CVE-2024-35827 CVE-2024-35831 CVE-2024-35843 CVE-2024-35848 CVE-2024-35857 CVE-2024-35880 CVE-2024-35884 CVE-2024-35886 CVE-2024-35892 CVE-2024-35896 CVE-2024-35898 CVE-2024-35900 CVE-2024-35925 CVE-2024-35926 CVE-2024-35957 CVE-2024-35962 CVE-2024-35970 CVE-2024-35976 CVE-2024-35979 CVE-2024-35998 CVE-2024-36005 CVE-2024-36008 CVE-2024-36010 CVE-2024-36017 CVE-2024-36024 CVE-2024-36281 CVE-2024-36477 CVE-2024-36478 CVE-2024-36479 CVE-2024-36882 CVE-2024-36887 CVE-2024-36899 CVE-2024-36900 CVE-2024-36903 CVE-2024-36904 CVE-2024-36915 CVE-2024-36916 CVE-2024-36917 CVE-2024-36919 CVE-2024-36923 CVE-2024-36924 CVE-2024-36926 CVE-2024-36934 CVE-2024-36935 CVE-2024-36937 CVE-2024-36938 CVE-2024-36945 CVE-2024-36952 CVE-2024-36957 CVE-2024-36960 CVE-2024-36962 CVE-2024-36964 CVE-2024-36965 CVE-2024-36967 CVE-2024-36969 CVE-2024-36971 CVE-2024-36972 CVE-2024-36973 CVE-2024-36975 CVE-2024-36977 CVE-2024-36978 CVE-2024-37021 CVE-2024-37078 CVE-2024-37353 CVE-2024-37354 CVE-2024-38381 CVE-2024-38384 CVE-2024-38385 CVE-2024-38388 CVE-2024-38390 CVE-2024-38391 CVE-2024-38539 CVE-2024-38540 CVE-2024-38541 CVE-2024-38543 CVE-2024-38544 CVE-2024-38545 CVE-2024-38546 CVE-2024-38547 CVE-2024-38548 CVE-2024-38549 CVE-2024-38550 CVE-2024-38551 CVE-2024-38552 CVE-2024-38553 CVE-2024-38554 CVE-2024-38555 CVE-2024-38556 CVE-2024-38557 CVE-2024-38559 CVE-2024-38560 CVE-2024-38562 CVE-2024-38564 CVE-2024-38565 CVE-2024-38566 CVE-2024-38567 CVE-2024-38568 CVE-2024-38569 CVE-2024-38570 CVE-2024-38571 CVE-2024-38572 CVE-2024-38573 CVE-2024-38575 CVE-2024-38578 CVE-2024-38579 CVE-2024-38580 CVE-2024-38581 CVE-2024-38582 CVE-2024-38583 CVE-2024-38587 CVE-2024-38588 CVE-2024-38590 CVE-2024-38591 CVE-2024-38592 CVE-2024-38594 CVE-2024-38595 CVE-2024-38597 CVE-2024-38599 CVE-2024-38600 CVE-2024-38601 CVE-2024-38602 CVE-2024-38603 CVE-2024-38605 CVE-2024-38608 CVE-2024-38610 CVE-2024-38611 CVE-2024-38615 CVE-2024-38616 CVE-2024-38617 CVE-2024-38618 CVE-2024-38619 CVE-2024-38621 CVE-2024-38622 CVE-2024-38627 CVE-2024-38628 CVE-2024-38629 CVE-2024-38630 CVE-2024-38633 CVE-2024-38634 CVE-2024-38635 CVE-2024-38636 CVE-2024-38661 CVE-2024-38663 CVE-2024-38664 CVE-2024-38780 CVE-2024-39277 CVE-2024-39291 CVE-2024-39296 CVE-2024-39301 CVE-2024-39362 CVE-2024-39371 CVE-2024-39463 CVE-2024-39466 CVE-2024-39469 CVE-2024-39471 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2571-1 Released: Mon Jul 22 12:34:16 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1186716,1195775,1204562,1209834,1217481,1217912,1218442,1219224,1219478,1219596,1219633,1219847,1219953,1221086,1221777,1221958,1222011,1222015,1222080,1222241,1222380,1222588,1222617,1222619,1222809,1222810,1223018,1223265,1224049,1224187,1224439,1224497,1224498,1224515,1224520,1224523,1224539,1224540,1224549,1224572,1224575,1224583,1224584,1224606,1224612,1224614,1224619,1224655,1224659,1224661,1224662,1224670,1224673,1224698,1224735,1224751,1224759,1224928,1224930,1224932,1224933,1224935,1224937,1224939,1224941,1224944,1224946,1224947,1224949,1224951,1224988,1224992,1224998,1225000,1225001,1225004,1225006,1225008,1225009,1225014,1225015,1225022,1225025,1225028,1225029,1225031,1225036,1225041,1225044,1225049,1225050,1225076,1225077,1225078,1225081,1225085,1225086,1225090,1225092,1225096,1225097,1225098,1225101,1225103,1225104,1225105,1225106,1225108,1225120,1225132,1225180,1225300,1225391,1225472,1225475,1225476,1225477,1225478,1225485,1225490,1225527,1225529,1225530,1 225532,1225534,1225548,1225550,1225553,1225554,1225555,1225556,1225557,1225559,1225560,1225564,1225565,1225566,1225568,1225569,1225570,1225571,1225572,1225573,1225577,1225581,1225583,1225584,1225585,1225586,1225587,1225588,1225589,1225590,1225591,1225592,1225594,1225595,1225599,1225602,1225605,1225609,1225611,1225681,1225702,1225723,1225726,1225731,1225732,1225737,1225741,1225758,1225759,1225760,1225761,1225762,1225763,1225767,1225770,1225815,1225820,1225823,1225827,1225834,1225866,1225872,1225898,1225903,1226022,1226131,1226145,1226149,1226155,1226158,1226163,1226211,1226212,1226226,1226457,1226503,1226513,1226514,1226520,1226582,1226587,1226588,1226592,1226593,1226594,1226595,1226597,1226607,1226608,1226610,1226612,1226613,1226630,1226632,1226633,1226634,1226637,1226657,1226658,1226734,1226735,1226737,1226738,1226739,1226740,1226741,1226742,1226744,1226746,1226747,1226749,1226754,1226758,1226760,1226761,1226764,1226767,1226768,1226769,1226771,1226772,1226774,1226775,1226776,122677 