From sle-container-updates at lists.suse.com Wed Oct 2 07:02:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 2 Oct 2024 09:02:19 +0200 (CEST) Subject: SUSE-IU-2024:1434-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20241002070219.A8833FCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1434-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.194 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.194 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - glibc-locale-base-2.31-150300.89.2 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.148 updated From sle-container-updates at lists.suse.com Wed Oct 2 07:07:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 2 Oct 2024 09:07:26 +0200 (CEST) Subject: SUSE-CU-2024:4726-1: Recommended update of suse/ltss/sle15.4/bci-base-fips Message-ID: <20241002070726.3FB38FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4726-1 Container Tags : suse/ltss/sle15.4/bci-base-fips:15.4 , suse/ltss/sle15.4/bci-base-fips:15.4.4.11 Container Release : 4.11 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container suse/ltss/sle15.4/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - container:sles15-ltss-image-15.0.0-5.24 updated From sle-container-updates at lists.suse.com Thu Oct 3 07:02:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:02:00 +0200 (CEST) Subject: SUSE-IU-2024:1435-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20241003070200.B6D83FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1435-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.93 , suse/sle-micro/base-5.5:latest Image Release : 5.8.93 Severity : moderate Type : recommended References : 1228647 1228661 1229028 1229476 1230267 1230516 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3237-1 Released: Fri Sep 13 11:49:56 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3420-1 Released: Tue Sep 24 16:13:23 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3477-1 Released: Fri Sep 27 15:22:22 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - libuuid1-2.37.4-150500.9.17.2 updated - libsmartcols1-2.37.4-150500.9.17.2 updated - libblkid1-2.37.4-150500.9.17.2 updated - libfdisk1-2.37.4-150500.9.17.2 updated - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - libmount1-2.37.4-150500.9.17.2 updated - libcurl4-8.0.1-150400.5.53.2 updated - libsolv-tools-base-0.7.30-150500.6.2.2 updated - libsolv-tools-0.7.30-150500.6.2.2 updated - libzypp-17.35.11-150500.6.18.3 updated - zypper-1.14.77-150500.6.11.3 updated - util-linux-2.37.4-150500.9.17.2 updated - curl-8.0.1-150400.5.53.2 updated - container:suse-sle15-15.5-e2a311caa82fc13cba956bf23e5d3cac6d518f4090cf42249bf0cc5ea279afbe-0 updated From sle-container-updates at lists.suse.com Thu Oct 3 07:02:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:02:39 +0200 (CEST) Subject: SUSE-IU-2024:1438-1: Security update of suse/sle-micro/5.5 Message-ID: <20241003070239.57EB4F7A3@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1438-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.149 , suse/sle-micro/5.5:latest Image Release : 5.5.149 Severity : moderate Type : security References : 1226413 1227216 1228216 1228661 1229028 1229476 1229930 1229931 1229932 1230092 1230516 CVE-2024-45310 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3222-1 Released: Thu Sep 12 13:20:47 2024 Summary: Security update for runc Type: security Severity: low References: 1230092,CVE-2024-45310 This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3237-1 Released: Fri Sep 13 11:49:56 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3242-1 Released: Fri Sep 13 15:57:29 2024 Summary: Recommended update for strace Type: recommended Severity: moderate References: 1228216 This update for strace fixes the following issue: - Change the license to the correct LGPL-2.1-or-later (bsc#1228216). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3451-1 Released: Thu Sep 26 09:10:50 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1227216 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3477-1 Released: Fri Sep 27 15:22:22 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3481-1 Released: Fri Sep 27 15:58:46 2024 Summary: Recommended update for mdadm Type: recommended Severity: moderate References: 1226413 This update for mdadm fixes the following issues: - mdadm: define DEV_MD_DIR (bsc#1226413). - mdadm: refactor ident-name handling (bsc#1226413). - mdadm: Follow POSIX Portable Character Set (bsc#1226413). - Detail: remove duplicated code (bsc#1226413). - mdadm: Fix native --detail --export (bsc#1226413). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3487-1 Released: Fri Sep 27 19:56:02 2024 Summary: Recommended update for logrotate Type: recommended Severity: moderate References: This update for logrotate fixes the following issues: - Backport 'ignoreduplicates' configuration flag (jsc#PED-10366) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - libuuid1-2.37.4-150500.9.17.2 updated - libsmartcols1-2.37.4-150500.9.17.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - libblkid1-2.37.4-150500.9.17.2 updated - libfdisk1-2.37.4-150500.9.17.2 updated - libmount1-2.37.4-150500.9.17.2 updated - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - pam-config-1.1-150200.3.9.1 updated - util-linux-2.37.4-150500.9.17.2 updated - util-linux-systemd-2.37.4-150500.9.17.2 updated - logrotate-3.18.1-150400.3.10.1 updated - libcurl4-8.0.1-150400.5.53.2 updated - glibc-locale-base-2.31-150300.89.2 updated - mdadm-4.2-150500.6.6.2 updated - runc-1.1.14-150000.70.1 updated - strace-5.14-150400.3.3.2 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.93 updated From sle-container-updates at lists.suse.com Thu Oct 3 07:03:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:03:52 +0200 (CEST) Subject: SUSE-CU-2024:4729-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20241003070352.C6A09F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4729-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.35 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.35 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-locale-base-2.31-150300.89.2 updated - glibc-locale-2.31-150300.89.2 updated - glibc-2.31-150300.89.2 updated From sle-container-updates at lists.suse.com Thu Oct 3 07:04:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:04:50 +0200 (CEST) Subject: SUSE-CU-2024:4730-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20241003070450.ABFDEF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4730-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.36 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.36 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-locale-base-2.31-150300.89.2 updated - glibc-locale-2.31-150300.89.2 updated - glibc-2.31-150300.89.2 updated From sle-container-updates at lists.suse.com Thu Oct 3 07:05:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:05:42 +0200 (CEST) Subject: SUSE-CU-2024:4731-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20241003070542.11289F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4731-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.61 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.61 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-locale-base-2.31-150300.89.2 updated - glibc-locale-2.31-150300.89.2 updated From sle-container-updates at lists.suse.com Thu Oct 3 07:05:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:05:48 +0200 (CEST) Subject: SUSE-IU-2024:1439-1: Security update of suse/sl-micro/6.0/baremetal-os-container Message-ID: <20241003070548.32BFCF7A3@maintenance.suse.de> SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1439-1 Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.2 , suse/sl-micro/6.0/baremetal-os-container:2.1.2-3.59 , suse/sl-micro/6.0/baremetal-os-container:latest Image Release : 3.59 Severity : moderate Type : security References : 1227052 CVE-2024-1753 CVE-2024-24786 CVE-2024-3727 CVE-2024-6104 ----------------------------------------------------------------- The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: 46 Released: Thu Sep 12 11:46:29 2024 Summary: Security update for podman Type: security Severity: moderate References: 1227052,CVE-2024-1753,CVE-2024-24786,CVE-2024-3727,CVE-2024-6104 This update for podman fixes the following issues: - CVE-2024-6104: Fixed dependency issue with go-retryablehttp: url might write sensitive information to log file (bsc#1227052). - Update to version 4.9.5: * Bump to v4.9.5 * Update release notes for v4.9.5 * fix 'concurrent map writes' in network ls compat endpoint * [v4.9] Fix for CVE-2024-3727 * Disable failing bud test * CI Maintenance: Disable machine tests * [CI:DOCS] Allow downgrade of WiX * [CI:DOCS] Force WiX 3.11 * [CI:DOCS] Fix windows installer action * Bump to v4.9.5-dev * Bump to v4.9.4 * Update release notes for v4.9.4 * [v4.9] Bump Buildah to v1.33.7, CVE-2024-1753, CVE-2024-24786 * Add farm command to commands list * Bump to FreeBSD 13.3 (13.2 vanished) * Update health-start-periods docs * Don't update health check status during initialDelaySeconds * image scp: don't require port for ssh URL * Ignore docker's end point config when the final network mode isn't bridge. * Fix running container from docker client with rootful in rootless podman. * [skip-ci] Packit: remove koji and bodhi tasks for v4.9 * Bump to v4.9.4-dev * Remove gitleaks scanning The following package changes have been done: - SL-Micro-release-6.0-24.16 updated - podman-4.9.5-1.1 updated - container:SL-Micro-base-container-2.1.2-3.35 updated From sle-container-updates at lists.suse.com Thu Oct 3 07:06:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:06:42 +0200 (CEST) Subject: SUSE-CU-2024:4737-1: Recommended update of suse/ltss/sle15.3/bci-base-fips Message-ID: <20241003070642.E5A24F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4737-1 Container Tags : suse/ltss/sle15.3/bci-base-fips:15.3 , suse/ltss/sle15.3/bci-base-fips:15.3.8.7 Container Release : 8.7 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container suse/ltss/sle15.3/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - container:sles15-ltss-image-15.0.0-6.33 updated From sle-container-updates at lists.suse.com Thu Oct 3 07:07:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:07:03 +0200 (CEST) Subject: SUSE-CU-2024:4738-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20241003070703.B6738F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4738-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.6.33 , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.6.33 Container Release : 6.33 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated From sle-container-updates at lists.suse.com Thu Oct 3 07:07:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:07:29 +0200 (CEST) Subject: SUSE-CU-2024:4739-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20241003070729.9A9F5F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4739-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.5.24 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.5.24 Container Release : 5.24 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated From sle-container-updates at lists.suse.com Thu Oct 3 07:08:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:08:41 +0200 (CEST) Subject: SUSE-CU-2024:4740-1: Recommended update of bci/bci-busybox Message-ID: <20241003070841.189DFF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4740-1 Container Tags : bci/bci-busybox:15.5 , bci/bci-busybox:15.5.33.2 Container Release : 33.2 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated From sle-container-updates at lists.suse.com Thu Oct 3 07:10:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:10:39 +0200 (CEST) Subject: SUSE-CU-2024:4741-1: Recommended update of bci/bci-init Message-ID: <20241003071039.2BC33F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4741-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.31.4 Container Release : 31.4 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - container:registry.suse.com-bci-bci-base-15.5-e2a311caa82fc13cba956bf23e5d3cac6d518f4090cf42249bf0cc5ea279afbe-0 added - container:bci-bci-base-15.5-fb7ad4d718937947003b51413c0825e6affb5ed11784f7510b1082d92d754e88-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 07:10:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:10:58 +0200 (CEST) Subject: SUSE-CU-2024:4742-1: Recommended update of bci/bci-micro Message-ID: <20241003071058.A3AFFF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4742-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.32.2 Container Release : 32.2 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated From sle-container-updates at lists.suse.com Thu Oct 3 07:11:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:11:24 +0200 (CEST) Subject: SUSE-CU-2024:4743-1: Recommended update of bci/bci-minimal Message-ID: <20241003071124.7F1FDF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4743-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.34.3 Container Release : 34.3 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - container:bci-bci-micro-15.5-b670249aae934fe9a9f77cccad648cb140b808ded90ac511397dcd6648634c3d-0 updated From sle-container-updates at lists.suse.com Thu Oct 3 07:12:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:12:15 +0200 (CEST) Subject: SUSE-CU-2024:4744-1: Recommended update of bci/nodejs Message-ID: <20241003071215.C5024F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4744-1 Container Tags : bci/node:18 , bci/node:18-35.4 , bci/node:18.20.4 , bci/nodejs:18 , bci/nodejs:18-35.4 , bci/nodejs:18.20.4 Container Release : 35.4 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - libcurl4-8.0.1-150400.5.53.2 updated - container:registry.suse.com-bci-bci-base-15.5-e2a311caa82fc13cba956bf23e5d3cac6d518f4090cf42249bf0cc5ea279afbe-0 added - container:bci-bci-base-15.5-3b949750bcdace970aaaeed051c0d97f197cfe43cac8c4b72c57a63e9fac461a-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 07:14:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:14:02 +0200 (CEST) Subject: SUSE-CU-2024:4746-1: Recommended update of bci/openjdk Message-ID: <20241003071402.C89E1F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4746-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-32.4 Container Release : 32.4 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - container:registry.suse.com-bci-bci-base-15.5-e2a311caa82fc13cba956bf23e5d3cac6d518f4090cf42249bf0cc5ea279afbe-0 added - container:bci-bci-base-15.5-fb7ad4d718937947003b51413c0825e6affb5ed11784f7510b1082d92d754e88-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 07:15:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:15:38 +0200 (CEST) Subject: SUSE-CU-2024:4748-1: Recommended update of suse/postgres Message-ID: <20241003071538.90A2FF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4748-1 Container Tags : suse/postgres:15 , suse/postgres:15-35.3 , suse/postgres:15.8 , suse/postgres:15.8 Container Release : 35.3 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - glibc-locale-base-2.31-150300.89.2 updated - glibc-locale-2.31-150300.89.2 updated - container:registry.suse.com-bci-bci-base-15.5-e2a311caa82fc13cba956bf23e5d3cac6d518f4090cf42249bf0cc5ea279afbe-0 added - container:suse-sle15-15.5-fb7ad4d718937947003b51413c0825e6affb5ed11784f7510b1082d92d754e88-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 07:16:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:16:09 +0200 (CEST) Subject: SUSE-CU-2024:4749-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20241003071609.40BBEF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4749-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.26.3 Container Release : 26.3 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - glibc-locale-base-2.31-150300.89.2 updated - glibc-locale-2.31-150300.89.2 updated - glibc-devel-2.31-150300.89.2 updated - container:registry.suse.com-bci-bci-base-15.5-e2a311caa82fc13cba956bf23e5d3cac6d518f4090cf42249bf0cc5ea279afbe-0 added - container:bci-bci-base-15.5-fb7ad4d718937947003b51413c0825e6affb5ed11784f7510b1082d92d754e88-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 07:16:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:16:46 +0200 (CEST) Subject: SUSE-CU-2024:4750-1: Recommended update of suse/sle15 Message-ID: <20241003071646.953F5F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4750-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.28 , suse/sle15:15.5 , suse/sle15:15.5.36.14.28 Container Release : 36.14.28 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated From sle-container-updates at lists.suse.com Thu Oct 3 07:16:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:16:58 +0200 (CEST) Subject: SUSE-CU-2024:4751-1: Security update of suse/389-ds Message-ID: <20241003071658.082ABF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4751-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-45.4 , suse/389-ds:latest Container Release : 45.4 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - openssl-3-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:suse-sle15-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 07:17:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:17:09 +0200 (CEST) Subject: SUSE-CU-2024:4752-1: Recommended update of bci/dotnet-aspnet Message-ID: <20241003071709.B7DDEF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4752-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-48.3 , bci/dotnet-aspnet:6.0.33 Container Release : 48.3 Severity : moderate Type : recommended References : 1230638 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 09:20:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:20:11 +0200 (CEST) Subject: SUSE-CU-2024:4756-1: Recommended update of bci/openjdk Message-ID: <20241003092011.14ED9FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4756-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-34.4 Container Release : 34.4 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - container:registry.suse.com-bci-bci-base-15.5-e2a311caa82fc13cba956bf23e5d3cac6d518f4090cf42249bf0cc5ea279afbe-0 added - container:bci-bci-base-15.5-fb7ad4d718937947003b51413c0825e6affb5ed11784f7510b1082d92d754e88-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 09:20:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:20:25 +0200 (CEST) Subject: SUSE-CU-2024:4752-1: Recommended update of bci/dotnet-aspnet Message-ID: <20241003092025.D7DF6FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4752-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-48.3 , bci/dotnet-aspnet:6.0.33 Container Release : 48.3 Severity : moderate Type : recommended References : 1230638 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 09:20:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:20:40 +0200 (CEST) Subject: SUSE-CU-2024:4757-1: Recommended update of bci/dotnet-aspnet Message-ID: <20241003092040.DED75FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4757-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0-36.3 , bci/dotnet-aspnet:8.0.8 , bci/dotnet-aspnet:latest Container Release : 36.3 Severity : moderate Type : recommended References : 1230638 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 09:20:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:20:50 +0200 (CEST) Subject: SUSE-CU-2024:4758-1: Recommended update of bci/bci-base-fips Message-ID: <20241003092050.8796DFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4758-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.14.4 , bci/bci-base-fips:latest Container Release : 14.4 Severity : moderate Type : recommended References : 1230638 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 09:20:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:20:59 +0200 (CEST) Subject: SUSE-CU-2024:4759-1: Recommended update of bci/bci-busybox Message-ID: <20241003092059.ABAC9FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4759-1 Container Tags : bci/bci-busybox:15.6 , bci/bci-busybox:15.6.26.2 , bci/bci-busybox:latest Container Release : 26.2 Severity : moderate Type : recommended References : 1230638 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated From sle-container-updates at lists.suse.com Thu Oct 3 09:21:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:21:20 +0200 (CEST) Subject: SUSE-CU-2024:4760-1: Security update of suse/registry Message-ID: <20241003092120.4F342FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4760-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-27.6 , suse/registry:latest Container Release : 27.6 Severity : important Type : security References : 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - openssl-3-3.1.4-150600.5.18.1 updated - container:bci-bci-micro-15.6-e1fcadd133c54b7d8c2c58aaa6c3f6f488ff6ef3bb7c61b3add9eb093fa39fd5-0 updated From sle-container-updates at lists.suse.com Thu Oct 3 09:21:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:21:36 +0200 (CEST) Subject: SUSE-CU-2024:4761-1: Recommended update of bci/dotnet-sdk Message-ID: <20241003092136.4B734FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4761-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-48.3 , bci/dotnet-sdk:6.0.33 Container Release : 48.3 Severity : moderate Type : recommended References : 1230638 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 09:21:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:21:52 +0200 (CEST) Subject: SUSE-CU-2024:4762-1: Recommended update of bci/dotnet-sdk Message-ID: <20241003092152.0B86BFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4762-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0-38.3 , bci/dotnet-sdk:8.0.8 , bci/dotnet-sdk:latest Container Release : 38.3 Severity : moderate Type : recommended References : 1230638 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 09:22:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:22:09 +0200 (CEST) Subject: SUSE-CU-2024:4763-1: Recommended update of bci/dotnet-runtime Message-ID: <20241003092209.39B2EFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4763-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-48.3 , bci/dotnet-runtime:6.0.33 Container Release : 48.3 Severity : moderate Type : recommended References : 1230638 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 09:22:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:22:23 +0200 (CEST) Subject: SUSE-CU-2024:4764-1: Recommended update of bci/dotnet-runtime Message-ID: <20241003092223.2FF99FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4764-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0-36.3 , bci/dotnet-runtime:8.0.8 , bci/dotnet-runtime:latest Container Release : 36.3 Severity : moderate Type : recommended References : 1230638 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 09:22:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:22:34 +0200 (CEST) Subject: SUSE-CU-2024:4765-1: Security update of suse/git Message-ID: <20241003092234.B9421FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4765-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43-27.8 , suse/git:2.43.0 , suse/git:latest Container Release : 27.8 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libudev1-254.18-150600.4.15.10 updated - container:bci-bci-micro-15.6-e1fcadd133c54b7d8c2c58aaa6c3f6f488ff6ef3bb7c61b3add9eb093fa39fd5-0 updated From sle-container-updates at lists.suse.com Thu Oct 3 09:22:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:22:46 +0200 (CEST) Subject: SUSE-CU-2024:4766-1: Security update of bci/golang Message-ID: <20241003092246.EBF8EFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4766-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-2.41.4 , bci/golang:1.22.7 , bci/golang:oldstable , bci/golang:oldstable-2.41.4 Container Release : 41.4 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - glibc-devel-2.38-150600.14.11.2 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 09:23:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:23:00 +0200 (CEST) Subject: SUSE-CU-2024:4767-1: Security update of bci/golang Message-ID: <20241003092300.200D4FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4767-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-47.4 , bci/golang:1.20.12.1 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-47.4 Container Release : 47.4 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - openssl-3-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - glibc-devel-2.38-150600.14.11.2 updated - libopenssl-3-devel-3.1.4-150600.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 09:23:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:23:12 +0200 (CEST) Subject: SUSE-CU-2024:4768-1: Security update of bci/golang Message-ID: <20241003092312.E7690FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4768-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-47.4 , bci/golang:1.21.5.1 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-47.4 Container Release : 47.4 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - openssl-3-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - glibc-devel-2.38-150600.14.11.2 updated - libopenssl-3-devel-3.1.4-150600.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 09:23:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:23:21 +0200 (CEST) Subject: SUSE-CU-2024:4769-1: Security update of suse/helm Message-ID: <20241003092321.9CFAEFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4769-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-25.6 , suse/helm:latest Container Release : 25.6 Severity : important Type : security References : 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - openssl-3-3.1.4-150600.5.18.1 updated - container:bci-bci-micro-15.6-e1fcadd133c54b7d8c2c58aaa6c3f6f488ff6ef3bb7c61b3add9eb093fa39fd5-0 updated From sle-container-updates at lists.suse.com Thu Oct 3 09:23:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:23:30 +0200 (CEST) Subject: SUSE-CU-2024:4770-1: Security update of bci/kiwi Message-ID: <20241003092330.03559FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4770-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-9.3 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:latest Container Release : 9.3 Severity : important Type : security References : 1214025 1219660 1222849 1224168 1224170 1224171 1224172 1224173 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2023-4156 CVE-2024-24577 CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 CVE-2024-32487 CVE-2024-41996 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:3440-1 Released: Mon Aug 28 08:57:10 2023 Summary: Security update for gawk Type: security Severity: low References: 1214025,CVE-2023-4156 This update for gawk fixes the following issues: - CVE-2023-4156: Fix a heap out of bound read by validating the index into argument list. (bsc#1214025) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2060-1 Released: Tue Jun 18 13:11:47 2024 Summary: Security update for less Type: security Severity: important References: 1222849,CVE-2024-32487 This update for less fixes the following issues: - CVE-2024-32487: Fixed OS command injection via a newline character in the file name. (bsc#1222849) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2277-1 Released: Tue Jul 2 17:03:49 2024 Summary: Security update for git Type: security Severity: important References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465 This update for git fixes the following issues: - CVE-2024-32002: Fix recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion. (bsc#1224168) - CVE-2024-32004: Fixed arbitrary code execution during local clones. (bsc#1224170) - CVE-2024-32020: Fix file overwriting vulnerability during local clones. (bsc#1224171) - CVE-2024-32021: Git may create hardlinks to arbitrary user-readable files. (bsc#1224172) - CVE-2024-32465: Fixed arbitrary code execution during clone operations. (bsc#1224173) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:2579-1 Released: Mon Jul 22 12:36:34 2024 Summary: Security update for git Type: security Severity: important References: 1219660,CVE-2024-24577 This update for git fixes the following issues: - CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - openssl-3-3.1.4-150600.5.18.1 updated - glibc-locale-base-2.38-150600.14.11.2 updated - libsha1detectcoll1-1.0.3-2.18 added - which-2.21-2.20 added - libsystemd0-254.18-150600.4.15.10 updated - gawk-4.2.1-150000.3.3.1 added - less-643-150600.3.3.1 added - libprocps8-3.3.17-150000.7.39.1 added - glibc-devel-2.38-150600.14.11.2 updated - git-core-2.43.0-150600.3.6.1 added - procps-3.3.17-150000.7.39.1 added - systemd-254.18-150600.4.15.10 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 09:23:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:23:39 +0200 (CEST) Subject: SUSE-CU-2024:4771-1: Recommended update of bci/bci-micro Message-ID: <20241003092339.D2A82FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4771-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.26.2 , bci/bci-micro:latest Container Release : 26.2 Severity : moderate Type : recommended References : 1230638 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated From sle-container-updates at lists.suse.com Thu Oct 3 09:23:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:23:50 +0200 (CEST) Subject: SUSE-CU-2024:4772-1: Security update of suse/nginx Message-ID: <20241003092350.2C6A8FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4772-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-45.4 , suse/nginx:latest Container Release : 45.4 Severity : important Type : security References : 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:suse-sle15-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 09:24:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:24:02 +0200 (CEST) Subject: SUSE-CU-2024:4773-1: Security update of bci/nodejs Message-ID: <20241003092402.B9581FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4773-1 Container Tags : bci/node:20 , bci/node:20-42.5 , bci/node:20.15.1 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-42.5 , bci/nodejs:20.15.1 , bci/nodejs:latest Container Release : 42.5 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 09:24:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:24:40 +0200 (CEST) Subject: SUSE-CU-2024:4775-1: Security update of bci/openjdk Message-ID: <20241003092440.3F096FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4775-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-26.5 , bci/openjdk:latest Container Release : 26.5 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - openssl-3-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Thu Oct 3 09:24:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 11:24:53 +0200 (CEST) Subject: SUSE-CU-2024:4776-1: Security update of bci/php-apache Message-ID: <20241003092453.7D19FFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4776-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-42.5 , bci/php-apache:8.2.20 , bci/php-apache:latest Container Release : 42.5 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Fri Oct 4 07:06:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:06:08 +0200 (CEST) Subject: SUSE-CU-2024:4777-1: Recommended update of bci/openjdk-devel Message-ID: <20241004070608.46B40FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4777-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-31.3 Container Release : 31.3 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - container:bci-openjdk-11-64dba4b069f0e66f06a37c97a6fb3e6463759a88ef518d751f8347d13eda4b60-0 updated From sle-container-updates at lists.suse.com Fri Oct 4 07:07:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:07:19 +0200 (CEST) Subject: SUSE-CU-2024:4778-1: Recommended update of bci/openjdk-devel Message-ID: <20241004070719.327C3FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4778-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-33.3 Container Release : 33.3 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - container:bci-openjdk-17-3d34d76e7ccd1d1f8df5249f5646007dbda51e2a958e31749e3ef1b0904b2be9-0 updated From sle-container-updates at lists.suse.com Fri Oct 4 07:09:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:09:22 +0200 (CEST) Subject: SUSE-CU-2024:4787-1: Security update of bci/bci-init Message-ID: <20241004070923.0055AFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4787-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.27.4 , bci/bci-init:latest Container Release : 27.4 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - systemd-254.18-150600.4.15.10 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Fri Oct 4 07:09:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:09:44 +0200 (CEST) Subject: SUSE-CU-2024:4790-1: Recommended update of bci/bci-minimal Message-ID: <20241004070944.307ECFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4790-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.28.3 , bci/bci-minimal:latest Container Release : 28.3 Severity : moderate Type : recommended References : 1230638 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - container:bci-bci-micro-15.6-e1fcadd133c54b7d8c2c58aaa6c3f6f488ff6ef3bb7c61b3add9eb093fa39fd5-0 updated From sle-container-updates at lists.suse.com Fri Oct 4 07:10:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:10:25 +0200 (CEST) Subject: SUSE-CU-2024:4793-1: Security update of suse/pcp Message-ID: <20241004071025.8C366FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4793-1 Container Tags : suse/pcp:5 , suse/pcp:5.3 , suse/pcp:5.3.7 , suse/pcp:5.3.7-46.3 , suse/pcp:latest Container Release : 46.3 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - systemd-254.18-150600.4.15.10 updated - container:bci-bci-init-15.6-57f61e796458aeb84fa3bf650cab5c4256d48829f32a3f78de54d45ea79f1936-0 updated From sle-container-updates at lists.suse.com Fri Oct 4 07:10:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:10:38 +0200 (CEST) Subject: SUSE-CU-2024:4776-1: Security update of bci/php-apache Message-ID: <20241004071038.02107FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4776-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-42.5 , bci/php-apache:8.2.20 , bci/php-apache:latest Container Release : 42.5 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Fri Oct 4 07:10:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:10:50 +0200 (CEST) Subject: SUSE-CU-2024:4795-1: Security update of bci/php-fpm Message-ID: <20241004071050.31B8BFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4795-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-42.5 , bci/php-fpm:8.2.20 , bci/php-fpm:latest Container Release : 42.5 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Fri Oct 4 07:11:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:11:02 +0200 (CEST) Subject: SUSE-CU-2024:4797-1: Security update of bci/php Message-ID: <20241004071102.8D7B4FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4797-1 Container Tags : bci/php:8 , bci/php:8-42.4 , bci/php:8.2.20 , bci/php:latest Container Release : 42.4 Severity : important Type : security References : 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Fri Oct 4 07:11:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:11:14 +0200 (CEST) Subject: SUSE-CU-2024:4799-1: Security update of suse/postgres Message-ID: <20241004071114.D2AD4FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4799-1 Container Tags : suse/postgres:16 , suse/postgres:16-48.4 , suse/postgres:16.4 , suse/postgres:16.4 , suse/postgres:latest Container Release : 48.4 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - glibc-locale-base-2.38-150600.14.11.2 updated - glibc-locale-2.38-150600.14.11.2 updated - libsystemd0-254.18-150600.4.15.10 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:suse-sle15-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 removed From sle-container-updates at lists.suse.com Fri Oct 4 07:11:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:11:29 +0200 (CEST) Subject: SUSE-CU-2024:4801-1: Security update of bci/python Message-ID: <20241004071129.781CBFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4801-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11-54.4 , bci/python:3.11.10 Container Release : 54.4 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - openssl-3-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Fri Oct 4 07:11:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:11:46 +0200 (CEST) Subject: SUSE-CU-2024:4803-1: Security update of bci/python Message-ID: <20241004071146.D3821FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4803-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12-54.4 , bci/python:3.12.6 , bci/python:latest Container Release : 54.4 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - openssl-3-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Fri Oct 4 07:12:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:12:01 +0200 (CEST) Subject: SUSE-CU-2024:4805-1: Security update of bci/python Message-ID: <20241004071201.01C6AF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4805-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-53.5 , bci/python:3.6.15 Container Release : 53.5 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - libcurl4-8.6.0-150600.4.9.2 updated - openssl-3-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-41b25228aa06790431234eab484378edb751cc96448349f3229e9ccbfcb45377-0 removed From sle-container-updates at lists.suse.com Fri Oct 4 07:12:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:12:10 +0200 (CEST) Subject: SUSE-CU-2024:4807-1: Security update of suse/rmt-mariadb-client Message-ID: <20241004071210.1E868F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4807-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11-47.4 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11-47.4 , suse/rmt-mariadb-client:latest Container Release : 47.4 Severity : important Type : security References : 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:suse-sle15-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Fri Oct 4 07:12:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:12:19 +0200 (CEST) Subject: SUSE-CU-2024:4809-1: Security update of suse/rmt-mariadb Message-ID: <20241004071219.F1B3DF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4809-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-50.4 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-50.4 , suse/rmt-mariadb:latest Container Release : 50.4 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:suse-sle15-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Fri Oct 4 07:12:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:12:32 +0200 (CEST) Subject: SUSE-CU-2024:4810-1: Security update of bci/ruby Message-ID: <20241004071232.16A8DF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4810-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-27.4 , bci/ruby:latest Container Release : 27.4 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - glibc-devel-2.38-150600.14.11.2 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Fri Oct 4 07:12:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:12:42 +0200 (CEST) Subject: SUSE-CU-2024:4812-1: Security update of bci/rust Message-ID: <20241004071242.09F34F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4812-1 Container Tags : bci/rust:1.80 , bci/rust:1.80-2.5.3 , bci/rust:1.80.1 , bci/rust:oldstable , bci/rust:oldstable-2.5.3 Container Release : 5.3 Severity : important Type : security References : 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - glibc-devel-2.38-150600.14.11.2 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Fri Oct 4 07:12:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:12:53 +0200 (CEST) Subject: SUSE-CU-2024:4814-1: Security update of bci/rust Message-ID: <20241004071253.E98DAF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4814-1 Container Tags : bci/rust:1.81 , bci/rust:1.81-1.5.3 , bci/rust:1.81.0 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.5.3 Container Release : 5.3 Severity : important Type : security References : 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - glibc-devel-2.38-150600.14.11.2 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Fri Oct 4 07:13:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:13:16 +0200 (CEST) Subject: SUSE-CU-2024:4816-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20241004071316.0289CF7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4816-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.27.3 , bci/bci-sle15-kernel-module-devel:latest Container Release : 27.3 Severity : important Type : security References : 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - openssl-3-3.1.4-150600.5.18.1 updated - glibc-locale-base-2.38-150600.14.11.2 updated - glibc-locale-2.38-150600.14.11.2 updated - glibc-devel-2.38-150600.14.11.2 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Fri Oct 4 07:13:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:13:33 +0200 (CEST) Subject: SUSE-CU-2024:4819-1: Recommended update of suse/sle15 Message-ID: <20241004071333.402A5F7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4819-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.21 , suse/sle15:15.6 , suse/sle15:15.6.47.11.21 Container Release : 47.11.21 Severity : important Type : recommended References : 1226414 1228091 1228223 1228809 1229518 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - libudev1-254.18-150600.4.15.10 updated From sle-container-updates at lists.suse.com Fri Oct 4 07:13:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:13:32 +0200 (CEST) Subject: SUSE-CU-2024:4818-1: Security update of suse/sle15 Message-ID: <20241004071332.6AD5BF7A3@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4818-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.20 , suse/sle15:15.6 , suse/sle15:15.6.47.11.20 Container Release : 47.11.20 Severity : important Type : security References : 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - libopenssl3-3.1.4-150600.5.18.1 updated - openssl-3-3.1.4-150600.5.18.1 updated From sle-container-updates at lists.suse.com Fri Oct 4 07:13:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 4 Oct 2024 09:13:45 +0200 (CEST) Subject: SUSE-CU-2024:4820-1: Security update of bci/spack Message-ID: <20241004071345.A5C66F7A3@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4820-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-12.4 , bci/spack:0.21.2 , bci/spack:latest Container Release : 12.4 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - openssl-3-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - glibc-devel-2.38-150600.14.11.2 updated - libopenssl-3-devel-3.1.4-150600.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Sat Oct 5 07:02:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:02:13 +0200 (CEST) Subject: SUSE-IU-2024:1443-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20241005070213.BDD54FCF7@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1443-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.188 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.188 Severity : moderate Type : recommended References : 1230110 1230145 1230330 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3521-1 Released: Fri Oct 4 09:29:43 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1230110,1230330 This update for dracut fixes the following issue: - Version update, check for presence of legacy rules (bsc#1230330). - Version update, handle all possible options in `rd.dasd` (bsc#1230110). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - dracut-055+suse.396.g701c6212-150500.3.29.2 updated - libext2fs2-1.46.4-150400.3.9.2 updated - e2fsprogs-1.46.4-150400.3.9.2 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.95 updated From sle-container-updates at lists.suse.com Sat Oct 5 07:02:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:02:32 +0200 (CEST) Subject: SUSE-IU-2024:1444-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20241005070232.69C8BFCC1@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1444-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.201 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.201 Severity : moderate Type : recommended References : 1230110 1230145 1230330 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3521-1 Released: Fri Oct 4 09:29:43 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1230110,1230330 This update for dracut fixes the following issue: - Version update, check for presence of legacy rules (bsc#1230330). - Version update, handle all possible options in `rd.dasd` (bsc#1230110). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - dracut-055+suse.396.g701c6212-150500.3.29.2 updated - libext2fs2-1.46.4-150400.3.9.2 updated - e2fsprogs-1.46.4-150400.3.9.2 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.153 updated From sle-container-updates at lists.suse.com Sat Oct 5 07:02:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:02:59 +0200 (CEST) Subject: SUSE-IU-2024:1445-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20241005070259.41744FCC1@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1445-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.153 , suse/sle-micro/5.5:latest Image Release : 5.5.153 Severity : moderate Type : recommended References : 1230110 1230145 1230330 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3521-1 Released: Fri Oct 4 09:29:43 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1230110,1230330 This update for dracut fixes the following issue: - Version update, check for presence of legacy rules (bsc#1230330). - Version update, handle all possible options in `rd.dasd` (bsc#1230110). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - dracut-055+suse.396.g701c6212-150500.3.29.2 updated - libext2fs2-1.46.4-150400.3.9.2 updated - e2fsprogs-1.46.4-150400.3.9.2 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.95 updated From sle-container-updates at lists.suse.com Sat Oct 5 07:07:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:07:35 +0200 (CEST) Subject: SUSE-CU-2024:4824-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20241005070735.EE158FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4824-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.36 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.36 Severity : moderate Type : recommended References : 1230145 1230894 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3530-1 Released: Fri Oct 4 15:43:33 2024 Summary: Recommended update for libpcap Type: recommended Severity: moderate References: 1230894 This update for libpcap fixes the following issue: - enable rdma support (bsc#1230894). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - libpcap1-1.10.1-150400.3.6.2 updated From sle-container-updates at lists.suse.com Sat Oct 5 07:10:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:10:52 +0200 (CEST) Subject: SUSE-CU-2024:4826-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20241005071052.BAB14FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4826-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.37 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.37 Severity : moderate Type : recommended References : 1230145 1230894 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3530-1 Released: Fri Oct 4 15:43:33 2024 Summary: Recommended update for libpcap Type: recommended Severity: moderate References: 1230894 This update for libpcap fixes the following issue: - enable rdma support (bsc#1230894). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - libpcap1-1.10.1-150400.3.6.2 updated From sle-container-updates at lists.suse.com Sat Oct 5 07:12:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:12:05 +0200 (CEST) Subject: SUSE-CU-2024:4827-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20241005071205.EFCDBFCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4827-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.63 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.63 Severity : moderate Type : recommended References : 1230894 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3530-1 Released: Fri Oct 4 15:43:33 2024 Summary: Recommended update for libpcap Type: recommended Severity: moderate References: 1230894 This update for libpcap fixes the following issue: - enable rdma support (bsc#1230894). The following package changes have been done: - libpcap1-1.10.1-150400.3.6.2 updated From sle-container-updates at lists.suse.com Sat Oct 5 07:15:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:15:44 +0200 (CEST) Subject: SUSE-CU-2024:4829-1: Recommended update of suse/registry Message-ID: <20241005071544.81452FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4829-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-27.7 , suse/registry:latest Container Release : 27.7 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated From sle-container-updates at lists.suse.com Sat Oct 5 07:15:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:15:59 +0200 (CEST) Subject: SUSE-CU-2024:4830-1: Recommended update of suse/git Message-ID: <20241005071559.1975EFCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4830-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43-27.9 , suse/git:2.43.0 , suse/git:latest Container Release : 27.9 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated From sle-container-updates at lists.suse.com Sat Oct 5 07:16:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:16:30 +0200 (CEST) Subject: SUSE-CU-2024:4832-1: Security update of bci/golang Message-ID: <20241005071630.B93D2FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4832-1 Container Tags : bci/golang:1.23 , bci/golang:1.23-1.41.5 , bci/golang:1.23.1 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.41.5 Container Release : 41.5 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - glibc-devel-2.38-150600.14.11.2 updated - container:registry.suse.com-bci-bci-base-15.6-4559dc77d35a52babf55d4cfa80edce9fc524e130549a515d0b85e8b2eb0fd83-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Sat Oct 5 07:17:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:17:01 +0200 (CEST) Subject: SUSE-CU-2024:4834-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20241005071701.1F159FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4834-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.46 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.46 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230110 1230145 1230330 1230468 1230638 1230639 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3522-1 Released: Fri Oct 4 10:02:34 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1230110,1230330,1230468,1230639 This update for dracut fixes the following issues: - Version update 059+suse.541.g3c2df232: * fix(dasd-rules): handle all possible options in `rd.dasd` (bsc#1230110). * fix(dracut.spec): add Builddeps for initrd posttrans macros (bsc#1230639). * fix(zfcp_rules): check for presence of legacy rules (bsc#1230330). * Fixes for NVMeoF boot (bsc#1230468) * fix(nvmf): install (only) required nvmf modules * fix(nvmf): require NVMeoF modules * fix(nvmf): move /etc/nvme/host{nqn,id} requirement to hostonly ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - dracut-059+suse.541.g3c2df232-150600.3.11.2 updated - glibc-locale-base-2.38-150600.14.11.2 updated - glibc-2.38-150600.14.11.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - libudev1-254.18-150600.4.15.10 updated - openssl-3-3.1.4-150600.5.18.1 updated - systemd-254.18-150600.4.15.10 updated - udev-254.18-150600.4.15.10 updated From sle-container-updates at lists.suse.com Sat Oct 5 07:17:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:17:40 +0200 (CEST) Subject: SUSE-CU-2024:4836-1: Security update of bci/openjdk-devel Message-ID: <20241005071740.1043DFCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4836-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-26.5 , bci/openjdk-devel:latest Container Release : 26.5 Severity : important Type : security References : 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - openssl-3-3.1.4-150600.5.18.1 updated - container:bci-openjdk-21-0ec9cf8079654404e97e841690df09ab4628997460b7f1fa9eb713d1f1d81e50-0 updated From sle-container-updates at lists.suse.com Sat Oct 5 07:18:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:18:12 +0200 (CEST) Subject: SUSE-CU-2024:4838-1: Recommended update of suse/sle15 Message-ID: <20241005071812.B598BFCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4838-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.22 , suse/sle15:15.6 , suse/sle15:15.6.47.11.22 Container Release : 47.11.22 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated From sle-container-updates at lists.suse.com Sat Oct 5 07:18:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:18:27 +0200 (CEST) Subject: SUSE-CU-2024:4820-1: Security update of bci/spack Message-ID: <20241005071827.055B4FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4820-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-12.4 , bci/spack:0.21.2 , bci/spack:latest Container Release : 12.4 Severity : important Type : security References : 1226414 1228091 1228223 1228809 1229518 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - openssl-3-3.1.4-150600.5.18.1 updated - libsystemd0-254.18-150600.4.15.10 updated - glibc-devel-2.38-150600.14.11.2 updated - libopenssl-3-devel-3.1.4-150600.5.18.1 updated - container:registry.suse.com-bci-bci-base-15.6-70fabf4962f1697a7bf52ec54be49a0a5d2d3d6b7858f07076557f92a5f0761c-0 added - container:bci-bci-base-15.6-2192b3685e54ed410007c062122f830015da6610257cdd16d52e4d536c95bcc6-0 removed From sle-container-updates at lists.suse.com Sat Oct 5 07:19:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:19:33 +0200 (CEST) Subject: SUSE-CU-2024:4840-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20241005071933.3FE30FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4840-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.43 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.43 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - container:sles15-ltss-image-15.0.0-5.24 updated From sle-container-updates at lists.suse.com Sat Oct 5 07:20:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:20:19 +0200 (CEST) Subject: SUSE-CU-2024:4841-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20241005072019.6AC5AFCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4841-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.45 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.45 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - container:sles15-ltss-image-15.0.0-5.24 updated From sle-container-updates at lists.suse.com Sat Oct 5 07:20:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:20:56 +0200 (CEST) Subject: SUSE-CU-2024:4842-1: Recommended update of suse/manager/4.3/proxy-squid Message-ID: <20241005072056.41E69FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4842-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.13 , suse/manager/4.3/proxy-squid:4.3.13.9.56.29 , suse/manager/4.3/proxy-squid:latest Container Release : 9.56.29 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - container:sles15-ltss-image-15.0.0-5.24 updated From sle-container-updates at lists.suse.com Sat Oct 5 07:21:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:21:32 +0200 (CEST) Subject: SUSE-CU-2024:4843-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20241005072132.7F86EFCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4843-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.13 , suse/manager/4.3/proxy-ssh:4.3.13.9.47.30 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.47.30 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - container:sles15-ltss-image-15.0.0-5.24 updated From sle-container-updates at lists.suse.com Sat Oct 5 07:22:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:22:13 +0200 (CEST) Subject: SUSE-CU-2024:4844-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20241005072213.BE43CFCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4844-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.13 , suse/manager/4.3/proxy-tftpd:4.3.13.9.47.30 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.47.30 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - container:sles15-ltss-image-15.0.0-5.24 updated From sle-container-updates at lists.suse.com Sat Oct 5 07:23:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:23:30 +0200 (CEST) Subject: SUSE-CU-2024:4845-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20241005072330.C88A2FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4845-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.32 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.32 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-locale-base-2.31-150300.89.2 updated - glibc-locale-2.31-150300.89.2 updated - glibc-2.31-150300.89.2 updated From sle-container-updates at lists.suse.com Sat Oct 5 07:23:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:23:31 +0200 (CEST) Subject: SUSE-CU-2024:4846-1: Security update of suse/sle-micro/5.1/toolbox Message-ID: <20241005072331.D16B2FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4846-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.33 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.33 Severity : moderate Type : security References : 1229930 1229931 1229932 1230020 1230034 CVE-2023-7256 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-8006 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3515-1 Released: Thu Oct 3 13:33:31 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3516-1 Released: Thu Oct 3 13:33:41 2024 Summary: Security update for libpcap Type: security Severity: moderate References: 1230020,1230034,CVE-2023-7256,CVE-2024-8006 This update for libpcap fixes the following issues: - CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034) - CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020) The following package changes have been done: - libexpat1-2.2.5-150000.3.30.1 updated - libpcap1-1.9.1-150300.3.3.1 updated From sle-container-updates at lists.suse.com Sat Oct 5 07:27:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 5 Oct 2024 09:27:45 +0200 (CEST) Subject: SUSE-CU-2024:4848-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20241005072745.AC819FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4848-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.34 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.34 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-locale-base-2.31-150300.89.2 updated - glibc-locale-2.31-150300.89.2 updated - glibc-2.31-150300.89.2 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:02:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:02:05 +0200 (CEST) Subject: SUSE-IU-2024:1459-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20241006070205.A8146FCF7@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1459-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.97 , suse/sle-micro/base-5.5:latest Image Release : 5.8.97 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - container:suse-sle15-15.5-70d44417c357ca498963a67ceaacc554b93661bb832289a8525be1cb1629af61-0 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:04:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:04:09 +0200 (CEST) Subject: SUSE-CU-2024:4849-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20241006070409.1F2CAFCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4849-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.65 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.65 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - container:suse-sle15-15.5-70d44417c357ca498963a67ceaacc554b93661bb832289a8525be1cb1629af61-0 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:04:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:04:49 +0200 (CEST) Subject: SUSE-CU-2024:4850-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20241006070449.AC7C6FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4850-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.5.25 , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.5.25 Container Release : 5.25 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:08:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:08:11 +0200 (CEST) Subject: SUSE-CU-2024:4851-1: Recommended update of bci/bci-init Message-ID: <20241006070811.0963CFCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4851-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.31.7 Container Release : 31.7 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.5-70d44417c357ca498963a67ceaacc554b93661bb832289a8525be1cb1629af61-0 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:09:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:09:14 +0200 (CEST) Subject: SUSE-CU-2024:4852-1: Recommended update of bci/nodejs Message-ID: <20241006070914.47926FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4852-1 Container Tags : bci/node:18 , bci/node:18-35.7 , bci/node:18.20.4 , bci/nodejs:18 , bci/nodejs:18-35.7 , bci/nodejs:18.20.4 Container Release : 35.7 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.5-70d44417c357ca498963a67ceaacc554b93661bb832289a8525be1cb1629af61-0 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:10:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:10:20 +0200 (CEST) Subject: SUSE-CU-2024:4853-1: Recommended update of bci/openjdk Message-ID: <20241006071020.E1607FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4853-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-32.7 Container Release : 32.7 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.5-70d44417c357ca498963a67ceaacc554b93661bb832289a8525be1cb1629af61-0 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:11:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:11:32 +0200 (CEST) Subject: SUSE-CU-2024:4854-1: Recommended update of bci/openjdk Message-ID: <20241006071132.79BDFFCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4854-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-34.7 Container Release : 34.7 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.5-70d44417c357ca498963a67ceaacc554b93661bb832289a8525be1cb1629af61-0 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:12:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:12:27 +0200 (CEST) Subject: SUSE-CU-2024:4855-1: Recommended update of suse/postgres Message-ID: <20241006071227.44F86FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4855-1 Container Tags : suse/postgres:15 , suse/postgres:15-35.6 , suse/postgres:15.8 , suse/postgres:15.8 Container Release : 35.6 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.5-70d44417c357ca498963a67ceaacc554b93661bb832289a8525be1cb1629af61-0 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:13:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:13:14 +0200 (CEST) Subject: SUSE-CU-2024:4856-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20241006071314.55CD4FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4856-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.26.6 Container Release : 26.6 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - container:registry.suse.com-bci-bci-base-15.5-70d44417c357ca498963a67ceaacc554b93661bb832289a8525be1cb1629af61-0 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:14:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:14:14 +0200 (CEST) Subject: SUSE-CU-2024:4857-1: Recommended update of suse/sle15 Message-ID: <20241006071414.40FD3FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4857-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.29 , suse/sle15:15.5 , suse/sle15:15.5.36.14.29 Container Release : 36.14.29 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:14:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:14:30 +0200 (CEST) Subject: SUSE-CU-2024:4858-1: Recommended update of suse/389-ds Message-ID: <20241006071430.0ED96FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4858-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-45.8 , suse/389-ds:latest Container Release : 45.8 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:16:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:16:51 +0200 (CEST) Subject: SUSE-CU-2024:4866-1: Recommended update of bci/golang Message-ID: <20241006071651.24761FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4866-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-2.41.8 , bci/golang:1.22.7 , bci/golang:oldstable , bci/golang:oldstable-2.41.8 Container Release : 41.8 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:17:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:17:15 +0200 (CEST) Subject: SUSE-CU-2024:4867-1: Recommended update of bci/golang Message-ID: <20241006071715.0ED3EFCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4867-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-47.8 , bci/golang:1.20.12.1 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-47.8 Container Release : 47.8 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:17:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:17:33 +0200 (CEST) Subject: SUSE-CU-2024:4868-1: Recommended update of bci/golang Message-ID: <20241006071733.93E31FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4868-1 Container Tags : bci/golang:1.23 , bci/golang:1.23-1.41.8 , bci/golang:1.23.1 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.41.8 Container Release : 41.8 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:17:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:17:46 +0200 (CEST) Subject: SUSE-CU-2024:4869-1: Recommended update of bci/golang Message-ID: <20241006071746.54D6EFCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4869-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-47.8 , bci/golang:1.21.5.1 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-47.8 Container Release : 47.8 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:18:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:18:03 +0200 (CEST) Subject: SUSE-CU-2024:4870-1: Recommended update of bci/bci-init Message-ID: <20241006071803.7E3DCFCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4870-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.27.8 , bci/bci-init:latest Container Release : 27.8 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:18:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:18:23 +0200 (CEST) Subject: SUSE-CU-2024:4871-1: Recommended update of suse/nginx Message-ID: <20241006071823.E915FFCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4871-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-45.8 , suse/nginx:latest Container Release : 45.8 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:18:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:18:45 +0200 (CEST) Subject: SUSE-CU-2024:4872-1: Recommended update of bci/nodejs Message-ID: <20241006071845.56040FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4872-1 Container Tags : bci/node:20 , bci/node:20-42.9 , bci/node:20.15.1 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-42.9 , bci/nodejs:20.15.1 , bci/nodejs:latest Container Release : 42.9 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:19:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:19:21 +0200 (CEST) Subject: SUSE-CU-2024:4873-1: Recommended update of bci/openjdk-devel Message-ID: <20241006071921.DDC59FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4873-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-26.8 , bci/openjdk-devel:latest Container Release : 26.8 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:bci-openjdk-21-2cffe3d5afe1a78833d470377b7793b7ece8afb2d5da424bf83cfc25e43d5b10-0 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:19:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:19:55 +0200 (CEST) Subject: SUSE-CU-2024:4874-1: Recommended update of bci/openjdk Message-ID: <20241006071955.14C40FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4874-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-26.9 , bci/openjdk:latest Container Release : 26.9 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Sun Oct 6 07:20:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 6 Oct 2024 09:20:20 +0200 (CEST) Subject: SUSE-CU-2024:4875-1: Recommended update of bci/php-apache Message-ID: <20241006072020.2E3B1FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4875-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-42.9 , bci/php-apache:8.2.20 , bci/php-apache:latest Container Release : 42.9 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Mon Oct 7 07:06:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:06:56 +0200 (CEST) Subject: SUSE-CU-2024:4876-1: Recommended update of bci/openjdk-devel Message-ID: <20241007070656.17A18FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4876-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-31.6 Container Release : 31.6 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - container:bci-openjdk-11-f8ca8b67ea5aea2a8e13b85e6b22751bc19787506c05c3af5889179632c556cd-0 updated From sle-container-updates at lists.suse.com Mon Oct 7 07:08:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:08:15 +0200 (CEST) Subject: SUSE-CU-2024:4877-1: Recommended update of bci/openjdk-devel Message-ID: <20241007070815.66CD3FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4877-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-33.6 Container Release : 33.6 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - container:bci-openjdk-17-a33030040e05be2b86b1e5273458a2ba367c650ad35e7a8661df98a5010d9eec-0 updated From sle-container-updates at lists.suse.com Mon Oct 7 07:08:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:08:30 +0200 (CEST) Subject: SUSE-CU-2024:4875-1: Recommended update of bci/php-apache Message-ID: <20241007070830.5794DFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4875-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-42.9 , bci/php-apache:8.2.20 , bci/php-apache:latest Container Release : 42.9 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Mon Oct 7 07:08:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:08:47 +0200 (CEST) Subject: SUSE-CU-2024:4878-1: Recommended update of bci/php-fpm Message-ID: <20241007070847.65AD9FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4878-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-42.9 , bci/php-fpm:8.2.20 , bci/php-fpm:latest Container Release : 42.9 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Mon Oct 7 07:09:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:09:05 +0200 (CEST) Subject: SUSE-CU-2024:4879-1: Recommended update of bci/php Message-ID: <20241007070905.535C2FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4879-1 Container Tags : bci/php:8 , bci/php:8-42.8 , bci/php:8.2.20 , bci/php:latest Container Release : 42.8 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Mon Oct 7 07:09:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:09:20 +0200 (CEST) Subject: SUSE-CU-2024:4880-1: Recommended update of suse/postgres Message-ID: <20241007070920.CEBADFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4880-1 Container Tags : suse/postgres:16 , suse/postgres:16-48.8 , suse/postgres:16.4 , suse/postgres:16.4 , suse/postgres:latest Container Release : 48.8 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Mon Oct 7 07:09:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:09:42 +0200 (CEST) Subject: SUSE-CU-2024:4881-1: Recommended update of bci/python Message-ID: <20241007070942.07EF6FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4881-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11-54.8 , bci/python:3.11.10 Container Release : 54.8 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Mon Oct 7 07:10:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:10:06 +0200 (CEST) Subject: SUSE-CU-2024:4882-1: Recommended update of bci/python Message-ID: <20241007071006.29EE5FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4882-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12-54.8 , bci/python:3.12.6 , bci/python:latest Container Release : 54.8 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Mon Oct 7 07:10:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:10:26 +0200 (CEST) Subject: SUSE-CU-2024:4883-1: Recommended update of bci/python Message-ID: <20241007071026.1ADBEFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4883-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-53.9 , bci/python:3.6.15 Container Release : 53.9 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Mon Oct 7 07:10:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:10:40 +0200 (CEST) Subject: SUSE-CU-2024:4884-1: Recommended update of suse/rmt-mariadb-client Message-ID: <20241007071040.B32BEFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4884-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11-47.8 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11-47.8 , suse/rmt-mariadb-client:latest Container Release : 47.8 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Mon Oct 7 07:11:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:11:00 +0200 (CEST) Subject: SUSE-CU-2024:4885-1: Recommended update of suse/rmt-mariadb Message-ID: <20241007071100.39F5BFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4885-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-50.8 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-50.8 , suse/rmt-mariadb:latest Container Release : 50.8 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Mon Oct 7 07:11:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:11:20 +0200 (CEST) Subject: SUSE-CU-2024:4886-1: Recommended update of bci/ruby Message-ID: <20241007071120.129AFFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4886-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-27.8 , bci/ruby:latest Container Release : 27.8 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Mon Oct 7 07:11:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:11:38 +0200 (CEST) Subject: SUSE-CU-2024:4887-1: Recommended update of bci/rust Message-ID: <20241007071138.73CD3FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4887-1 Container Tags : bci/rust:1.80 , bci/rust:1.80-2.5.7 , bci/rust:1.80.1 , bci/rust:oldstable , bci/rust:oldstable-2.5.7 Container Release : 5.7 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Mon Oct 7 07:11:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:11:53 +0200 (CEST) Subject: SUSE-CU-2024:4888-1: Recommended update of bci/rust Message-ID: <20241007071153.A1A34FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4888-1 Container Tags : bci/rust:1.81 , bci/rust:1.81-1.5.7 , bci/rust:1.81.0 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.5.7 Container Release : 5.7 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Mon Oct 7 07:12:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:12:24 +0200 (CEST) Subject: SUSE-CU-2024:4889-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20241007071224.EC1E1FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4889-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.27.7 , bci/bci-sle15-kernel-module-devel:latest Container Release : 27.7 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Mon Oct 7 07:12:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:12:45 +0200 (CEST) Subject: SUSE-CU-2024:4890-1: Recommended update of bci/spack Message-ID: <20241007071245.5E876FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4890-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-12.8 , bci/spack:0.21.2 , bci/spack:latest Container Release : 12.8 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Mon Oct 7 07:13:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:13:58 +0200 (CEST) Subject: SUSE-CU-2024:4891-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20241007071358.34D77FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4891-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.45 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.45 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - container:sles15-ltss-image-15.0.0-5.25 updated From sle-container-updates at lists.suse.com Mon Oct 7 07:14:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:14:37 +0200 (CEST) Subject: SUSE-CU-2024:4892-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20241007071437.8D9A4FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4892-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.47 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.47 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - container:sles15-ltss-image-15.0.0-5.25 updated From sle-container-updates at lists.suse.com Tue Oct 8 07:07:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 8 Oct 2024 09:07:06 +0200 (CEST) Subject: SUSE-CU-2024:4892-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20241008070706.1626BFCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4892-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.47 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.47 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - container:sles15-ltss-image-15.0.0-5.25 updated From sle-container-updates at lists.suse.com Tue Oct 8 07:07:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 8 Oct 2024 09:07:40 +0200 (CEST) Subject: SUSE-CU-2024:4901-1: Recommended update of suse/manager/4.3/proxy-squid Message-ID: <20241008070740.77903FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4901-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.13 , suse/manager/4.3/proxy-squid:4.3.13.9.56.31 , suse/manager/4.3/proxy-squid:latest Container Release : 9.56.31 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - container:sles15-ltss-image-15.0.0-5.25 updated From sle-container-updates at lists.suse.com Tue Oct 8 07:08:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 8 Oct 2024 09:08:15 +0200 (CEST) Subject: SUSE-CU-2024:4902-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20241008070815.53919FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4902-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.13 , suse/manager/4.3/proxy-ssh:4.3.13.9.47.32 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.47.32 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - container:sles15-ltss-image-15.0.0-5.25 updated From sle-container-updates at lists.suse.com Tue Oct 8 07:08:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 8 Oct 2024 09:08:54 +0200 (CEST) Subject: SUSE-CU-2024:4903-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20241008070854.6DA7BFCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4903-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.13 , suse/manager/4.3/proxy-tftpd:4.3.13.9.47.32 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.47.32 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.46.4-150400.3.9.2 updated - container:sles15-ltss-image-15.0.0-5.25 updated From sle-container-updates at lists.suse.com Tue Oct 8 07:10:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 8 Oct 2024 09:10:04 +0200 (CEST) Subject: SUSE-CU-2024:4904-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20241008071004.7A701FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4904-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.34 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.34 Severity : moderate Type : recommended References : 1228647 1230267 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3536-1 Released: Mon Oct 7 12:17:40 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) The following package changes have been done: - libzypp-17.35.11-150200.126.2 updated - zypper-1.14.77-150200.93.2 updated From sle-container-updates at lists.suse.com Tue Oct 8 07:13:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 8 Oct 2024 09:13:36 +0200 (CEST) Subject: SUSE-CU-2024:4848-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20241008071336.B3974FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4848-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.34 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.34 Severity : moderate Type : recommended References : 1228661 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-locale-base-2.31-150300.89.2 updated - glibc-locale-2.31-150300.89.2 updated - glibc-2.31-150300.89.2 updated From sle-container-updates at lists.suse.com Tue Oct 8 07:13:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 8 Oct 2024 09:13:37 +0200 (CEST) Subject: SUSE-CU-2024:4906-1: Security update of suse/sle-micro/5.2/toolbox Message-ID: <20241008071337.987ABFCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4906-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.35 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.35 Severity : moderate Type : security References : 1229930 1229931 1229932 1230020 1230034 CVE-2023-7256 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-8006 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3515-1 Released: Thu Oct 3 13:33:31 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3516-1 Released: Thu Oct 3 13:33:41 2024 Summary: Security update for libpcap Type: security Severity: moderate References: 1230020,1230034,CVE-2023-7256,CVE-2024-8006 This update for libpcap fixes the following issues: - CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034) - CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020) The following package changes have been done: - libexpat1-2.2.5-150000.3.30.1 updated - libpcap1-1.9.1-150300.3.3.1 updated From sle-container-updates at lists.suse.com Tue Oct 8 07:13:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 8 Oct 2024 09:13:38 +0200 (CEST) Subject: SUSE-CU-2024:4907-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20241008071338.7E1DDFCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4907-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.36 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.36 Severity : moderate Type : recommended References : 1228647 1230267 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3536-1 Released: Mon Oct 7 12:17:40 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) The following package changes have been done: - libzypp-17.35.11-150200.126.2 updated - zypper-1.14.77-150200.93.2 updated From sle-container-updates at lists.suse.com Thu Oct 10 07:04:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Oct 2024 09:04:09 +0200 (CEST) Subject: SUSE-CU-2024:4908-1: Security update of suse/sles/15.7/cdi-apiserver Message-ID: <20241010070409.49DD2FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4908-1 Container Tags : suse/sles/15.7/cdi-apiserver:1.58.0 , suse/sles/15.7/cdi-apiserver:1.58.0-150700.7.12 , suse/sles/15.7/cdi-apiserver:1.58.0.27.30 Container Release : 27.30 Severity : important Type : security References : 1230145 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - containerized-data-importer-api-1.58.0-150700.7.12 updated - container:sles15-image-15.0.0-50.29 updated From sle-container-updates at lists.suse.com Thu Oct 10 07:04:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Oct 2024 09:04:13 +0200 (CEST) Subject: SUSE-CU-2024:4909-1: Security update of suse/sles/15.7/cdi-cloner Message-ID: <20241010070413.2DF31FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4909-1 Container Tags : suse/sles/15.7/cdi-cloner:1.58.0 , suse/sles/15.7/cdi-cloner:1.58.0-150700.7.12 , suse/sles/15.7/cdi-cloner:1.58.0.28.30 Container Release : 28.30 Severity : important Type : security References : 1230145 1230516 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - libcurl4-8.6.0-150600.4.9.2 updated - curl-8.6.0-150600.4.9.2 updated - containerized-data-importer-cloner-1.58.0-150700.7.12 updated - container:sles15-image-15.0.0-50.29 updated From sle-container-updates at lists.suse.com Thu Oct 10 07:04:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Oct 2024 09:04:21 +0200 (CEST) Subject: SUSE-CU-2024:4911-1: Security update of suse/sles/15.7/cdi-importer Message-ID: <20241010070421.96D83FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4911-1 Container Tags : suse/sles/15.7/cdi-importer:1.58.0 , suse/sles/15.7/cdi-importer:1.58.0-150700.7.12 , suse/sles/15.7/cdi-importer:1.58.0.28.34 Container Release : 28.34 Severity : important Type : security References : 1230145 1230516 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - libcurl4-8.6.0-150600.4.9.2 updated - curl-8.6.0-150600.4.9.2 updated - containerized-data-importer-importer-1.58.0-150700.7.12 updated - container:sles15-image-15.0.0-50.29 updated From sle-container-updates at lists.suse.com Thu Oct 10 07:04:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Oct 2024 09:04:25 +0200 (CEST) Subject: SUSE-CU-2024:4912-1: Security update of suse/sles/15.7/cdi-operator Message-ID: <20241010070425.0878FFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4912-1 Container Tags : suse/sles/15.7/cdi-operator:1.58.0 , suse/sles/15.7/cdi-operator:1.58.0-150700.7.12 , suse/sles/15.7/cdi-operator:1.58.0.27.30 Container Release : 27.30 Severity : important Type : security References : 1230145 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - containerized-data-importer-operator-1.58.0-150700.7.12 updated - container:sles15-image-15.0.0-50.29 updated From sle-container-updates at lists.suse.com Thu Oct 10 07:04:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Oct 2024 09:04:28 +0200 (CEST) Subject: SUSE-CU-2024:4913-1: Security update of suse/sles/15.7/cdi-uploadproxy Message-ID: <20241010070428.4749CFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4913-1 Container Tags : suse/sles/15.7/cdi-uploadproxy:1.58.0 , suse/sles/15.7/cdi-uploadproxy:1.58.0-150700.7.12 , suse/sles/15.7/cdi-uploadproxy:1.58.0.27.30 Container Release : 27.30 Severity : important Type : security References : 1230145 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - containerized-data-importer-uploadproxy-1.58.0-150700.7.12 updated - container:sles15-image-15.0.0-50.29 updated From sle-container-updates at lists.suse.com Thu Oct 10 07:04:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Oct 2024 09:04:31 +0200 (CEST) Subject: SUSE-CU-2024:4914-1: Security update of suse/sles/15.7/cdi-uploadserver Message-ID: <20241010070431.D4AA6FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4914-1 Container Tags : suse/sles/15.7/cdi-uploadserver:1.58.0 , suse/sles/15.7/cdi-uploadserver:1.58.0-150700.7.12 , suse/sles/15.7/cdi-uploadserver:1.58.0.28.34 Container Release : 28.34 Severity : important Type : security References : 1230145 1230516 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - libcurl4-8.6.0-150600.4.9.2 updated - curl-8.6.0-150600.4.9.2 updated - containerized-data-importer-uploadserver-1.58.0-150700.7.12 updated - container:sles15-image-15.0.0-50.29 updated From sle-container-updates at lists.suse.com Thu Oct 10 07:04:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Oct 2024 09:04:35 +0200 (CEST) Subject: SUSE-CU-2024:4915-1: Security update of suse/sle15 Message-ID: <20241010070435.290BCFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4915-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7.50.29 , suse/sle15:15.7 , suse/sle15:15.7.50.29 Container Release : 50.29 Severity : important Type : security References : 1225973 1225974 1226414 1227314 1228091 1228223 1228809 1229518 1230145 1230516 1230638 1230698 CVE-2024-24789 CVE-2024-24790 CVE-2024-24791 CVE-2024-41996 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3360-1 Released: Sun Sep 22 23:45:55 2024 Summary: Security update for container-suseconnect Type: security Severity: important References: 1225973,1225974,1227314,CVE-2024-24789,CVE-2024-24790,CVE-2024-24791 This update for container-suseconnect rebuilds it against current go1.21.13.1. Security issues fixed: CVE-2024-24789, CVE-2024-24790, CVE-2024-24791 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - branding-SLE-15-150700.48.1 updated - container-suseconnect-2.5.0-150000.4.55.1 updated - curl-8.6.0-150600.4.9.2 updated - glibc-2.38-150600.14.11.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libcurl4-8.6.0-150600.4.9.2 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libudev1-254.18-150600.4.15.10 updated - openssl-3-3.1.4-150600.5.18.1 updated - sle-module-basesystem-release-15.7-150700.8.1 updated - sle-module-python3-release-15.7-150700.8.1 updated - sle-module-server-applications-release-15.7-150700.8.1 updated - sles-release-15.7-150700.8.1 updated From sle-container-updates at lists.suse.com Thu Oct 10 07:04:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Oct 2024 09:04:38 +0200 (CEST) Subject: SUSE-CU-2024:4916-1: Security update of suse/sles/15.7/virt-api Message-ID: <20241010070438.E0550FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4916-1 Container Tags : suse/sles/15.7/virt-api:1.1.1 , suse/sles/15.7/virt-api:1.1.1-150700.9.16 , suse/sles/15.7/virt-api:1.1.1.27.32 Container Release : 27.32 Severity : important Type : security References : 1230145 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/sles/15.7/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - kubevirt-virt-api-1.1.1-150700.9.16 updated - container:sles15-image-15.0.0-50.29 updated From sle-container-updates at lists.suse.com Thu Oct 10 07:04:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Oct 2024 09:04:42 +0200 (CEST) Subject: SUSE-CU-2024:4917-1: Security update of suse/sles/15.7/virt-controller Message-ID: <20241010070442.A9960FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4917-1 Container Tags : suse/sles/15.7/virt-controller:1.1.1 , suse/sles/15.7/virt-controller:1.1.1-150700.9.16 , suse/sles/15.7/virt-controller:1.1.1.27.32 Container Release : 27.32 Severity : important Type : security References : 1230145 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/sles/15.7/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - kubevirt-virt-controller-1.1.1-150700.9.16 updated - container:sles15-image-15.0.0-50.29 updated From sle-container-updates at lists.suse.com Thu Oct 10 07:04:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Oct 2024 09:04:46 +0200 (CEST) Subject: SUSE-CU-2024:4918-1: Security update of suse/sles/15.7/virt-exportproxy Message-ID: <20241010070446.29B2CFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4918-1 Container Tags : suse/sles/15.7/virt-exportproxy:1.1.1 , suse/sles/15.7/virt-exportproxy:1.1.1-150700.9.16 , suse/sles/15.7/virt-exportproxy:1.1.1.11.32 Container Release : 11.32 Severity : important Type : security References : 1230145 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - kubevirt-virt-exportproxy-1.1.1-150700.9.16 updated - container:sles15-image-15.0.0-50.29 updated From sle-container-updates at lists.suse.com Thu Oct 10 07:04:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Oct 2024 09:04:49 +0200 (CEST) Subject: SUSE-CU-2024:4919-1: Security update of suse/sles/15.7/virt-exportserver Message-ID: <20241010070449.EB1F7FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4919-1 Container Tags : suse/sles/15.7/virt-exportserver:1.1.1 , suse/sles/15.7/virt-exportserver:1.1.1-150700.9.16 , suse/sles/15.7/virt-exportserver:1.1.1.12.32 Container Release : 12.32 Severity : important Type : security References : 1230145 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - kubevirt-virt-exportserver-1.1.1-150700.9.16 updated - container:sles15-image-15.0.0-50.29 updated From sle-container-updates at lists.suse.com Thu Oct 10 07:04:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Oct 2024 09:04:53 +0200 (CEST) Subject: SUSE-CU-2024:4920-1: Security update of suse/sles/15.7/virt-handler Message-ID: <20241010070453.A26D8FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4920-1 Container Tags : suse/sles/15.7/virt-handler:1.1.1 , suse/sles/15.7/virt-handler:1.1.1-150700.9.16 , suse/sles/15.7/virt-handler:1.1.1.29.38 Container Release : 29.38 Severity : important Type : security References : 1226414 1227216 1228091 1228223 1228809 1229518 1230145 1230516 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/sles/15.7/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3450-1 Released: Thu Sep 26 09:09:16 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1227216 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libudev1-254.18-150600.4.15.10 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - libcurl4-8.6.0-150600.4.9.2 updated - sles-release-15.7-150700.8.1 updated - curl-8.6.0-150600.4.9.2 updated - kubevirt-container-disk-1.1.1-150700.9.16 updated - kubevirt-virt-handler-1.1.1-150700.9.16 updated - pam-config-1.1-150600.16.3.1 updated - libsystemd0-254.18-150600.4.15.10 updated - systemd-254.18-150600.4.15.10 updated - container:sles15-image-15.0.0-50.29 updated From sle-container-updates at lists.suse.com Thu Oct 10 07:04:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Oct 2024 09:04:57 +0200 (CEST) Subject: SUSE-CU-2024:4921-1: Security update of suse/sles/15.7/virt-launcher Message-ID: <20241010070457.96958FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4921-1 Container Tags : suse/sles/15.7/virt-launcher:1.1.1 , suse/sles/15.7/virt-launcher:1.1.1-150700.9.16 , suse/sles/15.7/virt-launcher:1.1.1.34.17 Container Release : 34.17 Severity : important Type : security References : 1226414 1227216 1228091 1228223 1228809 1229518 1230145 1230516 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/sles/15.7/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3450-1 Released: Thu Sep 26 09:09:16 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1227216 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3487-1 Released: Fri Sep 27 19:56:02 2024 Summary: Recommended update for logrotate Type: recommended Severity: moderate References: This update for logrotate fixes the following issues: - Backport 'ignoreduplicates' configuration flag (jsc#PED-10366) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libudev1-254.18-150600.4.15.10 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - libcurl4-8.6.0-150600.4.9.2 updated - sles-release-15.7-150700.8.1 updated - curl-8.6.0-150600.4.9.2 updated - kubevirt-container-disk-1.1.1-150700.9.16 updated - pam-config-1.1-150600.16.3.1 updated - libsystemd0-254.18-150600.4.15.10 updated - virtiofsd-1.11.1-150700.1.1 updated - xen-libs-4.19.0_04-150700.1.1 updated - systemd-254.18-150600.4.15.10 updated - udev-254.18-150600.4.15.10 updated - systemd-container-254.18-150600.4.15.10 updated - logrotate-3.18.1-150400.3.10.1 updated - libvirt-libs-10.8.0-150700.1.1 updated - libvirt-daemon-log-10.8.0-150700.1.1 updated - libvirt-client-10.8.0-150700.1.1 updated - kubevirt-virt-launcher-1.1.1-150700.9.16 updated - libvirt-daemon-common-10.8.0-150700.1.1 updated - libvirt-daemon-driver-qemu-10.8.0-150700.1.1 updated - container:sles15-image-15.0.0-50.29 updated From sle-container-updates at lists.suse.com Thu Oct 10 07:05:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Oct 2024 09:05:01 +0200 (CEST) Subject: SUSE-CU-2024:4922-1: Security update of suse/sles/15.7/libguestfs-tools Message-ID: <20241010070501.55397FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4922-1 Container Tags : suse/sles/15.7/libguestfs-tools:1.1.1 , suse/sles/15.7/libguestfs-tools:1.1.1-150700.9.16 , suse/sles/15.7/libguestfs-tools:1.1.1.28.45 Container Release : 28.45 Severity : important Type : security References : 1226413 1226414 1227216 1227233 1227378 1227999 1228091 1228223 1228780 1228809 1229518 1229596 1230110 1230145 1230227 1230330 1230468 1230516 1230638 1230639 1230698 CVE-2024-41996 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3450-1 Released: Thu Sep 26 09:09:16 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1227216 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3480-1 Released: Fri Sep 27 15:35:46 2024 Summary: Recommended update for mdadm Type: recommended Severity: moderate References: 1226413 This update for mdadm fixes the following issues: - Detail: remove duplicated code (bsc#1226413). - mdadm: Fix native --detail --export (bsc#1226413). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3522-1 Released: Fri Oct 4 10:02:34 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1230110,1230330,1230468,1230639 This update for dracut fixes the following issues: - Version update 059+suse.541.g3c2df232: * fix(dasd-rules): handle all possible options in `rd.dasd` (bsc#1230110). * fix(dracut.spec): add Builddeps for initrd posttrans macros (bsc#1230639). * fix(zfcp_rules): check for presence of legacy rules (bsc#1230330). * Fixes for NVMeoF boot (bsc#1230468) * fix(nvmf): install (only) required nvmf modules * fix(nvmf): require NVMeoF modules * fix(nvmf): move /etc/nvme/host{nqn,id} requirement to hostonly ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libudev1-254.18-150600.4.15.10 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - libcurl4-8.6.0-150600.4.9.2 updated - sles-release-15.7-150700.8.1 updated - curl-8.6.0-150600.4.9.2 updated - libguestfs-winsupport-1.53.6-150700.1.4 updated - guestfs-tools-1.53.3-150700.1.3 updated - libext2fs2-1.47.0-150600.4.6.2 updated - mdadm-4.3-150600.3.6.2 updated - pam-config-1.1-150600.16.3.1 updated - e2fsprogs-1.47.0-150600.4.6.2 updated - libsystemd0-254.18-150600.4.15.10 updated - python3-base-3.6.15-150300.10.72.1 updated - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - virtiofsd-1.11.1-150700.1.1 updated - xen-libs-4.19.0_04-150700.1.1 updated - systemd-254.18-150600.4.15.10 updated - libvirt-libs-10.8.0-150700.1.1 updated - udev-254.18-150600.4.15.10 updated - dracut-059+suse.541.g3c2df232-150600.3.11.2 updated - supermin-5.3.5-150700.1.3 updated - dracut-fips-059+suse.541.g3c2df232-150600.3.11.2 updated - libguestfs0-1.53.6-150700.1.4 updated - libguestfs-devel-1.53.6-150700.1.4 updated - libguestfs-appliance-1.53.6-150700.1.4 updated - libguestfs-1.53.6-150700.1.4 updated - container:sles15-image-15.0.0-50.29 updated From sle-container-updates at lists.suse.com Thu Oct 10 07:05:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Oct 2024 09:05:05 +0200 (CEST) Subject: SUSE-CU-2024:4923-1: Security update of suse/sles/15.7/virt-operator Message-ID: <20241010070505.85A99FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4923-1 Container Tags : suse/sles/15.7/virt-operator:1.1.1 , suse/sles/15.7/virt-operator:1.1.1-150700.9.16 , suse/sles/15.7/virt-operator:1.1.1.27.32 Container Release : 27.32 Severity : important Type : security References : 1230145 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/sles/15.7/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - kubevirt-virt-operator-1.1.1-150700.9.16 updated - container:sles15-image-15.0.0-50.29 updated From sle-container-updates at lists.suse.com Thu Oct 10 07:04:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 10 Oct 2024 09:04:17 +0200 (CEST) Subject: SUSE-CU-2024:4910-1: Security update of suse/sles/15.7/cdi-controller Message-ID: <20241010070417.19741FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4910-1 Container Tags : suse/sles/15.7/cdi-controller:1.58.0 , suse/sles/15.7/cdi-controller:1.58.0-150700.7.12 , suse/sles/15.7/cdi-controller:1.58.0.27.30 Container Release : 27.30 Severity : important Type : security References : 1230145 1230638 1230698 CVE-2024-41996 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - glibc-2.38-150600.14.11.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libopenssl-3-fips-provider-3.1.4-150600.5.18.1 updated - containerized-data-importer-controller-1.58.0-150700.7.12 updated - container:sles15-image-15.0.0-50.29 updated From sle-container-updates at lists.suse.com Fri Oct 11 07:03:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 11 Oct 2024 09:03:02 +0200 (CEST) Subject: SUSE-IU-2024:1486-1: Security update of suse/sle-micro/5.5 Message-ID: <20241011070302.A1D37FCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1486-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.160 , suse/sle-micro/5.5:latest Image Release : 5.5.160 Severity : moderate Type : security References : 1231230 CVE-2024-6104 CVE-2024-9341 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3546-1 Released: Tue Oct 8 16:04:40 2024 Summary: Security update for podman Type: security Severity: moderate References: 1231230,CVE-2024-6104,CVE-2024-9341 This update for podman fixes the following issues: - CVE-2024-9341: Fixed FIPS Crypto-Policy Directory Mounting Issue in containers/common Go Library (bsc#1231230) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3588-1 Released: Thu Oct 10 15:34:10 2024 Summary: Recommended update for elemental-toolkit Type: recommended Severity: moderate References: This update for elemental-toolkit contains the following fix: - Update to version 1.1.6: * Run KVM tests on ubuntu-latest * Install qemu in github workflow * Do not return error for efi.ReadLoadOption The following package changes have been done: - elemental-toolkit-1.1.6-150500.3.6.1 updated - podman-4.9.5-150500.3.18.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.99 updated From sle-container-updates at lists.suse.com Fri Oct 11 07:10:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 11 Oct 2024 09:10:32 +0200 (CEST) Subject: SUSE-CU-2024:4926-1: Recommended update of suse/sle15 Message-ID: <20241011071032.8E78FFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4926-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.50 Container Release : 9.8.50 Severity : moderate Type : recommended References : 1228647 1230267 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3536-1 Released: Mon Oct 7 12:17:40 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) The following package changes have been done: - libzypp-17.35.11-150200.126.2 updated - zypper-1.14.77-150200.93.2 updated From sle-container-updates at lists.suse.com Fri Oct 11 07:11:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 11 Oct 2024 09:11:10 +0200 (CEST) Subject: SUSE-CU-2024:4927-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20241011071110.BAA57FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4927-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.7.1 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.7.1 , suse/ltss/sle15.3/sle15:latest Container Release : 7.1 Severity : moderate Type : recommended References : 1228647 1230267 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3536-1 Released: Mon Oct 7 12:17:40 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) The following package changes have been done: - libzypp-17.35.11-150200.126.2 updated - zypper-1.14.77-150200.93.2 updated From sle-container-updates at lists.suse.com Fri Oct 11 07:15:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 11 Oct 2024 09:15:18 +0200 (CEST) Subject: SUSE-CU-2024:4931-1: Recommended update of suse/389-ds Message-ID: <20241011071518.D1163FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4931-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-45.9 , suse/389-ds:latest Container Release : 45.9 Severity : moderate Type : recommended References : 1230111 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - cyrus-sasl-2.1.28-150600.7.3.1 updated - cyrus-sasl-plain-2.1.28-150600.7.3.1 updated From sle-container-updates at lists.suse.com Fri Oct 11 07:16:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 11 Oct 2024 09:16:09 +0200 (CEST) Subject: SUSE-CU-2024:4935-1: Recommended update of suse/registry Message-ID: <20241011071609.EA0EAFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4935-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-28.2 , suse/registry:latest Container Release : 28.2 Severity : moderate Type : recommended References : 1230111 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated From sle-container-updates at lists.suse.com Fri Oct 11 07:17:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 11 Oct 2024 09:17:26 +0200 (CEST) Subject: SUSE-CU-2024:4940-1: Recommended update of suse/git Message-ID: <20241011071726.AA68EFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4940-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43-28.2 , suse/git:2.43.0 , suse/git:latest Container Release : 28.2 Severity : moderate Type : recommended References : 1230111 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated From sle-container-updates at lists.suse.com Fri Oct 11 07:17:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 11 Oct 2024 09:17:58 +0200 (CEST) Subject: SUSE-CU-2024:4942-1: Recommended update of bci/golang Message-ID: <20241011071758.147FCFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4942-1 Container Tags : bci/golang:1.23 , bci/golang:1.23-1.41.10 , bci/golang:1.23.2 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.41.10 Container Release : 41.10 Severity : moderate Type : recommended References : 1229122 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3574-1 Released: Wed Oct 9 15:29:43 2024 Summary: Recommended update for go1.23 Type: recommended Severity: moderate References: 1229122 This update for go1.23 fixes the following issues: - Version update 1.23.2 includes fixes to the compiler, cgo, the runtime, maps, os, os/exec, time, and unique packages (bsc#1229122) * os: double close pidfd if caller uses pidfd updated by os.StartProcess * maps: segmentation violation in maps.Clone * cmd/cgo: alignment issue with int128 inside of a struct * unique: fatal error: found pointer to free object * runtime,time: timer.Stop returns false even when no value is read from the channel * unique: large string still referenced, after interning only a small substring * os/exec: resource leak on exec failure * cmd/compile: mysterious crashes and non-determinism with range over func The following package changes have been done: - go1.23-doc-1.23.2-150000.1.9.1 updated - go1.23-1.23.2-150000.1.9.1 updated - go1.23-race-1.23.2-150000.1.9.1 updated From sle-container-updates at lists.suse.com Fri Oct 11 07:18:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 11 Oct 2024 09:18:37 +0200 (CEST) Subject: SUSE-CU-2024:4945-1: Recommended update of bci/kiwi Message-ID: <20241011071837.258F0FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4945-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-16.2 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:latest Container Release : 16.2 Severity : moderate Type : recommended References : 1230145 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). The following package changes have been done: - libcom_err2-1.47.0-150600.4.6.2 updated - libext2fs2-1.47.0-150600.4.6.2 updated - e2fsprogs-1.47.0-150600.4.6.2 updated - container:registry.suse.com-bci-bci-base-15.6-15a19488b2eaf5cda2da1c4c3fbd892611b349ac36f8e3563c4ee8629a28d0de-0 updated From sle-container-updates at lists.suse.com Fri Oct 11 07:22:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 11 Oct 2024 09:22:10 +0200 (CEST) Subject: SUSE-CU-2024:4959-1: Recommended update of suse/sle15 Message-ID: <20241011072210.DD04AFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4959-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.23 , suse/sle15:15.6 , suse/sle15:15.6.47.11.23 Container Release : 47.11.23 Severity : moderate Type : recommended References : 1230111 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated From sle-container-updates at lists.suse.com Thu Oct 3 07:02:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 3 Oct 2024 09:02:09 +0200 (CEST) Subject: SUSE-IU-2024:1436-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20241003070209.9EF6CFCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1436-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.184 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.184 Severity : important Type : security References : 1193629 1194111 1194765 1194869 1196261 1196516 1196894 1198017 1203329 1203330 1203360 1205462 1206006 1206258 1206843 1207158 1208783 1210644 1213580 1213632 1214285 1216834 1220428 1220877 1220962 1221269 1221326 1221630 1221645 1222335 1222350 1222372 1222387 1222634 1222808 1222967 1223074 1223191 1223508 1223720 1223742 1223777 1223803 1223807 1224105 1224415 1224496 1224510 1224542 1224578 1224639 1225162 1225352 1225428 1225524 1225578 1225582 1225773 1225814 1225827 1225832 1225903 1226168 1226530 1226613 1226742 1226765 1226798 1226801 1226874 1226885 1227079 1227216 1227623 1227761 1227830 1227863 1227867 1227929 1227937 1227958 1228020 1228065 1228114 1228410 1228426 1228427 1228429 1228446 1228447 1228449 1228450 1228452 1228456 1228463 1228466 1228467 1228469 1228480 1228481 1228482 1228483 1228484 1228485 1228487 1228489 1228491 1228493 1228494 1228495 1228496 1228501 1228503 1228509 1228513 1228515 1228516 1228526 1228531 1228563 1228564 1228567 1228576 1228579 1228584 1228588 1228590 1228615 1228616 1228635 1228636 1228654 1228656 1228658 1228660 1228661 1228662 1228667 1228673 1228677 1228687 1228706 1228708 1228710 1228718 1228720 1228721 1228722 1228724 1228726 1228727 1228733 1228748 1228766 1228779 1228801 1228850 1228857 1228959 1228964 1228966 1228967 1228979 1228988 1228989 1228991 1228992 1229028 1229042 1229054 1229086 1229136 1229154 1229187 1229188 1229190 1229287 1229290 1229292 1229296 1229297 1229301 1229303 1229304 1229305 1229307 1229309 1229312 1229314 1229315 1229317 1229318 1229319 1229327 1229341 1229345 1229346 1229347 1229349 1229350 1229351 1229354 1229356 1229357 1229358 1229359 1229360 1229366 1229370 1229373 1229374 1229381 1229382 1229383 1229386 1229388 1229391 1229392 1229395 1229398 1229399 1229400 1229407 1229409 1229410 1229411 1229413 1229414 1229417 1229418 1229444 1229453 1229454 1229481 1229482 1229488 1229489 1229490 1229493 1229495 1229497 1229500 1229503 1229506 1229507 1229508 1229509 1229510 1229512 1229516 1229521 1229522 1229523 1229524 1229525 1229526 1229527 1229528 1229529 1229531 1229533 1229535 1229536 1229537 1229540 1229544 1229545 1229546 1229547 1229548 1229554 1229557 1229558 1229559 1229560 1229562 1229564 1229565 1229566 1229568 1229569 1229572 1229573 1229576 1229581 1229588 1229598 1229603 1229604 1229605 1229608 1229611 1229612 1229613 1229614 1229615 1229616 1229617 1229620 1229622 1229623 1229624 1229625 1229626 1229628 1229629 1229630 1229631 1229632 1229635 1229636 1229637 1229638 1229639 1229641 1229642 1229643 1229645 1229657 1229658 1229662 1229664 1229707 1229739 1229743 1229746 1229754 1229755 1229756 1229759 1229761 1229767 1229768 1229781 1229784 1229787 1229788 1229789 1229792 1229814 1229820 1230008 1230140 1230413 1230516 CVE-2021-4204 CVE-2021-4441 CVE-2021-47106 CVE-2021-47517 CVE-2021-47546 CVE-2022-0500 CVE-2022-23222 CVE-2022-38457 CVE-2022-40133 CVE-2022-4382 CVE-2022-48645 CVE-2022-48706 CVE-2022-48808 CVE-2022-48865 CVE-2022-48868 CVE-2022-48869 CVE-2022-48870 CVE-2022-48871 CVE-2022-48872 CVE-2022-48873 CVE-2022-48875 CVE-2022-48878 CVE-2022-48880 CVE-2022-48881 CVE-2022-48882 CVE-2022-48883 CVE-2022-48884 CVE-2022-48885 CVE-2022-48886 CVE-2022-48887 CVE-2022-48888 CVE-2022-48889 CVE-2022-48890 CVE-2022-48891 CVE-2022-48893 CVE-2022-48896 CVE-2022-48898 CVE-2022-48899 CVE-2022-48903 CVE-2022-48904 CVE-2022-48905 CVE-2022-48906 CVE-2022-48907 CVE-2022-48909 CVE-2022-48910 CVE-2022-48912 CVE-2022-48913 CVE-2022-48914 CVE-2022-48915 CVE-2022-48916 CVE-2022-48917 CVE-2022-48918 CVE-2022-48919 CVE-2022-48920 CVE-2022-48921 CVE-2022-48923 CVE-2022-48924 CVE-2022-48925 CVE-2022-48926 CVE-2022-48927 CVE-2022-48928 CVE-2022-48929 CVE-2022-48930 CVE-2022-48931 CVE-2022-48932 CVE-2022-48934 CVE-2022-48937 CVE-2022-48938 CVE-2022-48939 CVE-2022-48940 CVE-2022-48941 CVE-2022-48942 CVE-2022-48943 CVE-2023-3610 CVE-2023-52458 CVE-2023-52489 CVE-2023-52498 CVE-2023-52581 CVE-2023-52859 CVE-2023-52887 CVE-2023-52889 CVE-2023-52893 CVE-2023-52894 CVE-2023-52896 CVE-2023-52898 CVE-2023-52899 CVE-2023-52900 CVE-2023-52901 CVE-2023-52904 CVE-2023-52905 CVE-2023-52906 CVE-2023-52907 CVE-2023-52908 CVE-2023-52909 CVE-2023-52910 CVE-2023-52911 CVE-2023-52912 CVE-2023-52913 CVE-2024-26631 CVE-2024-26668 CVE-2024-26669 CVE-2024-26677 CVE-2024-26735 CVE-2024-26808 CVE-2024-26812 CVE-2024-26835 CVE-2024-26851 CVE-2024-27010 CVE-2024-27011 CVE-2024-27016 CVE-2024-27024 CVE-2024-27079 CVE-2024-27403 CVE-2024-31076 CVE-2024-35897 CVE-2024-35902 CVE-2024-35945 CVE-2024-35971 CVE-2024-36009 CVE-2024-36013 CVE-2024-36270 CVE-2024-36286 CVE-2024-36489 CVE-2024-36929 CVE-2024-36933 CVE-2024-36936 CVE-2024-36962 CVE-2024-38554 CVE-2024-38602 CVE-2024-38662 CVE-2024-39489 CVE-2024-40905 CVE-2024-40978 CVE-2024-40980 CVE-2024-40995 CVE-2024-41000 CVE-2024-41007 CVE-2024-41009 CVE-2024-41011 CVE-2024-41016 CVE-2024-41020 CVE-2024-41022 CVE-2024-41035 CVE-2024-41036 CVE-2024-41038 CVE-2024-41039 CVE-2024-41042 CVE-2024-41045 CVE-2024-41056 CVE-2024-41060 CVE-2024-41062 CVE-2024-41065 CVE-2024-41068 CVE-2024-41073 CVE-2024-41079 CVE-2024-41080 CVE-2024-41087 CVE-2024-41088 CVE-2024-41089 CVE-2024-41092 CVE-2024-41093 CVE-2024-41095 CVE-2024-41097 CVE-2024-41098 CVE-2024-42069 CVE-2024-42074 CVE-2024-42076 CVE-2024-42077 CVE-2024-42080 CVE-2024-42082 CVE-2024-42085 CVE-2024-42086 CVE-2024-42087 CVE-2024-42089 CVE-2024-42090 CVE-2024-42092 CVE-2024-42095 CVE-2024-42097 CVE-2024-42098 CVE-2024-42101 CVE-2024-42104 CVE-2024-42106 CVE-2024-42107 CVE-2024-42110 CVE-2024-42114 CVE-2024-42115 CVE-2024-42119 CVE-2024-42120 CVE-2024-42121 CVE-2024-42126 CVE-2024-42127 CVE-2024-42130 CVE-2024-42137 CVE-2024-42139 CVE-2024-42142 CVE-2024-42143 CVE-2024-42148 CVE-2024-42152 CVE-2024-42155 CVE-2024-42156 CVE-2024-42157 CVE-2024-42158 CVE-2024-42162 CVE-2024-42223 CVE-2024-42225 CVE-2024-42228 CVE-2024-42229 CVE-2024-42230 CVE-2024-42232 CVE-2024-42236 CVE-2024-42237 CVE-2024-42238 CVE-2024-42239 CVE-2024-42240 CVE-2024-42244 CVE-2024-42246 CVE-2024-42247 CVE-2024-42268 CVE-2024-42271 CVE-2024-42274 CVE-2024-42276 CVE-2024-42277 CVE-2024-42280 CVE-2024-42281 CVE-2024-42283 CVE-2024-42284 CVE-2024-42285 CVE-2024-42286 CVE-2024-42287 CVE-2024-42288 CVE-2024-42289 CVE-2024-42291 CVE-2024-42292 CVE-2024-42295 CVE-2024-42301 CVE-2024-42302 CVE-2024-42308 CVE-2024-42309 CVE-2024-42310 CVE-2024-42311 CVE-2024-42312 CVE-2024-42313 CVE-2024-42315 CVE-2024-42318 CVE-2024-42319 CVE-2024-42320 CVE-2024-42322 CVE-2024-43816 CVE-2024-43818 CVE-2024-43819 CVE-2024-43821 CVE-2024-43823 CVE-2024-43829 CVE-2024-43830 CVE-2024-43831 CVE-2024-43834 CVE-2024-43837 CVE-2024-43839 CVE-2024-43841 CVE-2024-43842 CVE-2024-43846 CVE-2024-43849 CVE-2024-43853 CVE-2024-43854 CVE-2024-43856 CVE-2024-43858 CVE-2024-43860 CVE-2024-43861 CVE-2024-43863 CVE-2024-43866 CVE-2024-43867 CVE-2024-43871 CVE-2024-43872 CVE-2024-43873 CVE-2024-43879 CVE-2024-43880 CVE-2024-43882 CVE-2024-43883 CVE-2024-43884 CVE-2024-43889 CVE-2024-43892 CVE-2024-43893 CVE-2024-43894 CVE-2024-43895 CVE-2024-43899 CVE-2024-43900 CVE-2024-43902 CVE-2024-43903 CVE-2024-43904 CVE-2024-43905 CVE-2024-43907 CVE-2024-43908 CVE-2024-43909 CVE-2024-44938 CVE-2024-44939 CVE-2024-44947 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3414-1 Released: Tue Sep 24 10:57:01 2024 Summary: Recommended update for qemu Type: recommended Severity: important References: 1229814,1230008,1230140 This update for qemu fixes the following issues: - Fixed lxv/stxv and lxvx/stxvx MSR facility check on PowerPC (bsc#1230140, bsc#1229814, bsc#1230008) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3451-1 Released: Thu Sep 26 09:10:50 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1227216 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3477-1 Released: Fri Sep 27 15:22:22 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3483-1 Released: Fri Sep 27 17:11:54 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1193629,1194111,1194765,1194869,1196261,1196516,1196894,1198017,1203329,1203330,1203360,1205462,1206006,1206258,1206843,1207158,1208783,1210644,1213580,1213632,1214285,1216834,1220428,1220877,1220962,1221269,1221326,1221630,1221645,1222335,1222350,1222372,1222387,1222634,1222808,1222967,1223074,1223191,1223508,1223720,1223742,1223777,1223803,1223807,1224105,1224415,1224496,1224510,1224542,1224578,1224639,1225162,1225352,1225428,1225524,1225578,1225582,1225773,1225814,1225827,1225832,1225903,1226168,1226530,1226613,1226742,1226765,1226798,1226801,1226874,1226885,1227079,1227623,1227761,1227830,1227863,1227867,1227929,1227937,1227958,1228020,1228065,1228114,1228410,1228426,1228427,1228429,1228446,1228447,1228449,1228450,1228452,1228456,1228463,1228466,1228467,1228469,1228480,1228481,1228482,1228483,1228484,1228485,1228487,1228489,1228491,1228493,1228494,1228495,1228496,1228501,1228503,1228509,1228513,1228515,1228516,1228526,1228531,1228563,1228564,1228567,1228576,1228579,1 228584,1228588,1228590,1228615,1228616,1228635,1228636,1228654,1228656,1228658,1228660,1228662,1228667,1228673,1228677,1228687,1228706,1228708,1228710,1228718,1228720,1228721,1228722,1228724,1228726,1228727,1228733,1228748,1228766,1228779,1228801,1228850,1228857,1228959,1228964,1228966,1228967,1228979,1228988,1228989,1228991,1228992,1229042,1229054,1229086,1229136,1229154,1229187,1229188,1229190,1229287,1229290,1229292,1229296,1229297,1229301,1229303,1229304,1229305,1229307,1229309,1229312,1229314,1229315,1229317,1229318,1229319,1229327,1229341,1229345,1229346,1229347,1229349,1229350,1229351,1229354,1229356,1229357,1229358,1229359,1229360,1229366,1229370,1229373,1229374,1229381,1229382,1229383,1229386,1229388,1229391,1229392,1229395,1229398,1229399,1229400,1229407,1229409,1229410,1229411,1229413,1229414,1229417,1229418,1229444,1229453,1229454,1229481,1229482,1229488,1229489,1229490,1229493,1229495,1229497,1229500,1229503,1229506,1229507,1229508,1229509,1229510,1229512,1229516,122952 1,1229522,1229523,1229524,1229525,1229526,1229527,1229528,1229529,1229531,1229533,1229535,1229536,1229537,1229540,1229544,1229545,1229546,1229547,1229548,1229554,1229557,1229558,1229559,1229560,1229562,1229564,1229565,1229566,1229568,1229569,1229572,1229573,1229576,1229581,1229588,1229598,1229603,1229604,1229605,1229608,1229611,1229612,1229613,1229614,1229615,1229616,1229617,1229620,1229622,1229623,1229624,1229625,1229626,1229628,1229629,1229630,1229631,1229632,1229635,1229636,1229637,1229638,1229639,1229641,1229642,1229643,1229645,1229657,1229658,1229662,1229664,1229707,1229739,1229743,1229746,1229754,1229755,1229756,1229759,1229761,1229767,1229768,1229781,1229784,1229787,1229788,1229789,1229792,1229820,1230413,CVE-2021-4204,CVE-2021-4441,CVE-2021-47106,CVE-2021-47517,CVE-2021-47546,CVE-2022-0500,CVE-2022-23222,CVE-2022-38457,CVE-2022-40133,CVE-2022-4382,CVE-2022-48645,CVE-2022-48706,CVE-2022-48808,CVE-2022-48865,CVE-2022-48868,CVE-2022-48869,CVE-2022-48870,CVE-2022-48871,CVE-2022- 48872,CVE-2022-48873,CVE-2022-48875,CVE-2022-48878,CVE-2022-48880,CVE-2022-48881,CVE-2022-48882,CVE-2022-48883,CVE-2022-48884,CVE-2022-48885,CVE-2022-48886,CVE-2022-48887,CVE-2022-48888,CVE-2022-48889,CVE-2022-48890,CVE-2022-48891,CVE-2022-48893,CVE-2022-48896,CVE-2022-48898,CVE-2022-48899,CVE-2022-48903,CVE-2022-48904,CVE-2022-48905,CVE-2022-48906,CVE-2022-48907,CVE-2022-48909,CVE-2022-48910,CVE-2022-48912,CVE-2022-48913,CVE-2022-48914,CVE-2022-48915,CVE-2022-48916,CVE-2022-48917,CVE-2022-48918,CVE-2022-48919,CVE-2022-48920,CVE-2022-48921,CVE-2022-48923,CVE-2022-48924,CVE-2022-48925,CVE-2022-48926,CVE-2022-48927,CVE-2022-48928,CVE-2022-48929,CVE-2022-48930,CVE-2022-48931,CVE-2022-48932,CVE-2022-48934,CVE-2022-48937,CVE-2022-48938,CVE-2022-48939,CVE-2022-48940,CVE-2022-48941,CVE-2022-48942,CVE-2022-48943,CVE-2023-3610,CVE-2023-52458,CVE-2023-52489,CVE-2023-52498,CVE-2023-52581,CVE-2023-52859,CVE-2023-52887,CVE-2023-52889,CVE-2023-52893,CVE-2023-52894,CVE-2023-52896,CVE-2023-52898,CV E-2023-52899,CVE-2023-52900,CVE-2023-52901,CVE-2023-52904,CVE-2023-52905,CVE-2023-52906,CVE-2023-52907,CVE-2023-52908,CVE-2023-52909,CVE-2023-52910,CVE-2023-52911,CVE-2023-52912,CVE-2023-52913,CVE-2024-26631,CVE-2024-26668,CVE-2024-26669,CVE-2024-26677,CVE-2024-26735,CVE-2024-26808,CVE-2024-26812,CVE-2024-26835,CVE-2024-26851,CVE-2024-27010,CVE-2024-27011,CVE-2024-27016,CVE-2024-27024,CVE-2024-27079,CVE-2024-27403,CVE-2024-31076,CVE-2024-35897,CVE-2024-35902,CVE-2024-35945,CVE-2024-35971,CVE-2024-36009,CVE-2024-36013,CVE-2024-36270,CVE-2024-36286,CVE-2024-36489,CVE-2024-36929,CVE-2024-36933,CVE-2024-36936,CVE-2024-36962,CVE-2024-38554,CVE-2024-38602,CVE-2024-38662,CVE-2024-39489,CVE-2024-40905,CVE-2024-40978,CVE-2024-40980,CVE-2024-40995,CVE-2024-41000,CVE-2024-41007,CVE-2024-41009,CVE-2024-41011,CVE-2024-41016,CVE-2024-41020,CVE-2024-41022,CVE-2024-41035,CVE-2024-41036,CVE-2024-41038,CVE-2024-41039,CVE-2024-41042,CVE-2024-41045,CVE-2024-41056,CVE-2024-41060,CVE-2024-41062,CVE-2024- 41065,CVE-2024-41068,CVE-2024-41073,CVE-2024-41079,CVE-2024-41080,CVE-2024-41087,CVE-2024-41088,CVE-2024-41089,CVE-2024-41092,CVE-2024-41093,CVE-2024-41095,CVE-2024-41097,CVE-2024-41098,CVE-2024-42069,CVE-2024-42074,CVE-2024-42076,CVE-2024-42077,CVE-2024-42080,CVE-2024-42082,CVE-2024-42085,CVE-2024-42086,CVE-2024-42087,CVE-2024-42089,CVE-2024-42090,CVE-2024-42092,CVE-2024-42095,CVE-2024-42097,CVE-2024-42098,CVE-2024-42101,CVE-2024-42104,CVE-2024-42106,CVE-2024-42107,CVE-2024-42110,CVE-2024-42114,CVE-2024-42115,CVE-2024-42119,CVE-2024-42120,CVE-2024-42121,CVE-2024-42126,CVE-2024-42127,CVE-2024-42130,CVE-2024-42137,CVE-2024-42139,CVE-2024-42142,CVE-2024-42143,CVE-2024-42148,CVE-2024-42152,CVE-2024-42155,CVE-2024-42156,CVE-2024-42157,CVE-2024-42158,CVE-2024-42162,CVE-2024-42223,CVE-2024-42225,CVE-2024-42228,CVE-2024-42229,CVE-2024-42230,CVE-2024-42232,CVE-2024-42236,CVE-2024-42237,CVE-2024-42238,CVE-2024-42239,CVE-2024-42240,CVE-2024-42244,CVE-2024-42246,CVE-2024-42247,CVE-2024-42268,C VE-2024-42271,CVE-2024-42274,CVE-2024-42276,CVE-2024-42277,CVE-2024-42280,CVE-2024-42281,CVE-2024-42283,CVE-2024-42284,CVE-2024-42285,CVE-2024-42286,CVE-2024-42287,CVE-2024-42288,CVE-2024-42289,CVE-2024-42291,CVE-2024-42292,CVE-2024-42295,CVE-2024-42301,CVE-2024-42302,CVE-2024-42308,CVE-2024-42309,CVE-2024-42310,CVE-2024-42311,CVE-2024-42312,CVE-2024-42313,CVE-2024-42315,CVE-2024-42318,CVE-2024-42319,CVE-2024-42320,CVE-2024-42322,CVE-2024-43816,CVE-2024-43818,CVE-2024-43819,CVE-2024-43821,CVE-2024-43823,CVE-2024-43829,CVE-2024-43830,CVE-2024-43831,CVE-2024-43834,CVE-2024-43837,CVE-2024-43839,CVE-2024-43841,CVE-2024-43842,CVE-2024-43846,CVE-2024-43849,CVE-2024-43853,CVE-2024-43854,CVE-2024-43856,CVE-2024-43858,CVE-2024-43860,CVE-2024-43861,CVE-2024-43863,CVE-2024-43866,CVE-2024-43867,CVE-2024-43871,CVE-2024-43872,CVE-2024-43873,CVE-2024-43879,CVE-2024-43880,CVE-2024-43882,CVE-2024-43883,CVE-2024-43884,CVE-2024-43889,CVE-2024-43892,CVE-2024-43893,CVE-2024-43894,CVE-2024-43895,CVE-2024 -43899,CVE-2024-43900,CVE-2024-43902,CVE-2024-43903,CVE-2024-43904,CVE-2024-43905,CVE-2024-43907,CVE-2024-43908,CVE-2024-43909,CVE-2024-44938,CVE-2024-44939,CVE-2024-44947 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454). - CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773). - CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524). - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707). - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500). - CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (bsc#1226798) - CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326). - CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759). - CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315). - CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756). - CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792). - CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820). - CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466). - CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409). - CVE-2024-43902: Add null checker before passing variables (bsc#1229767). - CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768) - CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481). - CVE-2024-43884: Add error handling to pair_device() (bsc#1229739) - CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754). - CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658). - CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495). - CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808). - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641) - CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720). - CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605) - CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733). - CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722). - CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function (bsc#1229569). - CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720). - CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630). - CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488) - CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761) - CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623) - CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962) - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428). - CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874) - CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427). - CVE-2024-27079: Fix NULL domain on device release (bsc#1223742). - CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510). - CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415). - CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803). - CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes). - CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335). - CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967). - CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-27016: Validate pppoe header (bsc#1223807). - CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639). - CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877). - CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578). - CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297). - CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374). - CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391). - CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314) - CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801) - CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074) - CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes). - CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number') (bsc#1222387) - CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542) - CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582). - CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388) - CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382) - CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383) - CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357) - CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345) - CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347) - CVE-2024-42308: Update DRM patch reference (bsc#1229411) - CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407). - CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351). - CVE-2024-26669: Fix chain template offload (bsc#1222350). - CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,). - CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508). - CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863). - CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832). - CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370). - CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350). - CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319). - CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309). - CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307). - CVE-2024-43841: Do not use strlen() in const context (bsc#1229304). - CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301). - CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469). - CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386). - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400) - CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616). - CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989). - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959) - CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372). - CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493). - CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885). - CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501). - CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988). - CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065). - CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269). - CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579). - CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958). - CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446). - CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929). - CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494). - CVE-2024-42139: Fix improper extts handling (bsc#1228503). - CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487). - CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491). - CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706). - CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482). - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667). - CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830). - CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (git-fixes CVE-2024-38602 bsc#1226613). - CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742). - CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814). - CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777). The following non-security bugs were fixed: - Indicate support for IRQ ResourceSource thru _OSC (git-fixes). - Indicate support for the Generic Event Device thru _OSC (git-fixes). - Rework system-level device notification handling (git-fixes). - Drop nocrt parameter (git-fixes). - x86: s2 Post-increment variables when getting constraints (git-fixes). - Do not cross .backup mountpoint from backup volume (git-fixes). - Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes). - line6: Fix racy access to midibuf (stable-fixes). - Relax start tick time check for slave timer elements (git-fixes). - Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes). - Re-add ScratchAmp quirk entries (git-fixes). - Support Yamaha P-125 quirk entry (stable-fixes). - Fix UBSAN warning in parse_audio_unit() (stable-fixes). - arm64: initialize all values of acpi_early_node_map to (git-fixes) - arm64: initialize all values of acpi_early_node_map to (git-fixes) - arm64: Add Neoverse-V2 part (git-fixes) - arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes) - arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes) - arm64: Restore spec_bar() macro (git-fixes) - arm64: Add missing .field_width for GIC system registers (git-fixes) - arm64: Fix the visibility of compat hwcaps (git-fixes) - arm64: Force HWCAP to be based on the sysreg visible to (git-fixes) - arm64: Add Cortex-A720 definitions (git-fixes) - arm64: Add Cortex-A725 definitions (git-fixes) - arm64: Add Cortex-X1C definitions (git-fixes) - arm64: Add Cortex-X3 definitions (git-fixes) - arm64: Add Cortex-X4 definitions (git-fixes) - arm64: Add Cortex-X925 definitions (git-fixes) - arm64: Add Neoverse-V3 definitions (git-fixes) - arm64: Increase VOP clk rate on RK3328 (git-fixes) - arm64: Increase VOP clk rate on RK3328 (git-fixes) - arm64: Expand speculative SSBS workaround (again) (git-fixes) - arm64: Expand speculative SSBS workaround (git-fixes) - arm64: Unify speculative SSBS errata logic (git-fixes) Also update default configuration. - arm64: Fix KASAN random tag seed initialization (git-fixes) - arm64: Fix KASAN random tag seed initialization (git-fixes) - wcd938 Correct Soundwire ports mask (git-fixes). - wsa881 Correct Soundwire ports mask (git-fixes). - fix irq scheduling issue with PREEMPT_RT (git-fixes). - Introduce async_schedule_dev_nocall() (bsc#1221269). - Split async_schedule_node_domain() (bsc#1221269). - Fix usage of __hci_cmd_sync_status (git-fixes). - hci_ Fix not handling hibernation actions (git-fixes). - l2 always unlock channel in l2cap_conless_channel() (git-fixes). - L2 Fix deadlock (git-fixes). - Fix a kernel verifier crash in stacksafe() (bsc#1225903). - remove unused declaring of bpf_kprobe_override (git-fixes). - fix leak of qgroup extent records after transaction abort (git-fixes). - make btrfs_destroy_delayed_refs() return void (git-fixes). - remove unnecessary prototype declarations at disk-io.c (git-fixes). - update fs features directory asynchronously (bsc#1226168). - propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229418). - issue a cap release immediately if no cap exists (bsc#1225162). - periodically flush the cap releases (bsc#1225162). - Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - cpuidle, Evaluate LPI arch_flags for broadcast timer (git-fixes). - Fix register ID of SPSR_FIQ (git-fixes). - add missing MODULE_DESCRIPTION() macros (stable-fixes). - Add labels for both Valve Steam Deck revisions (stable-fixes). - Add quirk for Aya Neo KUN (stable-fixes). - Add quirk for Lenovo Yoga Tab 3 X90F (stable-fixes). - Add quirk for Nanote UMPC-01 (stable-fixes). - Add quirk for OrangePi Neo (stable-fixes). - drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored (stable-fixes). - Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes). - avoid using null object of framebuffer (git-fixes). - Fix && vs || typos (git-fixes). - Skip Recompute DSC Params if no Stream on Link (stable-fixes). - Validate hw_points_num before using it (stable-fixes). - Fix the null pointer dereference for vega10_hwmgr (stable-fixes). - Actually check flags for all context ops (stable-fixes). - Add lock around VF RLCG interface (stable-fixes). - fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes). - Fix the null pointer dereference to ras_manager (stable-fixes). - Validate TA binary size (stable-fixes). - drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes). - Fix the null pointer dereference for smu7 (stable-fixes). - Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes). - Fix the param type of set_power_profile_mode (stable-fixes). - analogix_ properly handle zero sized AUX transactions (stable-fixes). - tc358768: Attempt to fix DSI horizontal timings (stable-fixes). - fix null pointer dereference in drm_client_modeset_probe (git-fixes). - drm/dp_ Skip CSN if topology probing is not done yet (stable-fixes). - set gp bus_stop bit before hard reset (stable-fixes). - reset the link phy params before link training (git-fixes). - cleanup FB if dpu_format_populate_layout fails (git-fixes). - do not play tricks with debug macros (git-fixes). - Zero-initialize iosys_map (stable-fixes). - fix inode->i_blocks for non-512 byte sector size device (git-fixes). - fix potential deadlock on __exfat_get_dentry_set (git-fixes). - redefine DIR_DELETED as the bad cluster number (git-fixes). - support dynamic allocate bh for exfat_entry_set_cache (git-fixes). - fs/netfs/fscache_ add missing 'n_accesses' check (bsc#1229453). - Initialize beyond-EOF page contents before setting uptodate (bsc#1229454). - Add might_sleep() to disable_irq() (git-fixes). - Always limit the affinity to online CPUs (git-fixes). - Do not return error on missing optional irq_request_resources() (git-fixes). - Take the proposed affinity at face value if force==true (git-fixes). - genirq/cpuhotplug, x86 Prevent vector leak during CPU offline (git-fixes). - genirq/generic_ Make irq_remove_generic_chip() irqdomain aware (git-fixes). - Fix NULL pointer deref in irq_data_get_affinity_mask() (git-fixes). - Do not try to remove non-existing sysfs files (git-fixes). - Exclude managed interrupts in irq_matrix_allocated() (git-fixes). - Shutdown managed interrupts with unsatifiable affinities (git-fixes). - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes). - fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes). - i2 Improve handling of stuck alerts (git-fixes). - i2 Send alert notifications to all devices if source not found (git-fixes). - Convert comma to semicolon (git-fixes). - ip6_ Fix broken GRO (bsc#1229444). - ipv6: fix incorrect unregister order (git-fixes). - Drop bogus fwspec-mapping error handling (git-fixes). - Fix association race (git-fixes). - Fix disassociation race (git-fixes). - Fix domain registration race (git-fixes). - Fix mapping-creation race (git-fixes). - Fixed unbalanced fwnode get and put (git-fixes). - Look for existing mapping only once (git-fixes). - Refactor __irq_domain_alloc_irqs() (git-fixes). - Report irq number for NOMAP domains (git-fixes). - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413). - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413). - kernel/irq/irqdomain. fix memory leak with using debugfs_lookup() (git-fixes). - Fix to check symbol prefixes correctly (git-fixes). - move from strlcpy with unused retval to strscpy (git-fixes). - protect concurrent access to mem_cgroup_idr (git-fixes). - mm, fix infinite recursion due to RCU critical section (git-fixes). - prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - dw_ allow biu and ciu clocks to defer (git-fixes). - mmc_ Fix NULL dereference on allocation failure (git-fixes). - ks8851: Fix another TX stall caused by wrong ISR flag handling (git-fixes). - ks8851: Fix deadlock with the SPI chip variant (git-fixes). - ks8851: Fix potential TX stall after interface reopen (git-fixes). - ks8851: Fix TX stall caused by TX buffer overrun (gix-fixes). - Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530). - Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154). - Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes). - Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086). - remove two BUG() from skb_checksum_help() (bsc#1229312). - qmi_ fix memory leak for not ip packets (git-fixes). - fix possible cp null dereference (git-fixes). - initialize noop_qdisc owner (git-fixes). - pn533: Add poll mod list filling check (git-fixes). - expose /proc/net/sunrpc/nfs in net namespaces (git-fixes). - make the rpc_stat per net namespace (git-fixes). - add posix ACLs to struct nfsd_attrs (git-fixes). - add security label to struct nfsd_attrs (git-fixes). - fix regression with setting ACLs (git-fixes). - Fix strncpy() fortify warning (git-fixes). - Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes). - introduce struct nfsd_attrs (git-fixes). - move from strlcpy with unused retval to strscpy (git-fixes). - Optimize DRC bucket pruning (git-fixes). - return error if nfs4_setacl fails (git-fixes). - set attributes when creating symlinks (git-fixes). - use locks_inode_context helper (git-fixes). - nilfs2: Remove check for PageError (git-fixes). - nvme_ scan namespaces asynchronously (bsc#1224105). - ocfs2: use coarse time for new created files (git-fixes). - Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes). - perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes). - platform/x86 Add support for ACPI based probing (jsc#PED-8779). - platform/x86 Cache pci_dev in struct hsmp_socket (jsc#PED-8779). - platform/x86 Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779). - platform/x86 Check HSMP support on AMD family of processors (jsc#PED-8779). - platform/x86 Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779). - platform/x86 Create static func to handle platdev (jsc#PED-8779). - platform/x86 Define a struct to hold mailbox regs (jsc#PED-8779). - platform/x86 Move dev from platdev to hsmp_socket (jsc#PED-8779). - platform/x86 Move hsmp_test to probe (jsc#PED-8779). - platform/x86 Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779). - platform/x86 Remove extra parenthesis and add a space (jsc#PED-8779). - platform/x86 Restructure sysfs group creation (jsc#PED-8779). - platform/x86 switch to use device_add_groups() (jsc#PED-8779). - axp288_ Fix constant_charge_voltage writes (git-fixes). - axp288_ Round constant_charge_voltage writes down (git-fixes). - Fail build if using recordmcount with binutils v2.37 (bsc#1194869). - Mark .opd section read-only (bsc#1194869). - use generic version of arch_is_kernel_initmem_freed() (bsc#1194869). - xor_ Add '-mhard-float' to CFLAGS (bsc#1194869). - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869). - Avoid clang null pointer arithmetic warnings (bsc#1194869). - powerpc/kexec_ fix cpus node update to FDT (bsc#1194869). - make the update_cpus_node() function public (bsc#1194869). - split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869). - Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869). - Whitelist dtl slub object for copying to userspace (bsc#1194869). - Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869). - Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869). - RDMA/mana_ Use virtual address in dma regions for MRs (git-fixes). - Fix incomplete state save in rxe_requester (git-fixes) - Fix rxe_modify_srq (git-fixes) - Handle zero length rdma (git-fixes) - Move work queue code to subroutines (git-fixes) - s390 get rid of register asm (git-fixes bsc#1227079 bsc#1229187). - s390 Make use of invalid opcode produce a link error (git-fixes bsc#1227079). - s390 Split and rework cpacf query functions (git-fixes bsc#1229187). - s390 fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229190). - s390 fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229573). - s390 Prevent release of buffer in I/O (git-fixes bsc#1229572). - s390 Panic for set and remove shared access UVC errors (git-fixes bsc#1229188). - Fix scldiv calculation (git-fixes). - add a struct rpc_stats arg to rpc_create_args (git-fixes). - Fix a race to wake a sync task (git-fixes). - fix swiotlb_bounce() to do partial sync's correctly (git-fixes). - fix compat_sys_io_pgetevents_time64 usage (git-fixes). - Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes). - add check for crypto_shash_tfm_digest (git-fixes). - dbg_orphan_ Fix missed key type checking (git-fixes). - Fix adding orphan entry twice for the same inode (git-fixes). - Fix unattached xattr inode if powercut happens after deleting (git-fixes). - fix potential memory leak in vfio_intx_enable() (git-fixes). - fix wgds rev 3 exact size (git-fixes). - duplicate static structs used in driver instances (git-fixes). - x86 drop the duplicate APM_MINOR_DEV macro (git-fixes). - x86 Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes). - x86 Fix pti_clone_entry_text() for i386 (git-fixes). - x86 Check if fixed MTRRs exist before saving them (git-fixes). - x86 Work around false positive kmemleak report in msr_build_context() (git-fixes). - Fix missing interval for missing_owner in xfs fsmap (git-fixes). - Fix the owner setting issue for rmap query in xfs fsmap (git-fixes). - use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes). - Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes). - Fix rpcrdma_reqs_reset() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3487-1 Released: Fri Sep 27 19:56:02 2024 Summary: Recommended update for logrotate Type: recommended Severity: moderate References: This update for logrotate fixes the following issues: - Backport 'ignoreduplicates' configuration flag (jsc#PED-10366) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). The following package changes have been done: - glibc-2.31-150300.89.2 updated - libncurses6-6.1-150000.5.27.1 updated - terminfo-base-6.1-150000.5.27.