7,1226780,1226781,1226786,1226788,1226789,1226790,1226791,1226796,1226799,1226837,1226839,1226840,1226841,1226842,1226844,1226848,1226852,1226856,1226857,1226859,1226861,1226863,1226864,1226867,1226868,1226875,1226876,1226878,1226879,1226886,1226890,1226891,1226894,1226895,1226905,1226908,1226909,1226911,1226928,1226934,1226938,1226939,1226941,1226948,1226949,1226950,1226962,1226976,1226989,1226990,1226992,1226994,1226995,1226996,1227066,1227072,1227085,1227089,1227090,1227096,1227101,1227190,CVE-2021-47432,CVE-2022-48772,CVE-2023-52622,CVE-2023-52656,CVE-2023-52672,CVE-2023-52699,CVE-2023-52735,CVE-2023-52749,CVE-2023-52750,CVE-2023-52753,CVE-2023-52754,CVE-2023-52757,CVE-2023-52759,CVE-2023-52762,CVE-2023-52763,CVE-2023-52764,CVE-2023-52765,CVE-2023-52766,CVE-2023-52767,CVE-2023-52768,CVE-2023-52769,CVE-2023-52773,CVE-2023-52774,CVE-2023-52776,CVE-2023-52777,CVE-2023-52780,CVE-2023-52781,CVE-2023-52782,CVE-2023-52783,CVE-2023-52784,CVE-2023-52786,CVE-2023-52787,CVE-2023-52788,CVE- 2023-52789,CVE-2023-52791,CVE-2023-52792,CVE-2023-52794,CVE-2023-52795,CVE-2023-52796,CVE-2023-52798,CVE-2023-52799,CVE-2023-52800,CVE-2023-52801,CVE-2023-52803,CVE-2023-52804,CVE-2023-52805,CVE-2023-52806,CVE-2023-52807,CVE-2023-52808,CVE-2023-52809,CVE-2023-52810,CVE-2023-52811,CVE-2023-52812,CVE-2023-52813,CVE-2023-52814,CVE-2023-52815,CVE-2023-52816,CVE-2023-52817,CVE-2023-52818,CVE-2023-52819,CVE-2023-52821,CVE-2023-52825,CVE-2023-52826,CVE-2023-52827,CVE-2023-52829,CVE-2023-52832,CVE-2023-52833,CVE-2023-52834,CVE-2023-52835,CVE-2023-52836,CVE-2023-52837,CVE-2023-52838,CVE-2023-52840,CVE-2023-52841,CVE-2023-52842,CVE-2023-52843,CVE-2023-52844,CVE-2023-52845,CVE-2023-52846,CVE-2023-52847,CVE-2023-52849,CVE-2023-52850,CVE-2023-52851,CVE-2023-52853,CVE-2023-52854,CVE-2023-52855,CVE-2023-52856,CVE-2023-52857,CVE-2023-52858,CVE-2023-52861,CVE-2023-52862,CVE-2023-52863,CVE-2023-52864,CVE-2023-52865,CVE-2023-52866,CVE-2023-52867,CVE-2023-52868,CVE-2023-52869,CVE-2023-52870,CVE-2023-52 871,CVE-2023-52872,CVE-2023-52873,CVE-2023-52874,CVE-2023-52875,CVE-2023-52876,CVE-2023-52877,CVE-2023-52878,CVE-2023-52879,CVE-2023-52880,CVE-2023-52881,CVE-2023-52883,CVE-2023-52884,CVE-2024-26482,CVE-2024-26625,CVE-2024-26676,CVE-2024-26750,CVE-2024-26758,CVE-2024-26767,CVE-2024-26780,CVE-2024-26813,CVE-2024-26814,CVE-2024-26845,CVE-2024-26889,CVE-2024-26920,CVE-2024-27414,CVE-2024-27419,CVE-2024-33619,CVE-2024-34777,CVE-2024-35247,CVE-2024-35807,CVE-2024-35827,CVE-2024-35831,CVE-2024-35843,CVE-2024-35848,CVE-2024-35857,CVE-2024-35880,CVE-2024-35884,CVE-2024-35886,CVE-2024-35892,CVE-2024-35896,CVE-2024-35898,CVE-2024-35900,CVE-2024-35925,CVE-2024-35926,CVE-2024-35957,CVE-2024-35962,CVE-2024-35970,CVE-2024-35976,CVE-2024-35979,CVE-2024-35998,CVE-2024-36005,CVE-2024-36008,CVE-2024-36010,CVE-2024-36017,CVE-2024-36024,CVE-2024-36281,CVE-2024-36477,CVE-2024-36478,CVE-2024-36479,CVE-2024-36882,CVE-2024-36887,CVE-2024-36899,CVE-2024-36900,CVE-2024-36903,CVE-2024-36904,CVE-2024-36915,CVE -2024-36916,CVE-2024-36917,CVE-2024-36919,CVE-2024-36923,CVE-2024-36924,CVE-2024-36926,CVE-2024-36934,CVE-2024-36935,CVE-2024-36937,CVE-2024-36938,CVE-2024-36945,CVE-2024-36952,CVE-2024-36957,CVE-2024-36960,CVE-2024-36962,CVE-2024-36964,CVE-2024-36965,CVE-2024-36967,CVE-2024-36969,CVE-2024-36971,CVE-2024-36972,CVE-2024-36973,CVE-2024-36975,CVE-2024-36977,CVE-2024-36978,CVE-2024-37021,CVE-2024-37078,CVE-2024-37353,CVE-2024-37354,CVE-2024-38381,CVE-2024-38384,CVE-2024-38385,CVE-2024-38388,CVE-2024-38390,CVE-2024-38391,CVE-2024-38539,CVE-2024-38540,CVE-2024-38541,CVE-2024-38543,CVE-2024-38544,CVE-2024-38545,CVE-2024-38546,CVE-2024-38547,CVE-2024-38548,CVE-2024-38549,CVE-2024-38550,CVE-2024-38551,CVE-2024-38552,CVE-2024-38553,CVE-2024-38554,CVE-2024-38555,CVE-2024-38556,CVE-2024-38557,CVE-2024-38559,CVE-2024-38560,CVE-2024-38562,CVE-2024-38564,CVE-2024-38565,CVE-2024-38566,CVE-2024-38567,CVE-2024-38568,CVE-2024-38569,CVE-2024-38570,CVE-2024-38571,CVE-2024-38572,CVE-2024-38573,CVE-2024-3 8575,CVE-2024-38578,CVE-2024-38579,CVE-2024-38580,CVE-2024-38581,CVE-2024-38582,CVE-2024-38583,CVE-2024-38587,CVE-2024-38588,CVE-2024-38590,CVE-2024-38591,CVE-2024-38592,CVE-2024-38594,CVE-2024-38595,CVE-2024-38597,CVE-2024-38599,CVE-2024-38600,CVE-2024-38601,CVE-2024-38602,CVE-2024-38603,CVE-2024-38605,CVE-2024-38608,CVE-2024-38610,CVE-2024-38611,CVE-2024-38615,CVE-2024-38616,CVE-2024-38617,CVE-2024-38618,CVE-2024-38619,CVE-2024-38621,CVE-2024-38622,CVE-2024-38627,CVE-2024-38628,CVE-2024-38629,CVE-2024-38630,CVE-2024-38633,CVE-2024-38634,CVE-2024-38635,CVE-2024-38636,CVE-2024-38661,CVE-2024-38663,CVE-2024-38664,CVE-2024-38780,CVE-2024-39277,CVE-2024-39291,CVE-2024-39296,CVE-2024-39301,CVE-2024-39362,CVE-2024-39371,CVE-2024-39463,CVE-2024-39466,CVE-2024-39469,CVE-2024-39471 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-39371: io_uring: check for non-NULL file pointer in io_file_can_poll() (bsc#1226990). - CVE-2023-52846: hsr: Prevent use after free in prp_create_tagged_frame() (bsc#1225098). - CVE-2024-38610: drivers/virt/acrn: fix PFNMAP PTE checks in acrn_vm_ram_map() (bsc#1226758). - CVE-2024-37354: btrfs: fix crash on racing fsync and size-extending write into prealloc (bsc#1227101). - CVE-2024-36919: scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (bsc#1225767). - CVE-2024-38559: scsi: qedf: Ensure the copied buf is NUL terminated (bsc#1226785). - CVE-2024-38570: gfs2: Fix potential glock use-after-free on unmount (bsc#1226775). - CVE-2024-36904: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique() (bsc#1225732). - CVE-2023-52840: Fix use after free in rmi_unregister_function() (bsc#1224928). - CVE-2024-38545: RDMA/hns: Fix UAF for cq async event (bsc#1226595). - CVE-2023-52834: atl1c: Work around the DMA RX overflow issue (bsc#1225599). - CVE-2023-52875: Add check for mtk_alloc_clk_data (bsc#1225096). - CVE-2023-52865: Add check for mtk_alloc_clk_data (bsc#1225086). - CVE-2023-52821: Fixed a possible null pointer dereference (bsc#1225022). - CVE-2023-52867: Fixed possible buffer overflow (bsc#1225009). - CVE-2024-38578: ecryptfs: Fix buffer size for tag 66 packet (bsc#1226634,). - CVE-2024-36964: fs/9p: only translate RWX permissions for plain 9P2000 (bsc#1225866). - CVE-2023-52759: Ignore negated quota changes (bsc#1225560). - CVE-2023-52796: Add ipvlan_route_v6_outbound() helper (bsc#1224930). - CVE-2023-52807: Fixed out-of-bounds access may occur when coalesce info is read via debugfs (bsc#1225097). - CVE-2023-52864: Fixed opening of char device (bsc#1225132). - CVE-2024-36926: Fixed LPAR panics during boot up with a frozen PE (bsc#1222011). - CVE-2023-52871: Handle a second device without data corruption (bsc#1225534) - CVE-2023-52795: Fixed use after free in vhost_vdpa_probe() (bsc#1225085). - CVE-2023-52881: tcp: do not accept ACK of bytes we never sent (bsc#1225611). - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875). - CVE-2024-39301: net/9p: fix uninit-value in p9_client_rpc() (bsc#1226994). - CVE-2024-35843: iommu/vt-d: Use device rbtree in iopf reporting path (bsc#1224751). - CVE-2024-37078: nilfs2: fix potential kernel bug due to lack of writeback flag waiting (bsc#1227066). - CVE-2024-35247: fpga: region: add owner module and take its refcount (bsc#1226948). - CVE-2024-36479: fpga: bridge: add owner module and take its refcount (bsc#1226949). - CVE-2024-37021: fpga: manager: add owner module and take its refcount (bsc#1226950). - CVE-2024-36281: net/mlx5: Use mlx5_ipsec_rx_status_destroy to correctly delete status rules (bsc#1226799). - CVE-2024-38580: epoll: be better about file lifetimes (bsc#1226610). - CVE-2024-36478: null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (bsc#1226841). - CVE-2024-38636: f2fs: multidev: fix to recognize valid zero block address (bsc#1226879). - CVE-2024-38661: s390/ap: Fix crash in AP internal function modify_bitmap() (bsc#1226996). - CVE-2024-38564: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (bsc#1226789). - CVE-2024-38560: scsi: bfa: Ensure the copied buf is NUL terminated (bsc#1226786). - CVE-2024-36978: net: sched: sch_multiq: fix possible OOB write in multiq_tune() (bsc#1226514). - CVE-2024-36917: block: fix overflow in blk_ioctl_discard() (bsc#1225770). - CVE-2024-38627: stm class: Fix a double free in stm_register_device() (bsc#1226857). - CVE-2024-38603: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() (bsc#1226842). - CVE-2024-38553: net: fec: remove .ndo_poll_controller to avoid deadlock (bsc#1226744). - CVE-2024-38555: net/mlx5: Discard command completions in internal error (bsc#1226607). - CVE-2024-38556: net/mlx5: Add a timeout to acquire the command queue semaphore (bsc#1226774). - CVE-2024-38557: net/mlx5: Reload only IB representors upon lag disable/enable (bsc#1226781). - CVE-2024-38608: net/mlx5e: Fix netif state handling (bsc#1226746). - CVE-2024-38597: eth: sungem: remove .ndo_poll_controller to avoid deadlocks (bsc#1226749). - CVE-2024-38594: net: stmmac: move the EST lock to struct stmmac_priv (bsc#1226734). - CVE-2024-38569: drivers/perf: hisi_pcie: Fix out-of-bound access when valid event group (bsc#1226772). - CVE-2024-38568: drivers/perf: hisi: hns3: Fix out-of-bound access when valid event group (bsc#1226771). - CVE-2024-26814: vfio/fsl-mc: Block calling interrupt handler without trigger (bsc#1222810). - CVE-2024-26813: vfio/platform: Create persistent IRQ handlers (bsc#1222809). - CVE-2024-36945: net/smc: fix neighbour and rtable leak in smc_ib_find_route() (bsc#1225823). - CVE-2024-36923: fs/9p: fix uninitialized values during inode evict (bsc#1225815). - CVE-2024-36971: net: fix __dst_negative_advice() race (bsc#1226145). - CVE-2024-27414: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back (bsc#1224439). - CVE-2024-35886: ipv6: Fix infinite recursion in fib6_dump_done() (bsc#1224670). - CVE-2024-36024: drm/amd/display: Disable idle reallow as part of command/gpint execution (bsc#1225702). - CVE-2024-36903: ipv6: Fix potential uninit-value access in __ip6_make_skb() (bsc#1225741). - CVE-2024-36899: gpiolib: cdev: Fix use after free in lineinfo_changed_notify (bsc#1225737). - CVE-2024-35979: raid1: fix use-after-free for original bio in raid1_write_request() (bsc#1224572). - CVE-2024-35807: ext4: fix corruption during on-line resize (bsc#1224735). - CVE-2023-52622: ext4: avoid online resizing failures due to oversized flex bg (bsc#1222080). - CVE-2023-52843: llc: verify mac len before reading mac header (bsc#1224951). - CVE-2024-35898: netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (bsc#1224498). - CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758). - CVE-2024-36882: mm: use memalloc_nofs_save() in page_cache_ra_order() (bsc#1225723). - CVE-2024-36916: blk-iocost: avoid out of bounds shift (bsc#1225759). - CVE-2024-36900: net: hns3: fix kernel crash when devlink reload during initialization (bsc#1225726). - CVE-2023-52787: blk-mq: make sure active queue usage is held for bio_integrity_prep() (bsc#1225105). - CVE-2024-35925: block: prevent division by zero in blk_rq_stat_sum() (bsc#1224661). - CVE-2023-52837: nbd: fix uaf in nbd_open (bsc#1224935). - CVE-2023-52786: ext4: fix racy may inline data check in dio write (bsc#1224939). - CVE-2024-36934: bna: ensure the copied buf is NUL terminated (bsc#1225760). - CVE-2024-36935: ice: ensure the copied buf is NUL terminated (bsc#1225763). - CVE-2024-36937: xdp: use flags field to disambiguate broadcast redirect (bsc#1225834). - CVE-2023-52672: pipe: wakeup wr_wait after setting max_usage (bsc#1224614). - CVE-2023-52845: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (bsc#1225585). - CVE-2024-36005: netfilter: nf_tables: honor table dormant flag from netdev release event path (bsc#1224539). - CVE-2024-26845: scsi: target: core: Add TMF to tmr_list handling (bsc#1223018). - CVE-2024-35892: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() (bsc#1224515). - CVE-2024-35848: eeprom: at24: fix memory corruption race condition (bsc#1224612). - CVE-2024-35884: udp: do not accept non-tunnel GSO skbs landing in a tunnel (bsc#1224520). - CVE-2024-35857: icmp: prevent possible NULL dereferences from icmp_build_probe() (bsc#1224619). - CVE-2023-52735: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself (bsc#1225475). - CVE-2024-35926: crypto: iaa - Fix async_disable descriptor leak (bsc#1224655). - CVE-2024-35976: Validate user input for XDP_{UMEM|COMPLETION}_FILL_RING (bsc#1224575). - CVE-2024-36938: Fixed NULL pointer dereference in sk_psock_skb_ingress_enqueue (bsc#1225761). - CVE-2024-36008: ipv4: check for NULL idev in ip_route_use_hint() (bsc#1224540). - CVE-2024-35998: Fixed lock ordering potential deadlock in cifs_sync_mid_result (bsc#1224549). - CVE-2023-52757: Fixed potential deadlock when releasing mids (bsc#1225548). - CVE-2024-27419: Fixed data-races around sysctl_net_busy_read (bsc#1224759) - CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762). - CVE-2024-26625: Call sock_orphan() at release time (bsc#1221086) - CVE-2024-35880: io_uring/kbuf: hold io_buffer_list reference over mmap (bsc#1224523). - CVE-2024-35831: io_uring: Fix release of pinned pages when __io_uaddr_map fails (bsc#1224698). - CVE-2024-35827: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() (bsc#1224606). - CVE-2023-52656: Dropped any code related to SCM_RIGHTS (bsc#1224187). - CVE-2023-52699: sysv: don't call sb_bread() with pointers_lock held (bsc#1224659). The following non-security bugs were fixed: - KVM: arm64: Use local TLBI on permission relaxation (bsc#1219478). - KVM: x86/pmu: Prioritize VMX interception over #GP on RDPMC due to bad index (bsc#1226158). - NFS: abort nfs_atomic_open_v23 if name is too long (bsc#1219847). - NFS: add atomic_open for NFSv3 to handle O_TRUNC correctly (bsc#1219847). - NFS: avoid infinite loop in pnfs_update_layout (bsc#1219633 bsc#1226226). - PCI: Clear Secondary Status errors after enumeration (bsc#1226928) - RAS/AMD/ATL: Fix MI300 bank hash (bsc#1225300). - RAS/AMD/ATL: Use system settings for MI300 DRAM to normalized address translation (bsc#1225300). - Revert 'build initrd without systemd' (bsc#1195775)' - arm64: mm: Batch dsb and isb when populating pgtables (jsc#PED-8688). - arm64: mm: Do not remap pgtables for allocate vs populate (jsc#PED-8688). - arm64: mm: Do not remap pgtables per-cont(pte|pmd) block (jsc#PED-8688). - bpf: check bpf_func_state->callback_depth when pruning states (bsc#1225903). - bpf: correct loop detection for iterators convergence (bsc#1225903). - bpf: exact states comparison for iterator convergence checks (bsc#1225903). - bpf: extract __check_reg_arg() utility function (bsc#1225903). - bpf: extract same_callsites() as utility function (bsc#1225903). - bpf: extract setup_func_entry() utility function (bsc#1225903). - bpf: keep track of max number of bpf_loop callback iterations (bsc#1225903). - bpf: move explored_state() closer to the beginning of verifier.c (bsc#1225903). - bpf: print full verifier states on infinite loop detection (bsc#1225903). - bpf: verify callbacks as if they are called unknown number of times (bsc#1225903). - bpf: widening for callback iterators (bsc#1225903). - cachefiles: remove requests from xarray during flushing requests (bsc#1226588). - ceph: add ceph_cap_unlink_work to fire check_caps() immediately (bsc#1226022). - ceph: always check dir caps asynchronously (bsc#1226022). - ceph: always queue a writeback when revoking the Fb caps (bsc#1226022). - ceph: break the check delayed cap loop every 5s (bsc#1226022). - ceph: switch to use cap_delay_lock for the unlink delay list (bsc#1226022). - crypto: deflate - Add aliases to deflate (bsc#1227190). - crypto: iaa - Account for cpu-less numa nodes (bsc#1227190). - ipvs: Fix checksumming on GSO of SCTP packets (bsc#1221958) - kABI: bpf: verifier kABI workaround (bsc#1225903). - net: ena: Fix redundant device NUMA node override (jsc#PED-8688). - net: mana: Enable MANA driver on ARM64 with 4K page size (jsc#PED-8491). - nfs: Avoid flushing many pages with NFS_FILE_SYNC (bsc#1218442). - nfs: Bump default write congestion size (bsc#1218442). - nfsd: optimise recalculate_deny_mode() for a common case (bsc#1217912). - nvme-fabrics: short-circuit reconnect retries (bsc#1186716). - nvme-tcp: Export the nvme_tcp_wq to sysfs (bsc#1224049). - nvme/tcp: Add wq_unbound modparam for nvme_tcp_wq (bsc#1224049). - nvme: do not retry authentication failures (bsc#1186716). - nvme: return kernel error codes for admin queue connect (bsc#1186716). - nvmet: lock config semaphore when accessing DH-HMAC-CHAP key (bsc#1186716). - nvmet: return DHCHAP status codes from nvmet_setup_auth() (bsc#1186716). - ocfs2: adjust enabling place for la window (bsc#1219224). - ocfs2: fix sparse warnings (bsc#1219224). - ocfs2: improve write IO performance when fragmentation is high (bsc#1219224). - ocfs2: speed up chain-list searching (bsc#1219224). - rpm/kernel-obs-build.spec.in: Add iso9660 (bsc#1226212). - rpm/kernel-obs-build.spec.in: Add networking modules for docker (bsc#1226211). - s390/cpacf: Make use of invalid opcode produce a link error (bsc#1227072). - sched/core: Fix incorrect initialization of the 'burst' parameter in cpu_max_write() (bsc#1226791). - selftests/bpf: test case for callback_depth states pruning logic (bsc#1225903). - selftests/bpf: test if state loops are detected in a tricky case (bsc#1225903). - selftests/bpf: test widening for iterating callbacks (bsc#1225903). - selftests/bpf: tests for iterating callbacks (bsc#1225903). - selftests/bpf: tests with delayed read/precision makrs in loop body (bsc#1225903). - selftests/bpf: track string payload offset as scalar in strobemeta (bsc#1225903). - selftests/bpf: track tcp payload offset as scalar in xdp_synproxy (bsc#1225903). - supported.conf: Add APM X-Gene SoC hardware monitoring driver (bsc#1223265 jsc#PED-8570) - tcp: Dump bound-only sockets in inet_diag (bsc#1204562). - x86/mce: Dynamically size space for machine check records (bsc#1222241). - x86/tsc: Trust initial offset in architectural TSC-adjust MSRs (bsc#1222015 bsc#1226962). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2575-1 Released: Mon Jul 22 12:35:32 2024 Summary: Security update for kernel-firmware Type: security Severity: moderate References: 1219458,1222319,1225600,1225601,CVE-2023-38417,CVE-2023-47210 This update for kernel-firmware fixes the following issues: - CVE-2023-38417: Fixed improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 (bsc#1225600) - CVE-2023-47210: Fixed improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 (bsc#1225601) - Update to version 20240712 (git commit ed874ed83cac): * amdgpu: update DMCUB to v0.0.225.0 for Various AMDGPU Asics * qcom: add gpu firmwares for x1e80100 chipset (bsc#1219458) * linux-firmware: add firmware for qat_402xx devices * amdgpu: update raven firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update SDMA 6.0.3 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update vega20 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update PSP 13.0.8 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update SDMA 6.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update picasso firmware * amdgpu: update beige goby firmware * amdgpu: update vangogh firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update navy flounder firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update green sardine firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update SDMA 6.0.1 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update VPE 6.1.1 firmware * amdgpu: update VCN 4.0.6 firmware * amdgpu: update SDMA 6.1.1 firmware * amdgpu: update PSP 14.0.1 firmware * amdgpu: update GC 11.5.1 firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update SDMA 6.1.0 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update navi14 firmware * amdgpu: update renoir firmware * amdgpu: update navi12 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update yellow carp firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update SMU 13.0.7 firmware * amdgpu: update SDMA 6.0.2 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update navi10 firmware * amdgpu: update raven2 firmware * amdgpu: update aldebaran firmware * linux-firmware: Update AMD cpu microcode * linux-firmware: Add ISH firmware file for Intel Lunar Lake platform * amdgpu: update DMCUB to v0.0.224.0 for Various AMDGPU Asics * cirrus: cs35l41: Update various firmware for ASUS laptops using CS35L41 * amdgpu: Update ISP FW for isp v4.1.1 - Update to version 20240622 (git commit 7d931f8afa51): * linux-firmware: mediatek: Update MT8173 VPU firmware to v1.2.0 * qcom: Add AIC100 firmware files - Update to version 20240618 (git commit 7d931f8afa51): * amlogic: Update bluetooth firmware binary * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel Bluetooth Magnetor core * linux-firmware: Update firmware file for Intel Bluetooth Solar core * linux-firmware: Update firmware file for Intel Bluetooth Pulsar core * rtl_bt: Update RTL8822C BT UART firmware to 0xB5D6_6DCB * rtl_bt: Update RTL8822C BT USB firmware to 0xAED6_6DCB * amdgpu: update DMCUB to v0.0.222.0 for DCN314 * iwlwifi: add ty/So/Ma firmwares for core88-87 release * iwlwifi: update cc/Qu/QuZ firmwares for core88-87 release * linux-firmware: add new cc33xx firmware for cc33xx chips * cirrus: cs35l56: Update firmware for Cirrus CS35L56 for ASUS UM5606 laptop * cirrus: cs35l56: Update firmware for Cirrus CS35L56 for various ASUS laptops * linux-firmware: Add firmware for Lenovo Thinkbooks * amdgpu: update yellow carp firmware * amdgpu: update VCN 4.0.4 firmware * amdgpu: update SDMA 6.0.2 firmware * amdgpu: update PSP 13.0.7 firmware * amdgpu: update GC 11.0.2 firmware * amdgpu: update navi10 firmware * amdgpu: update raven2 firmware * amdgpu: update raven firmware * amdgpu: update SMU 13.0.10 firmware * amdgpu: update SDMA 6.0.3 firmware * amdgpu: update PSP 13.0.10 firmware * amdgpu: update GC 11.0.3 firmware * amdgpu: update VCN 3.1.2 firmware * amdgpu: update PSP 13.0.5 firmware * amdgpu: update psp 13.0.8 firmware * amdgpu: update vega20 firmware * amdgpu: update vega12 firmware * amdgpu: update vega10 firmware * amdgpu: update VCN 4.0.0 firmware * amdgpu: update smu 13.0.0 firmware * amdgpu: update SDMA 6.0.0 firmware * amdgpu: update PSP 13.0.0 firmware * amdgpu: update GC 11.0.0 firmware * amdgpu: update picasso firmware * amdgpu: update beige goby firmware * amdgpu: update vangogh firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update green sardine firmware * amdgpu: update navy flounder firmware * amdgpu: update PSP 13.0.11 firmware * amdgpu: update GC 11.0.4 firmware * amdgpu: update VCN 4.0.2 firmware * amdgpu: update SDMA 6.0.1 firmware * amdgpu: update PSP 13.0.4 firmware * amdgpu: update GC 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update VCN 4.0.5 firmware * amdgpu: update PSP 14.0.0 firmware * amdgpu: update GC 11.5.0 firmware * amdgpu: update navi14 firmware * amdgpu: update SMU 13.0.6 firmware * amdgpu: update PSP 13.0.6 firmware * amdgpu: update GC 9.4.3 firmware * amdgpu: update renoir firmware * amdgpu: update navi12 firmware * amdgpu: update aldebaran firmware * amdgpu: add support for PSP 14.0.1 * amdgpu: add support for VPE 6.1.1 * amdgpu: add support for VCN 4.0.6 * amdgpu: add support for SDMA 6.1.1 * amdgpu: add support for GC 11.5.1 * amdgpu: Add support for DCN 3.5.1 * QCA: Update Bluetooth QCA2066 firmware to 2.1.0-00639 * cnm: update chips&media wave521c firmware. * linux-firmware: Add ordinary firmware for RTL8821AU device - Update to version 20240519 (git commit aae8224390e2): * amdgpu: add new ISP 4.1.1 firmware - Update to version 20240510 (git commit 7c2303328d8e): * linux-firmware: Amphion: Update vpu firmware * linux-firmware: Update firmware file for Intel BlazarU core * linux-firmware: Update firmware file for Intel Bluetooth Magnetor core * linux-firmware: Update firmware file for Intel Bluetooth Solar core * linux-firmware: Update firmware file for Intel Bluetooth Solar core * i915: Add BMG DMC v2.06 * linux-firmware: Add CS35L41 HDA Firmware for Asus HN7306 * linux-firmware: Update firmware tuning for HP Consumer Laptop * amdgpu: DMCUB updates for various AMDGPU ASICs * rtl_bt: Update RTL8822C BT UART firmware to 0x0FD6_407B * rtl_bt: Update RTL8822C BT USB firmware to 0x0ED6_407B * cirrus: cs35l56: Add firmware for Cirrus CS35L56 for various ASUS laptops * linux-firmware: Add firmware and tuning for Lenovo Y770S - Update to version 20240426 (git commit 2398d264f953): * amdgpu: DMCUB updates for various AMDGPU ASICs * linux-firmware: Add firmware for Cirrus CS35L56 for various HP laptops * i915: Update Xe2LPD DMC to v2.20 * linux-firmware: Remove Calibration Firmware and Tuning for CS35L41 * linux-firmware: Add firmware for Lenovo Thinkbook 13X * ASoC: tas2781: Add dsp firmware for Thinkpad ICE-1 laptop * amdgpu: add DMCUB 3.5 firmware * amdgpu: add VPE 6.1.0 firmware * amdgpu: add VCN 4.0.5 firmware * amdgpu: add UMSCH 4.0.0 firmware * amdgpu: add SDMA 6.1.0 firmware * amdgpu: add PSP 14.0.0 firmware * amdgpu: add GC 11.5.0 firmware * amdgpu: update license date - Update to version 20240419 (git commit 7eab37522984): * Montage: update firmware for Mont-TSSE * linux-firmware: Add tuning parameter configs for CS35L41 Firmware * linux-firmware: Fix firmware names for Laptop SSID 104316a3 * linux-firmware: Add CS35L41 HDA Firmware for Lenovo Legion Slim 7 16ARHA7 * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: update firmware for MT7922 WiFi device * iwlwifi: add gl FW for core87-44 release * iwlwifi: add ty/So/Ma firmwares for core87-44 release * iwlwifi: update cc/Qu/QuZ firmwares for core87-44 release * nvidia: Update Tegra210 XUSB firmware to v50.29 * amdgpu: update beige goby firmware * amdgpu: update dimgrey cavefish firmware * amdgpu: update psp 13.0.11 firmware * amdgpu: update gc 11.0.4 firmware * amdgpu: update navy flounder firmware * amdgpu: update renoir firmware * amdgpu: update vcn 4.0.2 firmware * amdgpu: update sdma 6.0.1 firmware * amdgpu: update psp 13.0.4 firmware * amdgpu: update gc 11.0.1 firmware * amdgpu: update sienna cichlid firmware * amdgpu: update vega20 firmware * amdgpu: update yellow carp firmware * amdgpu: update green sardine firmware * amdgpu: update vega12 firmware * amdgpu: update raven2 firmware * amdgpu: update vcn 4.0.4 firmware * amdgpu: update smu 13.0.7 firmware * amdgpu: update sdma 6.0.2 firmware * amdgpu: update ipsp 13.0.7 firmware * amdgpu: update gc 11.0.2 firmware * amdgpu: update vega10 firmware * amdgpu: update raven firmware * amdgpu: update navi14 firmware * amdgpu: update smu 13.0.10 firmware * amdgpu: update sdma 6.0.3 firmware * amdgpu: update psp 13.0.10 firmware * amdgpu: update gc 11.0.3 firmware * amdgpu: update vcn 3.1.2 firmware * amdgpu: update psp 13.0.5 firmware * amdgpu: update gc 10.3.6 firmware * amdgpu: update navi12 firmware * amdgpu: update arcturus firmware * amdgpu: update vangogh firmware * amdgpu: update navi10 firmware * amdgpu: update vcn 4.0.3 firmware * amdgpu: update smu 13.0.6 firmware * amdgpu: update psp 13.0.6 firmware * amdgpu: update gc 9.4.3 firmware * amdgpu: update vcn 4.0.0 firmware * amdgpu: update smu 13.0.0 firmware * amdgpu: update sdma 6.0.0 firmware * amdgpu: update psp 13.0.0 firmware * amdgpu: update gc 11.0.0 firmware * amdgpu: update firmware * amdgpu: update aldebaran firmware * amdgpu: update psp 13.0.8 firmware * amdgpu: update gc 10.3.7 firmware * linux-firmware: mediatek: Update MT8173 VPU firmware to v1.1.9 * ath10k: WCN3990: hw1.0: add qcm2290 firmware API file * ath10k: WCN3990: hw1.0: move firmware back from qcom/ location * i915: Add DG2 HuC 7.10.15 * amdgpu: DMCUB updates for various AMDGPU ASICs * linux-firmware: update firmware for en8811h 2.5G ethernet phy * rtw89: 8852c: update fw to v0.27.56.14 * rtw89: 8922a: add firmware v0.35.18.0 * rtw88: Add RTL8703B firmware v11.0.0 - Drop duplicated WHENCE from kernel-firmware-* subpackages (bsc#1222319) - Update to version 20240322 (git commit 9a6a0cc195c1): * mekdiatek: Update mt8186 SOF firmware to v2.0.1 * linux-firmware: Add firmware for Cirrus CS35L56 for Dell laptops * Montage: update firmware for Mont-TSSE * WHENCE: Link the Raspberry Pi CM4 and 5B to the 4B * Intel Bluetooth: Update firmware file for Intel Bluetooth BE200 * Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX101 * Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX203 * Intel Bluetooth: Update firmware file for Magnetor Intel Bluetooth AX211 * Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX101 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX101 * Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX203 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX203 * Intel Bluetooth: Update firmware file for SolarF Intel Bluetooth AX211 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX211 * Intel Bluetooth: Update firmware file for Solar Intel Bluetooth AX210 * Intel Bluetooth: Update firmware file for Intel Bluetooth AX200 * Intel Bluetooth: Update firmware file for Intel Bluetooth AX201 * Intel Bluetooth: Update firmware file for Intel Bluetooth 9560 * Intel Bluetooth: Update firmware file for Intel Bluetooth 9260 * amdgpu: DMCUB updates for various AMDGPU ASICs * linux-firmware: mediatek: Update MT8173 VPU firmware to v1.1.8 * imx: sdma: update firmware to v3.6/v4.6 - Update to version 20240312 (git commit 4a404b5bfdb9): * linux-firmware: update firmware for mediatek bluetooth chip (MT7921) * iwlwifi: update 9000-family firmwares to core85-89 * rtl_bt: Update RTL8852A BT USB firmware to 0xD9D6_17DA * linux-firmware: update firmware for MT7921 WiFi device * linux-firmware: update firmware for mediatek bluetooth chip (MT7922) * linux-firmware: update firmware for MT7922 WiFi device * linux-firmware: Add CS35L41 HDA Firmware for Lenovo Thinkbook 16P Laptops - Update to version 20240229 (git commit 977332782302): * amdgpu: Update VCN firmware binaries * Intel IPU2: Add firmware files * brcm: Add nvram for the Acer Iconia One 7 B1-750 tablet * i915: Add Xe2LPD DMC v2.18 * i915: Update MTL DMC v2.21 - Update to version 20240220 (git commit 73b4429fae36): * linux-firmware: update firmware for en8811h 2.5G ethernet phy * linux-firmware: add firmware for MT7996 * xe: First GuC release for LNL and Xe * i915: Add GuC v70.20.0 for ADL-P, DG1, DG2, MTL and TGL * linux-firmware: Add CS35L41 firmware for Lenovo Legion 7i gen7 laptop (16IAX7) * brcm: Add nvram for the Asus Memo Pad 7 ME176C tablet * ice: update ice DDP package to 1.3.36.0 * Intel IPU3 ImgU: Move firmware file under intel/ipu * Intel IPU6: Move firmware binaries under ipu/ * check_whence: Add a check for duplicate link entries * WHENCE: Clean up section separators * linux-firmware: Add CS35L41 firmware for additional ASUS Zenbook 2023 models * panthor: Add initial firmware for Gen10 Arm Mali GPUs * amdgpu: DMCUB Updates for DCN321: 7.0.38.0 * amdgpu: DMCUB updates for Yellow Carp: 4.0.68.0 * qcom: update venus firmware file for v5.4 * Montage: add firmware for Mont-TSSE * amdgpu: update DMCUB to v0.0.203.0 for DCN314 and DCN32 * linux-firmware: Remove 2 HP laptops using CS35L41 Audio Firmware * linux-firmware: Fix filenames for some CS35L41 firmwares for HP ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2587-1 Released: Mon Jul 22 13:44:54 2024 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1227456 This update for openssh fixes the following issues: - Remove empty line at the end of sshd-sle.pamd (bsc#1227456) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:2609-1 Released: Fri Jul 26 18:07:05 2024 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1227681 This update for suse-build-key fixes the following issue: - fixed syntax error in auto import shell script (bsc#1227681) The following package changes have been done: - kernel-default-6.4.0-150600.23.14.2 updated - kernel-firmware-bnx2-20240712-150600.3.3.1 updated - kernel-firmware-chelsio-20240712-150600.3.3.1 updated - kernel-firmware-i915-20240712-150600.3.3.1 updated - kernel-firmware-intel-20240712-150600.3.3.1 updated - kernel-firmware-liquidio-20240712-150600.3.3.1 updated - kernel-firmware-marvell-20240712-150600.3.3.1 updated - kernel-firmware-mediatek-20240712-150600.3.3.1 updated - kernel-firmware-mellanox-20240712-150600.3.3.1 updated - kernel-firmware-network-20240712-150600.3.3.1 updated - kernel-firmware-platform-20240712-150600.3.3.1 updated - kernel-firmware-qlogic-20240712-150600.3.3.1 updated - kernel-firmware-realtek-20240712-150600.3.3.1 updated - kernel-firmware-usb-network-20240712-150600.3.3.1 updated - openssh-clients-9.6p1-150600.6.9.1 updated - openssh-common-9.6p1-150600.6.9.1 updated - openssh-server-9.6p1-150600.6.9.1 updated - openssh-9.6p1-150600.6.9.1 updated - suse-build-key-12.0-150000.8.49.2 updated