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - pam-config-1.1-150200.3.9.1 updated - kernel-default-base-5.14.21-150500.55.80.2.150500.6.35.6 updated - qemu-guest-agent-7.1.0-150500.49.21.1 updated - logrotate-3.18.1-150400.3.10.1 updated - libcurl4-8.0.1-150400.5.53.2 updated - glibc-locale-base-2.31-150300.89.2 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.93 updated From sle-container-updates at lists.suse.com Mon Oct 7 07:01:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:01:27 +0200 (CEST) Subject: SUSE-IU-2024:1463-1: Security update of suse-sles-15-sp6-chost-byos-v20241004-x86_64-gen2 Message-ID: <20241007070127.AECE7FCBE@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20241004-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1463-1 Image Tags : suse-sles-15-sp6-chost-byos-v20241004-x86_64-gen2:20241004 Image Release : Severity : important Type : security References : 1012628 1081596 1193454 1194869 1200528 1205462 1208783 1213123 1214285 1215199 1217070 1220066 1220252 1220877 1221326 1221630 1221645 1221652 1221714 1221857 1222254 1222335 1222350 1222364 1222372 1222387 1222433 1222434 1222463 1222625 1222633 1222634 1222808 1222967 1222973 1223053 1223074 1223094 1223191 1223395 1223635 1223720 1223731 1223742 1223763 1223767 1223777 1223803 1224105 1224415 1224485 1224496 1224510 1224535 1224631 1224636 1224690 1224694 1224700 1224711 1224771 1225267 1225475 1225582 1225607 1225717 1225718 1225744 1225745 1225751 1225814 1225832 1225838 1225903 1226014 1226030 1226031 1226127 1226183 1226414 1226493 1226497 1226502 1226530 1226588 1226604 1226743 1226751 1226765 1226798 1226801 1226834 1226874 1226885 1226920 1227149 1227182 1227205 1227216 1227233 1227378 1227383 1227437 1227492 1227493 1227494 1227618 1227620 1227623 1227625 1227627 1227634 1227706 1227722 1227724 1227725 1227728 1227729 1227732 1227733 1227734 1227747 1227750 1227754 1227758 1227760 1227761 1227764 1227766 1227770 1227771 1227772 1227774 1227781 1227784 1227785 1227787 1227790 1227791 1227792 1227793 1227796 1227798 1227799 1227802 1227808 1227810 1227811 1227812 1227815 1227816 1227818 1227820 1227823 1227824 1227826 1227828 1227829 1227830 1227832 1227833 1227834 1227839 1227840 1227846 1227849 1227851 1227853 1227863 1227864 1227865 1227867 1227869 1227870 1227883 1227884 1227891 1227893 1227929 1227950 1227957 1227981 1227999 1228020 1228021 1228042 1228091 1228114 1228138 1228192 1228195 1228202 1228206 1228208 1228223 1228235 1228236 1228237 1228247 1228321 1228409 1228410 1228420 1228426 1228427 1228429 1228446 1228447 1228449 1228450 1228452 1228456 1228457 1228458 1228459 1228460 1228462 1228463 1228466 1228467 1228468 1228469 1228470 1228472 1228479 1228480 1228481 1228482 1228483 1228484 1228485 1228486 1228487 1228489 1228491 1228492 1228493 1228494 1228495 1228496 1228499 1228500 1228501 1228502 1228503 1228505 1228508 1228509 1228510 1228511 1228513 1228515 1228516 1228518 1228520 1228525 1228527 1228530 1228531 1228539 1228553 1228561 1228563 1228564 1228565 1228567 1228568 1228572 1228576 1228579 1228580 1228581 1228582 1228584 1228586 1228588 1228590 1228591 1228599 1228615 1228616 1228617 1228625 1228626 1228633 1228635 1228636 1228640 1228643 1228644 1228646 1228647 1228649 1228650 1228654 1228655 1228656 1228658 1228660 1228662 1228665 1228666 1228667 1228672 1228673 1228674 1228677 1228680 1228687 1228705 1228706 1228707 1228708 1228709 1228710 1228718 1228720 1228721 1228722 1228723 1228724 1228726 1228727 1228733 1228737 1228743 1228748 1228754 1228756 1228757 1228758 1228764 1228766 1228779 1228780 1228787 1228801 1228809 1228849 1228850 1228857 1228959 1228964 1228966 1228967 1228973 1228977 1228978 1228979 1228986 1228988 1228989 1228991 1228992 1229005 1229014 1229024 1229028 1229042 1229045 1229046 1229054 1229056 1229086 1229134 1229136 1229154 1229156 1229160 1229167 1229168 1229169 1229170 1229171 1229172 1229173 1229174 1229239 1229240 1229241 1229243 1229244 1229245 1229246 1229247 1229248 1229249 1229250 1229251 1229252 1229253 1229254 1229255 1229256 1229287 1229290 1229291 1229292 1229294 1229296 1229297 1229298 1229299 1229301 1229303 1229304 1229305 1229307 1229309 1229312 1229313 1229314 1229315 1229316 1229317 1229318 1229319 1229320 1229327 1229341 1229342 1229344 1229345 1229346 1229347 1229349 1229350 1229351 1229353 1229354 1229355 1229356 1229357 1229358 1229359 1229360 1229365 1229366 1229369 1229370 1229373 1229374 1229379 1229381 1229382 1229383 1229386 1229388 1229390 1229391 1229392 1229395 1229398 1229399 1229400 1229402 1229403 1229404 1229407 1229409 1229410 1229411 1229413 1229414 1229417 1229444 1229451 1229452 1229455 1229456 1229476 1229480 1229481 1229482 1229484 1229485 1229486 1229487 1229488 1229489 1229490 1229493 1229495 1229496 1229497 1229500 1229503 1229518 1229596 1229707 1229739 1229743 1229746 1229747 1229752 1229754 1229755 1229756 1229759 1229761 1229767 1229781 1229784 1229785 1229787 1229788 1229789 1229792 1229820 1229827 1229830 1229837 1229930 1229931 1229932 1229940 1230020 1230034 1230056 1230070 1230092 1230093 1230110 1230145 1230227 1230229 1230267 1230330 1230350 1230366 1230413 1230468 1230516 1230638 1230639 1230698 1230894 1230984 222971 CVE-2022-1996 CVE-2023-45142 CVE-2023-47108 CVE-2023-52489 CVE-2023-52581 CVE-2023-52668 CVE-2023-52688 CVE-2023-52735 CVE-2023-52859 CVE-2023-52885 CVE-2023-52886 CVE-2023-52887 CVE-2023-52889 CVE-2023-7256 CVE-2024-26590 CVE-2024-26631 CVE-2024-26637 CVE-2024-26668 CVE-2024-26669 CVE-2024-26677 CVE-2024-26682 CVE-2024-26683 CVE-2024-26691 CVE-2024-26735 CVE-2024-26808 CVE-2024-26809 CVE-2024-26812 CVE-2024-26835 CVE-2024-26837 CVE-2024-26849 CVE-2024-26851 CVE-2024-26889 CVE-2024-26920 CVE-2024-26944 CVE-2024-26976 CVE-2024-27010 CVE-2024-27011 CVE-2024-27024 CVE-2024-27049 CVE-2024-27050 CVE-2024-27079 CVE-2024-27403 CVE-2024-27433 CVE-2024-27437 CVE-2024-31076 CVE-2024-35854 CVE-2024-35855 CVE-2024-35897 CVE-2024-35902 CVE-2024-35913 CVE-2024-35939 CVE-2024-35949 CVE-2024-36270 CVE-2024-36286 CVE-2024-36288 CVE-2024-36489 CVE-2024-36881 CVE-2024-36907 CVE-2024-36909 CVE-2024-36910 CVE-2024-36911 CVE-2024-36929 CVE-2024-36933 CVE-2024-36939 CVE-2024-36970 CVE-2024-36979 CVE-2024-38548 CVE-2024-38563 CVE-2024-38609 CVE-2024-38662 CVE-2024-39476 CVE-2024-39483 CVE-2024-39484 CVE-2024-39486 CVE-2024-39488 CVE-2024-39489 CVE-2024-39491 CVE-2024-39493 CVE-2024-39497 CVE-2024-39499 CVE-2024-39500 CVE-2024-39501 CVE-2024-39505 CVE-2024-39506 CVE-2024-39508 CVE-2024-39509 CVE-2024-39510 CVE-2024-40899 CVE-2024-40900 CVE-2024-40902 CVE-2024-40903 CVE-2024-40904 CVE-2024-40905 CVE-2024-40909 CVE-2024-40910 CVE-2024-40911 CVE-2024-40912 CVE-2024-40913 CVE-2024-40916 CVE-2024-40920 CVE-2024-40921 CVE-2024-40922 CVE-2024-40924 CVE-2024-40926 CVE-2024-40927 CVE-2024-40929 CVE-2024-40930 CVE-2024-40932 CVE-2024-40934 CVE-2024-40936 CVE-2024-40938 CVE-2024-40939 CVE-2024-40941 CVE-2024-40942 CVE-2024-40943 CVE-2024-40944 CVE-2024-40945 CVE-2024-40954 CVE-2024-40956 CVE-2024-40957 CVE-2024-40958 CVE-2024-40959 CVE-2024-40962 CVE-2024-40964 CVE-2024-40967 CVE-2024-40976 CVE-2024-40977 CVE-2024-40978 CVE-2024-40981 CVE-2024-40982 CVE-2024-40984 CVE-2024-40987 CVE-2024-40988 CVE-2024-40989 CVE-2024-40990 CVE-2024-40992 CVE-2024-40994 CVE-2024-40995 CVE-2024-40997 CVE-2024-41000 CVE-2024-41001 CVE-2024-41002 CVE-2024-41004 CVE-2024-41007 CVE-2024-41009 CVE-2024-41010 CVE-2024-41011 CVE-2024-41012 CVE-2024-41015 CVE-2024-41016 CVE-2024-41020 CVE-2024-41022 CVE-2024-41024 CVE-2024-41025 CVE-2024-41028 CVE-2024-41032 CVE-2024-41035 CVE-2024-41036 CVE-2024-41037 CVE-2024-41038 CVE-2024-41039 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41045 CVE-2024-41048 CVE-2024-41049 CVE-2024-41050 CVE-2024-41051 CVE-2024-41056 CVE-2024-41057 CVE-2024-41058 CVE-2024-41059 CVE-2024-41060 CVE-2024-41061 CVE-2024-41062 CVE-2024-41063 CVE-2024-41064 CVE-2024-41065 CVE-2024-41066 CVE-2024-41068 CVE-2024-41069 CVE-2024-41070 CVE-2024-41071 CVE-2024-41072 CVE-2024-41073 CVE-2024-41074 CVE-2024-41075 CVE-2024-41076 CVE-2024-41078 CVE-2024-41079 CVE-2024-41080 CVE-2024-41081 CVE-2024-41084 CVE-2024-41087 CVE-2024-41088 CVE-2024-41089 CVE-2024-41092 CVE-2024-41093 CVE-2024-41094 CVE-2024-41095 CVE-2024-41096 CVE-2024-41097 CVE-2024-41098 CVE-2024-41996 CVE-2024-42064 CVE-2024-42069 CVE-2024-42070 CVE-2024-42073 CVE-2024-42074 CVE-2024-42076 CVE-2024-42077 CVE-2024-42079 CVE-2024-42080 CVE-2024-42082 CVE-2024-42085 CVE-2024-42086 CVE-2024-42087 CVE-2024-42089 CVE-2024-42090 CVE-2024-42092 CVE-2024-42093 CVE-2024-42095 CVE-2024-42096 CVE-2024-42097 CVE-2024-42098 CVE-2024-42101 CVE-2024-42104 CVE-2024-42105 CVE-2024-42106 CVE-2024-42107 CVE-2024-42109 CVE-2024-42110 CVE-2024-42113 CVE-2024-42114 CVE-2024-42115 CVE-2024-42117 CVE-2024-42119 CVE-2024-42120 CVE-2024-42121 CVE-2024-42122 CVE-2024-42124 CVE-2024-42125 CVE-2024-42126 CVE-2024-42127 CVE-2024-42130 CVE-2024-42131 CVE-2024-42132 CVE-2024-42133 CVE-2024-42136 CVE-2024-42137 CVE-2024-42138 CVE-2024-42139 CVE-2024-42141 CVE-2024-42142 CVE-2024-42143 CVE-2024-42144 CVE-2024-42145 CVE-2024-42147 CVE-2024-42148 CVE-2024-42152 CVE-2024-42153 CVE-2024-42155 CVE-2024-42156 CVE-2024-42157 CVE-2024-42158 CVE-2024-42159 CVE-2024-42161 CVE-2024-42162 CVE-2024-42223 CVE-2024-42224 CVE-2024-42225 CVE-2024-42226 CVE-2024-42227 CVE-2024-42228 CVE-2024-42229 CVE-2024-42230 CVE-2024-42232 CVE-2024-42236 CVE-2024-42237 CVE-2024-42238 CVE-2024-42239 CVE-2024-42240 CVE-2024-42241 CVE-2024-42244 CVE-2024-42245 CVE-2024-42246 CVE-2024-42247 CVE-2024-42250 CVE-2024-42253 CVE-2024-42259 CVE-2024-42268 CVE-2024-42269 CVE-2024-42270 CVE-2024-42271 CVE-2024-42274 CVE-2024-42276 CVE-2024-42277 CVE-2024-42278 CVE-2024-42279 CVE-2024-42280 CVE-2024-42281 CVE-2024-42283 CVE-2024-42284 CVE-2024-42285 CVE-2024-42286 CVE-2024-42287 CVE-2024-42288 CVE-2024-42289 CVE-2024-42290 CVE-2024-42291 CVE-2024-42292 CVE-2024-42295 CVE-2024-42298 CVE-2024-42301 CVE-2024-42302 CVE-2024-42303 CVE-2024-42308 CVE-2024-42309 CVE-2024-42310 CVE-2024-42311 CVE-2024-42312 CVE-2024-42313 CVE-2024-42314 CVE-2024-42315 CVE-2024-42316 CVE-2024-42318 CVE-2024-42319 CVE-2024-42320 CVE-2024-42322 CVE-2024-43816 CVE-2024-43817 CVE-2024-43818 CVE-2024-43819 CVE-2024-43821 CVE-2024-43823 CVE-2024-43824 CVE-2024-43825 CVE-2024-43826 CVE-2024-43829 CVE-2024-43830 CVE-2024-43831 CVE-2024-43833 CVE-2024-43834 CVE-2024-43837 CVE-2024-43839 CVE-2024-43840 CVE-2024-43841 CVE-2024-43842 CVE-2024-43846 CVE-2024-43847 CVE-2024-43849 CVE-2024-43850 CVE-2024-43851 CVE-2024-43853 CVE-2024-43854 CVE-2024-43855 CVE-2024-43856 CVE-2024-43858 CVE-2024-43860 CVE-2024-43861 CVE-2024-43863 CVE-2024-43864 CVE-2024-43866 CVE-2024-43867 CVE-2024-43871 CVE-2024-43872 CVE-2024-43873 CVE-2024-43874 CVE-2024-43875 CVE-2024-43876 CVE-2024-43877 CVE-2024-43879 CVE-2024-43880 CVE-2024-43881 CVE-2024-43882 CVE-2024-43883 CVE-2024-43884 CVE-2024-43885 CVE-2024-43889 CVE-2024-43892 CVE-2024-43893 CVE-2024-43894 CVE-2024-43895 CVE-2024-43897 CVE-2024-43899 CVE-2024-43900 CVE-2024-43902 CVE-2024-43903 CVE-2024-43905 CVE-2024-43906 CVE-2024-43907 CVE-2024-43908 CVE-2024-43909 CVE-2024-43911 CVE-2024-43912 CVE-2024-44931 CVE-2024-44938 CVE-2024-44939 CVE-2024-45310 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-45817 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 CVE-2024-8006 CVE-2024-8096 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20241004-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3217-1 Released: Thu Sep 12 13:06:07 2024 Summary: Security update for libpcap Type: security Severity: moderate References: 1230020,1230034,CVE-2023-7256,CVE-2024-8006 This update for libpcap fixes the following issues: - CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034) - CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3221-1 Released: Thu Sep 12 13:18:18 2024 Summary: Security update for containerd Type: security Severity: important References: 1200528,1217070,1228553,CVE-2022-1996,CVE-2023-45142,CVE-2023-47108 This update for containerd fixes the following issues: - Update to containerd v1.7.21 - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070) - CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3222-1 Released: Thu Sep 12 13:20:47 2024 Summary: Security update for runc Type: security Severity: low References: 1230092,CVE-2024-45310 This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3235-1 Released: Fri Sep 13 08:50:24 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1226497 This update for grub2 fixes the following issues: - Fix failure in bli module (bsc#1226497) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3317-1 Released: Wed Sep 18 16:38:50 2024 Summary: Recommended update for fipscheck Type: recommended Severity: moderate References: 1221714 This update for fipscheck fixes the following issue: - Backport upstream patches to fix C99 violations which are errors by default with GCC 14 (bsc#1221714). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3326-1 Released: Thu Sep 19 09:36:47 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1229014,1230229 This update for suseconnect-ng fixes the following issue: - Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3346-1 Released: Thu Sep 19 17:20:06 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3383-1 Released: Mon Sep 23 10:29:54 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1193454,1194869,1205462,1208783,1213123,1214285,1215199,1220066,1220252,1220877,1221326,1221630,1221645,1221652,1221857,1222254,1222335,1222350,1222364,1222372,1222387,1222433,1222434,1222463,1222625,1222633,1222634,1222808,1222967,1222973,1223053,1223074,1223191,1223395,1223635,1223720,1223731,1223742,1223763,1223767,1223777,1223803,1224105,1224415,1224485,1224496,1224510,1224535,1224631,1224636,1224690,1224694,1224700,1224711,1225475,1225582,1225607,1225717,1225718,1225744,1225745,1225751,1225814,1225832,1225838,1225903,1226031,1226127,1226502,1226530,1226588,1226604,1226743,1226751,1226765,1226798,1226801,1226834,1226874,1226885,1226920,1227149,1227182,1227383,1227437,1227492,1227493,1227494,1227618,1227620,1227623,1227627,1227634,1227706,1227722,1227724,1227725,1227728,1227729,1227732,1227733,1227734,1227747,1227750,1227754,1227758,1227760,1227761,1227764,1227766,1227770,1227771,1227772,1227774,1227781,1227784,1227785,1227787,1227790,1227791,1227792,1227796,1 227798,1227799,1227802,1227808,1227810,1227811,1227812,1227815,1227816,1227818,1227820,1227823,1227824,1227826,1227828,1227829,1227830,1227832,1227833,1227834,1227839,1227840,1227846,1227849,1227851,1227853,1227863,1227864,1227865,1227867,1227869,1227870,1227883,1227884,1227891,1227893,1227929,1227950,1227957,1227981,1228020,1228021,1228114,1228192,1228195,1228202,1228235,1228236,1228237,1228247,1228321,1228409,1228410,1228426,1228427,1228429,1228446,1228447,1228449,1228450,1228452,1228456,1228457,1228458,1228459,1228460,1228462,1228463,1228466,1228467,1228468,1228469,1228470,1228472,1228479,1228480,1228481,1228482,1228483,1228484,1228485,1228486,1228487,1228489,1228491,1228492,1228493,1228494,1228495,1228496,1228499,1228500,1228501,1228502,1228503,1228505,1228508,1228509,1228510,1228511,1228513,1228515,1228516,1228518,1228520,1228525,1228527,1228530,1228531,1228539,1228561,1228563,1228564,1228565,1228567,1228568,1228572,1228576,1228579,1228580,1228581,1228582,1228584,1228586,122858 8,1228590,1228591,1228599,1228615,1228616,1228617,1228625,1228626,1228633,1228635,1228636,1228640,1228643,1228644,1228646,1228649,1228650,1228654,1228655,1228656,1228658,1228660,1228662,1228665,1228666,1228667,1228672,1228673,1228674,1228677,1228680,1228687,1228705,1228706,1228707,1228708,1228709,1228710,1228718,1228720,1228721,1228722,1228723,1228724,1228726,1228727,1228733,1228737,1228743,1228748,1228754,1228756,1228757,1228758,1228764,1228766,1228779,1228801,1228849,1228850,1228857,1228959,1228964,1228966,1228967,1228973,1228977,1228978,1228979,1228986,1228988,1228989,1228991,1228992,1229005,1229024,1229042,1229045,1229046,1229054,1229056,1229086,1229134,1229136,1229154,1229156,1229160,1229167,1229168,1229169,1229170,1229171,1229172,1229173,1229174,1229239,1229240,1229241,1229243,1229244,1229245,1229246,1229247,1229248,1229249,1229250,1229251,1229252,1229253,1229254,1229255,1229256,1229287,1229290,1229291,1229292,1229294,1229296,1229297,1229298,1229299,1229301,1229303,1229304,122 9305,1229307,1229309,1229312,1229313,1229314,1229315,1229316,1229317,1229318,1229319,1229320,1229327,1229341,1229342,1229344,1229345,1229346,1229347,1229349,1229350,1229351,1229353,1229354,1229355,1229356,1229357,1229358,1229359,1229360,1229365,1229366,1229369,1229370,1229373,1229374,1229379,1229381,1229382,1229383,1229386,1229388,1229390,1229391,1229392,1229395,1229398,1229399,1229400,1229402,1229403,1229404,1229407,1229409,1229410,1229411,1229413,1229414,1229417,1229444,1229451,1229452,1229455,1229456,1229480,1229481,1229482,1229484,1229485,1229486,1229487,1229488,1229489,1229490,1229493,1229495,1229496,1229497,1229500,1229503,1229707,1229739,1229743,1229746,1229747,1229752,1229754,1229755,1229756,1229759,1229761,1229767,1229781,1229784,1229785,1229787,1229788,1229789,1229792,1229820,1229827,1229830,1229837,1229940,1230056,1230350,1230413,CVE-2023-52489,CVE-2023-52581,CVE-2023-52668,CVE-2023-52688,CVE-2023-52735,CVE-2023-52859,CVE-2023-52885,CVE-2023-52886,CVE-2023-52887,CVE-2023- 52889,CVE-2024-26590,CVE-2024-26631,CVE-2024-26637,CVE-2024-26668,CVE-2024-26669,CVE-2024-26677,CVE-2024-26682,CVE-2024-26683,CVE-2024-26691,CVE-2024-26735,CVE-2024-26808,CVE-2024-26809,CVE-2024-26812,CVE-2024-26835,CVE-2024-26837,CVE-2024-26849,CVE-2024-26851,CVE-2024-26889,CVE-2024-26920,CVE-2024-26944,CVE-2024-26976,CVE-2024-27010,CVE-2024-27011,CVE-2024-27024,CVE-2024-27049,CVE-2024-27050,CVE-2024-27079,CVE-2024-27403,CVE-2024-27433,CVE-2024-27437,CVE-2024-31076,CVE-2024-35854,CVE-2024-35855,CVE-2024-35897,CVE-2024-35902,CVE-2024-35913,CVE-2024-35939,CVE-2024-35949,CVE-2024-36270,CVE-2024-36286,CVE-2024-36288,CVE-2024-36489,CVE-2024-36881,CVE-2024-36907,CVE-2024-36909,CVE-2024-36910,CVE-2024-36911,CVE-2024-36929,CVE-2024-36933,CVE-2024-36939,CVE-2024-36970,CVE-2024-36979,CVE-2024-38548,CVE-2024-38563,CVE-2024-38609,CVE-2024-38662,CVE-2024-39476,CVE-2024-39483,CVE-2024-39484,CVE-2024-39486,CVE-2024-39488,CVE-2024-39489,CVE-2024-39491,CVE-2024-39493,CVE-2024-39497,CVE-2024-39499,C VE-2024-39500,CVE-2024-39501,CVE-2024-39505,CVE-2024-39506,CVE-2024-39508,CVE-2024-39509,CVE-2024-39510,CVE-2024-40899,CVE-2024-40900,CVE-2024-40902,CVE-2024-40903,CVE-2024-40904,CVE-2024-40905,CVE-2024-40909,CVE-2024-40910,CVE-2024-40911,CVE-2024-40912,CVE-2024-40913,CVE-2024-40916,CVE-2024-40920,CVE-2024-40921,CVE-2024-40922,CVE-2024-40924,CVE-2024-40926,CVE-2024-40927,CVE-2024-40929,CVE-2024-40930,CVE-2024-40932,CVE-2024-40934,CVE-2024-40936,CVE-2024-40938,CVE-2024-40939,CVE-2024-40941,CVE-2024-40942,CVE-2024-40943,CVE-2024-40944,CVE-2024-40945,CVE-2024-40954,CVE-2024-40956,CVE-2024-40957,CVE-2024-40958,CVE-2024-40959,CVE-2024-40962,CVE-2024-40964,CVE-2024-40967,CVE-2024-40976,CVE-2024-40977,CVE-2024-40978,CVE-2024-40981,CVE-2024-40982,CVE-2024-40984,CVE-2024-40987,CVE-2024-40988,CVE-2024-40989,CVE-2024-40990,CVE-2024-40992,CVE-2024-40994,CVE-2024-40995,CVE-2024-40997,CVE-2024-41000,CVE-2024-41001,CVE-2024-41002,CVE-2024-41004,CVE-2024-41007,CVE-2024-41009,CVE-2024-41010,CVE-2024 -41011,CVE-2024-41012,CVE-2024-41015,CVE-2024-41016,CVE-2024-41020,CVE-2024-41022,CVE-2024-41024,CVE-2024-41025,CVE-2024-41028,CVE-2024-41032,CVE-2024-41035,CVE-2024-41036,CVE-2024-41037,CVE-2024-41038,CVE-2024-41039,CVE-2024-41040,CVE-2024-41041,CVE-2024-41044,CVE-2024-41045,CVE-2024-41048,CVE-2024-41049,CVE-2024-41050,CVE-2024-41051,CVE-2024-41056,CVE-2024-41057,CVE-2024-41058,CVE-2024-41059,CVE-2024-41060,CVE-2024-41061,CVE-2024-41062,CVE-2024-41063,CVE-2024-41064,CVE-2024-41065,CVE-2024-41066,CVE-2024-41068,CVE-2024-41069,CVE-2024-41070,CVE-2024-41071,CVE-2024-41072,CVE-2024-41073,CVE-2024-41074,CVE-2024-41075,CVE-2024-41076,CVE-2024-41078,CVE-2024-41079,CVE-2024-41080,CVE-2024-41081,CVE-2024-41084,CVE-2024-41087,CVE-2024-41088,CVE-2024-41089,CVE-2024-41092,CVE-2024-41093,CVE-2024-41094,CVE-2024-41095,CVE-2024-41096,CVE-2024-41097,CVE-2024-41098,CVE-2024-42064,CVE-2024-42069,CVE-2024-42070,CVE-2024-42073,CVE-2024-42074,CVE-2024-42076,CVE-2024-42077,CVE-2024-42079,CVE-2024-42080, CVE-2024-42082,CVE-2024-42085,CVE-2024-42086,CVE-2024-42087,CVE-2024-42089,CVE-2024-42090,CVE-2024-42092,CVE-2024-42093,CVE-2024-42095,CVE-2024-42096,CVE-2024-42097,CVE-2024-42098,CVE-2024-42101,CVE-2024-42104,CVE-2024-42105,CVE-2024-42106,CVE-2024-42107,CVE-2024-42109,CVE-2024-42110,CVE-2024-42113,CVE-2024-42114,CVE-2024-42115,CVE-2024-42117,CVE-2024-42119,CVE-2024-42120,CVE-2024-42121,CVE-2024-42122,CVE-2024-42124,CVE-2024-42125,CVE-2024-42126,CVE-2024-42127,CVE-2024-42130,CVE-2024-42131,CVE-2024-42132,CVE-2024-42133,CVE-2024-42136,CVE-2024-42137,CVE-2024-42138,CVE-2024-42139,CVE-2024-42141,CVE-2024-42142,CVE-2024-42143,CVE-2024-42144,CVE-2024-42145,CVE-2024-42147,CVE-2024-42148,CVE-2024-42152,CVE-2024-42153,CVE-2024-42155,CVE-2024-42156,CVE-2024-42157,CVE-2024-42158,CVE-2024-42159,CVE-2024-42161,CVE-2024-42162,CVE-2024-42223,CVE-2024-42224,CVE-2024-42225,CVE-2024-42226,CVE-2024-42227,CVE-2024-42228,CVE-2024-42229,CVE-2024-42230,CVE-2024-42232,CVE-2024-42236,CVE-2024-42237,CVE-202 4-42238,CVE-2024-42239,CVE-2024-42240,CVE-2024-42241,CVE-2024-42244,CVE-2024-42245,CVE-2024-42246,CVE-2024-42247,CVE-2024-42250,CVE-2024-42253,CVE-2024-42259,CVE-2024-42268,CVE-2024-42269,CVE-2024-42270,CVE-2024-42271,CVE-2024-42274,CVE-2024-42276,CVE-2024-42277,CVE-2024-42278,CVE-2024-42279,CVE-2024-42280,CVE-2024-42281,CVE-2024-42283,CVE-2024-42284,CVE-2024-42285,CVE-2024-42286,CVE-2024-42287,CVE-2024-42288,CVE-2024-42289,CVE-2024-42290,CVE-2024-42291,CVE-2024-42292,CVE-2024-42295,CVE-2024-42298,CVE-2024-42301,CVE-2024-42302,CVE-2024-42303,CVE-2024-42308,CVE-2024-42309,CVE-2024-42310,CVE-2024-42311,CVE-2024-42312,CVE-2024-42313,CVE-2024-42314,CVE-2024-42315,CVE-2024-42316,CVE-2024-42318,CVE-2024-42319,CVE-2024-42320,CVE-2024-42322,CVE-2024-43816,CVE-2024-43817,CVE-2024-43818,CVE-2024-43819,CVE-2024-43821,CVE-2024-43823,CVE-2024-43824,CVE-2024-43825,CVE-2024-43826,CVE-2024-43829,CVE-2024-43830,CVE-2024-43831,CVE-2024-43833,CVE-2024-43834,CVE-2024-43837,CVE-2024-43839,CVE-2024-43840 ,CVE-2024-43841,CVE-2024-43842,CVE-2024-43846,CVE-2024-43847,CVE-2024-43849,CVE-2024-43850,CVE-2024-43851,CVE-2024-43853,CVE-2024-43854,CVE-2024-43855,CVE-2024-43856,CVE-2024-43858,CVE-2024-43860,CVE-2024-43861,CVE-2024-43863,CVE-2024-43864,CVE-2024-43866,CVE-2024-43867,CVE-2024-43871,CVE-2024-43872,CVE-2024-43873,CVE-2024-43874,CVE-2024-43875,CVE-2024-43876,CVE-2024-43877,CVE-2024-43879,CVE-2024-43880,CVE-2024-43881,CVE-2024-43882,CVE-2024-43883,CVE-2024-43884,CVE-2024-43885,CVE-2024-43889,CVE-2024-43892,CVE-2024-43893,CVE-2024-43894,CVE-2024-43895,CVE-2024-43897,CVE-2024-43899,CVE-2024-43900,CVE-2024-43902,CVE-2024-43903,CVE-2024-43905,CVE-2024-43906,CVE-2024-43907,CVE-2024-43908,CVE-2024-43909,CVE-2024-43911,CVE-2024-43912,CVE-2024-44931,CVE-2024-44938,CVE-2024-44939 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-43911: wifi: mac80211: fix NULL dereference at band check in starting tx ba session (bsc#1229827). - CVE-2024-43899: drm/amd/display: Fix null pointer deref in dcn20_resource.c (bsc#1229754). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2024-43880: kabi: lib: objagg: Put back removed metod in struct objagg_ops (bsc#1229481). - CVE-2024-43866: net/mlx5: Always drain health in shutdown callback (bsc#1229495). - CVE-2024-43864: net/mlx5e: Fix CT entry update leaks of modify header context (bsc#1229496). - CVE-2024-43855: md: fix deadlock between mddev_suspend and flush bio (bsc#1229342). - CVE-2024-43854: block: initialize integrity buffer to zero before writing it to media (bsc#1229345) - CVE-2024-43850: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove (bsc#1229316). - CVE-2024-43839: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301). - CVE-2024-43837: bpf: Fix updating attached freplace prog in prog_array map (bsc#1229297). - CVE-2024-43834: xdp: fix invalid wait context of page_pool_destroy() (bsc#1229314) - CVE-2024-43831: media: mediatek: vcodec: Handle invalid decoder vsi (bsc#1229309). - CVE-2024-43821: scsi: lpfc: Fix a possible null pointer dereference (bsc#1229315). - CVE-2024-42322: ipvs: properly dereference pe in ip_vs_add_service (bsc#1229347) - CVE-2024-42318: landlock: Do not lose track of restrictions on cred_transfer (bsc#1229351). - CVE-2024-42316: mm/mglru: fix div-by-zero in vmpressure_calc_level() (bsc#1229353). - CVE-2024-42312: sysctl: always initialize i_uid/i_gid (bsc#1229357) - CVE-2024-42308: Update DRM patch reference (bsc#1229411) - CVE-2024-42301: dev/parport: fix the array out-of-bounds risk (bsc#1229407). - CVE-2024-42295: nilfs2: handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370). - CVE-2024-42291: ice: Add a per-VF limit on number of FDIR filters (bsc#1229374). - CVE-2024-42290: irqchip/imx-irqsteer: Handle runtime power management correctly (bsc#1229379). - CVE-2024-42284: tipc: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382) - CVE-2024-42283: net: nexthop: Initialize all fields in dumped nexthops (bsc#1229383) - CVE-2024-42281: bpf: Fix a segment issue when downgrading gso_size (bsc#1229386). - CVE-2024-42277: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409). - CVE-2024-42270: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init() (bsc#1229404). - CVE-2024-42269: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init() (bsc#1229402). - CVE-2024-42268: net/mlx5: Fix missing lock on sync reset reload (bsc#1229391). - CVE-2024-42247: wireguard: allowedips: avoid unaligned 64-bit memory accesses (bsc#1228988). - CVE-2024-42246: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989). - CVE-2024-42245: Revert 'sched/fair: Make sure to try to detach at least one movable task' (bsc#1228978). - CVE-2024-42241: mm/shmem: disable PMD-sized page cache if needed (bsc#1228986). - CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723). - CVE-2024-42162: gve: Account for stopped queues when reading NIC stats (bsc#1228706). - CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756). - CVE-2024-42159: scsi: mpi3mr: fix sanitise num_phys (bsc#1228754). - CVE-2024-42158: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720). - CVE-2024-42157: s390/pkey: Wipe sensitive data on failure (bsc#1228727). - CVE-2024-42156: s390/pkey: Wipe copies of clear-key structures on failure (bsc#1228722). - CVE-2024-42155: s390/pkey: Wipe copies of protected- and secure-keys (bsc#1228733). - CVE-2024-42148: bnx2x: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487). - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743). - CVE-2024-42142: net/mlx5: E-switch, Create ingress ACL when needed (bsc#1228491). - CVE-2024-42139: ice: Fix improper extts handling (bsc#1228503). - CVE-2024-42138: mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file (bsc#1228500). - CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705). - CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591). - CVE-2024-42113: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts (bsc#1228568). - CVE-2024-42110: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501). - CVE-2024-42109: netfilter: nf_tables: unconditionally flush pending work before notifier (bsc#1228505). - CVE-2024-42107: ice: Do not process extts if PTP is disabled (bsc#1228494). - CVE-2024-42106: inet_diag: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493). - CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633). - CVE-2024-42095: serial: 8250_omap: Fix Errata i2310 with RX FIFO level check (bsc#1228446). - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-42082: xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482). - CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672). - CVE-2024-42073: mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems (bsc#1228457). - CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470). - CVE-2024-41084: cxl/region: Avoid null pointer dereference in region lookup (bsc#1228472). - CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617). - CVE-2024-41080: io_uring: fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616). - CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655). - CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649). - CVE-2024-41075: cachefiles: add consistency check for copen/cread (bsc#1228646). - CVE-2024-41074: cachefiles: Set object to close if ondemand_id < 0 in copen (bsc#1228643). - CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-41068: s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579). - CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640). - CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599). - CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576). - CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459). - CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462). - CVE-2024-41051: cachefiles: wait for ondemand_object_worker to finish when dropping object (bsc#1228468). - CVE-2024-41050: cachefiles: cyclic allocation of msg_id to avoid reuse (bsc#1228499). - CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565). - CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530). - CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520). - CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518). - CVE-2024-41036: net: ks8851: Fix deadlock with the SPI chip variant (bsc#1228496). - CVE-2024-41032: mm: vmalloc: check if a hash-index is in cpu_possible_mask (bsc#1228460). - CVE-2024-41020: filelock: Fix fcntl/close race recovery compat path (bsc#1228427). - CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-41010: bpf: Fix too early release of tcx_entry (bsc#1228021). - CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-41007: tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863). - CVE-2024-41000: block/ioctl: prefer different overflow check (bsc#1227867). - CVE-2024-40995: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830). - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-40978: scsi: qedi: Fix crash while reading debugfs attribute (bsc#1227929). - CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884). - CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812). - CVE-2024-40957: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (bsc#1227811). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-40939: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail (bsc#1227799). - CVE-2024-40938: landlock: fix d_parent walk (bsc#1227840). - CVE-2024-40921: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (bsc#1227784). - CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (bsc#1227781). - CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798). - CVE-2024-40905: ipv6: fix possible race in __fib6_drop_pcpu_from() (bsc#1227761) - CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729). - CVE-2024-39489: ipv6: sr: fix memleak in seg6_hmac_init_algo (bsc#1227623) - CVE-2024-38662: selftests/bpf: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885). - CVE-2024-36979: net: bridge: mst: fix vlan use-after-free (bsc#1226604). - CVE-2024-36933: net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832). - CVE-2024-36929: net: core: reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36881: mm/userfaultfd: Fix reset ptes when close() for wr-protected (bsc#1225718). - CVE-2024-36489: tls: fix missing memory barrier in tls_init (bsc#1226874) - CVE-2024-36286: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801) - CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (bsc#1226798) - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700). - CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535). - CVE-2024-35897: netfilter: nf_tables: discard table flag update with pending basechain deletion (bsc#1224510). - CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625). - CVE-2024-27433: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() (bsc#1224711). - CVE-2024-27403: kabi: restore const specifier in flow_offload_route_init() (bsc#1224415). - CVE-2024-27079: iommu/vt-d: Fix NULL domain on device release (bsc#1223742). - CVE-2024-27024: net/rds: fix WARNING in rds_conn_connect_if_down (bsc#1223777). - CVE-2024-27011: netfilter: nf_tables: fix memleak in map from abort path (bsc#1223803). - CVE-2024-27010: net/sched: Fix mirred deadlock on device recursion (bsc#1223720). - CVE-2024-26851: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (bsc#1223074) - CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973). - CVE-2024-26835: netfilter: nf_tables: set dormant flag on hook register failure (bsc#1222967). - CVE-2024-26812: kABI: vfio: struct virqfd kABI workaround (bsc#1222808). - CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only from destroy path (bsc#1222633). - CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-26735: ipv6: sr: fix possible use-after-free and null-ptr-deref (bsc#1222372). - CVE-2024-26677: blacklist.conf: Add e7870cf13d20 ('rxrpc: Fix delayed ACKs to not set the reference serial number') (bsc#1222387) - CVE-2024-26669: kABI fix for net/sched: flower: Fix chain template offload (bsc#1222350). - CVE-2024-26668: netfilter: nft_limit: reject configurations that cause integer overflow (bsc#1222335). - CVE-2024-26631: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630). - CVE-2024-26590: erofs: fix inconsistent per-file compression format (bsc#1220252). - CVE-2023-52889: apparmor: Fix null pointer deref when receiving skb during sock creation (bsc#1229287). - CVE-2023-52859: perf: hisi: Fix use-after-free when register pmu fails (bsc#1225582). - CVE-2023-52581: netfilter: nf_tables: fix memleak when more than 255 elements expired (bsc#1220877). - CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326). The following non-security bugs were fixed: - ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window (git-fixes). - ACPI: SBS: manage alarm sysfs attribute through psy core (stable-fixes). - ACPI: battery: create alarm sysfs attribute atomically (stable-fixes). - ACPI: processor_idle: use raw_safe_halt() in acpi_idle_play_dead() (git-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes). - ALSA: hda/realtek - Fixed ALC285 headphone no sound (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G (stable-fixes). - ALSA: hda/realtek: Add support for new HP G12 laptops (stable-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop 14-ey0xxx (stable-fixes). - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book3 Ultra (stable-fixes). - ALSA: hda/realtek: Implement sound init sequence for Samsung Galaxy Book3 Pro 360 (stable-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED (stable-fixes). - ALSA: hda/tas2781: Use correct endian conversion (git-fixes). - ALSA: hda/tas2781: fix wrong calibrated data order (git-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Conditionally use snooping for AMD HDMI (git-fixes). - ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: seq: Skip event type filtering for UMP events (git-fixes). - ALSA: seq: ump: Explicitly reset RPN with Null RPN (stable-fixes). - ALSA: seq: ump: Optimize conversions from SysEx to UMP (git-fixes). - ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes). - ALSA: seq: ump: Use the common RPN/bank conversion context (stable-fixes). - ALSA: timer: Relax start tick time check for slave timer elements (git-fixes). - ALSA: ump: Explicitly reset RPN with Null RPN (stable-fixes). - ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes). - ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes). - ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes). - ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes). - ASoC: SOF: Intel: hda-dsp: Make sure that no irq handler is pending before suspend (stable-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: SOF: amd: Fix for acp init sequence (git-fixes). - ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data (stable-fixes). - ASoC: SOF: mediatek: Add missing board compatible (stable-fixes). - ASoC: allow module autoloading for table board_ids (stable-fixes). - ASoC: allow module autoloading for table db1200_pids (stable-fixes). - ASoC: amd: acp: fix module autoloading (git-fixes). - ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx (bsc#1227182). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: cs35l45: Checks index of cs35l45_irqs[] (stable-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile (stable-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio (stable-fixes). - Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes). - Bluetooth: L2CAP: Fix deadlock (git-fixes). - Bluetooth: MGMT: Add error handling to pair_device() (git-fixes). - Bluetooth: SMP: Fix assumption of Central always being Initiator (git-fixes). - Bluetooth: bnep: Fix out-of-bound access (stable-fixes). - Bluetooth: btintel: Fail setup on error (git-fixes). - Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading (stable-fixes). - Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (stable-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (stable-fixes). - Bluetooth: hci_conn: Check non NULL function before calling for HFP offload (stable-fixes). - Bluetooth: hci_core: Fix LE quote calculation (git-fixes). - Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes). - Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes). - Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv monitor (git-fixes). - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes). - Drop libata patch that caused a regression (bsc#1229054) - HID: wacom: Defer calculation of resolution until resolution_code is known (git-fixes). - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (bsc#1229056). - Input: i8042 - add forcenorestore quirk to leave controller untouched even on s3 (stable-fixes). - Input: i8042 - use new forcenorestore quirk to replace old buggy quirk combination (stable-fixes). - KVM: Always flush async #PF workqueue when vCPU is being destroyed (git-fixes). - KVM: Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY (git-fixes). - KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869). - KVM: PPC: Book3S HV: Handle pending exceptions on guest entry with MSR_EE (bsc#1215199). - KVM: Protect vcpu->pid dereference via debugfs with RCU (git-fixes). - KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes). - KVM: Stop processing *all* memslots when 'null' mmu_notifier handler is found (git-fixes). - KVM: VMX: Move posted interrupt descriptor out of VMX code (git-fixes). - KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() (git-fixes). - KVM: VMX: Switch __vmx_exit() and kvm_x86_vendor_exit() in vmx_exit() (git-fixes). - KVM: arm64: AArch32: Fix spurious trapping of conditional instructions (git-fixes). - KVM: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes). - KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes). - KVM: arm64: Fix AArch32 register narrowing on userspace write (git-fixes). - KVM: arm64: Fix __pkvm_init_switch_pgd call ABI (git-fixes). - KVM: arm64: Fix clobbered ELR in sync abort/SError (git-fixes) - KVM: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes). - KVM: arm64: timers: Correctly handle TGE flip with CNTPOFF_EL2 (git-fixes). - KVM: arm64: timers: Fix resource leaks in kvm_timer_hyp_init() (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes). - KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes). - KVM: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes). - KVM: arm64: vgic: Add a non-locking primitive for kvm_vgic_vcpu_destroy() (git-fixes). - KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy (git-fixes). - KVM: arm64: vgic: Simplify kvm_vgic_destroy() (git-fixes). - KVM: fix kvm_mmu_memory_cache allocation warning (git-fixes). - KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector (git-fixes). - KVM: nVMX: Check for pending posted interrupts when looking for nested events (git-fixes). - KVM: nVMX: Request immediate exit iff pending nested event needs injection (git-fixes). - KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes). - KVM: s390: fix validity interception issue when gisa is switched off (git-fixes bsc#1229167). - KVM: x86/mmu: Bug the VM if KVM tries to split a !hugepage SPTE (git-fixes). - KVM: x86: Limit check IDs for KVM_SET_BOOT_CPU_ID (git-fixes). - Move upstreamed powerpc patches into sorted section - Move upstreamed sound patches into sorted section - Moved upstreamed ASoC patch into sorted section - NFSD: Support write delegations in LAYOUTGET (git-fixes). - NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - PCI: Add Edimax Vendor ID to pci_ids.h (stable-fixes). - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes). - PCI: loongson: Enable MSI in LS7A Root Complex (stable-fixes). - RDMA/cache: Release GID table even if leak is detected (git-fixes) - RDMA/device: Return error earlier if port in not valid (git-fixes) - RDMA/hns: Check atomic wr length (git-fixes) - RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes) - RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes) - RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes) - RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes) - RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes) - RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes) - RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes) - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes) - RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes). - RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes) - RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes) - RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes) - RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes) - RDMA: Fix netdev tracker in ib_device_set_netdev (git-fixes) - Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (bsc#1208783). - Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (bsc#1208783). - Revert 'KVM: Prevent module exit until all VMs are freed' (git-fixes). - Revert 'Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d'' (git-fixes). - Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (git-fixes). - Revert 'misc: fastrpc: Restrict untrusted app to attach to privileged PD' (git-fixes). - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413). - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413). - Revert 'usb: gadget: uvc: cleanup request when not in correct state' (stable-fixes). - Revert 'usb: typec: tcpm: clear pd_event queue in PORT_RESET' (git-fixes). - SUNRPC: Fix a race to wake a sync task (git-fixes). - SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes). - Squashfs: fix variable overflow triggered by sysbot (git-fixes). - USB: serial: debug: do not echo input by default (stable-fixes). - Update config files. Disable CONFIG_KFENCE on ppc64le (bsc#1226920) - Update config files. Disable vdpa drivers for Alibaba ENI and SolidNET (jsc#PED-8954, bsc#1227834) - Update patch references for ASoC regression fixes (bsc#1229045, bsc#1229046) - afs: fix __afs_break_callback() / afs_drop_open_mmap() race (git-fixes). - apparmor: unpack transition table if dfa is not present (bsc#1226031). - arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes) - arm64: Add Neoverse-V2 part (git-fixes) - arm64: Fix KASAN random tag seed initialization (git-fixes) - arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes) - arm64: barrier: Restore spec_bar() macro (git-fixes) - arm64: cputype: Add Cortex-A720 definitions (git-fixes) - arm64: cputype: Add Cortex-A725 definitions (git-fixes) - arm64: cputype: Add Cortex-X1C definitions (git-fixes) - arm64: cputype: Add Cortex-X3 definitions (git-fixes) - arm64: cputype: Add Cortex-X4 definitions (git-fixes) - arm64: cputype: Add Cortex-X925 definitions (git-fixes) - arm64: cputype: Add Neoverse-V3 definitions (git-fixes) - arm64: dts: imx8mp: Add NPU Node (git-fixes) - arm64: dts: imx8mp: Fix pgc vpu locations (git-fixes) - arm64: dts: imx8mp: Fix pgc_mlmix location (git-fixes) - arm64: dts: imx8mp: add HDMI power-domains (git-fixes) - arm64: errata: Expand speculative SSBS workaround (again) (git-fixes) - arm64: errata: Expand speculative SSBS workaround (git-fixes) - arm64: errata: Unify speculative SSBS errata logic (git-fixes). Update config files. - arm64: jump_label: Ensure patched jump_labels are visible to all CPUs (git-fixes) - ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 (stable-fixes). - ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error (stable-fixes). - blacklist.conf: Add libata upstream revert entry (bsc#1229054) - bnxt_re: Fix imm_data endianness (git-fixes) - bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG (git-fixes) - bpf, lpm: Fix check prefixlen before walking trie (git-fixes). - bpf/tests: Remove duplicate JSGT tests (git-fixes). - bpf: Add crosstask check to __bpf_get_stack (git-fixes). - bpf: Detect IP == ksym.end as part of BPF program (git-fixes). - bpf: Ensure proper register state printing for cond jumps (git-fixes). - bpf: Fix a few selftest failures due to llvm18 change (git-fixes). - bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903). - bpf: Fix check_stack_write_fixed_off() to correctly spill imm (git-fixes). - bpf: Fix kfunc callback register type handling (git-fixes). - bpf: Fix prog_array_map_poke_run map poke update (git-fixes). - bpf: Fix unnecessary -EBUSY from htab_lock_bucket (git-fixes). - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly (git-fixes). - bpf: Remove unnecessary wait from bpf_map_copy_value() (git-fixes). - bpf: Set uattr->batch.count as zero before batched update or deletion (git-fixes). - bpf: do not infer PTR_TO_CTX for programs with unnamed context type (git-fixes). - bpf: enforce precision of R0 on callback return (git-fixes). - bpf: extract bpf_ctx_convert_map logic and make it more reusable (git-fixes). - bpf: fix control-flow graph checking in privileged mode (git-fixes). - bpf: handle bpf_user_pt_regs_t typedef explicitly for PTR_TO_CTX global arg (git-fixes). - bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes() (git-fixes). - bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes). - bpf: simplify btf_get_prog_ctx_type() into btf_is_prog_ctx_type() (git-fixes). - bpftool: Align output skeleton ELF code (git-fixes). - bpftool: Fix -Wcast-qual warning (git-fixes). - bpftool: Silence build warning about calloc() (git-fixes). - bpftool: mark orphaned programs during prog show (git-fixes). - btrfs: add a btrfs_finish_ordered_extent helper (git-fixes). - btrfs: add a is_data_bbio helper (git-fixes). - btrfs: add an ordered_extent pointer to struct btrfs_bio (git-fixes). - btrfs: copy dir permission and time when creating a stub subvolume (bsc#1228321). - btrfs: ensure fast fsync waits for ordered extents after a write failure (git-fixes). - btrfs: factor out a btrfs_queue_ordered_fn helper (git-fixes). - btrfs: factor out a can_finish_ordered_extent helper (git-fixes). - btrfs: fix corruption after buffer fault in during direct IO append write (git-fixes). - btrfs: fix double inode unlock for direct IO sync writes (git-fixes). - btrfs: fix extent map use-after-free when adding pages to compressed bio (git-fixes). - btrfs: fix leak of qgroup extent records after transaction abort (git-fixes). - btrfs: fix ordered extent split error handling in btrfs_dio_submit_io (git-fixes). - btrfs: limit write bios to a single ordered extent (git-fixes). - btrfs: make btrfs_finish_ordered_extent() return void (git-fixes). - btrfs: merge the two calls to btrfs_add_ordered_extent in run_delalloc_nocow (git-fixes). - btrfs: open code btrfs_bio_end_io in btrfs_dio_submit_io (git-fixes). - btrfs: open code end_extent_writepage in end_bio_extent_writepage (git-fixes). - btrfs: pass a btrfs_inode to btrfs_fdatawrite_range() (git-fixes). - btrfs: pass a btrfs_inode to btrfs_wait_ordered_range() (git-fixes). - btrfs: pass an ordered_extent to btrfs_reloc_clone_csums (git-fixes). - btrfs: pass an ordered_extent to btrfs_submit_compressed_write (git-fixes). - btrfs: remove btrfs_add_ordered_extent (git-fixes). - btrfs: rename err to ret in btrfs_direct_write() (git-fixes). - btrfs: uninline some static inline helpers from tree-log.h (git-fixes). - btrfs: use a btrfs_inode in the log context (struct btrfs_log_ctx) (git-fixes). - btrfs: use a btrfs_inode local variable at btrfs_sync_file() (git-fixes). - btrfs: use bbio->ordered in btrfs_csum_one_bio (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete buffered writes (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete compressed writes (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete direct writes (git-fixes). - btrfs: use irq safe locking when running and adding delayed iputs (git-fixes). - cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode (bsc#1229245). - cachefiles: add missing lock protection when polling (bsc#1229256). - cachefiles: add restore command to recover inflight ondemand read requests (bsc#1229244). - cachefiles: add spin_lock for cachefiles_ondemand_info (bsc#1229249). - cachefiles: cancel all requests for the object that is being dropped (bsc#1229255). - cachefiles: defer exposing anon_fd until after copy_to_user() succeeds (bsc#1229251). - cachefiles: extract ondemand info field from cachefiles_object (bsc#1229240). - cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() (bsc#1229247). - cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() (bsc#1229246). - cachefiles: introduce object ondemand state (bsc#1229239). - cachefiles: make on-demand read killable (bsc#1229252). - cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode (bsc#1229243). - cachefiles: never get a new anonymous fd if ondemand_id is valid (bsc#1229250). - cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229253). - cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read() (bsc#1229248). - cachefiles: resend an open request if the read request's object is closed (bsc#1229241). - cachefiles: stop sending new request when dropping object (bsc#1229254). - can: mcp251xfd: tef: prepare to workaround broken TEF FIFO tail index erratum (stable-fixes). - can: mcp251xfd: tef: update workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes). - ceph: periodically flush the cap releases (bsc#1230056). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - char: xillybus: Check USB endpoints when probing device (git-fixes). - char: xillybus: Do not destroy workqueue from work item running on it (stable-fixes). - char: xillybus: Refine workqueue handling (git-fixes). - clk: en7523: fix rate divider for slic and spi clocks (git-fixes). - clk: qcom: Park shared RCGs upon registration (git-fixes). - clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs (git-fixes). - clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and flags (git-fixes). - clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock (git-fixes). - clk: qcom: gpucc-sa8775p: Park RCG's clk source at XO during disable (git-fixes). - clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and ALWAYS_ON flags (git-fixes). - clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC's (git-fixes). - clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable (git-fixes). - clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer the error (git-fixes). - clk: visconti: Add bounds-checking coverage for struct visconti_pll_provider (stable-fixes). - clocksource/drivers/sh_cmt: Address race condition for clock events (stable-fixes). - cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - dev/parport: fix the array out-of-bounds risk (stable-fixes). - device property: Add cleanup.h based fwnode_handle_put() scope based cleanup (stable-fixes). - dmaengine: dw: Add memory bus width verification (git-fixes). - dmaengine: dw: Add peripheral bus width verification (git-fixes). - docs: KVM: Fix register ID of SPSR_FIQ (git-fixes). - driver core: Fix uevent_show() vs driver detach race (git-fixes). - drm/admgpu: fix dereferencing null pointer context (stable-fixes). - drm/amd/display: Add delay to improve LTTPR UHBR interop (stable-fixes). - drm/amd/display: Add null checker before passing variables (stable-fixes). - drm/amd/display: Adjust cursor position (git-fixes). - drm/amd/display: Check for NULL pointer (stable-fixes). - drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes). - drm/amd/display: avoid using null object of framebuffer (git-fixes). - drm/amd/display: fix cursor offset on rotation 180 (git-fixes). - drm/amd/display: fix s2idle entry for DCN3.5+ (stable-fixes). - drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes). - drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes). - drm/amdgpu/jpeg4: properly set atomics vmid field (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes). - drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes). - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes). - drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1 (git-fixes). - drm/amdgpu: Actually check flags for all context ops (stable-fixes). - drm/amdgpu: Add lock around VF RLCG interface (stable-fixes). - drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes). - drm/amdgpu: Forward soft recovery errors to userspace (stable-fixes). - drm/amdgpu: Validate TA binary size (stable-fixes). - drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes). - drm/amdgpu: fix potential resource leak warning (stable-fixes). - drm/amdgpu: reset vm state machine after gpu reset(vram lost) (stable-fixes). - drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes). - drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes). - drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes). - drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes). - drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict (git-fixes). - drm/i915/gem: Adjust vma offset for framebuffer mmap offset (stable-fixes). - drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (git-fixes). - drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro (git-fixes). - drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll() (git-fixes). - drm/lima: set gp bus_stop bit before hard reset (stable-fixes). - drm/mediatek/dp: Fix spurious kfree() (git-fixes). - drm/msm/dp: fix the max supported bpp logic (git-fixes). - drm/msm/dp: reset the link phy params before link training (git-fixes). - drm/msm/dpu: capture snapshot on the first commit_done timeout (stable-fixes). - drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes). - drm/msm/dpu: do not play tricks with debug macros (git-fixes). - drm/msm/dpu: drop MSM_ENC_VBLANK support (stable-fixes). - drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() (git-fixes). - drm/msm/dpu: split dpu_encoder_wait_for_event into two functions (stable-fixes). - drm/msm/dpu: take plane rotation into account for wide planes (git-fixes). - drm/msm/dpu: try multirect based on mdp clock limits (stable-fixes). - drm/msm/dpu: use drmm-managed allocation for dpu_encoder_phys (stable-fixes). - drm/msm/mdss: Rename path references to mdp_path (stable-fixes). - drm/msm/mdss: switch mdss to use devm_of_icc_get() (stable-fixes). - drm/msm: Reduce fallout of fence signaling vs reclaim hangs (stable-fixes). - drm/nouveau: prime: fix refcount underflow (git-fixes). - drm/panel: nt36523: Set 120Hz fps for xiaomi,elish panels (stable-fixes). - drm/radeon/evergreen_cs: Clean up errors in evergreen_cs.c (bsc#1229024). - drm/radeon: Remove __counted_by from StateArray.states[] (git-fixes). - drm/rockchip: vop2: clear afbc en and transform bit for cluster window at linear mode (stable-fixes). - drm/virtio: Fix type of dma-fence context variable (git-fixes). - drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes). - drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes). - drm/vmwgfx: Fix prime with external buffers (git-fixes). - efi/libstub: Zero initialize heap allocated struct screen_info (git-fixes). - evm: do not copy up 'security.evm' xattr (git-fixes). - firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid (stable-fixes). - fs/netfs/fscache_cookie: add missing 'n_accesses' check (bsc#1229455). - fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229456). - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes). - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes). - genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes). - gfs2: setattr_chown: Add missing initialization (git-fixes). - gpio: mlxbf3: Support shutdown() function (git-fixes). - gpio: prevent potential speculation leaks in gpio_device_get_desc() (stable-fixes). - gpio: sysfs: extend the critical section for unregistering sysfs devices (stable-fixes). - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes). - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes). - hwmon: (ltc2992) Avoid division by zero (stable-fixes). - hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() (git-fixes). - hwmon: (pc87360) Bounds check data->innr usage (stable-fixes). - i2c: Fix conditional for substituting empty ACPI functions (stable-fixes). - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes). - i2c: qcom-geni: Add missing clk_disable_unprepare in geni_i2c_runtime_resume (git-fixes). - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes). - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes). - i2c: riic: avoid potential division by zero (stable-fixes). - i2c: smbus: Improve handling of stuck alerts (git-fixes). - i2c: smbus: Send alert notifications to all devices if source not found (git-fixes). - i2c: stm32f7: Add atomic_xfer method to driver (stable-fixes). - i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer (stable-fixes). - i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out (stable-fixes). - i915/perf: Remove code to update PWR_CLK_STATE for gen12 (git-fixes). - ice: Fix NULL pointer access, if PF does not support SRIOV_LAG (bsc#1228737). - io_uring/advise: support 64-bit lengths (git-fixes). - io_uring: Drop per-ctx dummy_ubuf (git-fixes). - io_uring: Fix probe of disabled operations (git-fixes). - io_uring: fix io_match_task must_hold (git-fixes). - io_uring: tighten task exit cancellations (git-fixes). - iommu/amd: Convert comma to semicolon (git-fixes). - iommu/vt-d: Fix identity map bounds in si_domain_init() (git-fixes). - iommufd/device: Fix hwpt at err_unresv in iommufd_device_do_replace() (git-fixes). - ip6_tunnel: Fix broken GRO (bsc#1229444). - ipv6: sr: fix incorrect unregister order (git-fixes). - irqdomain: Fixed unbalanced fwnode get and put (git-fixes). - jfs: Fix shift-out-of-bounds in dbDiscardAG (git-fixes). - jfs: define xtree root and page independently (git-fixes). - jfs: fix null ptr deref in dtInsertEntry (git-fixes). - jump_label: Clarify condition in static_key_fast_inc_not_disabled() (git-fixes). - jump_label: Fix concurrency issues in static_key_slow_dec() (git-fixes). - jump_label: Fix the fix, brown paper bags galore (git-fixes). - jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() (git-fixes). - kABI fix of: virtio-crypto: handle config changed by work queue (git-fixes). - kABI workaround for sound core UMP conversion (stable-fixes). - kabi fix for KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes). - kabi fix for SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes). - kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783) - kabi: more build fix without patches.kabi (bsc#1226502) - kcov: properly check for softirq context (git-fixes). - kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042). - kernel-binary: generate and install compile_commands.json (bsc#1228971). - kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy() (bsc#1229134). - kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files (git-fixes). - kprobes: Fix to check symbol prefixes correctly (git-fixes). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - kvm: s390: Reject memory region operations for ucontrol VMs (git-fixes bsc#1229168). - libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API (git-fixes). - libbpf: Apply map_set_def_max_entries() for inner_maps on creation (git-fixes). - libbpf: Fix faccessat() usage on Android (git-fixes). - libbpf: Use OPTS_SET() macro in bpf_xdp_query() (git-fixes). - md-cluster: fix hanging issue while a new disk adding (bsc#1223395). - md-cluster: fix hanging issue while a new disk adding (bsc#1223395). - md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395). - md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395). - md-cluster: keeping kabi compatibility for upstream commit 35a0a409fa26 (bsc#1223395). - md/md-bitmap: fix writing non bitmap pages (git-fixes). - md/raid1: set max_sectors during early return from choose_slow_rdev() (git-fixes). - md/raid1: support read error check (git-fixes). - md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (git-fixes). - md/raid5: fix spares errors about rcu usage (git-fixes). - md/raid5: recheck if reshape has finished with device_lock held (git-fixes). - md: Do not wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl (git-fixes). - md: add a mddev_add_trace_msg helper (git-fixes). - md: add check for sleepers in md_wakeup_thread() (git-fixes). - md: change the return value type of md_write_start to void (git-fixes). - md: do not account sync_io if iostats of the disk is disabled (git-fixes). - md: do not delete safemode_timer in mddev_suspend (git-fixes). - md: factor out a helper exceed_read_errors() to check read_errors (git-fixes). - md: fix a suspicious RCU usage warning (git-fixes). - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes). - media: amphion: Remove lock in s_ctrl callback (stable-fixes). - media: drivers/media/dvb-core: copy user arrays safely (stable-fixes). - media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes). - media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920 (git-fixes). - media: uvcvideo: Disable autosuspend for Insta360 Link (stable-fixes). - media: uvcvideo: Fix the bandwdith quirk on USB 3.x (stable-fixes). - media: uvcvideo: Ignore empty TS packets (stable-fixes). - media: uvcvideo: Quirk for invalid dev_sof in Logitech C922 (stable-fixes). - media: xc2028: avoid use-after-free in load_firmware_cb() (stable-fixes). - memcg: protect concurrent access to mem_cgroup_idr (git-fixes). - memory: stm32-fmc2-ebi: check regmap_read return value (stable-fixes). - memory: tegra: Skip SID programming if SID registers are not set (stable-fixes). - minmax: add a few more MIN_T/MAX_T users (bsc#1229024). - minmax: avoid overly complicated constant expressions in VM code (bsc#1229024). - minmax: do not use max() in situations that want a C constant expression (bsc#1229024). - minmax: fix up min3() and max3() too (bsc#1229024). - minmax: improve macro expansion and type checking (bsc#1229024). - minmax: make generic MIN() and MAX() macros available everywhere (bsc#1229024). - minmax: simplify and clarify min_t()/max_t() implementation (bsc#1229024). - minmax: simplify min()/max()/clamp() implementation (bsc#1229024). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes). - mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes). - mmc: mtk-sd: receive cmd8 data when hs400 tuning fail (git-fixes). - net/iucv: fix the allocation size of iucv_path_table array (git-fixes bsc#1229451). - net/iucv: fix use after free in iucv_sock_close() (bsc#1228973). - net/rds: fix possible cp null dereference (git-fixes). - net/sched: initialize noop_qdisc owner (git-fixes). - net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes). - net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() (git-fixes). - net: fix sk_memory_allocated_{add|sub} vs softirqs (bsc#1228757). - net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530). - net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086). - net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154). - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes). - net: missing check virtio (git-fixes). - net: phy: micrel: Fix the KSZ9131 MDI-X status issue (git-fixes). - net: phy: realtek: add support for RTL8366S Gigabit PHY (git-fixes). - net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes). - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes). - netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462). - nfc: pn533: Add poll mod list filling check (git-fixes). - nfs: do not invalidate dentries on transient errors (git-fixes). - nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes). - nfs: make the rpc_stat per net namespace (git-fixes). - nfs: pass explicit offset/count to trace events (git-fixes). - nfs: propagate readlink errors in nfs_symlink_filler (git-fixes). - nouveau/firmware: use dma non-coherent allocator (git-fixes). - nvme-multipath: find NUMA path only for online numa-node (git-fixes). - nvme-multipath: implement 'queue-depth' iopolicy (bsc#1227706). - nvme-multipath: prepare for 'queue-depth' iopolicy (bsc#1227706). - nvme-pci: Fix the instructions for disabling power management (git-fixes). - nvme-pci: add missing condition check for existence of mapped data (git-fixes). - nvme-pci: do not directly handle subsys reset fallout (bsc#1220066). - nvme-sysfs: add 'tls_configured_key' sysfs attribute (bsc#1221857). - nvme-sysfs: add 'tls_keyring' attribute (bsc#1221857). - nvme-tcp: check for invalidated or revoked key (bsc#1221857). - nvme-tcp: sanitize TLS key handling (bsc#1221857). - nvme: add a newline to the 'tls_key' sysfs attribute (bsc#1221857). - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes). - nvme: avoid double free special payload (git-fixes). - nvme: fix NVME_NS_DEAC may incorrectly identifying the disk as EXT_LBA (git-fixes). - nvme: fixup comment for nvme RDMA Provider Type (git-fixes). - nvme: split off TLS sysfs attributes into a separate group (bsc#1221857). - nvme: tcp: remove unnecessary goto statement (bsc#1221857). - nvme_core: scan namespaces asynchronously (bsc#1224105). - nvmet-auth: fix nvmet_auth hash error handling (git-fixes). - nvmet: always initialize cqe.result (git-fixes). - nvmet: do not return 'reserved' for empty TSAS values (git-fixes). - nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes). - nvmet: make 'tsas' attribute idempotent for RDMA (git-fixes). - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes). - perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes). - pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE (git-fixes). - pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (git-fixes). - pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes). - pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes). - platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779). - platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779). - platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779). - platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779). - platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779). - platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779). - platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779). - platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779). - platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779). - platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779). - platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779). - platform/x86/intel/ifs: Initialize union ifs_status to zero (git-fixes). - platform/x86: lg-laptop: fix %s null argument warning (stable-fixes). - power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes). - power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes). - power: supply: qcom_battmgr: return EAGAIN when firmware service is not up (git-fixes). - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869). - powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869). - powerpc/kexec: make the update_cpus_node() function public (bsc#1194869). - powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869). - powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869). - powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869). - powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869). - powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869). - powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869). - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869). - powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869). - printk/panic: Allow cpu backtraces to be written into ringbuffer during panic (bsc#1225607). - reiserfs: fix uninit-value in comp_keys (git-fixes). - rtc: nct3018y: fix possible NULL dereference (stable-fixes). - s390/cpum_cf: Fix endless loop in CF_DIAG event stop (git-fixes bsc#1229171). - s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229173). - s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229452). - s390/pci: Add missing virt_to_phys() for directed DIBV (git-fixes bsc#1229174). - s390/pci: Allow allocation of more than 1 MSI interrupt (git-fixes bsc#1229172). - s390/pci: Refactor arch_setup_msi_irqs() (git-fixes bsc#1229172). - s390/pkey: harmonize pkey s390 debug feature calls (bsc#1228720). - s390/pkey: introduce dynamic debugging for pkey (bsc#1228720). - s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229169). - s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229170). - samples/bpf: syscall_tp_user: Fix array out-of-bound access (git-fixes). - samples/bpf: syscall_tp_user: Rename num_progs into nr_tests (git-fixes). - sbitmap: use READ_ONCE to access map->word (stable-fixes). - scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857). - scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857). - scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857). - scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857). - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857). - scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857). - scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857). - scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857). - scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850). - scsi: qla2xxx: Complete command early within lock (bsc#1228850). - scsi: qla2xxx: Convert comma to semicolon (bsc#1228850). - scsi: qla2xxx: Drop driver owner assignment (bsc#1228850). - scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850). - scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850). - scsi: qla2xxx: Fix flash read failure (bsc#1228850). - scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850). - scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850). - scsi: qla2xxx: Indent help text (bsc#1228850). - scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850). - scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850). - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850). - scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850). - scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850). - scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850). - scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850). - selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY values (git-fixes). - selftests/bpf: Add a test to verify previous stacksafe() fix (bsc#1225903). - selftests/bpf: Add assert for user stacks in test_task_stack (git-fixes). - selftests/bpf: Add netkit to tc_redirect selftest (git-fixes). - selftests/bpf: De-veth-ize the tc_redirect test case (git-fixes). - selftests/bpf: Disable IPv6 for lwt_redirect test (git-fixes). - selftests/bpf: Fix erroneous bitmask operation (git-fixes). - selftests/bpf: Fix issues in setup_classid_environment() (git-fixes). - selftests/bpf: Fix potential premature unload in bpf_testmod (git-fixes). - selftests/bpf: Fix pyperf180 compilation failure with clang18 (git-fixes). - selftests/bpf: Fix the flaky tc_redirect_dtime test (git-fixes). - selftests/bpf: Fix up xdp bonding test wrt feature flags (git-fixes). - selftests/bpf: Make linked_list failure test more robust (git-fixes). - selftests/bpf: Relax time_tai test for equal timestamps in tai_forward (git-fixes). - selftests/bpf: Skip module_fentry_shadow test when bpf_testmod is not available (git-fixes). - selftests/bpf: Wait for the netstamp_needed_key static key to be turned on (git-fixes). - selftests/bpf: fix RELEASE=1 build for tc_opts (git-fixes). - selftests/bpf: fix bpf_loop_bench for new callback verification scheme (git-fixes). - selftests/bpf: fix compiler warnings in RELEASE=1 mode (git-fixes). - selftests/bpf: satisfy compiler by having explicit return in btf test (git-fixes). - serial: core: check uartclk for zero to avoid divide by zero (stable-fixes). - soc: qcom: cmd-db: Map shared memory as WC, not WB (git-fixes). - soc: qcom: pmic_glink: Actually communicate when remote goes down (git-fixes). - soundwire: stream: fix programming slave ports for non-continous port maps (git-fixes). - spi: Add empty versions of ACPI functions (stable-fixes). - spi: microchip-core: fix init function not setting the master and motorola modes (git-fixes). - spi: microchip-core: switch to use modern name (stable-fixes). - spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes). - spi: spidev: Add missing spi_device_id for bh2228fv (git-fixes). - squashfs: squashfs_read_data need to check if the length is 0 (git-fixes). - ssb: Fix division by zero issue in ssb_calc_clock_rate (stable-fixes). - staging: iio: resolver: ad2s1210: fix use before initialization (stable-fixes). - staging: ks7010: disable bh on tx_dev_lock (stable-fixes). - string.h: Introduce memtostr() and memtostr_pad() (bsc#1228849). - sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes). - swiotlb: do not set total_used to 0 in swiotlb_create_debugfs_files() (git-fixes). - swiotlb: fix swiotlb_bounce() to do partial sync's correctly (git-fixes). - syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes). - thermal/drivers/broadcom: Fix race between removal and clock disable (git-fixes). - thermal: bcm2835: Convert to platform remove callback returning void (stable-fixes). - thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes). - tools/perf: Fix perf bench epoll to enable the run when some CPU's are offline (bsc#1227747). - tools/perf: Fix perf bench futex to enable the run when some CPU's are offline (bsc#1227747). - tools/perf: Fix timing issue with parallel threads in perf bench wake-up-parallel (bsc#1227747). - tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids (git-fixes). - tools/resolve_btfids: Fix cross-compilation to non-host endianness (git-fixes). - tools/resolve_btfids: Refactor set sorting with types from btf_ids.h (git-fixes). - tools/resolve_btfids: fix build with musl libc (git-fixes). - trace/pid_list: Change gfp flags in pid_list_fill_irq() (git-fixes). - tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes). - tty: atmel_serial: use the correct RTS flag (git-fixes). - tty: serial: fsl_lpuart: mark last busy before uart_add_one_port (git-fixes). - usb: cdnsp: fix for Link TRB with TC (git-fixes). - usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function (git-fixes). - usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (git-fixes). - usb: dwc3: core: Skip setting event buffers for host only controllers (stable-fixes). - usb: dwc3: omap: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes). - usb: gadget: core: Check for unset descriptor (git-fixes). - usb: gadget: fsl: Increase size of name buffer for endpoints (stable-fixes). - usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed (git-fixes). - usb: gadget: u_serial: Set start_delayed during suspend (git-fixes). - usb: gadget: uvc: cleanup request when not in correct state (stable-fixes). - usb: typec: fsa4480: Add support to swap SBU orientation (git-fixes). - usb: typec: fsa4480: Check if the chip is really there (git-fixes). - usb: typec: fsa4480: Relax CHIP_ID check (git-fixes). - usb: typec: fsa4480: add support for Audio Accessory Mode (git-fixes). - usb: typec: fsa4480: rework mux & switch setup to handle more states (git-fixes). - usb: vhci-hcd: Do not drop references before new references are gained (stable-fixes). - vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes). - vhost-scsi: Handle vhost_vq_work_queue failures for events (git-fixes). - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes). - vhost/vsock: always initialize seqpacket_allow (git-fixes). - vhost: Release worker mutex during flushes (git-fixes). - vhost: Use virtqueue mutex for swapping worker (git-fixes). - virt: guest_memfd: fix reference leak on hwpoisoned page (git-fixes). - virtio-crypto: handle config changed by work queue (git-fixes). - virtio: reenable config if freezing device failed (git-fixes). - virtio_net: use u64_stats_t infra to avoid data-races (git-fixes). - virtiofs: forbid newlines in tags (bsc#1229940). - wifi: ath12k: fix memory leak in ath12k_dp_rx_peer_frag_setup() (stable-fixes). - wifi: ath12k: fix soft lockup on suspend (git-fixes). - wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion (git-fixes). - wifi: cfg80211: fix reporting failed MLO links status with cfg80211_connect_done (git-fixes). - wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes). - wifi: mac80211: use monitor sdata with driver only if desired (git-fixes). - wifi: mwifiex: duplicate static structs used in driver instances (git-fixes). - wifi: nl80211: disallow setting special AP channel widths (stable-fixes). - wifi: nl80211: do not give key data to userspace (stable-fixes). - wifi: rtw88: usb: Fix disconnection after beacon loss (stable-fixes). - wifi: wfx: repair open network AP mode (git-fixes). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). - x86/asm: Use %c/%n instead of %P operand modifier in asm templates (git-fixes). - x86/entry/64: Remove obsolete comment on tracing vs. SYSRET (git-fixes). - x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes). - x86/mm: Fix pti_clone_pgtable() alignment assumption (git-fixes). - x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes). - x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() (git-fixes). - x86/numa: Fix the address overlap check in numa_fill_memblks() (git-fixes). - x86/numa: Fix the sort compare func used in numa_fill_memblks() (git-fixes). - x86/numa: Introduce numa_fill_memblks() (git-fixes). - x86/pci: Skip early E820 check for ECAM region (git-fixes). - x86/xen: Convert comma to semicolon (git-fixes). - xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes). - xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes). - xfs: allow cross-linking special files without project quota (git-fixes). - xfs: allow symlinks with short remote targets (bsc#1229160). - xfs: allow unlinked symlinks and dirs with zero size (git-fixes). - xfs: attr forks require attr, not attr2 (git-fixes). - xfs: convert comma to semicolon (git-fixes). - xfs: do not use current->journal_info (git-fixes). - xfs: fix unlink vs cluster buffer instantiation race (git-fixes). - xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs (git-fixes). - xfs: journal geometry is not properly bounds checked (git-fixes). - xfs: match lock mode in xfs_buffered_write_iomap_begin() (git-fixes). - xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery (git-fixes). - xfs: upgrade the extent counters in xfs_reflink_end_cow_extent later (git-fixes). - xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes). - xfs: use consistent uid/gid when grabbing dquots for inodes (git-fixes). - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes). - xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3402-1 Released: Mon Sep 23 15:37:36 2024 Summary: Recommended update for makedumpfile Type: recommended Severity: moderate References: 1226183 This update for makedumpfile fixes the following issue: - don't reserve disk space for flattened format (bsc#1226183). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3424-1 Released: Tue Sep 24 17:25:50 2024 Summary: Security update for xen Type: security Severity: moderate References: 1230366,CVE-2024-45817 This update for xen fixes the following issues: - CVE-2024-45817: Fixed a deadlock in vlapic_error. (bsc#1230366, XSA-462) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3450-1 Released: Thu Sep 26 09:09:16 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1227216 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3466-1 Released: Fri Sep 27 08:18:07 2024 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1230070 This update for perl-Bootloader fixes the following issues: - Handle missing grub_installdevice on PowerPC (bsc#1230070) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3487-1 Released: Fri Sep 27 19:56:02 2024 Summary: Recommended update for logrotate Type: recommended Severity: moderate References: This update for logrotate fixes the following issues: - Backport 'ignoreduplicates' configuration flag (jsc#PED-10366) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3496-1 Released: Mon Sep 30 09:19:26 2024 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1230984 This update for rsyslog fixes the following issue: - restart daemon after update at the end of the transaction (bsc#1230984). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3522-1 Released: Fri Oct 4 10:02:34 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1230110,1230330,1230468,1230639 This update for dracut fixes the following issues: - Version update 059+suse.541.g3c2df232: * fix(dasd-rules): handle all possible options in `rd.dasd` (bsc#1230110). * fix(dracut.spec): add Builddeps for initrd posttrans macros (bsc#1230639). * fix(zfcp_rules): check for presence of legacy rules (bsc#1230330). * Fixes for NVMeoF boot (bsc#1230468) * fix(nvmf): install (only) required nvmf modules * fix(nvmf): require NVMeoF modules * fix(nvmf): move /etc/nvme/host{nqn,id} requirement to hostonly ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3529-1 Released: Fri Oct 4 15:37:44 2024 Summary: Recommended update for libpcap Type: recommended Severity: moderate References: 1230894 This update for libpcap fixes the following issue: - enable rdma support (bsc#1230894). The following package changes have been done: - containerd-ctr-1.7.21-150000.117.1 updated - containerd-1.7.21-150000.117.1 updated - dracut-059+suse.541.g3c2df232-150600.3.11.2 updated - e2fsprogs-1.47.0-150600.4.6.2 updated - fipscheck-1.7.0-150600.3.3.2 updated - glibc-locale-base-2.38-150600.14.11.2 updated - glibc-locale-2.38-150600.14.11.2 updated - glibc-2.38-150600.14.11.2 updated - grub2-i386-pc-2.12-150600.8.6.1 updated - grub2-x86_64-efi-2.12-150600.8.6.1 updated - grub2-2.12-150600.8.6.1 updated - kernel-default-6.4.0-150600.23.22.1 updated - libblkid1-2.39.3-150600.4.12.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libcurl4-8.6.0-150600.4.9.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - libext2fs2-1.47.0-150600.4.6.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libfipscheck1-1.7.0-150600.3.3.2 updated - libmount1-2.39.3-150600.4.12.2 updated - libncurses6-6.1-150000.5.27.1 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libpcap1-1.10.4-150600.3.6.2 updated - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libsolv-tools-base-0.7.30-150600.8.2.1 updated - libsystemd0-254.18-150600.4.15.10 updated - libudev1-254.18-150600.4.15.10 updated - libuuid1-2.39.3-150600.4.12.2 updated - libzypp-17.35.11-150600.3.24.1 updated - logrotate-3.18.1-150400.3.10.1 updated - makedumpfile-1.7.4-150600.3.3.2 updated - ncurses-utils-6.1-150000.5.27.1 updated - openssl-3-3.1.4-150600.5.18.1 updated - pam-config-1.1-150600.16.3.1 updated - perl-Bootloader-1.8.2-150600.3.3.1 updated - python3-base-3.6.15-150300.10.72.1 updated - python3-3.6.15-150300.10.72.1 updated - rsyslog-module-relp-8.2406.0-150600.12.6.2 updated - rsyslog-8.2406.0-150600.12.6.2 updated - runc-1.1.14-150000.70.1 updated - suseconnect-ng-1.12.0-150600.3.8.2 updated - systemd-254.18-150600.4.15.10 updated - terminfo-base-6.1-150000.5.27.1 updated - terminfo-6.1-150000.5.27.1 updated - udev-254.18-150600.4.15.10 updated - util-linux-systemd-2.39.3-150600.4.12.2 updated - util-linux-2.39.3-150600.4.12.2 updated - xen-libs-4.18.3_04-150600.3.9.1 updated - zypper-1.14.77-150600.10.11.2 updated - libabsl2401_0_0-20240116.1-150600.17.7 removed - libprotobuf-lite25_1_0-25.1-150600.16.4.2 removed From sle-container-updates at lists.suse.com Mon Oct 7 07:01:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:01:30 +0200 (CEST) Subject: SUSE-IU-2024:1464-1: Security update of suse-sles-15-sp6-chost-byos-v20241004-hvm-ssd-x86_64 Message-ID: <20241007070130.4CE58FCBE@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20241004-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1464-1 Image Tags : suse-sles-15-sp6-chost-byos-v20241004-hvm-ssd-x86_64:20241004 Image Release : Severity : important Type : security References : 1012628 1081596 1193454 1194869 1200528 1205462 1208783 1213123 1214285 1215199 1217070 1220066 1220252 1220877 1221326 1221630 1221645 1221652 1221714 1221857 1222254 1222335 1222350 1222364 1222372 1222387 1222433 1222434 1222463 1222625 1222633 1222634 1222808 1222967 1222973 1223053 1223074 1223094 1223191 1223395 1223635 1223720 1223731 1223742 1223763 1223767 1223777 1223803 1224105 1224415 1224485 1224496 1224510 1224535 1224631 1224636 1224690 1224694 1224700 1224711 1224771 1225267 1225475 1225582 1225607 1225717 1225718 1225744 1225745 1225751 1225814 1225832 1225838 1225903 1226014 1226030 1226031 1226127 1226183 1226414 1226493 1226497 1226502 1226530 1226588 1226604 1226743 1226751 1226765 1226798 1226801 1226834 1226874 1226885 1226920 1227149 1227182 1227205 1227216 1227233 1227378 1227383 1227437 1227492 1227493 1227494 1227618 1227620 1227623 1227625 1227627 1227634 1227706 1227722 1227724 1227725 1227728 1227729 1227732 1227733 1227734 1227747 1227750 1227754 1227758 1227760 1227761 1227764 1227766 1227770 1227771 1227772 1227774 1227781 1227784 1227785 1227787 1227790 1227791 1227792 1227793 1227796 1227798 1227799 1227802 1227808 1227810 1227811 1227812 1227815 1227816 1227818 1227820 1227823 1227824 1227826 1227828 1227829 1227830 1227832 1227833 1227834 1227839 1227840 1227846 1227849 1227851 1227853 1227863 1227864 1227865 1227867 1227869 1227870 1227883 1227884 1227891 1227893 1227929 1227950 1227957 1227981 1227999 1228020 1228021 1228042 1228091 1228114 1228138 1228192 1228195 1228202 1228206 1228208 1228223 1228235 1228236 1228237 1228247 1228321 1228409 1228410 1228420 1228426 1228427 1228429 1228446 1228447 1228449 1228450 1228452 1228456 1228457 1228458 1228459 1228460 1228462 1228463 1228466 1228467 1228468 1228469 1228470 1228472 1228479 1228480 1228481 1228482 1228483 1228484 1228485 1228486 1228487 1228489 1228491 1228492 1228493 1228494 1228495 1228496 1228499 1228500 1228501 1228502 1228503 1228505 1228508 1228509 1228510 1228511 1228513 1228515 1228516 1228518 1228520 1228525 1228527 1228530 1228531 1228539 1228553 1228561 1228563 1228564 1228565 1228567 1228568 1228572 1228576 1228579 1228580 1228581 1228582 1228584 1228586 1228588 1228590 1228591 1228599 1228615 1228616 1228617 1228625 1228626 1228633 1228635 1228636 1228640 1228643 1228644 1228646 1228647 1228649 1228650 1228654 1228655 1228656 1228658 1228660 1228662 1228665 1228666 1228667 1228672 1228673 1228674 1228677 1228680 1228687 1228705 1228706 1228707 1228708 1228709 1228710 1228718 1228720 1228721 1228722 1228723 1228724 1228726 1228727 1228733 1228737 1228743 1228748 1228754 1228756 1228757 1228758 1228764 1228766 1228779 1228780 1228787 1228801 1228809 1228849 1228850 1228857 1228959 1228964 1228966 1228967 1228973 1228977 1228978 1228979 1228986 1228988 1228989 1228991 1228992 1229005 1229014 1229024 1229028 1229042 1229045 1229046 1229054 1229056 1229086 1229134 1229136 1229154 1229156 1229160 1229167 1229168 1229169 1229170 1229171 1229172 1229173 1229174 1229239 1229240 1229241 1229243 1229244 1229245 1229246 1229247 1229248 1229249 1229250 1229251 1229252 1229253 1229254 1229255 1229256 1229287 1229290 1229291 1229292 1229294 1229296 1229297 1229298 1229299 1229301 1229303 1229304 1229305 1229307 1229309 1229312 1229313 1229314 1229315 1229316 1229317 1229318 1229319 1229320 1229327 1229341 1229342 1229344 1229345 1229346 1229347 1229349 1229350 1229351 1229353 1229354 1229355 1229356 1229357 1229358 1229359 1229360 1229365 1229366 1229369 1229370 1229373 1229374 1229379 1229381 1229382 1229383 1229386 1229388 1229390 1229391 1229392 1229395 1229398 1229399 1229400 1229402 1229403 1229404 1229407 1229409 1229410 1229411 1229413 1229414 1229417 1229444 1229451 1229452 1229455 1229456 1229476 1229480 1229481 1229482 1229484 1229485 1229486 1229487 1229488 1229489 1229490 1229493 1229495 1229496 1229497 1229500 1229503 1229518 1229596 1229707 1229739 1229743 1229746 1229747 1229752 1229754 1229755 1229756 1229759 1229761 1229767 1229781 1229784 1229785 1229787 1229788 1229789 1229792 1229820 1229827 1229830 1229837 1229930 1229931 1229932 1229940 1230020 1230034 1230056 1230070 1230092 1230093 1230110 1230145 1230227 1230229 1230267 1230330 1230350 1230366 1230413 1230468 1230516 1230638 1230639 1230698 1230894 1230984 222971 CVE-2022-1996 CVE-2023-45142 CVE-2023-47108 CVE-2023-52489 CVE-2023-52581 CVE-2023-52668 CVE-2023-52688 CVE-2023-52735 CVE-2023-52859 CVE-2023-52885 CVE-2023-52886 CVE-2023-52887 CVE-2023-52889 CVE-2023-7256 CVE-2024-26590 CVE-2024-26631 CVE-2024-26637 CVE-2024-26668 CVE-2024-26669 CVE-2024-26677 CVE-2024-26682 CVE-2024-26683 CVE-2024-26691 CVE-2024-26735 CVE-2024-26808 CVE-2024-26809 CVE-2024-26812 CVE-2024-26835 CVE-2024-26837 CVE-2024-26849 CVE-2024-26851 CVE-2024-26889 CVE-2024-26920 CVE-2024-26944 CVE-2024-26976 CVE-2024-27010 CVE-2024-27011 CVE-2024-27024 CVE-2024-27049 CVE-2024-27050 CVE-2024-27079 CVE-2024-27403 CVE-2024-27433 CVE-2024-27437 CVE-2024-31076 CVE-2024-35854 CVE-2024-35855 CVE-2024-35897 CVE-2024-35902 CVE-2024-35913 CVE-2024-35939 CVE-2024-35949 CVE-2024-36270 CVE-2024-36286 CVE-2024-36288 CVE-2024-36489 CVE-2024-36881 CVE-2024-36907 CVE-2024-36909 CVE-2024-36910 CVE-2024-36911 CVE-2024-36929 CVE-2024-36933 CVE-2024-36939 CVE-2024-36970 CVE-2024-36979 CVE-2024-38548 CVE-2024-38563 CVE-2024-38609 CVE-2024-38662 CVE-2024-39476 CVE-2024-39483 CVE-2024-39484 CVE-2024-39486 CVE-2024-39488 CVE-2024-39489 CVE-2024-39491 CVE-2024-39493 CVE-2024-39497 CVE-2024-39499 CVE-2024-39500 CVE-2024-39501 CVE-2024-39505 CVE-2024-39506 CVE-2024-39508 CVE-2024-39509 CVE-2024-39510 CVE-2024-40899 CVE-2024-40900 CVE-2024-40902 CVE-2024-40903 CVE-2024-40904 CVE-2024-40905 CVE-2024-40909 CVE-2024-40910 CVE-2024-40911 CVE-2024-40912 CVE-2024-40913 CVE-2024-40916 CVE-2024-40920 CVE-2024-40921 CVE-2024-40922 CVE-2024-40924 CVE-2024-40926 CVE-2024-40927 CVE-2024-40929 CVE-2024-40930 CVE-2024-40932 CVE-2024-40934 CVE-2024-40936 CVE-2024-40938 CVE-2024-40939 CVE-2024-40941 CVE-2024-40942 CVE-2024-40943 CVE-2024-40944 CVE-2024-40945 CVE-2024-40954 CVE-2024-40956 CVE-2024-40957 CVE-2024-40958 CVE-2024-40959 CVE-2024-40962 CVE-2024-40964 CVE-2024-40967 CVE-2024-40976 CVE-2024-40977 CVE-2024-40978 CVE-2024-40981 CVE-2024-40982 CVE-2024-40984 CVE-2024-40987 CVE-2024-40988 CVE-2024-40989 CVE-2024-40990 CVE-2024-40992 CVE-2024-40994 CVE-2024-40995 CVE-2024-40997 CVE-2024-41000 CVE-2024-41001 CVE-2024-41002 CVE-2024-41004 CVE-2024-41007 CVE-2024-41009 CVE-2024-41010 CVE-2024-41011 CVE-2024-41012 CVE-2024-41015 CVE-2024-41016 CVE-2024-41020 CVE-2024-41022 CVE-2024-41024 CVE-2024-41025 CVE-2024-41028 CVE-2024-41032 CVE-2024-41035 CVE-2024-41036 CVE-2024-41037 CVE-2024-41038 CVE-2024-41039 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41045 CVE-2024-41048 CVE-2024-41049 CVE-2024-41050 CVE-2024-41051 CVE-2024-41056 CVE-2024-41057 CVE-2024-41058 CVE-2024-41059 CVE-2024-41060 CVE-2024-41061 CVE-2024-41062 CVE-2024-41063 CVE-2024-41064 CVE-2024-41065 CVE-2024-41066 CVE-2024-41068 CVE-2024-41069 CVE-2024-41070 CVE-2024-41071 CVE-2024-41072 CVE-2024-41073 CVE-2024-41074 CVE-2024-41075 CVE-2024-41076 CVE-2024-41078 CVE-2024-41079 CVE-2024-41080 CVE-2024-41081 CVE-2024-41084 CVE-2024-41087 CVE-2024-41088 CVE-2024-41089 CVE-2024-41092 CVE-2024-41093 CVE-2024-41094 CVE-2024-41095 CVE-2024-41096 CVE-2024-41097 CVE-2024-41098 CVE-2024-41996 CVE-2024-42064 CVE-2024-42069 CVE-2024-42070 CVE-2024-42073 CVE-2024-42074 CVE-2024-42076 CVE-2024-42077 CVE-2024-42079 CVE-2024-42080 CVE-2024-42082 CVE-2024-42085 CVE-2024-42086 CVE-2024-42087 CVE-2024-42089 CVE-2024-42090 CVE-2024-42092 CVE-2024-42093 CVE-2024-42095 CVE-2024-42096 CVE-2024-42097 CVE-2024-42098 CVE-2024-42101 CVE-2024-42104 CVE-2024-42105 CVE-2024-42106 CVE-2024-42107 CVE-2024-42109 CVE-2024-42110 CVE-2024-42113 CVE-2024-42114 CVE-2024-42115 CVE-2024-42117 CVE-2024-42119 CVE-2024-42120 CVE-2024-42121 CVE-2024-42122 CVE-2024-42124 CVE-2024-42125 CVE-2024-42126 CVE-2024-42127 CVE-2024-42130 CVE-2024-42131 CVE-2024-42132 CVE-2024-42133 CVE-2024-42136 CVE-2024-42137 CVE-2024-42138 CVE-2024-42139 CVE-2024-42141 CVE-2024-42142 CVE-2024-42143 CVE-2024-42144 CVE-2024-42145 CVE-2024-42147 CVE-2024-42148 CVE-2024-42152 CVE-2024-42153 CVE-2024-42155 CVE-2024-42156 CVE-2024-42157 CVE-2024-42158 CVE-2024-42159 CVE-2024-42161 CVE-2024-42162 CVE-2024-42223 CVE-2024-42224 CVE-2024-42225 CVE-2024-42226 CVE-2024-42227 CVE-2024-42228 CVE-2024-42229 CVE-2024-42230 CVE-2024-42232 CVE-2024-42236 CVE-2024-42237 CVE-2024-42238 CVE-2024-42239 CVE-2024-42240 CVE-2024-42241 CVE-2024-42244 CVE-2024-42245 CVE-2024-42246 CVE-2024-42247 CVE-2024-42250 CVE-2024-42253 CVE-2024-42259 CVE-2024-42268 CVE-2024-42269 CVE-2024-42270 CVE-2024-42271 CVE-2024-42274 CVE-2024-42276 CVE-2024-42277 CVE-2024-42278 CVE-2024-42279 CVE-2024-42280 CVE-2024-42281 CVE-2024-42283 CVE-2024-42284 CVE-2024-42285 CVE-2024-42286 CVE-2024-42287 CVE-2024-42288 CVE-2024-42289 CVE-2024-42290 CVE-2024-42291 CVE-2024-42292 CVE-2024-42295 CVE-2024-42298 CVE-2024-42301 CVE-2024-42302 CVE-2024-42303 CVE-2024-42308 CVE-2024-42309 CVE-2024-42310 CVE-2024-42311 CVE-2024-42312 CVE-2024-42313 CVE-2024-42314 CVE-2024-42315 CVE-2024-42316 CVE-2024-42318 CVE-2024-42319 CVE-2024-42320 CVE-2024-42322 CVE-2024-43816 CVE-2024-43817 CVE-2024-43818 CVE-2024-43819 CVE-2024-43821 CVE-2024-43823 CVE-2024-43824 CVE-2024-43825 CVE-2024-43826 CVE-2024-43829 CVE-2024-43830 CVE-2024-43831 CVE-2024-43833 CVE-2024-43834 CVE-2024-43837 CVE-2024-43839 CVE-2024-43840 CVE-2024-43841 CVE-2024-43842 CVE-2024-43846 CVE-2024-43847 CVE-2024-43849 CVE-2024-43850 CVE-2024-43851 CVE-2024-43853 CVE-2024-43854 CVE-2024-43855 CVE-2024-43856 CVE-2024-43858 CVE-2024-43860 CVE-2024-43861 CVE-2024-43863 CVE-2024-43864 CVE-2024-43866 CVE-2024-43867 CVE-2024-43871 CVE-2024-43872 CVE-2024-43873 CVE-2024-43874 CVE-2024-43875 CVE-2024-43876 CVE-2024-43877 CVE-2024-43879 CVE-2024-43880 CVE-2024-43881 CVE-2024-43882 CVE-2024-43883 CVE-2024-43884 CVE-2024-43885 CVE-2024-43889 CVE-2024-43892 CVE-2024-43893 CVE-2024-43894 CVE-2024-43895 CVE-2024-43897 CVE-2024-43899 CVE-2024-43900 CVE-2024-43902 CVE-2024-43903 CVE-2024-43905 CVE-2024-43906 CVE-2024-43907 CVE-2024-43908 CVE-2024-43909 CVE-2024-43911 CVE-2024-43912 CVE-2024-44931 CVE-2024-44938 CVE-2024-44939 CVE-2024-45310 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-45817 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 CVE-2024-8006 CVE-2024-8096 ----------------------------------------------------------------- The container suse-sles-15-sp6-chost-byos-v20241004-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3217-1 Released: Thu Sep 12 13:06:07 2024 Summary: Security update for libpcap Type: security Severity: moderate References: 1230020,1230034,CVE-2023-7256,CVE-2024-8006 This update for libpcap fixes the following issues: - CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034) - CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3221-1 Released: Thu Sep 12 13:18:18 2024 Summary: Security update for containerd Type: security Severity: important References: 1200528,1217070,1228553,CVE-2022-1996,CVE-2023-45142,CVE-2023-47108 This update for containerd fixes the following issues: - Update to containerd v1.7.21 - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070) - CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3222-1 Released: Thu Sep 12 13:20:47 2024 Summary: Security update for runc Type: security Severity: low References: 1230092,CVE-2024-45310 This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3235-1 Released: Fri Sep 13 08:50:24 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1226497 This update for grub2 fixes the following issues: - Fix failure in bli module (bsc#1226497) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3317-1 Released: Wed Sep 18 16:38:50 2024 Summary: Recommended update for fipscheck Type: recommended Severity: moderate References: 1221714 This update for fipscheck fixes the following issue: - Backport upstream patches to fix C99 violations which are errors by default with GCC 14 (bsc#1221714). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3326-1 Released: Thu Sep 19 09:36:47 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1229014,1230229 This update for suseconnect-ng fixes the following issue: - Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3346-1 Released: Thu Sep 19 17:20:06 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3383-1 Released: Mon Sep 23 10:29:54 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1193454,1194869,1205462,1208783,1213123,1214285,1215199,1220066,1220252,1220877,1221326,1221630,1221645,1221652,1221857,1222254,1222335,1222350,1222364,1222372,1222387,1222433,1222434,1222463,1222625,1222633,1222634,1222808,1222967,1222973,1223053,1223074,1223191,1223395,1223635,1223720,1223731,1223742,1223763,1223767,1223777,1223803,1224105,1224415,1224485,1224496,1224510,1224535,1224631,1224636,1224690,1224694,1224700,1224711,1225475,1225582,1225607,1225717,1225718,1225744,1225745,1225751,1225814,1225832,1225838,1225903,1226031,1226127,1226502,1226530,1226588,1226604,1226743,1226751,1226765,1226798,1226801,1226834,1226874,1226885,1226920,1227149,1227182,1227383,1227437,1227492,1227493,1227494,1227618,1227620,1227623,1227627,1227634,1227706,1227722,1227724,1227725,1227728,1227729,1227732,1227733,1227734,1227747,1227750,1227754,1227758,1227760,1227761,1227764,1227766,1227770,1227771,1227772,1227774,1227781,1227784,1227785,1227787,1227790,1227791,1227792,1227796,1 227798,1227799,1227802,1227808,1227810,1227811,1227812,1227815,1227816,1227818,1227820,1227823,1227824,1227826,1227828,1227829,1227830,1227832,1227833,1227834,1227839,1227840,1227846,1227849,1227851,1227853,1227863,1227864,1227865,1227867,1227869,1227870,1227883,1227884,1227891,1227893,1227929,1227950,1227957,1227981,1228020,1228021,1228114,1228192,1228195,1228202,1228235,1228236,1228237,1228247,1228321,1228409,1228410,1228426,1228427,1228429,1228446,1228447,1228449,1228450,1228452,1228456,1228457,1228458,1228459,1228460,1228462,1228463,1228466,1228467,1228468,1228469,1228470,1228472,1228479,1228480,1228481,1228482,1228483,1228484,1228485,1228486,1228487,1228489,1228491,1228492,1228493,1228494,1228495,1228496,1228499,1228500,1228501,1228502,1228503,1228505,1228508,1228509,1228510,1228511,1228513,1228515,1228516,1228518,1228520,1228525,1228527,1228530,1228531,1228539,1228561,1228563,1228564,1228565,1228567,1228568,1228572,1228576,1228579,1228580,1228581,1228582,1228584,1228586,122858 8,1228590,1228591,1228599,1228615,1228616,1228617,1228625,1228626,1228633,1228635,1228636,1228640,1228643,1228644,1228646,1228649,1228650,1228654,1228655,1228656,1228658,1228660,1228662,1228665,1228666,1228667,1228672,1228673,1228674,1228677,1228680,1228687,1228705,1228706,1228707,1228708,1228709,1228710,1228718,1228720,1228721,1228722,1228723,1228724,1228726,1228727,1228733,1228737,1228743,1228748,1228754,1228756,1228757,1228758,1228764,1228766,1228779,1228801,1228849,1228850,1228857,1228959,1228964,1228966,1228967,1228973,1228977,1228978,1228979,1228986,1228988,1228989,1228991,1228992,1229005,1229024,1229042,1229045,1229046,1229054,1229056,1229086,1229134,1229136,1229154,1229156,1229160,1229167,1229168,1229169,1229170,1229171,1229172,1229173,1229174,1229239,1229240,1229241,1229243,1229244,1229245,1229246,1229247,1229248,1229249,1229250,1229251,1229252,1229253,1229254,1229255,1229256,1229287,1229290,1229291,1229292,1229294,1229296,1229297,1229298,1229299,1229301,1229303,1229304,122 9305,1229307,1229309,1229312,1229313,1229314,1229315,1229316,1229317,1229318,1229319,1229320,1229327,1229341,1229342,1229344,1229345,1229346,1229347,1229349,1229350,1229351,1229353,1229354,1229355,1229356,1229357,1229358,1229359,1229360,1229365,1229366,1229369,1229370,1229373,1229374,1229379,1229381,1229382,1229383,1229386,1229388,1229390,1229391,1229392,1229395,1229398,1229399,1229400,1229402,1229403,1229404,1229407,1229409,1229410,1229411,1229413,1229414,1229417,1229444,1229451,1229452,1229455,1229456,1229480,1229481,1229482,1229484,1229485,1229486,1229487,1229488,1229489,1229490,1229493,1229495,1229496,1229497,1229500,1229503,1229707,1229739,1229743,1229746,1229747,1229752,1229754,1229755,1229756,1229759,1229761,1229767,1229781,1229784,1229785,1229787,1229788,1229789,1229792,1229820,1229827,1229830,1229837,1229940,1230056,1230350,1230413,CVE-2023-52489,CVE-2023-52581,CVE-2023-52668,CVE-2023-52688,CVE-2023-52735,CVE-2023-52859,CVE-2023-52885,CVE-2023-52886,CVE-2023-52887,CVE-2023- 52889,CVE-2024-26590,CVE-2024-26631,CVE-2024-26637,CVE-2024-26668,CVE-2024-26669,CVE-2024-26677,CVE-2024-26682,CVE-2024-26683,CVE-2024-26691,CVE-2024-26735,CVE-2024-26808,CVE-2024-26809,CVE-2024-26812,CVE-2024-26835,CVE-2024-26837,CVE-2024-26849,CVE-2024-26851,CVE-2024-26889,CVE-2024-26920,CVE-2024-26944,CVE-2024-26976,CVE-2024-27010,CVE-2024-27011,CVE-2024-27024,CVE-2024-27049,CVE-2024-27050,CVE-2024-27079,CVE-2024-27403,CVE-2024-27433,CVE-2024-27437,CVE-2024-31076,CVE-2024-35854,CVE-2024-35855,CVE-2024-35897,CVE-2024-35902,CVE-2024-35913,CVE-2024-35939,CVE-2024-35949,CVE-2024-36270,CVE-2024-36286,CVE-2024-36288,CVE-2024-36489,CVE-2024-36881,CVE-2024-36907,CVE-2024-36909,CVE-2024-36910,CVE-2024-36911,CVE-2024-36929,CVE-2024-36933,CVE-2024-36939,CVE-2024-36970,CVE-2024-36979,CVE-2024-38548,CVE-2024-38563,CVE-2024-38609,CVE-2024-38662,CVE-2024-39476,CVE-2024-39483,CVE-2024-39484,CVE-2024-39486,CVE-2024-39488,CVE-2024-39489,CVE-2024-39491,CVE-2024-39493,CVE-2024-39497,CVE-2024-39499,C VE-2024-39500,CVE-2024-39501,CVE-2024-39505,CVE-2024-39506,CVE-2024-39508,CVE-2024-39509,CVE-2024-39510,CVE-2024-40899,CVE-2024-40900,CVE-2024-40902,CVE-2024-40903,CVE-2024-40904,CVE-2024-40905,CVE-2024-40909,CVE-2024-40910,CVE-2024-40911,CVE-2024-40912,CVE-2024-40913,CVE-2024-40916,CVE-2024-40920,CVE-2024-40921,CVE-2024-40922,CVE-2024-40924,CVE-2024-40926,CVE-2024-40927,CVE-2024-40929,CVE-2024-40930,CVE-2024-40932,CVE-2024-40934,CVE-2024-40936,CVE-2024-40938,CVE-2024-40939,CVE-2024-40941,CVE-2024-40942,CVE-2024-40943,CVE-2024-40944,CVE-2024-40945,CVE-2024-40954,CVE-2024-40956,CVE-2024-40957,CVE-2024-40958,CVE-2024-40959,CVE-2024-40962,CVE-2024-40964,CVE-2024-40967,CVE-2024-40976,CVE-2024-40977,CVE-2024-40978,CVE-2024-40981,CVE-2024-40982,CVE-2024-40984,CVE-2024-40987,CVE-2024-40988,CVE-2024-40989,CVE-2024-40990,CVE-2024-40992,CVE-2024-40994,CVE-2024-40995,CVE-2024-40997,CVE-2024-41000,CVE-2024-41001,CVE-2024-41002,CVE-2024-41004,CVE-2024-41007,CVE-2024-41009,CVE-2024-41010,CVE-2024 -41011,CVE-2024-41012,CVE-2024-41015,CVE-2024-41016,CVE-2024-41020,CVE-2024-41022,CVE-2024-41024,CVE-2024-41025,CVE-2024-41028,CVE-2024-41032,CVE-2024-41035,CVE-2024-41036,CVE-2024-41037,CVE-2024-41038,CVE-2024-41039,CVE-2024-41040,CVE-2024-41041,CVE-2024-41044,CVE-2024-41045,CVE-2024-41048,CVE-2024-41049,CVE-2024-41050,CVE-2024-41051,CVE-2024-41056,CVE-2024-41057,CVE-2024-41058,CVE-2024-41059,CVE-2024-41060,CVE-2024-41061,CVE-2024-41062,CVE-2024-41063,CVE-2024-41064,CVE-2024-41065,CVE-2024-41066,CVE-2024-41068,CVE-2024-41069,CVE-2024-41070,CVE-2024-41071,CVE-2024-41072,CVE-2024-41073,CVE-2024-41074,CVE-2024-41075,CVE-2024-41076,CVE-2024-41078,CVE-2024-41079,CVE-2024-41080,CVE-2024-41081,CVE-2024-41084,CVE-2024-41087,CVE-2024-41088,CVE-2024-41089,CVE-2024-41092,CVE-2024-41093,CVE-2024-41094,CVE-2024-41095,CVE-2024-41096,CVE-2024-41097,CVE-2024-41098,CVE-2024-42064,CVE-2024-42069,CVE-2024-42070,CVE-2024-42073,CVE-2024-42074,CVE-2024-42076,CVE-2024-42077,CVE-2024-42079,CVE-2024-42080, CVE-2024-42082,CVE-2024-42085,CVE-2024-42086,CVE-2024-42087,CVE-2024-42089,CVE-2024-42090,CVE-2024-42092,CVE-2024-42093,CVE-2024-42095,CVE-2024-42096,CVE-2024-42097,CVE-2024-42098,CVE-2024-42101,CVE-2024-42104,CVE-2024-42105,CVE-2024-42106,CVE-2024-42107,CVE-2024-42109,CVE-2024-42110,CVE-2024-42113,CVE-2024-42114,CVE-2024-42115,CVE-2024-42117,CVE-2024-42119,CVE-2024-42120,CVE-2024-42121,CVE-2024-42122,CVE-2024-42124,CVE-2024-42125,CVE-2024-42126,CVE-2024-42127,CVE-2024-42130,CVE-2024-42131,CVE-2024-42132,CVE-2024-42133,CVE-2024-42136,CVE-2024-42137,CVE-2024-42138,CVE-2024-42139,CVE-2024-42141,CVE-2024-42142,CVE-2024-42143,CVE-2024-42144,CVE-2024-42145,CVE-2024-42147,CVE-2024-42148,CVE-2024-42152,CVE-2024-42153,CVE-2024-42155,CVE-2024-42156,CVE-2024-42157,CVE-2024-42158,CVE-2024-42159,CVE-2024-42161,CVE-2024-42162,CVE-2024-42223,CVE-2024-42224,CVE-2024-42225,CVE-2024-42226,CVE-2024-42227,CVE-2024-42228,CVE-2024-42229,CVE-2024-42230,CVE-2024-42232,CVE-2024-42236,CVE-2024-42237,CVE-202 4-42238,CVE-2024-42239,CVE-2024-42240,CVE-2024-42241,CVE-2024-42244,CVE-2024-42245,CVE-2024-42246,CVE-2024-42247,CVE-2024-42250,CVE-2024-42253,CVE-2024-42259,CVE-2024-42268,CVE-2024-42269,CVE-2024-42270,CVE-2024-42271,CVE-2024-42274,CVE-2024-42276,CVE-2024-42277,CVE-2024-42278,CVE-2024-42279,CVE-2024-42280,CVE-2024-42281,CVE-2024-42283,CVE-2024-42284,CVE-2024-42285,CVE-2024-42286,CVE-2024-42287,CVE-2024-42288,CVE-2024-42289,CVE-2024-42290,CVE-2024-42291,CVE-2024-42292,CVE-2024-42295,CVE-2024-42298,CVE-2024-42301,CVE-2024-42302,CVE-2024-42303,CVE-2024-42308,CVE-2024-42309,CVE-2024-42310,CVE-2024-42311,CVE-2024-42312,CVE-2024-42313,CVE-2024-42314,CVE-2024-42315,CVE-2024-42316,CVE-2024-42318,CVE-2024-42319,CVE-2024-42320,CVE-2024-42322,CVE-2024-43816,CVE-2024-43817,CVE-2024-43818,CVE-2024-43819,CVE-2024-43821,CVE-2024-43823,CVE-2024-43824,CVE-2024-43825,CVE-2024-43826,CVE-2024-43829,CVE-2024-43830,CVE-2024-43831,CVE-2024-43833,CVE-2024-43834,CVE-2024-43837,CVE-2024-43839,CVE-2024-43840 ,CVE-2024-43841,CVE-2024-43842,CVE-2024-43846,CVE-2024-43847,CVE-2024-43849,CVE-2024-43850,CVE-2024-43851,CVE-2024-43853,CVE-2024-43854,CVE-2024-43855,CVE-2024-43856,CVE-2024-43858,CVE-2024-43860,CVE-2024-43861,CVE-2024-43863,CVE-2024-43864,CVE-2024-43866,CVE-2024-43867,CVE-2024-43871,CVE-2024-43872,CVE-2024-43873,CVE-2024-43874,CVE-2024-43875,CVE-2024-43876,CVE-2024-43877,CVE-2024-43879,CVE-2024-43880,CVE-2024-43881,CVE-2024-43882,CVE-2024-43883,CVE-2024-43884,CVE-2024-43885,CVE-2024-43889,CVE-2024-43892,CVE-2024-43893,CVE-2024-43894,CVE-2024-43895,CVE-2024-43897,CVE-2024-43899,CVE-2024-43900,CVE-2024-43902,CVE-2024-43903,CVE-2024-43905,CVE-2024-43906,CVE-2024-43907,CVE-2024-43908,CVE-2024-43909,CVE-2024-43911,CVE-2024-43912,CVE-2024-44931,CVE-2024-44938,CVE-2024-44939 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-43911: wifi: mac80211: fix NULL dereference at band check in starting tx ba session (bsc#1229827). - CVE-2024-43899: drm/amd/display: Fix null pointer deref in dcn20_resource.c (bsc#1229754). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2024-43880: kabi: lib: objagg: Put back removed metod in struct objagg_ops (bsc#1229481). - CVE-2024-43866: net/mlx5: Always drain health in shutdown callback (bsc#1229495). - CVE-2024-43864: net/mlx5e: Fix CT entry update leaks of modify header context (bsc#1229496). - CVE-2024-43855: md: fix deadlock between mddev_suspend and flush bio (bsc#1229342). - CVE-2024-43854: block: initialize integrity buffer to zero before writing it to media (bsc#1229345) - CVE-2024-43850: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove (bsc#1229316). - CVE-2024-43839: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301). - CVE-2024-43837: bpf: Fix updating attached freplace prog in prog_array map (bsc#1229297). - CVE-2024-43834: xdp: fix invalid wait context of page_pool_destroy() (bsc#1229314) - CVE-2024-43831: media: mediatek: vcodec: Handle invalid decoder vsi (bsc#1229309). - CVE-2024-43821: scsi: lpfc: Fix a possible null pointer dereference (bsc#1229315). - CVE-2024-42322: ipvs: properly dereference pe in ip_vs_add_service (bsc#1229347) - CVE-2024-42318: landlock: Do not lose track of restrictions on cred_transfer (bsc#1229351). - CVE-2024-42316: mm/mglru: fix div-by-zero in vmpressure_calc_level() (bsc#1229353). - CVE-2024-42312: sysctl: always initialize i_uid/i_gid (bsc#1229357) - CVE-2024-42308: Update DRM patch reference (bsc#1229411) - CVE-2024-42301: dev/parport: fix the array out-of-bounds risk (bsc#1229407). - CVE-2024-42295: nilfs2: handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370). - CVE-2024-42291: ice: Add a per-VF limit on number of FDIR filters (bsc#1229374). - CVE-2024-42290: irqchip/imx-irqsteer: Handle runtime power management correctly (bsc#1229379). - CVE-2024-42284: tipc: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382) - CVE-2024-42283: net: nexthop: Initialize all fields in dumped nexthops (bsc#1229383) - CVE-2024-42281: bpf: Fix a segment issue when downgrading gso_size (bsc#1229386). - CVE-2024-42277: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409). - CVE-2024-42270: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init() (bsc#1229404). - CVE-2024-42269: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init() (bsc#1229402). - CVE-2024-42268: net/mlx5: Fix missing lock on sync reset reload (bsc#1229391). - CVE-2024-42247: wireguard: allowedips: avoid unaligned 64-bit memory accesses (bsc#1228988). - CVE-2024-42246: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989). - CVE-2024-42245: Revert 'sched/fair: Make sure to try to detach at least one movable task' (bsc#1228978). - CVE-2024-42241: mm/shmem: disable PMD-sized page cache if needed (bsc#1228986). - CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723). - CVE-2024-42162: gve: Account for stopped queues when reading NIC stats (bsc#1228706). - CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756). - CVE-2024-42159: scsi: mpi3mr: fix sanitise num_phys (bsc#1228754). - CVE-2024-42158: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720). - CVE-2024-42157: s390/pkey: Wipe sensitive data on failure (bsc#1228727). - CVE-2024-42156: s390/pkey: Wipe copies of clear-key structures on failure (bsc#1228722). - CVE-2024-42155: s390/pkey: Wipe copies of protected- and secure-keys (bsc#1228733). - CVE-2024-42148: bnx2x: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487). - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743). - CVE-2024-42142: net/mlx5: E-switch, Create ingress ACL when needed (bsc#1228491). - CVE-2024-42139: ice: Fix improper extts handling (bsc#1228503). - CVE-2024-42138: mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file (bsc#1228500). - CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705). - CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591). - CVE-2024-42113: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts (bsc#1228568). - CVE-2024-42110: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501). - CVE-2024-42109: netfilter: nf_tables: unconditionally flush pending work before notifier (bsc#1228505). - CVE-2024-42107: ice: Do not process extts if PTP is disabled (bsc#1228494). - CVE-2024-42106: inet_diag: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493). - CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633). - CVE-2024-42095: serial: 8250_omap: Fix Errata i2310 with RX FIFO level check (bsc#1228446). - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-42082: xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482). - CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672). - CVE-2024-42073: mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems (bsc#1228457). - CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470). - CVE-2024-41084: cxl/region: Avoid null pointer dereference in region lookup (bsc#1228472). - CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617). - CVE-2024-41080: io_uring: fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616). - CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655). - CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649). - CVE-2024-41075: cachefiles: add consistency check for copen/cread (bsc#1228646). - CVE-2024-41074: cachefiles: Set object to close if ondemand_id < 0 in copen (bsc#1228643). - CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-41068: s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579). - CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640). - CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599). - CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576). - CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459). - CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462). - CVE-2024-41051: cachefiles: wait for ondemand_object_worker to finish when dropping object (bsc#1228468). - CVE-2024-41050: cachefiles: cyclic allocation of msg_id to avoid reuse (bsc#1228499). - CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565). - CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530). - CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520). - CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518). - CVE-2024-41036: net: ks8851: Fix deadlock with the SPI chip variant (bsc#1228496). - CVE-2024-41032: mm: vmalloc: check if a hash-index is in cpu_possible_mask (bsc#1228460). - CVE-2024-41020: filelock: Fix fcntl/close race recovery compat path (bsc#1228427). - CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-41010: bpf: Fix too early release of tcx_entry (bsc#1228021). - CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-41007: tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863). - CVE-2024-41000: block/ioctl: prefer different overflow check (bsc#1227867). - CVE-2024-40995: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830). - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-40978: scsi: qedi: Fix crash while reading debugfs attribute (bsc#1227929). - CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884). - CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812). - CVE-2024-40957: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (bsc#1227811). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-40939: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail (bsc#1227799). - CVE-2024-40938: landlock: fix d_parent walk (bsc#1227840). - CVE-2024-40921: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (bsc#1227784). - CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (bsc#1227781). - CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798). - CVE-2024-40905: ipv6: fix possible race in __fib6_drop_pcpu_from() (bsc#1227761) - CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729). - CVE-2024-39489: ipv6: sr: fix memleak in seg6_hmac_init_algo (bsc#1227623) - CVE-2024-38662: selftests/bpf: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885). - CVE-2024-36979: net: bridge: mst: fix vlan use-after-free (bsc#1226604). - CVE-2024-36933: net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832). - CVE-2024-36929: net: core: reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36881: mm/userfaultfd: Fix reset ptes when close() for wr-protected (bsc#1225718). - CVE-2024-36489: tls: fix missing memory barrier in tls_init (bsc#1226874) - CVE-2024-36286: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801) - CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (bsc#1226798) - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700). - CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535). - CVE-2024-35897: netfilter: nf_tables: discard table flag update with pending basechain deletion (bsc#1224510). - CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625). - CVE-2024-27433: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() (bsc#1224711). - CVE-2024-27403: kabi: restore const specifier in flow_offload_route_init() (bsc#1224415). - CVE-2024-27079: iommu/vt-d: Fix NULL domain on device release (bsc#1223742). - CVE-2024-27024: net/rds: fix WARNING in rds_conn_connect_if_down (bsc#1223777). - CVE-2024-27011: netfilter: nf_tables: fix memleak in map from abort path (bsc#1223803). - CVE-2024-27010: net/sched: Fix mirred deadlock on device recursion (bsc#1223720). - CVE-2024-26851: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (bsc#1223074) - CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973). - CVE-2024-26835: netfilter: nf_tables: set dormant flag on hook register failure (bsc#1222967). - CVE-2024-26812: kABI: vfio: struct virqfd kABI workaround (bsc#1222808). - CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only from destroy path (bsc#1222633). - CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-26735: ipv6: sr: fix possible use-after-free and null-ptr-deref (bsc#1222372). - CVE-2024-26677: blacklist.conf: Add e7870cf13d20 ('rxrpc: Fix delayed ACKs to not set the reference serial number') (bsc#1222387) - CVE-2024-26669: kABI fix for net/sched: flower: Fix chain template offload (bsc#1222350). - CVE-2024-26668: netfilter: nft_limit: reject configurations that cause integer overflow (bsc#1222335). - CVE-2024-26631: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630). - CVE-2024-26590: erofs: fix inconsistent per-file compression format (bsc#1220252). - CVE-2023-52889: apparmor: Fix null pointer deref when receiving skb during sock creation (bsc#1229287). - CVE-2023-52859: perf: hisi: Fix use-after-free when register pmu fails (bsc#1225582). - CVE-2023-52581: netfilter: nf_tables: fix memleak when more than 255 elements expired (bsc#1220877). - CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326). The following non-security bugs were fixed: - ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window (git-fixes). - ACPI: SBS: manage alarm sysfs attribute through psy core (stable-fixes). - ACPI: battery: create alarm sysfs attribute atomically (stable-fixes). - ACPI: processor_idle: use raw_safe_halt() in acpi_idle_play_dead() (git-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes). - ALSA: hda/realtek - Fixed ALC285 headphone no sound (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G (stable-fixes). - ALSA: hda/realtek: Add support for new HP G12 laptops (stable-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop 14-ey0xxx (stable-fixes). - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book3 Ultra (stable-fixes). - ALSA: hda/realtek: Implement sound init sequence for Samsung Galaxy Book3 Pro 360 (stable-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED (stable-fixes). - ALSA: hda/tas2781: Use correct endian conversion (git-fixes). - ALSA: hda/tas2781: fix wrong calibrated data order (git-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Conditionally use snooping for AMD HDMI (git-fixes). - ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: seq: Skip event type filtering for UMP events (git-fixes). - ALSA: seq: ump: Explicitly reset RPN with Null RPN (stable-fixes). - ALSA: seq: ump: Optimize conversions from SysEx to UMP (git-fixes). - ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes). - ALSA: seq: ump: Use the common RPN/bank conversion context (stable-fixes). - ALSA: timer: Relax start tick time check for slave timer elements (git-fixes). - ALSA: ump: Explicitly reset RPN with Null RPN (stable-fixes). - ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes). - ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes). - ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes). - ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes). - ASoC: SOF: Intel: hda-dsp: Make sure that no irq handler is pending before suspend (stable-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: SOF: amd: Fix for acp init sequence (git-fixes). - ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data (stable-fixes). - ASoC: SOF: mediatek: Add missing board compatible (stable-fixes). - ASoC: allow module autoloading for table board_ids (stable-fixes). - ASoC: allow module autoloading for table db1200_pids (stable-fixes). - ASoC: amd: acp: fix module autoloading (git-fixes). - ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx (bsc#1227182). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: cs35l45: Checks index of cs35l45_irqs[] (stable-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile (stable-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio (stable-fixes). - Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes). - Bluetooth: L2CAP: Fix deadlock (git-fixes). - Bluetooth: MGMT: Add error handling to pair_device() (git-fixes). - Bluetooth: SMP: Fix assumption of Central always being Initiator (git-fixes). - Bluetooth: bnep: Fix out-of-bound access (stable-fixes). - Bluetooth: btintel: Fail setup on error (git-fixes). - Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading (stable-fixes). - Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (stable-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (stable-fixes). - Bluetooth: hci_conn: Check non NULL function before calling for HFP offload (stable-fixes). - Bluetooth: hci_core: Fix LE quote calculation (git-fixes). - Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes). - Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes). - Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv monitor (git-fixes). - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes). - Drop libata patch that caused a regression (bsc#1229054) - HID: wacom: Defer calculation of resolution until resolution_code is known (git-fixes). - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (bsc#1229056). - Input: i8042 - add forcenorestore quirk to leave controller untouched even on s3 (stable-fixes). - Input: i8042 - use new forcenorestore quirk to replace old buggy quirk combination (stable-fixes). - KVM: Always flush async #PF workqueue when vCPU is being destroyed (git-fixes). - KVM: Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY (git-fixes). - KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869). - KVM: PPC: Book3S HV: Handle pending exceptions on guest entry with MSR_EE (bsc#1215199). - KVM: Protect vcpu->pid dereference via debugfs with RCU (git-fixes). - KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes). - KVM: Stop processing *all* memslots when 'null' mmu_notifier handler is found (git-fixes). - KVM: VMX: Move posted interrupt descriptor out of VMX code (git-fixes). - KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() (git-fixes). - KVM: VMX: Switch __vmx_exit() and kvm_x86_vendor_exit() in vmx_exit() (git-fixes). - KVM: arm64: AArch32: Fix spurious trapping of conditional instructions (git-fixes). - KVM: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes). - KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes). - KVM: arm64: Fix AArch32 register narrowing on userspace write (git-fixes). - KVM: arm64: Fix __pkvm_init_switch_pgd call ABI (git-fixes). - KVM: arm64: Fix clobbered ELR in sync abort/SError (git-fixes) - KVM: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes). - KVM: arm64: timers: Correctly handle TGE flip with CNTPOFF_EL2 (git-fixes). - KVM: arm64: timers: Fix resource leaks in kvm_timer_hyp_init() (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes). - KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes). - KVM: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes). - KVM: arm64: vgic: Add a non-locking primitive for kvm_vgic_vcpu_destroy() (git-fixes). - KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy (git-fixes). - KVM: arm64: vgic: Simplify kvm_vgic_destroy() (git-fixes). - KVM: fix kvm_mmu_memory_cache allocation warning (git-fixes). - KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector (git-fixes). - KVM: nVMX: Check for pending posted interrupts when looking for nested events (git-fixes). - KVM: nVMX: Request immediate exit iff pending nested event needs injection (git-fixes). - KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes). - KVM: s390: fix validity interception issue when gisa is switched off (git-fixes bsc#1229167). - KVM: x86/mmu: Bug the VM if KVM tries to split a !hugepage SPTE (git-fixes). - KVM: x86: Limit check IDs for KVM_SET_BOOT_CPU_ID (git-fixes). - Move upstreamed powerpc patches into sorted section - Move upstreamed sound patches into sorted section - Moved upstreamed ASoC patch into sorted section - NFSD: Support write delegations in LAYOUTGET (git-fixes). - NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - PCI: Add Edimax Vendor ID to pci_ids.h (stable-fixes). - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes). - PCI: loongson: Enable MSI in LS7A Root Complex (stable-fixes). - RDMA/cache: Release GID table even if leak is detected (git-fixes) - RDMA/device: Return error earlier if port in not valid (git-fixes) - RDMA/hns: Check atomic wr length (git-fixes) - RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes) - RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes) - RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes) - RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes) - RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes) - RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes) - RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes) - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes) - RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes). - RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes) - RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes) - RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes) - RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes) - RDMA: Fix netdev tracker in ib_device_set_netdev (git-fixes) - Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (bsc#1208783). - Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (bsc#1208783). - Revert 'KVM: Prevent module exit until all VMs are freed' (git-fixes). - Revert 'Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d'' (git-fixes). - Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (git-fixes). - Revert 'misc: fastrpc: Restrict untrusted app to attach to privileged PD' (git-fixes). - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413). - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413). - Revert 'usb: gadget: uvc: cleanup request when not in correct state' (stable-fixes). - Revert 'usb: typec: tcpm: clear pd_event queue in PORT_RESET' (git-fixes). - SUNRPC: Fix a race to wake a sync task (git-fixes). - SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes). - Squashfs: fix variable overflow triggered by sysbot (git-fixes). - USB: serial: debug: do not echo input by default (stable-fixes). - Update config files. Disable CONFIG_KFENCE on ppc64le (bsc#1226920) - Update config files. Disable vdpa drivers for Alibaba ENI and SolidNET (jsc#PED-8954, bsc#1227834) - Update patch references for ASoC regression fixes (bsc#1229045, bsc#1229046) - afs: fix __afs_break_callback() / afs_drop_open_mmap() race (git-fixes). - apparmor: unpack transition table if dfa is not present (bsc#1226031). - arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes) - arm64: Add Neoverse-V2 part (git-fixes) - arm64: Fix KASAN random tag seed initialization (git-fixes) - arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes) - arm64: barrier: Restore spec_bar() macro (git-fixes) - arm64: cputype: Add Cortex-A720 definitions (git-fixes) - arm64: cputype: Add Cortex-A725 definitions (git-fixes) - arm64: cputype: Add Cortex-X1C definitions (git-fixes) - arm64: cputype: Add Cortex-X3 definitions (git-fixes) - arm64: cputype: Add Cortex-X4 definitions (git-fixes) - arm64: cputype: Add Cortex-X925 definitions (git-fixes) - arm64: cputype: Add Neoverse-V3 definitions (git-fixes) - arm64: dts: imx8mp: Add NPU Node (git-fixes) - arm64: dts: imx8mp: Fix pgc vpu locations (git-fixes) - arm64: dts: imx8mp: Fix pgc_mlmix location (git-fixes) - arm64: dts: imx8mp: add HDMI power-domains (git-fixes) - arm64: errata: Expand speculative SSBS workaround (again) (git-fixes) - arm64: errata: Expand speculative SSBS workaround (git-fixes) - arm64: errata: Unify speculative SSBS errata logic (git-fixes). Update config files. - arm64: jump_label: Ensure patched jump_labels are visible to all CPUs (git-fixes) - ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 (stable-fixes). - ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error (stable-fixes). - blacklist.conf: Add libata upstream revert entry (bsc#1229054) - bnxt_re: Fix imm_data endianness (git-fixes) - bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG (git-fixes) - bpf, lpm: Fix check prefixlen before walking trie (git-fixes). - bpf/tests: Remove duplicate JSGT tests (git-fixes). - bpf: Add crosstask check to __bpf_get_stack (git-fixes). - bpf: Detect IP == ksym.end as part of BPF program (git-fixes). - bpf: Ensure proper register state printing for cond jumps (git-fixes). - bpf: Fix a few selftest failures due to llvm18 change (git-fixes). - bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903). - bpf: Fix check_stack_write_fixed_off() to correctly spill imm (git-fixes). - bpf: Fix kfunc callback register type handling (git-fixes). - bpf: Fix prog_array_map_poke_run map poke update (git-fixes). - bpf: Fix unnecessary -EBUSY from htab_lock_bucket (git-fixes). - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly (git-fixes). - bpf: Remove unnecessary wait from bpf_map_copy_value() (git-fixes). - bpf: Set uattr->batch.count as zero before batched update or deletion (git-fixes). - bpf: do not infer PTR_TO_CTX for programs with unnamed context type (git-fixes). - bpf: enforce precision of R0 on callback return (git-fixes). - bpf: extract bpf_ctx_convert_map logic and make it more reusable (git-fixes). - bpf: fix control-flow graph checking in privileged mode (git-fixes). - bpf: handle bpf_user_pt_regs_t typedef explicitly for PTR_TO_CTX global arg (git-fixes). - bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes() (git-fixes). - bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes). - bpf: simplify btf_get_prog_ctx_type() into btf_is_prog_ctx_type() (git-fixes). - bpftool: Align output skeleton ELF code (git-fixes). - bpftool: Fix -Wcast-qual warning (git-fixes). - bpftool: Silence build warning about calloc() (git-fixes). - bpftool: mark orphaned programs during prog show (git-fixes). - btrfs: add a btrfs_finish_ordered_extent helper (git-fixes). - btrfs: add a is_data_bbio helper (git-fixes). - btrfs: add an ordered_extent pointer to struct btrfs_bio (git-fixes). - btrfs: copy dir permission and time when creating a stub subvolume (bsc#1228321). - btrfs: ensure fast fsync waits for ordered extents after a write failure (git-fixes). - btrfs: factor out a btrfs_queue_ordered_fn helper (git-fixes). - btrfs: factor out a can_finish_ordered_extent helper (git-fixes). - btrfs: fix corruption after buffer fault in during direct IO append write (git-fixes). - btrfs: fix double inode unlock for direct IO sync writes (git-fixes). - btrfs: fix extent map use-after-free when adding pages to compressed bio (git-fixes). - btrfs: fix leak of qgroup extent records after transaction abort (git-fixes). - btrfs: fix ordered extent split error handling in btrfs_dio_submit_io (git-fixes). - btrfs: limit write bios to a single ordered extent (git-fixes). - btrfs: make btrfs_finish_ordered_extent() return void (git-fixes). - btrfs: merge the two calls to btrfs_add_ordered_extent in run_delalloc_nocow (git-fixes). - btrfs: open code btrfs_bio_end_io in btrfs_dio_submit_io (git-fixes). - btrfs: open code end_extent_writepage in end_bio_extent_writepage (git-fixes). - btrfs: pass a btrfs_inode to btrfs_fdatawrite_range() (git-fixes). - btrfs: pass a btrfs_inode to btrfs_wait_ordered_range() (git-fixes). - btrfs: pass an ordered_extent to btrfs_reloc_clone_csums (git-fixes). - btrfs: pass an ordered_extent to btrfs_submit_compressed_write (git-fixes). - btrfs: remove btrfs_add_ordered_extent (git-fixes). - btrfs: rename err to ret in btrfs_direct_write() (git-fixes). - btrfs: uninline some static inline helpers from tree-log.h (git-fixes). - btrfs: use a btrfs_inode in the log context (struct btrfs_log_ctx) (git-fixes). - btrfs: use a btrfs_inode local variable at btrfs_sync_file() (git-fixes). - btrfs: use bbio->ordered in btrfs_csum_one_bio (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete buffered writes (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete compressed writes (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete direct writes (git-fixes). - btrfs: use irq safe locking when running and adding delayed iputs (git-fixes). - cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode (bsc#1229245). - cachefiles: add missing lock protection when polling (bsc#1229256). - cachefiles: add restore command to recover inflight ondemand read requests (bsc#1229244). - cachefiles: add spin_lock for cachefiles_ondemand_info (bsc#1229249). - cachefiles: cancel all requests for the object that is being dropped (bsc#1229255). - cachefiles: defer exposing anon_fd until after copy_to_user() succeeds (bsc#1229251). - cachefiles: extract ondemand info field from cachefiles_object (bsc#1229240). - cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() (bsc#1229247). - cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() (bsc#1229246). - cachefiles: introduce object ondemand state (bsc#1229239). - cachefiles: make on-demand read killable (bsc#1229252). - cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode (bsc#1229243). - cachefiles: never get a new anonymous fd if ondemand_id is valid (bsc#1229250). - cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229253). - cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read() (bsc#1229248). - cachefiles: resend an open request if the read request's object is closed (bsc#1229241). - cachefiles: stop sending new request when dropping object (bsc#1229254). - can: mcp251xfd: tef: prepare to workaround broken TEF FIFO tail index erratum (stable-fixes). - can: mcp251xfd: tef: update workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes). - ceph: periodically flush the cap releases (bsc#1230056). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - char: xillybus: Check USB endpoints when probing device (git-fixes). - char: xillybus: Do not destroy workqueue from work item running on it (stable-fixes). - char: xillybus: Refine workqueue handling (git-fixes). - clk: en7523: fix rate divider for slic and spi clocks (git-fixes). - clk: qcom: Park shared RCGs upon registration (git-fixes). - clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs (git-fixes). - clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and flags (git-fixes). - clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock (git-fixes). - clk: qcom: gpucc-sa8775p: Park RCG's clk source at XO during disable (git-fixes). - clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and ALWAYS_ON flags (git-fixes). - clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC's (git-fixes). - clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable (git-fixes). - clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer the error (git-fixes). - clk: visconti: Add bounds-checking coverage for struct visconti_pll_provider (stable-fixes). - clocksource/drivers/sh_cmt: Address race condition for clock events (stable-fixes). - cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - dev/parport: fix the array out-of-bounds risk (stable-fixes). - device property: Add cleanup.h based fwnode_handle_put() scope based cleanup (stable-fixes). - dmaengine: dw: Add memory bus width verification (git-fixes). - dmaengine: dw: Add peripheral bus width verification (git-fixes). - docs: KVM: Fix register ID of SPSR_FIQ (git-fixes). - driver core: Fix uevent_show() vs driver detach race (git-fixes). - drm/admgpu: fix dereferencing null pointer context (stable-fixes). - drm/amd/display: Add delay to improve LTTPR UHBR interop (stable-fixes). - drm/amd/display: Add null checker before passing variables (stable-fixes). - drm/amd/display: Adjust cursor position (git-fixes). - drm/amd/display: Check for NULL pointer (stable-fixes). - drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes). - drm/amd/display: avoid using null object of framebuffer (git-fixes). - drm/amd/display: fix cursor offset on rotation 180 (git-fixes). - drm/amd/display: fix s2idle entry for DCN3.5+ (stable-fixes). - drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes). - drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes). - drm/amdgpu/jpeg4: properly set atomics vmid field (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes). - drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes). - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes). - drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1 (git-fixes). - drm/amdgpu: Actually check flags for all context ops (stable-fixes). - drm/amdgpu: Add lock around VF RLCG interface (stable-fixes). - drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes). - drm/amdgpu: Forward soft recovery errors to userspace (stable-fixes). - drm/amdgpu: Validate TA binary size (stable-fixes). - drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes). - drm/amdgpu: fix potential resource leak warning (stable-fixes). - drm/amdgpu: reset vm state machine after gpu reset(vram lost) (stable-fixes). - drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes). - drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes). - drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes). - drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes). - drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict (git-fixes). - drm/i915/gem: Adjust vma offset for framebuffer mmap offset (stable-fixes). - drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (git-fixes). - drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro (git-fixes). - drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll() (git-fixes). - drm/lima: set gp bus_stop bit before hard reset (stable-fixes). - drm/mediatek/dp: Fix spurious kfree() (git-fixes). - drm/msm/dp: fix the max supported bpp logic (git-fixes). - drm/msm/dp: reset the link phy params before link training (git-fixes). - drm/msm/dpu: capture snapshot on the first commit_done timeout (stable-fixes). - drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes). - drm/msm/dpu: do not play tricks with debug macros (git-fixes). - drm/msm/dpu: drop MSM_ENC_VBLANK support (stable-fixes). - drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() (git-fixes). - drm/msm/dpu: split dpu_encoder_wait_for_event into two functions (stable-fixes). - drm/msm/dpu: take plane rotation into account for wide planes (git-fixes). - drm/msm/dpu: try multirect based on mdp clock limits (stable-fixes). - drm/msm/dpu: use drmm-managed allocation for dpu_encoder_phys (stable-fixes). - drm/msm/mdss: Rename path references to mdp_path (stable-fixes). - drm/msm/mdss: switch mdss to use devm_of_icc_get() (stable-fixes). - drm/msm: Reduce fallout of fence signaling vs reclaim hangs (stable-fixes). - drm/nouveau: prime: fix refcount underflow (git-fixes). - drm/panel: nt36523: Set 120Hz fps for xiaomi,elish panels (stable-fixes). - drm/radeon/evergreen_cs: Clean up errors in evergreen_cs.c (bsc#1229024). - drm/radeon: Remove __counted_by from StateArray.states[] (git-fixes). - drm/rockchip: vop2: clear afbc en and transform bit for cluster window at linear mode (stable-fixes). - drm/virtio: Fix type of dma-fence context variable (git-fixes). - drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes). - drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes). - drm/vmwgfx: Fix prime with external buffers (git-fixes). - efi/libstub: Zero initialize heap allocated struct screen_info (git-fixes). - evm: do not copy up 'security.evm' xattr (git-fixes). - firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid (stable-fixes). - fs/netfs/fscache_cookie: add missing 'n_accesses' check (bsc#1229455). - fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229456). - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes). - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes). - genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes). - gfs2: setattr_chown: Add missing initialization (git-fixes). - gpio: mlxbf3: Support shutdown() function (git-fixes). - gpio: prevent potential speculation leaks in gpio_device_get_desc() (stable-fixes). - gpio: sysfs: extend the critical section for unregistering sysfs devices (stable-fixes). - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes). - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes). - hwmon: (ltc2992) Avoid division by zero (stable-fixes). - hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() (git-fixes). - hwmon: (pc87360) Bounds check data->innr usage (stable-fixes). - i2c: Fix conditional for substituting empty ACPI functions (stable-fixes). - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes). - i2c: qcom-geni: Add missing clk_disable_unprepare in geni_i2c_runtime_resume (git-fixes). - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes). - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes). - i2c: riic: avoid potential division by zero (stable-fixes). - i2c: smbus: Improve handling of stuck alerts (git-fixes). - i2c: smbus: Send alert notifications to all devices if source not found (git-fixes). - i2c: stm32f7: Add atomic_xfer method to driver (stable-fixes). - i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer (stable-fixes). - i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out (stable-fixes). - i915/perf: Remove code to update PWR_CLK_STATE for gen12 (git-fixes). - ice: Fix NULL pointer access, if PF does not support SRIOV_LAG (bsc#1228737). - io_uring/advise: support 64-bit lengths (git-fixes). - io_uring: Drop per-ctx dummy_ubuf (git-fixes). - io_uring: Fix probe of disabled operations (git-fixes). - io_uring: fix io_match_task must_hold (git-fixes). - io_uring: tighten task exit cancellations (git-fixes). - iommu/amd: Convert comma to semicolon (git-fixes). - iommu/vt-d: Fix identity map bounds in si_domain_init() (git-fixes). - iommufd/device: Fix hwpt at err_unresv in iommufd_device_do_replace() (git-fixes). - ip6_tunnel: Fix broken GRO (bsc#1229444). - ipv6: sr: fix incorrect unregister order (git-fixes). - irqdomain: Fixed unbalanced fwnode get and put (git-fixes). - jfs: Fix shift-out-of-bounds in dbDiscardAG (git-fixes). - jfs: define xtree root and page independently (git-fixes). - jfs: fix null ptr deref in dtInsertEntry (git-fixes). - jump_label: Clarify condition in static_key_fast_inc_not_disabled() (git-fixes). - jump_label: Fix concurrency issues in static_key_slow_dec() (git-fixes). - jump_label: Fix the fix, brown paper bags galore (git-fixes). - jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() (git-fixes). - kABI fix of: virtio-crypto: handle config changed by work queue (git-fixes). - kABI workaround for sound core UMP conversion (stable-fixes). - kabi fix for KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes). - kabi fix for SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes). - kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783) - kabi: more build fix without patches.kabi (bsc#1226502) - kcov: properly check for softirq context (git-fixes). - kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042). - kernel-binary: generate and install compile_commands.json (bsc#1228971). - kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy() (bsc#1229134). - kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files (git-fixes). - kprobes: Fix to check symbol prefixes correctly (git-fixes). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - kvm: s390: Reject memory region operations for ucontrol VMs (git-fixes bsc#1229168). - libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API (git-fixes). - libbpf: Apply map_set_def_max_entries() for inner_maps on creation (git-fixes). - libbpf: Fix faccessat() usage on Android (git-fixes). - libbpf: Use OPTS_SET() macro in bpf_xdp_query() (git-fixes). - md-cluster: fix hanging issue while a new disk adding (bsc#1223395). - md-cluster: fix hanging issue while a new disk adding (bsc#1223395). - md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395). - md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395). - md-cluster: keeping kabi compatibility for upstream commit 35a0a409fa26 (bsc#1223395). - md/md-bitmap: fix writing non bitmap pages (git-fixes). - md/raid1: set max_sectors during early return from choose_slow_rdev() (git-fixes). - md/raid1: support read error check (git-fixes). - md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (git-fixes). - md/raid5: fix spares errors about rcu usage (git-fixes). - md/raid5: recheck if reshape has finished with device_lock held (git-fixes). - md: Do not wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl (git-fixes). - md: add a mddev_add_trace_msg helper (git-fixes). - md: add check for sleepers in md_wakeup_thread() (git-fixes). - md: change the return value type of md_write_start to void (git-fixes). - md: do not account sync_io if iostats of the disk is disabled (git-fixes). - md: do not delete safemode_timer in mddev_suspend (git-fixes). - md: factor out a helper exceed_read_errors() to check read_errors (git-fixes). - md: fix a suspicious RCU usage warning (git-fixes). - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes). - media: amphion: Remove lock in s_ctrl callback (stable-fixes). - media: drivers/media/dvb-core: copy user arrays safely (stable-fixes). - media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes). - media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920 (git-fixes). - media: uvcvideo: Disable autosuspend for Insta360 Link (stable-fixes). - media: uvcvideo: Fix the bandwdith quirk on USB 3.x (stable-fixes). - media: uvcvideo: Ignore empty TS packets (stable-fixes). - media: uvcvideo: Quirk for invalid dev_sof in Logitech C922 (stable-fixes). - media: xc2028: avoid use-after-free in load_firmware_cb() (stable-fixes). - memcg: protect concurrent access to mem_cgroup_idr (git-fixes). - memory: stm32-fmc2-ebi: check regmap_read return value (stable-fixes). - memory: tegra: Skip SID programming if SID registers are not set (stable-fixes). - minmax: add a few more MIN_T/MAX_T users (bsc#1229024). - minmax: avoid overly complicated constant expressions in VM code (bsc#1229024). - minmax: do not use max() in situations that want a C constant expression (bsc#1229024). - minmax: fix up min3() and max3() too (bsc#1229024). - minmax: improve macro expansion and type checking (bsc#1229024). - minmax: make generic MIN() and MAX() macros available everywhere (bsc#1229024). - minmax: simplify and clarify min_t()/max_t() implementation (bsc#1229024). - minmax: simplify min()/max()/clamp() implementation (bsc#1229024). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes). - mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes). - mmc: mtk-sd: receive cmd8 data when hs400 tuning fail (git-fixes). - net/iucv: fix the allocation size of iucv_path_table array (git-fixes bsc#1229451). - net/iucv: fix use after free in iucv_sock_close() (bsc#1228973). - net/rds: fix possible cp null dereference (git-fixes). - net/sched: initialize noop_qdisc owner (git-fixes). - net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes). - net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() (git-fixes). - net: fix sk_memory_allocated_{add|sub} vs softirqs (bsc#1228757). - net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530). - net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086). - net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154). - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes). - net: missing check virtio (git-fixes). - net: phy: micrel: Fix the KSZ9131 MDI-X status issue (git-fixes). - net: phy: realtek: add support for RTL8366S Gigabit PHY (git-fixes). - net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes). - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes). - netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462). - nfc: pn533: Add poll mod list filling check (git-fixes). - nfs: do not invalidate dentries on transient errors (git-fixes). - nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes). - nfs: make the rpc_stat per net namespace (git-fixes). - nfs: pass explicit offset/count to trace events (git-fixes). - nfs: propagate readlink errors in nfs_symlink_filler (git-fixes). - nouveau/firmware: use dma non-coherent allocator (git-fixes). - nvme-multipath: find NUMA path only for online numa-node (git-fixes). - nvme-multipath: implement 'queue-depth' iopolicy (bsc#1227706). - nvme-multipath: prepare for 'queue-depth' iopolicy (bsc#1227706). - nvme-pci: Fix the instructions for disabling power management (git-fixes). - nvme-pci: add missing condition check for existence of mapped data (git-fixes). - nvme-pci: do not directly handle subsys reset fallout (bsc#1220066). - nvme-sysfs: add 'tls_configured_key' sysfs attribute (bsc#1221857). - nvme-sysfs: add 'tls_keyring' attribute (bsc#1221857). - nvme-tcp: check for invalidated or revoked key (bsc#1221857). - nvme-tcp: sanitize TLS key handling (bsc#1221857). - nvme: add a newline to the 'tls_key' sysfs attribute (bsc#1221857). - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes). - nvme: avoid double free special payload (git-fixes). - nvme: fix NVME_NS_DEAC may incorrectly identifying the disk as EXT_LBA (git-fixes). - nvme: fixup comment for nvme RDMA Provider Type (git-fixes). - nvme: split off TLS sysfs attributes into a separate group (bsc#1221857). - nvme: tcp: remove unnecessary goto statement (bsc#1221857). - nvme_core: scan namespaces asynchronously (bsc#1224105). - nvmet-auth: fix nvmet_auth hash error handling (git-fixes). - nvmet: always initialize cqe.result (git-fixes). - nvmet: do not return 'reserved' for empty TSAS values (git-fixes). - nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes). - nvmet: make 'tsas' attribute idempotent for RDMA (git-fixes). - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes). - perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes). - pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE (git-fixes). - pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (git-fixes). - pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes). - pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes). - platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779). - platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779). - platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779). - platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779). - platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779). - platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779). - platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779). - platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779). - platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779). - platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779). - platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779). - platform/x86/intel/ifs: Initialize union ifs_status to zero (git-fixes). - platform/x86: lg-laptop: fix %s null argument warning (stable-fixes). - power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes). - power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes). - power: supply: qcom_battmgr: return EAGAIN when firmware service is not up (git-fixes). - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869). - powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869). - powerpc/kexec: make the update_cpus_node() function public (bsc#1194869). - powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869). - powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869). - powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869). - powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869). - powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869). - powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869). - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869). - powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869). - printk/panic: Allow cpu backtraces to be written into ringbuffer during panic (bsc#1225607). - reiserfs: fix uninit-value in comp_keys (git-fixes). - rtc: nct3018y: fix possible NULL dereference (stable-fixes). - s390/cpum_cf: Fix endless loop in CF_DIAG event stop (git-fixes bsc#1229171). - s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229173). - s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229452). - s390/pci: Add missing virt_to_phys() for directed DIBV (git-fixes bsc#1229174). - s390/pci: Allow allocation of more than 1 MSI interrupt (git-fixes bsc#1229172). - s390/pci: Refactor arch_setup_msi_irqs() (git-fixes bsc#1229172). - s390/pkey: harmonize pkey s390 debug feature calls (bsc#1228720). - s390/pkey: introduce dynamic debugging for pkey (bsc#1228720). - s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229169). - s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229170). - samples/bpf: syscall_tp_user: Fix array out-of-bound access (git-fixes). - samples/bpf: syscall_tp_user: Rename num_progs into nr_tests (git-fixes). - sbitmap: use READ_ONCE to access map->word (stable-fixes). - scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857). - scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857). - scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857). - scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857). - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857). - scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857). - scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857). - scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857). - scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850). - scsi: qla2xxx: Complete command early within lock (bsc#1228850). - scsi: qla2xxx: Convert comma to semicolon (bsc#1228850). - scsi: qla2xxx: Drop driver owner assignment (bsc#1228850). - scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850). - scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850). - scsi: qla2xxx: Fix flash read failure (bsc#1228850). - scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850). - scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850). - scsi: qla2xxx: Indent help text (bsc#1228850). - scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850). - scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850). - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850). - scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850). - scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850). - scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850). - scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850). - selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY values (git-fixes). - selftests/bpf: Add a test to verify previous stacksafe() fix (bsc#1225903). - selftests/bpf: Add assert for user stacks in test_task_stack (git-fixes). - selftests/bpf: Add netkit to tc_redirect selftest (git-fixes). - selftests/bpf: De-veth-ize the tc_redirect test case (git-fixes). - selftests/bpf: Disable IPv6 for lwt_redirect test (git-fixes). - selftests/bpf: Fix erroneous bitmask operation (git-fixes). - selftests/bpf: Fix issues in setup_classid_environment() (git-fixes). - selftests/bpf: Fix potential premature unload in bpf_testmod (git-fixes). - selftests/bpf: Fix pyperf180 compilation failure with clang18 (git-fixes). - selftests/bpf: Fix the flaky tc_redirect_dtime test (git-fixes). - selftests/bpf: Fix up xdp bonding test wrt feature flags (git-fixes). - selftests/bpf: Make linked_list failure test more robust (git-fixes). - selftests/bpf: Relax time_tai test for equal timestamps in tai_forward (git-fixes). - selftests/bpf: Skip module_fentry_shadow test when bpf_testmod is not available (git-fixes). - selftests/bpf: Wait for the netstamp_needed_key static key to be turned on (git-fixes). - selftests/bpf: fix RELEASE=1 build for tc_opts (git-fixes). - selftests/bpf: fix bpf_loop_bench for new callback verification scheme (git-fixes). - selftests/bpf: fix compiler warnings in RELEASE=1 mode (git-fixes). - selftests/bpf: satisfy compiler by having explicit return in btf test (git-fixes). - serial: core: check uartclk for zero to avoid divide by zero (stable-fixes). - soc: qcom: cmd-db: Map shared memory as WC, not WB (git-fixes). - soc: qcom: pmic_glink: Actually communicate when remote goes down (git-fixes). - soundwire: stream: fix programming slave ports for non-continous port maps (git-fixes). - spi: Add empty versions of ACPI functions (stable-fixes). - spi: microchip-core: fix init function not setting the master and motorola modes (git-fixes). - spi: microchip-core: switch to use modern name (stable-fixes). - spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes). - spi: spidev: Add missing spi_device_id for bh2228fv (git-fixes). - squashfs: squashfs_read_data need to check if the length is 0 (git-fixes). - ssb: Fix division by zero issue in ssb_calc_clock_rate (stable-fixes). - staging: iio: resolver: ad2s1210: fix use before initialization (stable-fixes). - staging: ks7010: disable bh on tx_dev_lock (stable-fixes). - string.h: Introduce memtostr() and memtostr_pad() (bsc#1228849). - sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes). - swiotlb: do not set total_used to 0 in swiotlb_create_debugfs_files() (git-fixes). - swiotlb: fix swiotlb_bounce() to do partial sync's correctly (git-fixes). - syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes). - thermal/drivers/broadcom: Fix race between removal and clock disable (git-fixes). - thermal: bcm2835: Convert to platform remove callback returning void (stable-fixes). - thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes). - tools/perf: Fix perf bench epoll to enable the run when some CPU's are offline (bsc#1227747). - tools/perf: Fix perf bench futex to enable the run when some CPU's are offline (bsc#1227747). - tools/perf: Fix timing issue with parallel threads in perf bench wake-up-parallel (bsc#1227747). - tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids (git-fixes). - tools/resolve_btfids: Fix cross-compilation to non-host endianness (git-fixes). - tools/resolve_btfids: Refactor set sorting with types from btf_ids.h (git-fixes). - tools/resolve_btfids: fix build with musl libc (git-fixes). - trace/pid_list: Change gfp flags in pid_list_fill_irq() (git-fixes). - tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes). - tty: atmel_serial: use the correct RTS flag (git-fixes). - tty: serial: fsl_lpuart: mark last busy before uart_add_one_port (git-fixes). - usb: cdnsp: fix for Link TRB with TC (git-fixes). - usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function (git-fixes). - usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (git-fixes). - usb: dwc3: core: Skip setting event buffers for host only controllers (stable-fixes). - usb: dwc3: omap: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes). - usb: gadget: core: Check for unset descriptor (git-fixes). - usb: gadget: fsl: Increase size of name buffer for endpoints (stable-fixes). - usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed (git-fixes). - usb: gadget: u_serial: Set start_delayed during suspend (git-fixes). - usb: gadget: uvc: cleanup request when not in correct state (stable-fixes). - usb: typec: fsa4480: Add support to swap SBU orientation (git-fixes). - usb: typec: fsa4480: Check if the chip is really there (git-fixes). - usb: typec: fsa4480: Relax CHIP_ID check (git-fixes). - usb: typec: fsa4480: add support for Audio Accessory Mode (git-fixes). - usb: typec: fsa4480: rework mux & switch setup to handle more states (git-fixes). - usb: vhci-hcd: Do not drop references before new references are gained (stable-fixes). - vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes). - vhost-scsi: Handle vhost_vq_work_queue failures for events (git-fixes). - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes). - vhost/vsock: always initialize seqpacket_allow (git-fixes). - vhost: Release worker mutex during flushes (git-fixes). - vhost: Use virtqueue mutex for swapping worker (git-fixes). - virt: guest_memfd: fix reference leak on hwpoisoned page (git-fixes). - virtio-crypto: handle config changed by work queue (git-fixes). - virtio: reenable config if freezing device failed (git-fixes). - virtio_net: use u64_stats_t infra to avoid data-races (git-fixes). - virtiofs: forbid newlines in tags (bsc#1229940). - wifi: ath12k: fix memory leak in ath12k_dp_rx_peer_frag_setup() (stable-fixes). - wifi: ath12k: fix soft lockup on suspend (git-fixes). - wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion (git-fixes). - wifi: cfg80211: fix reporting failed MLO links status with cfg80211_connect_done (git-fixes). - wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes). - wifi: mac80211: use monitor sdata with driver only if desired (git-fixes). - wifi: mwifiex: duplicate static structs used in driver instances (git-fixes). - wifi: nl80211: disallow setting special AP channel widths (stable-fixes). - wifi: nl80211: do not give key data to userspace (stable-fixes). - wifi: rtw88: usb: Fix disconnection after beacon loss (stable-fixes). - wifi: wfx: repair open network AP mode (git-fixes). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). - x86/asm: Use %c/%n instead of %P operand modifier in asm templates (git-fixes). - x86/entry/64: Remove obsolete comment on tracing vs. SYSRET (git-fixes). - x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes). - x86/mm: Fix pti_clone_pgtable() alignment assumption (git-fixes). - x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes). - x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() (git-fixes). - x86/numa: Fix the address overlap check in numa_fill_memblks() (git-fixes). - x86/numa: Fix the sort compare func used in numa_fill_memblks() (git-fixes). - x86/numa: Introduce numa_fill_memblks() (git-fixes). - x86/pci: Skip early E820 check for ECAM region (git-fixes). - x86/xen: Convert comma to semicolon (git-fixes). - xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes). - xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes). - xfs: allow cross-linking special files without project quota (git-fixes). - xfs: allow symlinks with short remote targets (bsc#1229160). - xfs: allow unlinked symlinks and dirs with zero size (git-fixes). - xfs: attr forks require attr, not attr2 (git-fixes). - xfs: convert comma to semicolon (git-fixes). - xfs: do not use current->journal_info (git-fixes). - xfs: fix unlink vs cluster buffer instantiation race (git-fixes). - xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs (git-fixes). - xfs: journal geometry is not properly bounds checked (git-fixes). - xfs: match lock mode in xfs_buffered_write_iomap_begin() (git-fixes). - xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery (git-fixes). - xfs: upgrade the extent counters in xfs_reflink_end_cow_extent later (git-fixes). - xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes). - xfs: use consistent uid/gid when grabbing dquots for inodes (git-fixes). - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes). - xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3402-1 Released: Mon Sep 23 15:37:36 2024 Summary: Recommended update for makedumpfile Type: recommended Severity: moderate References: 1226183 This update for makedumpfile fixes the following issue: - don't reserve disk space for flattened format (bsc#1226183). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3424-1 Released: Tue Sep 24 17:25:50 2024 Summary: Security update for xen Type: security Severity: moderate References: 1230366,CVE-2024-45817 This update for xen fixes the following issues: - CVE-2024-45817: Fixed a deadlock in vlapic_error. (bsc#1230366, XSA-462) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3450-1 Released: Thu Sep 26 09:09:16 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1227216 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3466-1 Released: Fri Sep 27 08:18:07 2024 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1230070 This update for perl-Bootloader fixes the following issues: - Handle missing grub_installdevice on PowerPC (bsc#1230070) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3487-1 Released: Fri Sep 27 19:56:02 2024 Summary: Recommended update for logrotate Type: recommended Severity: moderate References: This update for logrotate fixes the following issues: - Backport 'ignoreduplicates' configuration flag (jsc#PED-10366) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3496-1 Released: Mon Sep 30 09:19:26 2024 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1230984 This update for rsyslog fixes the following issue: - restart daemon after update at the end of the transaction (bsc#1230984). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3522-1 Released: Fri Oct 4 10:02:34 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1230110,1230330,1230468,1230639 This update for dracut fixes the following issues: - Version update 059+suse.541.g3c2df232: * fix(dasd-rules): handle all possible options in `rd.dasd` (bsc#1230110). * fix(dracut.spec): add Builddeps for initrd posttrans macros (bsc#1230639). * fix(zfcp_rules): check for presence of legacy rules (bsc#1230330). * Fixes for NVMeoF boot (bsc#1230468) * fix(nvmf): install (only) required nvmf modules * fix(nvmf): require NVMeoF modules * fix(nvmf): move /etc/nvme/host{nqn,id} requirement to hostonly ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3529-1 Released: Fri Oct 4 15:37:44 2024 Summary: Recommended update for libpcap Type: recommended Severity: moderate References: 1230894 This update for libpcap fixes the following issue: - enable rdma support (bsc#1230894). The following package changes have been done: - containerd-ctr-1.7.21-150000.117.1 updated - containerd-1.7.21-150000.117.1 updated - dracut-059+suse.541.g3c2df232-150600.3.11.2 updated - e2fsprogs-1.47.0-150600.4.6.2 updated - fipscheck-1.7.0-150600.3.3.2 updated - glibc-locale-base-2.38-150600.14.11.2 updated - glibc-locale-2.38-150600.14.11.2 updated - glibc-2.38-150600.14.11.2 updated - grub2-i386-pc-2.12-150600.8.6.1 updated - grub2-x86_64-efi-2.12-150600.8.6.1 updated - grub2-x86_64-xen-2.12-150600.8.6.1 updated - grub2-2.12-150600.8.6.1 updated - kernel-default-6.4.0-150600.23.22.1 updated - libblkid1-2.39.3-150600.4.12.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libcurl4-8.6.0-150600.4.9.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - libext2fs2-1.47.0-150600.4.6.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libfipscheck1-1.7.0-150600.3.3.2 updated - libmount1-2.39.3-150600.4.12.2 updated - libncurses6-6.1-150000.5.27.1 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libpcap1-1.10.4-150600.3.6.2 updated - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libsolv-tools-base-0.7.30-150600.8.2.1 updated - libsystemd0-254.18-150600.4.15.10 updated - libudev1-254.18-150600.4.15.10 updated - libuuid1-2.39.3-150600.4.12.2 updated - libzypp-17.35.11-150600.3.24.1 updated - logrotate-3.18.1-150400.3.10.1 updated - makedumpfile-1.7.4-150600.3.3.2 updated - ncurses-utils-6.1-150000.5.27.1 updated - openssl-3-3.1.4-150600.5.18.1 updated - pam-config-1.1-150600.16.3.1 updated - perl-Bootloader-1.8.2-150600.3.3.1 updated - python3-base-3.6.15-150300.10.72.1 updated - python3-3.6.15-150300.10.72.1 updated - rsyslog-module-relp-8.2406.0-150600.12.6.2 updated - rsyslog-8.2406.0-150600.12.6.2 updated - runc-1.1.14-150000.70.1 updated - suseconnect-ng-1.12.0-150600.3.8.2 updated - systemd-254.18-150600.4.15.10 updated - terminfo-base-6.1-150000.5.27.1 updated - terminfo-6.1-150000.5.27.1 updated - udev-254.18-150600.4.15.10 updated - util-linux-systemd-2.39.3-150600.4.12.2 updated - util-linux-2.39.3-150600.4.12.2 updated - xen-libs-4.18.3_04-150600.3.9.1 updated - xen-tools-domU-4.18.3_04-150600.3.9.1 updated - zypper-1.14.77-150600.10.11.2 updated - libabsl2401_0_0-20240116.1-150600.17.7 removed - libprotobuf-lite25_1_0-25.1-150600.16.4.2 removed From sle-container-updates at lists.suse.com Mon Oct 7 07:01:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 7 Oct 2024 09:01:35 +0200 (CEST) Subject: SUSE-IU-2024:1465-1: Security update of sles-15-sp6-chost-byos-v20241004-arm64 Message-ID: <20241007070135.4CB17FCBE@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp6-chost-byos-v20241004-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1465-1 Image Tags : sles-15-sp6-chost-byos-v20241004-arm64:20241004 Image Release : Severity : important Type : security References : 1012628 1081596 1193454 1194869 1200528 1205462 1208783 1213123 1214285 1215199 1217070 1220066 1220252 1220877 1221326 1221630 1221645 1221652 1221714 1221857 1222254 1222335 1222350 1222364 1222372 1222387 1222433 1222434 1222463 1222625 1222633 1222634 1222808 1222967 1222973 1223053 1223074 1223094 1223191 1223395 1223635 1223720 1223731 1223742 1223763 1223767 1223777 1223803 1224105 1224415 1224485 1224496 1224510 1224535 1224631 1224636 1224690 1224694 1224700 1224711 1224771 1225267 1225475 1225582 1225607 1225717 1225718 1225744 1225745 1225751 1225814 1225832 1225838 1225903 1226014 1226030 1226031 1226127 1226183 1226414 1226493 1226497 1226502 1226530 1226588 1226604 1226743 1226751 1226765 1226798 1226801 1226834 1226874 1226885 1226920 1227149 1227182 1227205 1227216 1227233 1227378 1227383 1227437 1227492 1227493 1227494 1227618 1227620 1227623 1227625 1227627 1227634 1227706 1227722 1227724 1227725 1227728 1227729 1227732 1227733 1227734 1227747 1227750 1227754 1227758 1227760 1227761 1227764 1227766 1227770 1227771 1227772 1227774 1227781 1227784 1227785 1227787 1227790 1227791 1227792 1227793 1227796 1227798 1227799 1227802 1227808 1227810 1227811 1227812 1227815 1227816 1227818 1227820 1227823 1227824 1227826 1227828 1227829 1227830 1227832 1227833 1227834 1227839 1227840 1227846 1227849 1227851 1227853 1227863 1227864 1227865 1227867 1227869 1227870 1227883 1227884 1227891 1227893 1227929 1227950 1227957 1227981 1227999 1228020 1228021 1228042 1228091 1228114 1228138 1228192 1228195 1228202 1228206 1228208 1228223 1228235 1228236 1228237 1228247 1228321 1228409 1228410 1228420 1228426 1228427 1228429 1228446 1228447 1228449 1228450 1228452 1228456 1228457 1228458 1228459 1228460 1228462 1228463 1228466 1228467 1228468 1228469 1228470 1228472 1228479 1228480 1228481 1228482 1228483 1228484 1228485 1228486 1228487 1228489 1228491 1228492 1228493 1228494 1228495 1228496 1228499 1228500 1228501 1228502 1228503 1228505 1228508 1228509 1228510 1228511 1228513 1228515 1228516 1228518 1228520 1228525 1228527 1228530 1228531 1228539 1228553 1228561 1228563 1228564 1228565 1228567 1228568 1228572 1228576 1228579 1228580 1228581 1228582 1228584 1228586 1228588 1228590 1228591 1228599 1228615 1228616 1228617 1228625 1228626 1228633 1228635 1228636 1228640 1228643 1228644 1228646 1228647 1228649 1228650 1228654 1228655 1228656 1228658 1228660 1228662 1228665 1228666 1228667 1228672 1228673 1228674 1228677 1228680 1228687 1228705 1228706 1228707 1228708 1228709 1228710 1228718 1228720 1228721 1228722 1228723 1228724 1228726 1228727 1228733 1228737 1228743 1228748 1228754 1228756 1228757 1228758 1228764 1228766 1228779 1228780 1228787 1228801 1228809 1228849 1228850 1228857 1228959 1228964 1228966 1228967 1228973 1228977 1228978 1228979 1228986 1228988 1228989 1228991 1228992 1229005 1229014 1229024 1229028 1229042 1229045 1229046 1229054 1229056 1229086 1229134 1229136 1229154 1229156 1229160 1229167 1229168 1229169 1229170 1229171 1229172 1229173 1229174 1229239 1229240 1229241 1229243 1229244 1229245 1229246 1229247 1229248 1229249 1229250 1229251 1229252 1229253 1229254 1229255 1229256 1229287 1229290 1229291 1229292 1229294 1229296 1229297 1229298 1229299 1229301 1229303 1229304 1229305 1229307 1229309 1229312 1229313 1229314 1229315 1229316 1229317 1229318 1229319 1229320 1229327 1229341 1229342 1229344 1229345 1229346 1229347 1229349 1229350 1229351 1229353 1229354 1229355 1229356 1229357 1229358 1229359 1229360 1229365 1229366 1229369 1229370 1229373 1229374 1229379 1229381 1229382 1229383 1229386 1229388 1229390 1229391 1229392 1229395 1229398 1229399 1229400 1229402 1229403 1229404 1229407 1229409 1229410 1229411 1229413 1229414 1229417 1229444 1229451 1229452 1229455 1229456 1229476 1229480 1229481 1229482 1229484 1229485 1229486 1229487 1229488 1229489 1229490 1229493 1229495 1229496 1229497 1229500 1229503 1229518 1229596 1229707 1229739 1229743 1229746 1229747 1229752 1229754 1229755 1229756 1229759 1229761 1229767 1229781 1229784 1229785 1229787 1229788 1229789 1229792 1229820 1229827 1229830 1229837 1229930 1229931 1229932 1229940 1230020 1230034 1230056 1230070 1230092 1230093 1230110 1230145 1230227 1230229 1230267 1230330 1230350 1230366 1230413 1230468 1230516 1230638 1230639 1230698 1230894 1230984 222971 CVE-2022-1996 CVE-2023-45142 CVE-2023-47108 CVE-2023-52489 CVE-2023-52581 CVE-2023-52668 CVE-2023-52688 CVE-2023-52735 CVE-2023-52859 CVE-2023-52885 CVE-2023-52886 CVE-2023-52887 CVE-2023-52889 CVE-2023-7256 CVE-2024-26590 CVE-2024-26631 CVE-2024-26637 CVE-2024-26668 CVE-2024-26669 CVE-2024-26677 CVE-2024-26682 CVE-2024-26683 CVE-2024-26691 CVE-2024-26735 CVE-2024-26808 CVE-2024-26809 CVE-2024-26812 CVE-2024-26835 CVE-2024-26837 CVE-2024-26849 CVE-2024-26851 CVE-2024-26889 CVE-2024-26920 CVE-2024-26944 CVE-2024-26976 CVE-2024-27010 CVE-2024-27011 CVE-2024-27024 CVE-2024-27049 CVE-2024-27050 CVE-2024-27079 CVE-2024-27403 CVE-2024-27433 CVE-2024-27437 CVE-2024-31076 CVE-2024-35854 CVE-2024-35855 CVE-2024-35897 CVE-2024-35902 CVE-2024-35913 CVE-2024-35939 CVE-2024-35949 CVE-2024-36270 CVE-2024-36286 CVE-2024-36288 CVE-2024-36489 CVE-2024-36881 CVE-2024-36907 CVE-2024-36909 CVE-2024-36910 CVE-2024-36911 CVE-2024-36929 CVE-2024-36933 CVE-2024-36939 CVE-2024-36970 CVE-2024-36979 CVE-2024-38548 CVE-2024-38563 CVE-2024-38609 CVE-2024-38662 CVE-2024-39476 CVE-2024-39483 CVE-2024-39484 CVE-2024-39486 CVE-2024-39488 CVE-2024-39489 CVE-2024-39491 CVE-2024-39493 CVE-2024-39497 CVE-2024-39499 CVE-2024-39500 CVE-2024-39501 CVE-2024-39505 CVE-2024-39506 CVE-2024-39508 CVE-2024-39509 CVE-2024-39510 CVE-2024-40899 CVE-2024-40900 CVE-2024-40902 CVE-2024-40903 CVE-2024-40904 CVE-2024-40905 CVE-2024-40909 CVE-2024-40910 CVE-2024-40911 CVE-2024-40912 CVE-2024-40913 CVE-2024-40916 CVE-2024-40920 CVE-2024-40921 CVE-2024-40922 CVE-2024-40924 CVE-2024-40926 CVE-2024-40927 CVE-2024-40929 CVE-2024-40930 CVE-2024-40932 CVE-2024-40934 CVE-2024-40936 CVE-2024-40938 CVE-2024-40939 CVE-2024-40941 CVE-2024-40942 CVE-2024-40943 CVE-2024-40944 CVE-2024-40945 CVE-2024-40954 CVE-2024-40956 CVE-2024-40957 CVE-2024-40958 CVE-2024-40959 CVE-2024-40962 CVE-2024-40964 CVE-2024-40967 CVE-2024-40976 CVE-2024-40977 CVE-2024-40978 CVE-2024-40981 CVE-2024-40982 CVE-2024-40984 CVE-2024-40987 CVE-2024-40988 CVE-2024-40989 CVE-2024-40990 CVE-2024-40992 CVE-2024-40994 CVE-2024-40995 CVE-2024-40997 CVE-2024-41000 CVE-2024-41001 CVE-2024-41002 CVE-2024-41004 CVE-2024-41007 CVE-2024-41009 CVE-2024-41010 CVE-2024-41011 CVE-2024-41012 CVE-2024-41015 CVE-2024-41016 CVE-2024-41020 CVE-2024-41022 CVE-2024-41024 CVE-2024-41025 CVE-2024-41028 CVE-2024-41032 CVE-2024-41035 CVE-2024-41036 CVE-2024-41037 CVE-2024-41038 CVE-2024-41039 CVE-2024-41040 CVE-2024-41041 CVE-2024-41044 CVE-2024-41045 CVE-2024-41048 CVE-2024-41049 CVE-2024-41050 CVE-2024-41051 CVE-2024-41056 CVE-2024-41057 CVE-2024-41058 CVE-2024-41059 CVE-2024-41060 CVE-2024-41061 CVE-2024-41062 CVE-2024-41063 CVE-2024-41064 CVE-2024-41065 CVE-2024-41066 CVE-2024-41068 CVE-2024-41069 CVE-2024-41070 CVE-2024-41071 CVE-2024-41072 CVE-2024-41073 CVE-2024-41074 CVE-2024-41075 CVE-2024-41076 CVE-2024-41078 CVE-2024-41079 CVE-2024-41080 CVE-2024-41081 CVE-2024-41084 CVE-2024-41087 CVE-2024-41088 CVE-2024-41089 CVE-2024-41092 CVE-2024-41093 CVE-2024-41094 CVE-2024-41095 CVE-2024-41096 CVE-2024-41097 CVE-2024-41098 CVE-2024-41996 CVE-2024-42064 CVE-2024-42069 CVE-2024-42070 CVE-2024-42073 CVE-2024-42074 CVE-2024-42076 CVE-2024-42077 CVE-2024-42079 CVE-2024-42080 CVE-2024-42082 CVE-2024-42085 CVE-2024-42086 CVE-2024-42087 CVE-2024-42089 CVE-2024-42090 CVE-2024-42092 CVE-2024-42093 CVE-2024-42095 CVE-2024-42096 CVE-2024-42097 CVE-2024-42098 CVE-2024-42101 CVE-2024-42104 CVE-2024-42105 CVE-2024-42106 CVE-2024-42107 CVE-2024-42109 CVE-2024-42110 CVE-2024-42113 CVE-2024-42114 CVE-2024-42115 CVE-2024-42117 CVE-2024-42119 CVE-2024-42120 CVE-2024-42121 CVE-2024-42122 CVE-2024-42124 CVE-2024-42125 CVE-2024-42126 CVE-2024-42127 CVE-2024-42130 CVE-2024-42131 CVE-2024-42132 CVE-2024-42133 CVE-2024-42136 CVE-2024-42137 CVE-2024-42138 CVE-2024-42139 CVE-2024-42141 CVE-2024-42142 CVE-2024-42143 CVE-2024-42144 CVE-2024-42145 CVE-2024-42147 CVE-2024-42148 CVE-2024-42152 CVE-2024-42153 CVE-2024-42155 CVE-2024-42156 CVE-2024-42157 CVE-2024-42158 CVE-2024-42159 CVE-2024-42161 CVE-2024-42162 CVE-2024-42223 CVE-2024-42224 CVE-2024-42225 CVE-2024-42226 CVE-2024-42227 CVE-2024-42228 CVE-2024-42229 CVE-2024-42230 CVE-2024-42232 CVE-2024-42236 CVE-2024-42237 CVE-2024-42238 CVE-2024-42239 CVE-2024-42240 CVE-2024-42241 CVE-2024-42244 CVE-2024-42245 CVE-2024-42246 CVE-2024-42247 CVE-2024-42250 CVE-2024-42253 CVE-2024-42259 CVE-2024-42268 CVE-2024-42269 CVE-2024-42270 CVE-2024-42271 CVE-2024-42274 CVE-2024-42276 CVE-2024-42277 CVE-2024-42278 CVE-2024-42279 CVE-2024-42280 CVE-2024-42281 CVE-2024-42283 CVE-2024-42284 CVE-2024-42285 CVE-2024-42286 CVE-2024-42287 CVE-2024-42288 CVE-2024-42289 CVE-2024-42290 CVE-2024-42291 CVE-2024-42292 CVE-2024-42295 CVE-2024-42298 CVE-2024-42301 CVE-2024-42302 CVE-2024-42303 CVE-2024-42308 CVE-2024-42309 CVE-2024-42310 CVE-2024-42311 CVE-2024-42312 CVE-2024-42313 CVE-2024-42314 CVE-2024-42315 CVE-2024-42316 CVE-2024-42318 CVE-2024-42319 CVE-2024-42320 CVE-2024-42322 CVE-2024-43816 CVE-2024-43817 CVE-2024-43818 CVE-2024-43819 CVE-2024-43821 CVE-2024-43823 CVE-2024-43824 CVE-2024-43825 CVE-2024-43826 CVE-2024-43829 CVE-2024-43830 CVE-2024-43831 CVE-2024-43833 CVE-2024-43834 CVE-2024-43837 CVE-2024-43839 CVE-2024-43840 CVE-2024-43841 CVE-2024-43842 CVE-2024-43846 CVE-2024-43847 CVE-2024-43849 CVE-2024-43850 CVE-2024-43851 CVE-2024-43853 CVE-2024-43854 CVE-2024-43855 CVE-2024-43856 CVE-2024-43858 CVE-2024-43860 CVE-2024-43861 CVE-2024-43863 CVE-2024-43864 CVE-2024-43866 CVE-2024-43867 CVE-2024-43871 CVE-2024-43872 CVE-2024-43873 CVE-2024-43874 CVE-2024-43875 CVE-2024-43876 CVE-2024-43877 CVE-2024-43879 CVE-2024-43880 CVE-2024-43881 CVE-2024-43882 CVE-2024-43883 CVE-2024-43884 CVE-2024-43885 CVE-2024-43889 CVE-2024-43892 CVE-2024-43893 CVE-2024-43894 CVE-2024-43895 CVE-2024-43897 CVE-2024-43899 CVE-2024-43900 CVE-2024-43902 CVE-2024-43903 CVE-2024-43905 CVE-2024-43906 CVE-2024-43907 CVE-2024-43908 CVE-2024-43909 CVE-2024-43911 CVE-2024-43912 CVE-2024-44931 CVE-2024-44938 CVE-2024-44939 CVE-2024-45310 CVE-2024-45490 CVE-2024-45491 CVE-2024-45492 CVE-2024-45817 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 CVE-2024-8006 CVE-2024-8096 ----------------------------------------------------------------- The container sles-15-sp6-chost-byos-v20241004-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3166-1 Released: Mon Sep 9 12:25:30 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228042 This update for glibc fixes the following issue: - s390x-wcsncmp patch for s390x: Fix segfault in wcsncmp (bsc#1228042). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3178-1 Released: Mon Sep 9 14:39:12 2024 Summary: Recommended update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings Type: recommended Severity: important References: 1081596,1223094,1224771,1225267,1226014,1226030,1226493,1227205,1227625,1227793,1228138,1228206,1228208,1228420,1228787,222971 This update for libzypp, zypper, libsolv, zypp-plugin, PackageKit-branding-SLE, PackageKit, libyui, yast2-pkg-bindings fixes the following issues: - Make sure not to statically linked installed tools (bsc#1228787) - MediaPluginType must be resolved to a valid MediaHandler (bsc#1228208) - Export asSolvable for YAST (bsc#1228420) - Export CredentialManager for legacy YAST versions (bsc#1228420) - Fix 4 typos in zypp.conf - Fix typo in the geoip update pipeline (bsc#1228206) - Export RepoVariablesStringReplacer for yast2 (bsc#1228138) - Removed dependency on external find program in the repo2solv tool - Fix return value of repodata.add_solv() - New SOLVER_FLAG_FOCUS_NEW flag - Fix return value of repodata.add_solv() in the bindings - Fix SHA-224 oid in solv_pgpvrfy - Translation: updated .pot file. - Conflict with python zypp-plugin < 0.6.4 (bsc#1227793) - Fix int overflow in Provider - Fix error reporting on repoindex.xml parse error (bsc#1227625) - Keep UrlResolverPlugin API public - Blacklist /snap executables for 'zypper ps' (bsc#1226014) - Fix handling of buddies when applying locks (bsc#1225267) - Fix readline setup to handle Ctrl-C and Ctrl-D correctly (bsc#1227205) - Show rpm install size before installing (bsc#1224771) - Install zypp/APIConfig.h legacy include - Update soname due to RepoManager refactoring and cleanup - Workaround broken libsolv-tools-base requirements - Strip ssl_clientkey from repo urls (bsc#1226030) - Remove protobuf build dependency - Lazily attach medium during refresh workflows (bsc#1223094) - Refactor RepoManager and add Service workflows - Let_readline_abort_on_Ctrl-C (bsc#1226493) - packages: add '--system' to show @System packages (bsc#222971) - Provide python3-zypp-plugin down to SLE12 (bsc#1081596) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3204-1 Released: Wed Sep 11 10:55:22 2024 Summary: Security update for curl Type: security Severity: moderate References: 1230093,CVE-2024-8096 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3216-1 Released: Thu Sep 12 13:05:20 2024 Summary: Security update for expat Type: security Severity: moderate References: 1229930,1229931,1229932,CVE-2024-45490,CVE-2024-45491,CVE-2024-45492 This update for expat fixes the following issues: - CVE-2024-45492: integer overflow in function nextScaffoldPart. (bsc#1229932) - CVE-2024-45491: integer overflow in dtdCopy. (bsc#1229931) - CVE-2024-45490: negative length for XML_ParseBuffer not rejected. (bsc#1229930) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3217-1 Released: Thu Sep 12 13:06:07 2024 Summary: Security update for libpcap Type: security Severity: moderate References: 1230020,1230034,CVE-2023-7256,CVE-2024-8006 This update for libpcap fixes the following issues: - CVE-2024-8006: NULL pointer dereference in function pcap_findalldevs_ex(). (bsc#1230034) - CVE-2023-7256: double free via struct addrinfo in function sock_initaddress(). (bsc#1230020) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3221-1 Released: Thu Sep 12 13:18:18 2024 Summary: Security update for containerd Type: security Severity: important References: 1200528,1217070,1228553,CVE-2022-1996,CVE-2023-45142,CVE-2023-47108 This update for containerd fixes the following issues: - Update to containerd v1.7.21 - CVE-2023-47108: Fixed DoS vulnerability in otelgrpc (uncontrolled resource consumption) due to unbound cardinality metrics. (bsc#1217070) - CVE-2023-45142: Fixed DoS vulnerability in otelhttp. (bsc#1228553) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3222-1 Released: Thu Sep 12 13:20:47 2024 Summary: Security update for runc Type: security Severity: low References: 1230092,CVE-2024-45310 This update for runc fixes the following issues: - Update to runc v1.1.14 - CVE-2024-45310: Fixed an issue where runc can be tricked into creating empty files/directories on host. (bsc#1230092) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3235-1 Released: Fri Sep 13 08:50:24 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1226497 This update for grub2 fixes the following issues: - Fix failure in bli module (bsc#1226497) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3239-1 Released: Fri Sep 13 12:00:58 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3317-1 Released: Wed Sep 18 16:38:50 2024 Summary: Recommended update for fipscheck Type: recommended Severity: moderate References: 1221714 This update for fipscheck fixes the following issue: - Backport upstream patches to fix C99 violations which are errors by default with GCC 14 (bsc#1221714). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3326-1 Released: Thu Sep 19 09:36:47 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1229014,1230229 This update for suseconnect-ng fixes the following issue: - Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3346-1 Released: Thu Sep 19 17:20:06 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3383-1 Released: Mon Sep 23 10:29:54 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1193454,1194869,1205462,1208783,1213123,1214285,1215199,1220066,1220252,1220877,1221326,1221630,1221645,1221652,1221857,1222254,1222335,1222350,1222364,1222372,1222387,1222433,1222434,1222463,1222625,1222633,1222634,1222808,1222967,1222973,1223053,1223074,1223191,1223395,1223635,1223720,1223731,1223742,1223763,1223767,1223777,1223803,1224105,1224415,1224485,1224496,1224510,1224535,1224631,1224636,1224690,1224694,1224700,1224711,1225475,1225582,1225607,1225717,1225718,1225744,1225745,1225751,1225814,1225832,1225838,1225903,1226031,1226127,1226502,1226530,1226588,1226604,1226743,1226751,1226765,1226798,1226801,1226834,1226874,1226885,1226920,1227149,1227182,1227383,1227437,1227492,1227493,1227494,1227618,1227620,1227623,1227627,1227634,1227706,1227722,1227724,1227725,1227728,1227729,1227732,1227733,1227734,1227747,1227750,1227754,1227758,1227760,1227761,1227764,1227766,1227770,1227771,1227772,1227774,1227781,1227784,1227785,1227787,1227790,1227791,1227792,1227796,1 227798,1227799,1227802,1227808,1227810,1227811,1227812,1227815,1227816,1227818,1227820,1227823,1227824,1227826,1227828,1227829,1227830,1227832,1227833,1227834,1227839,1227840,1227846,1227849,1227851,1227853,1227863,1227864,1227865,1227867,1227869,1227870,1227883,1227884,1227891,1227893,1227929,1227950,1227957,1227981,1228020,1228021,1228114,1228192,1228195,1228202,1228235,1228236,1228237,1228247,1228321,1228409,1228410,1228426,1228427,1228429,1228446,1228447,1228449,1228450,1228452,1228456,1228457,1228458,1228459,1228460,1228462,1228463,1228466,1228467,1228468,1228469,1228470,1228472,1228479,1228480,1228481,1228482,1228483,1228484,1228485,1228486,1228487,1228489,1228491,1228492,1228493,1228494,1228495,1228496,1228499,1228500,1228501,1228502,1228503,1228505,1228508,1228509,1228510,1228511,1228513,1228515,1228516,1228518,1228520,1228525,1228527,1228530,1228531,1228539,1228561,1228563,1228564,1228565,1228567,1228568,1228572,1228576,1228579,1228580,1228581,1228582,1228584,1228586,122858 8,1228590,1228591,1228599,1228615,1228616,1228617,1228625,1228626,1228633,1228635,1228636,1228640,1228643,1228644,1228646,1228649,1228650,1228654,1228655,1228656,1228658,1228660,1228662,1228665,1228666,1228667,1228672,1228673,1228674,1228677,1228680,1228687,1228705,1228706,1228707,1228708,1228709,1228710,1228718,1228720,1228721,1228722,1228723,1228724,1228726,1228727,1228733,1228737,1228743,1228748,1228754,1228756,1228757,1228758,1228764,1228766,1228779,1228801,1228849,1228850,1228857,1228959,1228964,1228966,1228967,1228973,1228977,1228978,1228979,1228986,1228988,1228989,1228991,1228992,1229005,1229024,1229042,1229045,1229046,1229054,1229056,1229086,1229134,1229136,1229154,1229156,1229160,1229167,1229168,1229169,1229170,1229171,1229172,1229173,1229174,1229239,1229240,1229241,1229243,1229244,1229245,1229246,1229247,1229248,1229249,1229250,1229251,1229252,1229253,1229254,1229255,1229256,1229287,1229290,1229291,1229292,1229294,1229296,1229297,1229298,1229299,1229301,1229303,1229304,122 9305,1229307,1229309,1229312,1229313,1229314,1229315,1229316,1229317,1229318,1229319,1229320,1229327,1229341,1229342,1229344,1229345,1229346,1229347,1229349,1229350,1229351,1229353,1229354,1229355,1229356,1229357,1229358,1229359,1229360,1229365,1229366,1229369,1229370,1229373,1229374,1229379,1229381,1229382,1229383,1229386,1229388,1229390,1229391,1229392,1229395,1229398,1229399,1229400,1229402,1229403,1229404,1229407,1229409,1229410,1229411,1229413,1229414,1229417,1229444,1229451,1229452,1229455,1229456,1229480,1229481,1229482,1229484,1229485,1229486,1229487,1229488,1229489,1229490,1229493,1229495,1229496,1229497,1229500,1229503,1229707,1229739,1229743,1229746,1229747,1229752,1229754,1229755,1229756,1229759,1229761,1229767,1229781,1229784,1229785,1229787,1229788,1229789,1229792,1229820,1229827,1229830,1229837,1229940,1230056,1230350,1230413,CVE-2023-52489,CVE-2023-52581,CVE-2023-52668,CVE-2023-52688,CVE-2023-52735,CVE-2023-52859,CVE-2023-52885,CVE-2023-52886,CVE-2023-52887,CVE-2023- 52889,CVE-2024-26590,CVE-2024-26631,CVE-2024-26637,CVE-2024-26668,CVE-2024-26669,CVE-2024-26677,CVE-2024-26682,CVE-2024-26683,CVE-2024-26691,CVE-2024-26735,CVE-2024-26808,CVE-2024-26809,CVE-2024-26812,CVE-2024-26835,CVE-2024-26837,CVE-2024-26849,CVE-2024-26851,CVE-2024-26889,CVE-2024-26920,CVE-2024-26944,CVE-2024-26976,CVE-2024-27010,CVE-2024-27011,CVE-2024-27024,CVE-2024-27049,CVE-2024-27050,CVE-2024-27079,CVE-2024-27403,CVE-2024-27433,CVE-2024-27437,CVE-2024-31076,CVE-2024-35854,CVE-2024-35855,CVE-2024-35897,CVE-2024-35902,CVE-2024-35913,CVE-2024-35939,CVE-2024-35949,CVE-2024-36270,CVE-2024-36286,CVE-2024-36288,CVE-2024-36489,CVE-2024-36881,CVE-2024-36907,CVE-2024-36909,CVE-2024-36910,CVE-2024-36911,CVE-2024-36929,CVE-2024-36933,CVE-2024-36939,CVE-2024-36970,CVE-2024-36979,CVE-2024-38548,CVE-2024-38563,CVE-2024-38609,CVE-2024-38662,CVE-2024-39476,CVE-2024-39483,CVE-2024-39484,CVE-2024-39486,CVE-2024-39488,CVE-2024-39489,CVE-2024-39491,CVE-2024-39493,CVE-2024-39497,CVE-2024-39499,C VE-2024-39500,CVE-2024-39501,CVE-2024-39505,CVE-2024-39506,CVE-2024-39508,CVE-2024-39509,CVE-2024-39510,CVE-2024-40899,CVE-2024-40900,CVE-2024-40902,CVE-2024-40903,CVE-2024-40904,CVE-2024-40905,CVE-2024-40909,CVE-2024-40910,CVE-2024-40911,CVE-2024-40912,CVE-2024-40913,CVE-2024-40916,CVE-2024-40920,CVE-2024-40921,CVE-2024-40922,CVE-2024-40924,CVE-2024-40926,CVE-2024-40927,CVE-2024-40929,CVE-2024-40930,CVE-2024-40932,CVE-2024-40934,CVE-2024-40936,CVE-2024-40938,CVE-2024-40939,CVE-2024-40941,CVE-2024-40942,CVE-2024-40943,CVE-2024-40944,CVE-2024-40945,CVE-2024-40954,CVE-2024-40956,CVE-2024-40957,CVE-2024-40958,CVE-2024-40959,CVE-2024-40962,CVE-2024-40964,CVE-2024-40967,CVE-2024-40976,CVE-2024-40977,CVE-2024-40978,CVE-2024-40981,CVE-2024-40982,CVE-2024-40984,CVE-2024-40987,CVE-2024-40988,CVE-2024-40989,CVE-2024-40990,CVE-2024-40992,CVE-2024-40994,CVE-2024-40995,CVE-2024-40997,CVE-2024-41000,CVE-2024-41001,CVE-2024-41002,CVE-2024-41004,CVE-2024-41007,CVE-2024-41009,CVE-2024-41010,CVE-2024 -41011,CVE-2024-41012,CVE-2024-41015,CVE-2024-41016,CVE-2024-41020,CVE-2024-41022,CVE-2024-41024,CVE-2024-41025,CVE-2024-41028,CVE-2024-41032,CVE-2024-41035,CVE-2024-41036,CVE-2024-41037,CVE-2024-41038,CVE-2024-41039,CVE-2024-41040,CVE-2024-41041,CVE-2024-41044,CVE-2024-41045,CVE-2024-41048,CVE-2024-41049,CVE-2024-41050,CVE-2024-41051,CVE-2024-41056,CVE-2024-41057,CVE-2024-41058,CVE-2024-41059,CVE-2024-41060,CVE-2024-41061,CVE-2024-41062,CVE-2024-41063,CVE-2024-41064,CVE-2024-41065,CVE-2024-41066,CVE-2024-41068,CVE-2024-41069,CVE-2024-41070,CVE-2024-41071,CVE-2024-41072,CVE-2024-41073,CVE-2024-41074,CVE-2024-41075,CVE-2024-41076,CVE-2024-41078,CVE-2024-41079,CVE-2024-41080,CVE-2024-41081,CVE-2024-41084,CVE-2024-41087,CVE-2024-41088,CVE-2024-41089,CVE-2024-41092,CVE-2024-41093,CVE-2024-41094,CVE-2024-41095,CVE-2024-41096,CVE-2024-41097,CVE-2024-41098,CVE-2024-42064,CVE-2024-42069,CVE-2024-42070,CVE-2024-42073,CVE-2024-42074,CVE-2024-42076,CVE-2024-42077,CVE-2024-42079,CVE-2024-42080, CVE-2024-42082,CVE-2024-42085,CVE-2024-42086,CVE-2024-42087,CVE-2024-42089,CVE-2024-42090,CVE-2024-42092,CVE-2024-42093,CVE-2024-42095,CVE-2024-42096,CVE-2024-42097,CVE-2024-42098,CVE-2024-42101,CVE-2024-42104,CVE-2024-42105,CVE-2024-42106,CVE-2024-42107,CVE-2024-42109,CVE-2024-42110,CVE-2024-42113,CVE-2024-42114,CVE-2024-42115,CVE-2024-42117,CVE-2024-42119,CVE-2024-42120,CVE-2024-42121,CVE-2024-42122,CVE-2024-42124,CVE-2024-42125,CVE-2024-42126,CVE-2024-42127,CVE-2024-42130,CVE-2024-42131,CVE-2024-42132,CVE-2024-42133,CVE-2024-42136,CVE-2024-42137,CVE-2024-42138,CVE-2024-42139,CVE-2024-42141,CVE-2024-42142,CVE-2024-42143,CVE-2024-42144,CVE-2024-42145,CVE-2024-42147,CVE-2024-42148,CVE-2024-42152,CVE-2024-42153,CVE-2024-42155,CVE-2024-42156,CVE-2024-42157,CVE-2024-42158,CVE-2024-42159,CVE-2024-42161,CVE-2024-42162,CVE-2024-42223,CVE-2024-42224,CVE-2024-42225,CVE-2024-42226,CVE-2024-42227,CVE-2024-42228,CVE-2024-42229,CVE-2024-42230,CVE-2024-42232,CVE-2024-42236,CVE-2024-42237,CVE-202 4-42238,CVE-2024-42239,CVE-2024-42240,CVE-2024-42241,CVE-2024-42244,CVE-2024-42245,CVE-2024-42246,CVE-2024-42247,CVE-2024-42250,CVE-2024-42253,CVE-2024-42259,CVE-2024-42268,CVE-2024-42269,CVE-2024-42270,CVE-2024-42271,CVE-2024-42274,CVE-2024-42276,CVE-2024-42277,CVE-2024-42278,CVE-2024-42279,CVE-2024-42280,CVE-2024-42281,CVE-2024-42283,CVE-2024-42284,CVE-2024-42285,CVE-2024-42286,CVE-2024-42287,CVE-2024-42288,CVE-2024-42289,CVE-2024-42290,CVE-2024-42291,CVE-2024-42292,CVE-2024-42295,CVE-2024-42298,CVE-2024-42301,CVE-2024-42302,CVE-2024-42303,CVE-2024-42308,CVE-2024-42309,CVE-2024-42310,CVE-2024-42311,CVE-2024-42312,CVE-2024-42313,CVE-2024-42314,CVE-2024-42315,CVE-2024-42316,CVE-2024-42318,CVE-2024-42319,CVE-2024-42320,CVE-2024-42322,CVE-2024-43816,CVE-2024-43817,CVE-2024-43818,CVE-2024-43819,CVE-2024-43821,CVE-2024-43823,CVE-2024-43824,CVE-2024-43825,CVE-2024-43826,CVE-2024-43829,CVE-2024-43830,CVE-2024-43831,CVE-2024-43833,CVE-2024-43834,CVE-2024-43837,CVE-2024-43839,CVE-2024-43840 ,CVE-2024-43841,CVE-2024-43842,CVE-2024-43846,CVE-2024-43847,CVE-2024-43849,CVE-2024-43850,CVE-2024-43851,CVE-2024-43853,CVE-2024-43854,CVE-2024-43855,CVE-2024-43856,CVE-2024-43858,CVE-2024-43860,CVE-2024-43861,CVE-2024-43863,CVE-2024-43864,CVE-2024-43866,CVE-2024-43867,CVE-2024-43871,CVE-2024-43872,CVE-2024-43873,CVE-2024-43874,CVE-2024-43875,CVE-2024-43876,CVE-2024-43877,CVE-2024-43879,CVE-2024-43880,CVE-2024-43881,CVE-2024-43882,CVE-2024-43883,CVE-2024-43884,CVE-2024-43885,CVE-2024-43889,CVE-2024-43892,CVE-2024-43893,CVE-2024-43894,CVE-2024-43895,CVE-2024-43897,CVE-2024-43899,CVE-2024-43900,CVE-2024-43902,CVE-2024-43903,CVE-2024-43905,CVE-2024-43906,CVE-2024-43907,CVE-2024-43908,CVE-2024-43909,CVE-2024-43911,CVE-2024-43912,CVE-2024-44931,CVE-2024-44938,CVE-2024-44939 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-43911: wifi: mac80211: fix NULL dereference at band check in starting tx ba session (bsc#1229827). - CVE-2024-43899: drm/amd/display: Fix null pointer deref in dcn20_resource.c (bsc#1229754). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2024-43880: kabi: lib: objagg: Put back removed metod in struct objagg_ops (bsc#1229481). - CVE-2024-43866: net/mlx5: Always drain health in shutdown callback (bsc#1229495). - CVE-2024-43864: net/mlx5e: Fix CT entry update leaks of modify header context (bsc#1229496). - CVE-2024-43855: md: fix deadlock between mddev_suspend and flush bio (bsc#1229342). - CVE-2024-43854: block: initialize integrity buffer to zero before writing it to media (bsc#1229345) - CVE-2024-43850: soc: qcom: icc-bwmon: Fix refcount imbalance seen during bwmon_remove (bsc#1229316). - CVE-2024-43839: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301). - CVE-2024-43837: bpf: Fix updating attached freplace prog in prog_array map (bsc#1229297). - CVE-2024-43834: xdp: fix invalid wait context of page_pool_destroy() (bsc#1229314) - CVE-2024-43831: media: mediatek: vcodec: Handle invalid decoder vsi (bsc#1229309). - CVE-2024-43821: scsi: lpfc: Fix a possible null pointer dereference (bsc#1229315). - CVE-2024-42322: ipvs: properly dereference pe in ip_vs_add_service (bsc#1229347) - CVE-2024-42318: landlock: Do not lose track of restrictions on cred_transfer (bsc#1229351). - CVE-2024-42316: mm/mglru: fix div-by-zero in vmpressure_calc_level() (bsc#1229353). - CVE-2024-42312: sysctl: always initialize i_uid/i_gid (bsc#1229357) - CVE-2024-42308: Update DRM patch reference (bsc#1229411) - CVE-2024-42301: dev/parport: fix the array out-of-bounds risk (bsc#1229407). - CVE-2024-42295: nilfs2: handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370). - CVE-2024-42291: ice: Add a per-VF limit on number of FDIR filters (bsc#1229374). - CVE-2024-42290: irqchip/imx-irqsteer: Handle runtime power management correctly (bsc#1229379). - CVE-2024-42284: tipc: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382) - CVE-2024-42283: net: nexthop: Initialize all fields in dumped nexthops (bsc#1229383) - CVE-2024-42281: bpf: Fix a segment issue when downgrading gso_size (bsc#1229386). - CVE-2024-42277: iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409). - CVE-2024-42270: netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init() (bsc#1229404). - CVE-2024-42269: netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init() (bsc#1229402). - CVE-2024-42268: net/mlx5: Fix missing lock on sync reset reload (bsc#1229391). - CVE-2024-42247: wireguard: allowedips: avoid unaligned 64-bit memory accesses (bsc#1228988). - CVE-2024-42246: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989). - CVE-2024-42245: Revert 'sched/fair: Make sure to try to detach at least one movable task' (bsc#1228978). - CVE-2024-42241: mm/shmem: disable PMD-sized page cache if needed (bsc#1228986). - CVE-2024-42224: net: dsa: mv88e6xxx: Correct check for empty list (bsc#1228723). - CVE-2024-42162: gve: Account for stopped queues when reading NIC stats (bsc#1228706). - CVE-2024-42161: bpf: avoid uninitialized value in BPF_CORE_READ_BITFIELD (bsc#1228756). - CVE-2024-42159: scsi: mpi3mr: fix sanitise num_phys (bsc#1228754). - CVE-2024-42158: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720). - CVE-2024-42157: s390/pkey: Wipe sensitive data on failure (bsc#1228727). - CVE-2024-42156: s390/pkey: Wipe copies of clear-key structures on failure (bsc#1228722). - CVE-2024-42155: s390/pkey: Wipe copies of protected- and secure-keys (bsc#1228733). - CVE-2024-42148: bnx2x: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487). - CVE-2024-42145: IB/core: Implement a limit on UMAD receive List (bsc#1228743). - CVE-2024-42142: net/mlx5: E-switch, Create ingress ACL when needed (bsc#1228491). - CVE-2024-42139: ice: Fix improper extts handling (bsc#1228503). - CVE-2024-42138: mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file (bsc#1228500). - CVE-2024-42124: scsi: qedf: Make qedf_execute_tmf() non-preemptible (bsc#1228705). - CVE-2024-42122: drm/amd/display: Add NULL pointer check for kzalloc (bsc#1228591). - CVE-2024-42113: net: txgbe: initialize num_q_vectors for MSI/INTx interrupts (bsc#1228568). - CVE-2024-42110: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501). - CVE-2024-42109: netfilter: nf_tables: unconditionally flush pending work before notifier (bsc#1228505). - CVE-2024-42107: ice: Do not process extts if PTP is disabled (bsc#1228494). - CVE-2024-42106: inet_diag: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493). - CVE-2024-42096: x86: stop playing stack games in profile_pc() (bsc#1228633). - CVE-2024-42095: serial: 8250_omap: Fix Errata i2310 with RX FIFO level check (bsc#1228446). - CVE-2024-42093: net/dpaa2: Avoid explicit cpumask var allocation on stack (bsc#1228680). - CVE-2024-42082: xdp: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482). - CVE-2024-42079: gfs2: Fix NULL pointer dereference in gfs2_log_flush (bsc#1228672). - CVE-2024-42073: mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems (bsc#1228457). - CVE-2024-42070: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (bsc#1228470). - CVE-2024-41084: cxl/region: Avoid null pointer dereference in region lookup (bsc#1228472). - CVE-2024-41081: ila: block BH in ila_output() (bsc#1228617). - CVE-2024-41080: io_uring: fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616). - CVE-2024-41078: btrfs: qgroup: fix quota root leak after quota disable failure (bsc#1228655). - CVE-2024-41076: NFSv4: Fix memory leak in nfs4_set_security_label (bsc#1228649). - CVE-2024-41075: cachefiles: add consistency check for copen/cread (bsc#1228646). - CVE-2024-41074: cachefiles: Set object to close if ondemand_id < 0 in copen (bsc#1228643). - CVE-2024-41070: KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group() (bsc#1228581). - CVE-2024-41069: ASoC: topology: Fix route memory corruption (bsc#1228644). - CVE-2024-41068: s390/sclp: Fix sclp_init() cleanup on failure (bsc#1228579). - CVE-2024-41066: ibmvnic: add tx check to prevent skb leak (bsc#1228640). - CVE-2024-41064: powerpc/eeh: avoid possible crash when edev->pdev changes (bsc#1228599). - CVE-2024-41062: bluetooth/l2cap: sync sock recv cb and release (bsc#1228576). - CVE-2024-41058: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() (bsc#1228459). - CVE-2024-41057: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() (bsc#1228462). - CVE-2024-41051: cachefiles: wait for ondemand_object_worker to finish when dropping object (bsc#1228468). - CVE-2024-41050: cachefiles: cyclic allocation of msg_id to avoid reuse (bsc#1228499). - CVE-2024-41048: skmsg: Skip zero length skb in sk_msg_recvmsg (bsc#1228565). - CVE-2024-41044: ppp: reject claimed-as-LCP but actually malformed packets (bsc#1228530). - CVE-2024-41041: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port() (bsc#1228520). - CVE-2024-41040: net/sched: Fix UAF when resolving a clash (bsc#1228518). - CVE-2024-41036: net: ks8851: Fix deadlock with the SPI chip variant (bsc#1228496). - CVE-2024-41032: mm: vmalloc: check if a hash-index is in cpu_possible_mask (bsc#1228460). - CVE-2024-41020: filelock: Fix fcntl/close race recovery compat path (bsc#1228427). - CVE-2024-41015: ocfs2: add bounds checking to ocfs2_check_dir_entry() (bsc#1228409). - CVE-2024-41012: filelock: Remove locks reliably when fcntl/close race is detected (bsc#1228247). - CVE-2024-41010: bpf: Fix too early release of tcx_entry (bsc#1228021). - CVE-2024-41009: bpf: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-41007: tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863). - CVE-2024-41000: block/ioctl: prefer different overflow check (bsc#1227867). - CVE-2024-40995: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830). - CVE-2024-40994: ptp: fix integer overflow in max_vclocks_store (bsc#1227829). - CVE-2024-40989: KVM: arm64: Disassociate vcpus from redistributor region on teardown (bsc#1227823). - CVE-2024-40978: scsi: qedi: Fix crash while reading debugfs attribute (bsc#1227929). - CVE-2024-40959: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (bsc#1227884). - CVE-2024-40958: netns: Make get_net_ns() handle zero refcount net (bsc#1227812). - CVE-2024-40957: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors (bsc#1227811). - CVE-2024-40956: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list (bsc#1227810). - CVE-2024-40954: net: do not leave a dangling sk pointer, when socket creation fails (bsc#1227808) - CVE-2024-40939: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail (bsc#1227799). - CVE-2024-40938: landlock: fix d_parent walk (bsc#1227840). - CVE-2024-40921: net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (bsc#1227784). - CVE-2024-40920: net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (bsc#1227781). - CVE-2024-40909: bpf: Fix a potential use-after-free in bpf_link_free() (bsc#1227798). - CVE-2024-40905: ipv6: fix possible race in __fib6_drop_pcpu_from() (bsc#1227761) - CVE-2024-39506: liquidio: adjust a NULL pointer handling path in lio_vf_rep_copy_packet (bsc#1227729). - CVE-2024-39489: ipv6: sr: fix memleak in seg6_hmac_init_algo (bsc#1227623) - CVE-2024-38662: selftests/bpf: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885). - CVE-2024-36979: net: bridge: mst: fix vlan use-after-free (bsc#1226604). - CVE-2024-36933: net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832). - CVE-2024-36929: net: core: reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814). - CVE-2024-36911: hv_netvsc: Do not free decrypted memory (bsc#1225745). - CVE-2024-36910: uio_hv_generic: Do not free decrypted memory (bsc#1225717). - CVE-2024-36909: Drivers: hv: vmbus: Do not free ring buffers that couldn't be re-encrypted (bsc#1225744). - CVE-2024-36881: mm/userfaultfd: Fix reset ptes when close() for wr-protected (bsc#1225718). - CVE-2024-36489: tls: fix missing memory barrier in tls_init (bsc#1226874) - CVE-2024-36286: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801) - CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (bsc#1226798) - CVE-2024-35949: btrfs: make sure that WRITTEN is set on all metadata blocks (bsc#1224700). - CVE-2024-35939: Fixed leak pages on dma_set_decrypted() failure (bsc#1224535). - CVE-2024-35897: netfilter: nf_tables: discard table flag update with pending basechain deletion (bsc#1224510). - CVE-2024-27437: vfio/pci: Disable auto-enable of exclusive INTx IRQ (bsc#1222625). - CVE-2024-27433: clk: mediatek: mt7622-apmixedsys: Fix an error handling path in clk_mt8135_apmixed_probe() (bsc#1224711). - CVE-2024-27403: kabi: restore const specifier in flow_offload_route_init() (bsc#1224415). - CVE-2024-27079: iommu/vt-d: Fix NULL domain on device release (bsc#1223742). - CVE-2024-27024: net/rds: fix WARNING in rds_conn_connect_if_down (bsc#1223777). - CVE-2024-27011: netfilter: nf_tables: fix memleak in map from abort path (bsc#1223803). - CVE-2024-27010: net/sched: Fix mirred deadlock on device recursion (bsc#1223720). - CVE-2024-26851: netfilter: nf_conntrack_h323: Add protection for bmp length out of range (bsc#1223074) - CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973). - CVE-2024-26835: netfilter: nf_tables: set dormant flag on hook register failure (bsc#1222967). - CVE-2024-26812: kABI: vfio: struct virqfd kABI workaround (bsc#1222808). - CVE-2024-26809: netfilter: nft_set_pipapo: release elements in clone only from destroy path (bsc#1222633). - CVE-2024-26808: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-26735: ipv6: sr: fix possible use-after-free and null-ptr-deref (bsc#1222372). - CVE-2024-26677: blacklist.conf: Add e7870cf13d20 ('rxrpc: Fix delayed ACKs to not set the reference serial number') (bsc#1222387) - CVE-2024-26669: kABI fix for net/sched: flower: Fix chain template offload (bsc#1222350). - CVE-2024-26668: netfilter: nft_limit: reject configurations that cause integer overflow (bsc#1222335). - CVE-2024-26631: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630). - CVE-2024-26590: erofs: fix inconsistent per-file compression format (bsc#1220252). - CVE-2023-52889: apparmor: Fix null pointer deref when receiving skb during sock creation (bsc#1229287). - CVE-2023-52859: perf: hisi: Fix use-after-free when register pmu fails (bsc#1225582). - CVE-2023-52581: netfilter: nf_tables: fix memleak when more than 255 elements expired (bsc#1220877). - CVE-2023-52489: mm/sparsemem: fix race in accessing memory_section->usage (bsc#1221326). The following non-security bugs were fixed: - ACPI/NUMA: Apply SRAT proximity domain to entire CFMWS window (git-fixes). - ACPI: SBS: manage alarm sysfs attribute through psy core (stable-fixes). - ACPI: battery: create alarm sysfs attribute atomically (stable-fixes). - ACPI: processor_idle: use raw_safe_halt() in acpi_idle_play_dead() (git-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - ALSA: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes). - ALSA: hda/realtek - Fixed ALC285 headphone no sound (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - ALSA: hda/realtek: Add quirk for Acer Aspire E5-574G (stable-fixes). - ALSA: hda/realtek: Add support for new HP G12 laptops (stable-fixes). - ALSA: hda/realtek: Enable mute/micmute LEDs on HP Laptop 14-ey0xxx (stable-fixes). - ALSA: hda/realtek: Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes). - ALSA: hda/realtek: Fix the speaker output on Samsung Galaxy Book3 Ultra (stable-fixes). - ALSA: hda/realtek: Implement sound init sequence for Samsung Galaxy Book3 Pro 360 (stable-fixes). - ALSA: hda/realtek: support HP Pavilion Aero 13-bg0xxx Mute LED (stable-fixes). - ALSA: hda/tas2781: Use correct endian conversion (git-fixes). - ALSA: hda/tas2781: fix wrong calibrated data order (git-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - ALSA: hda: Conditionally use snooping for AMD HDMI (git-fixes). - ALSA: hda: conexant: Fix headset auto detect fail in the polling mode (git-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: line6: Fix racy access to midibuf (stable-fixes). - ALSA: seq: Skip event type filtering for UMP events (git-fixes). - ALSA: seq: ump: Explicitly reset RPN with Null RPN (stable-fixes). - ALSA: seq: ump: Optimize conversions from SysEx to UMP (git-fixes). - ALSA: seq: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes). - ALSA: seq: ump: Use the common RPN/bank conversion context (stable-fixes). - ALSA: timer: Relax start tick time check for slave timer elements (git-fixes). - ALSA: ump: Explicitly reset RPN with Null RPN (stable-fixes). - ALSA: ump: Transmit RPN/NRPN message at each MSB/LSB data reception (stable-fixes). - ALSA: usb-audio: Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes). - ALSA: usb-audio: Correct surround channels in UAC1 channel map (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes). - ALSA: usb-audio: Support Yamaha P-125 quirk entry (stable-fixes). - ALSA: usb: Fix UBSAN warning in parse_audio_unit() (stable-fixes). - ASoC: SOF: Intel: hda-dsp: Make sure that no irq handler is pending before suspend (stable-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: SOF: Remove libraries from topology lookups (git-fixes). - ASoC: SOF: amd: Fix for acp init sequence (git-fixes). - ASoC: SOF: ipc4: check return value of snd_sof_ipc_msg_data (stable-fixes). - ASoC: SOF: mediatek: Add missing board compatible (stable-fixes). - ASoC: allow module autoloading for table board_ids (stable-fixes). - ASoC: allow module autoloading for table db1200_pids (stable-fixes). - ASoC: amd: acp: fix module autoloading (git-fixes). - ASoC: amd: yc: Add quirk entry for OMEN by HP Gaming Laptop 16-n0xxx (bsc#1227182). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes). - ASoC: cs35l45: Checks index of cs35l45_irqs[] (stable-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes). - ASoC: mediatek: mt8188: Mark AFE_DAC_CON0 register as volatile (stable-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - ASoC: nau8822: Lower debug print priority (stable-fixes). - Bluetooth: Add device 13d3:3572 IMC Networks Bluetooth Radio (stable-fixes). - Bluetooth: Fix usage of __hci_cmd_sync_status (git-fixes). - Bluetooth: L2CAP: Fix deadlock (git-fixes). - Bluetooth: MGMT: Add error handling to pair_device() (git-fixes). - Bluetooth: SMP: Fix assumption of Central always being Initiator (git-fixes). - Bluetooth: bnep: Fix out-of-bound access (stable-fixes). - Bluetooth: btintel: Fail setup on error (git-fixes). - Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading (stable-fixes). - Bluetooth: btusb: Add RTL8852BE device 0489:e125 to device tables (stable-fixes). - Bluetooth: btusb: Add Realtek RTL8852BE support ID 0x13d3:0x3591 (stable-fixes). - Bluetooth: hci_conn: Check non NULL function before calling for HFP offload (stable-fixes). - Bluetooth: hci_core: Fix LE quote calculation (git-fixes). - Bluetooth: hci_core: Fix not handling hibernation actions (git-fixes). - Bluetooth: hci_sync: Fix suspending with wrong filter policy (git-fixes). - Bluetooth: hci_sync: avoid dup filtering when passive scanning with adv monitor (git-fixes). - Bluetooth: l2cap: always unlock channel in l2cap_conless_channel() (git-fixes). - Drop libata patch that caused a regression (bsc#1229054) - HID: wacom: Defer calculation of resolution until resolution_code is known (git-fixes). - Input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (bsc#1229056). - Input: i8042 - add forcenorestore quirk to leave controller untouched even on s3 (stable-fixes). - Input: i8042 - use new forcenorestore quirk to replace old buggy quirk combination (stable-fixes). - KVM: Always flush async #PF workqueue when vCPU is being destroyed (git-fixes). - KVM: Make KVM_MEM_GUEST_MEMFD mutually exclusive with KVM_MEM_READONLY (git-fixes). - KVM: PPC: Book3S HV: Fix the set_one_reg for MMCR3 (bsc#1194869). - KVM: PPC: Book3S HV: Handle pending exceptions on guest entry with MSR_EE (bsc#1215199). - KVM: Protect vcpu->pid dereference via debugfs with RCU (git-fixes). - KVM: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes). - KVM: Stop processing *all* memslots when 'null' mmu_notifier handler is found (git-fixes). - KVM: VMX: Move posted interrupt descriptor out of VMX code (git-fixes). - KVM: VMX: Split out the non-virtualization part of vmx_interrupt_blocked() (git-fixes). - KVM: VMX: Switch __vmx_exit() and kvm_x86_vendor_exit() in vmx_exit() (git-fixes). - KVM: arm64: AArch32: Fix spurious trapping of conditional instructions (git-fixes). - KVM: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes). - KVM: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes). - KVM: arm64: Fix AArch32 register narrowing on userspace write (git-fixes). - KVM: arm64: Fix __pkvm_init_switch_pgd call ABI (git-fixes). - KVM: arm64: Fix clobbered ELR in sync abort/SError (git-fixes) - KVM: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes). - KVM: arm64: timers: Correctly handle TGE flip with CNTPOFF_EL2 (git-fixes). - KVM: arm64: timers: Fix resource leaks in kvm_timer_hyp_init() (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes). - KVM: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes). - KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes). - KVM: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes). - KVM: arm64: vgic: Add a non-locking primitive for kvm_vgic_vcpu_destroy() (git-fixes). - KVM: arm64: vgic: Force vcpu vgic teardown on vcpu destroy (git-fixes). - KVM: arm64: vgic: Simplify kvm_vgic_destroy() (git-fixes). - KVM: fix kvm_mmu_memory_cache allocation warning (git-fixes). - KVM: nVMX: Add a helper to get highest pending from Posted Interrupt vector (git-fixes). - KVM: nVMX: Check for pending posted interrupts when looking for nested events (git-fixes). - KVM: nVMX: Request immediate exit iff pending nested event needs injection (git-fixes). - KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes). - KVM: s390: fix validity interception issue when gisa is switched off (git-fixes bsc#1229167). - KVM: x86/mmu: Bug the VM if KVM tries to split a !hugepage SPTE (git-fixes). - KVM: x86: Limit check IDs for KVM_SET_BOOT_CPU_ID (git-fixes). - Move upstreamed powerpc patches into sorted section - Move upstreamed sound patches into sorted section - Moved upstreamed ASoC patch into sorted section - NFSD: Support write delegations in LAYOUTGET (git-fixes). - NFSv4.1 another fix for EXCHGID4_FLAG_USE_PNFS_DS for DS server (git-fixes). - PCI: Add Edimax Vendor ID to pci_ids.h (stable-fixes). - PCI: hv: Return zero, not garbage, when reading PCI_INTERRUPT_PIN (git-fixes). - PCI: loongson: Enable MSI in LS7A Root Complex (stable-fixes). - RDMA/cache: Release GID table even if leak is detected (git-fixes) - RDMA/device: Return error earlier if port in not valid (git-fixes) - RDMA/hns: Check atomic wr length (git-fixes) - RDMA/hns: Fix insufficient extend DB for VFs. (git-fixes) - RDMA/hns: Fix mbx timing out before CMD execution is completed (git-fixes) - RDMA/hns: Fix missing pagesize and alignment check in FRMR (git-fixes) - RDMA/hns: Fix shift-out-bounds when max_inline_data is 0 (git-fixes) - RDMA/hns: Fix soft lockup under heavy CEQE load (git-fixes) - RDMA/hns: Fix undifined behavior caused by invalid max_sge (git-fixes) - RDMA/hns: Fix unmatch exception handling when init eq table fails (git-fixes) - RDMA/iwcm: Fix a use-after-free related to destroying CM IDs (git-fixes) - RDMA/mana_ib: Use virtual address in dma regions for MRs (git-fixes). - RDMA/mlx4: Fix truncated output warning in alias_GUID.c (git-fixes) - RDMA/mlx4: Fix truncated output warning in mad.c (git-fixes) - RDMA/mlx5: Set mkeys for dmabuf at PAGE_SIZE (git-fixes) - RDMA/rxe: Do not set BTH_ACK_MASK for UC or UD QPs (git-fixes) - RDMA: Fix netdev tracker in ib_device_set_netdev (git-fixes) - Revert 'ALSA: firewire-lib: obsolete workqueue for period update' (bsc#1208783). - Revert 'ALSA: firewire-lib: operate for period elapse event in process context' (bsc#1208783). - Revert 'KVM: Prevent module exit until all VMs are freed' (git-fixes). - Revert 'Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d'' (git-fixes). - Revert 'md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d' (git-fixes). - Revert 'misc: fastrpc: Restrict untrusted app to attach to privileged PD' (git-fixes). - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413). - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413). - Revert 'usb: gadget: uvc: cleanup request when not in correct state' (stable-fixes). - Revert 'usb: typec: tcpm: clear pd_event queue in PORT_RESET' (git-fixes). - SUNRPC: Fix a race to wake a sync task (git-fixes). - SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes). - Squashfs: fix variable overflow triggered by sysbot (git-fixes). - USB: serial: debug: do not echo input by default (stable-fixes). - Update config files. Disable CONFIG_KFENCE on ppc64le (bsc#1226920) - Update config files. Disable vdpa drivers for Alibaba ENI and SolidNET (jsc#PED-8954, bsc#1227834) - Update patch references for ASoC regression fixes (bsc#1229045, bsc#1229046) - afs: fix __afs_break_callback() / afs_drop_open_mmap() race (git-fixes). - apparmor: unpack transition table if dfa is not present (bsc#1226031). - arm64: ACPI: NUMA: initialize all values of acpi_early_node_map to (git-fixes) - arm64: Add Neoverse-V2 part (git-fixes) - arm64: Fix KASAN random tag seed initialization (git-fixes) - arm64: armv8_deprecated: Fix warning in isndep cpuhp starting process (git-fixes) - arm64: barrier: Restore spec_bar() macro (git-fixes) - arm64: cputype: Add Cortex-A720 definitions (git-fixes) - arm64: cputype: Add Cortex-A725 definitions (git-fixes) - arm64: cputype: Add Cortex-X1C definitions (git-fixes) - arm64: cputype: Add Cortex-X3 definitions (git-fixes) - arm64: cputype: Add Cortex-X4 definitions (git-fixes) - arm64: cputype: Add Cortex-X925 definitions (git-fixes) - arm64: cputype: Add Neoverse-V3 definitions (git-fixes) - arm64: dts: imx8mp: Add NPU Node (git-fixes) - arm64: dts: imx8mp: Fix pgc vpu locations (git-fixes) - arm64: dts: imx8mp: Fix pgc_mlmix location (git-fixes) - arm64: dts: imx8mp: add HDMI power-domains (git-fixes) - arm64: errata: Expand speculative SSBS workaround (again) (git-fixes) - arm64: errata: Expand speculative SSBS workaround (git-fixes) - arm64: errata: Unify speculative SSBS errata logic (git-fixes). Update config files. - arm64: jump_label: Ensure patched jump_labels are visible to all CPUs (git-fixes) - ata: libata-scsi: Do not overwrite valid sense data when CK_COND=1 (stable-fixes). - ata: libata-scsi: Honor the D_SENSE bit for CK_COND=1 and no error (stable-fixes). - blacklist.conf: Add libata upstream revert entry (bsc#1229054) - bnxt_re: Fix imm_data endianness (git-fixes) - bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG (git-fixes) - bpf, lpm: Fix check prefixlen before walking trie (git-fixes). - bpf/tests: Remove duplicate JSGT tests (git-fixes). - bpf: Add crosstask check to __bpf_get_stack (git-fixes). - bpf: Detect IP == ksym.end as part of BPF program (git-fixes). - bpf: Ensure proper register state printing for cond jumps (git-fixes). - bpf: Fix a few selftest failures due to llvm18 change (git-fixes). - bpf: Fix a kernel verifier crash in stacksafe() (bsc#1225903). - bpf: Fix check_stack_write_fixed_off() to correctly spill imm (git-fixes). - bpf: Fix kfunc callback register type handling (git-fixes). - bpf: Fix prog_array_map_poke_run map poke update (git-fixes). - bpf: Fix unnecessary -EBUSY from htab_lock_bucket (git-fixes). - bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly (git-fixes). - bpf: Remove unnecessary wait from bpf_map_copy_value() (git-fixes). - bpf: Set uattr->batch.count as zero before batched update or deletion (git-fixes). - bpf: do not infer PTR_TO_CTX for programs with unnamed context type (git-fixes). - bpf: enforce precision of R0 on callback return (git-fixes). - bpf: extract bpf_ctx_convert_map logic and make it more reusable (git-fixes). - bpf: fix control-flow graph checking in privileged mode (git-fixes). - bpf: handle bpf_user_pt_regs_t typedef explicitly for PTR_TO_CTX global arg (git-fixes). - bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes() (git-fixes). - bpf: kprobe: remove unused declaring of bpf_kprobe_override (git-fixes). - bpf: simplify btf_get_prog_ctx_type() into btf_is_prog_ctx_type() (git-fixes). - bpftool: Align output skeleton ELF code (git-fixes). - bpftool: Fix -Wcast-qual warning (git-fixes). - bpftool: Silence build warning about calloc() (git-fixes). - bpftool: mark orphaned programs during prog show (git-fixes). - btrfs: add a btrfs_finish_ordered_extent helper (git-fixes). - btrfs: add a is_data_bbio helper (git-fixes). - btrfs: add an ordered_extent pointer to struct btrfs_bio (git-fixes). - btrfs: copy dir permission and time when creating a stub subvolume (bsc#1228321). - btrfs: ensure fast fsync waits for ordered extents after a write failure (git-fixes). - btrfs: factor out a btrfs_queue_ordered_fn helper (git-fixes). - btrfs: factor out a can_finish_ordered_extent helper (git-fixes). - btrfs: fix corruption after buffer fault in during direct IO append write (git-fixes). - btrfs: fix double inode unlock for direct IO sync writes (git-fixes). - btrfs: fix extent map use-after-free when adding pages to compressed bio (git-fixes). - btrfs: fix leak of qgroup extent records after transaction abort (git-fixes). - btrfs: fix ordered extent split error handling in btrfs_dio_submit_io (git-fixes). - btrfs: limit write bios to a single ordered extent (git-fixes). - btrfs: make btrfs_finish_ordered_extent() return void (git-fixes). - btrfs: merge the two calls to btrfs_add_ordered_extent in run_delalloc_nocow (git-fixes). - btrfs: open code btrfs_bio_end_io in btrfs_dio_submit_io (git-fixes). - btrfs: open code end_extent_writepage in end_bio_extent_writepage (git-fixes). - btrfs: pass a btrfs_inode to btrfs_fdatawrite_range() (git-fixes). - btrfs: pass a btrfs_inode to btrfs_wait_ordered_range() (git-fixes). - btrfs: pass an ordered_extent to btrfs_reloc_clone_csums (git-fixes). - btrfs: pass an ordered_extent to btrfs_submit_compressed_write (git-fixes). - btrfs: remove btrfs_add_ordered_extent (git-fixes). - btrfs: rename err to ret in btrfs_direct_write() (git-fixes). - btrfs: uninline some static inline helpers from tree-log.h (git-fixes). - btrfs: use a btrfs_inode in the log context (struct btrfs_log_ctx) (git-fixes). - btrfs: use a btrfs_inode local variable at btrfs_sync_file() (git-fixes). - btrfs: use bbio->ordered in btrfs_csum_one_bio (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete buffered writes (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete compressed writes (git-fixes). - btrfs: use btrfs_finish_ordered_extent to complete direct writes (git-fixes). - btrfs: use irq safe locking when running and adding delayed iputs (git-fixes). - cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode (bsc#1229245). - cachefiles: add missing lock protection when polling (bsc#1229256). - cachefiles: add restore command to recover inflight ondemand read requests (bsc#1229244). - cachefiles: add spin_lock for cachefiles_ondemand_info (bsc#1229249). - cachefiles: cancel all requests for the object that is being dropped (bsc#1229255). - cachefiles: defer exposing anon_fd until after copy_to_user() succeeds (bsc#1229251). - cachefiles: extract ondemand info field from cachefiles_object (bsc#1229240). - cachefiles: fix slab-use-after-free in cachefiles_ondemand_daemon_read() (bsc#1229247). - cachefiles: fix slab-use-after-free in cachefiles_ondemand_get_fd() (bsc#1229246). - cachefiles: introduce object ondemand state (bsc#1229239). - cachefiles: make on-demand read killable (bsc#1229252). - cachefiles: narrow the scope of triggering EPOLLIN events in ondemand mode (bsc#1229243). - cachefiles: never get a new anonymous fd if ondemand_id is valid (bsc#1229250). - cachefiles: propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229253). - cachefiles: remove err_put_fd label in cachefiles_ondemand_daemon_read() (bsc#1229248). - cachefiles: resend an open request if the read request's object is closed (bsc#1229241). - cachefiles: stop sending new request when dropping object (bsc#1229254). - can: mcp251xfd: tef: prepare to workaround broken TEF FIFO tail index erratum (stable-fixes). - can: mcp251xfd: tef: update workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes). - ceph: periodically flush the cap releases (bsc#1230056). - cgroup/cpuset: Prevent UAF in proc_cpuset_show() (bsc#1228801). - cgroup: Add annotation for holding namespace_sem in current_cgns_cgroup_from_root() (bsc#1222254). - cgroup: Eliminate the need for cgroup_mutex in proc_cgroup_show() (bsc#1222254). - cgroup: Make operations on the cgroup root_list RCU safe (bsc#1222254). - cgroup: Remove unnecessary list_empty() (bsc#1222254). - cgroup: preserve KABI of cgroup_root (bsc#1222254). - char: xillybus: Check USB endpoints when probing device (git-fixes). - char: xillybus: Do not destroy workqueue from work item running on it (stable-fixes). - char: xillybus: Refine workqueue handling (git-fixes). - clk: en7523: fix rate divider for slic and spi clocks (git-fixes). - clk: qcom: Park shared RCGs upon registration (git-fixes). - clk: qcom: camcc-sc7280: Add parent dependency to all camera GDSCs (git-fixes). - clk: qcom: gcc-sa8775p: Update the GDSC wait_val fields and flags (git-fixes). - clk: qcom: gcc-sc7280: Update force mem core bit for UFS ICE clock (git-fixes). - clk: qcom: gpucc-sa8775p: Park RCG's clk source at XO during disable (git-fixes). - clk: qcom: gpucc-sa8775p: Remove the CLK_IS_CRITICAL and ALWAYS_ON flags (git-fixes). - clk: qcom: gpucc-sa8775p: Update wait_val fields for GPU GDSC's (git-fixes). - clk: qcom: gpucc-sm8350: Park RCG's clk source at XO during disable (git-fixes). - clk: qcom: kpss-xcc: Return of_clk_add_hw_provider to transfer the error (git-fixes). - clk: visconti: Add bounds-checking coverage for struct visconti_pll_provider (stable-fixes). - clocksource/drivers/sh_cmt: Address race condition for clock events (stable-fixes). - cpu/SMT: Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - dev/parport: fix the array out-of-bounds risk (stable-fixes). - device property: Add cleanup.h based fwnode_handle_put() scope based cleanup (stable-fixes). - dmaengine: dw: Add memory bus width verification (git-fixes). - dmaengine: dw: Add peripheral bus width verification (git-fixes). - docs: KVM: Fix register ID of SPSR_FIQ (git-fixes). - driver core: Fix uevent_show() vs driver detach race (git-fixes). - drm/admgpu: fix dereferencing null pointer context (stable-fixes). - drm/amd/display: Add delay to improve LTTPR UHBR interop (stable-fixes). - drm/amd/display: Add null checker before passing variables (stable-fixes). - drm/amd/display: Adjust cursor position (git-fixes). - drm/amd/display: Check for NULL pointer (stable-fixes). - drm/amd/display: Skip Recompute DSC Params if no Stream on Link (stable-fixes). - drm/amd/display: avoid using null object of framebuffer (git-fixes). - drm/amd/display: fix cursor offset on rotation 180 (git-fixes). - drm/amd/display: fix s2idle entry for DCN3.5+ (stable-fixes). - drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr (stable-fixes). - drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes). - drm/amdgpu/jpeg4: properly set atomics vmid field (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference for smu7 (stable-fixes). - drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes). - drm/amdgpu/pm: Fix the param type of set_power_profile_mode (stable-fixes). - drm/amdgpu/sdma5.2: Update wptr registers as well as doorbell (stable-fixes). - drm/amdgpu/sdma5.2: limit wptr workaround to sdma 5.2.1 (git-fixes). - drm/amdgpu: Actually check flags for all context ops (stable-fixes). - drm/amdgpu: Add lock around VF RLCG interface (stable-fixes). - drm/amdgpu: Fix the null pointer dereference to ras_manager (stable-fixes). - drm/amdgpu: Forward soft recovery errors to userspace (stable-fixes). - drm/amdgpu: Validate TA binary size (stable-fixes). - drm/amdgpu: fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes). - drm/amdgpu: fix potential resource leak warning (stable-fixes). - drm/amdgpu: reset vm state machine after gpu reset(vram lost) (stable-fixes). - drm/bridge: analogix_dp: properly handle zero sized AUX transactions (stable-fixes). - drm/client: fix null pointer dereference in drm_client_modeset_probe (git-fixes). - drm/dp_mst: Skip CSN if topology probing is not done yet (stable-fixes). - drm/etnaviv: do not block scheduler when GPU is still active (stable-fixes). - drm/i915/dsi: Make Lenovo Yoga Tab 3 X90F DMI match less strict (git-fixes). - drm/i915/gem: Adjust vma offset for framebuffer mmap offset (stable-fixes). - drm/i915/gem: Fix Virtual Memory mapping boundaries calculation (git-fixes). - drm/i915/hdcp: Fix HDCP2_STREAM_STATUS macro (git-fixes). - drm/i915: Fix possible int overflow in skl_ddi_calculate_wrpll() (git-fixes). - drm/lima: set gp bus_stop bit before hard reset (stable-fixes). - drm/mediatek/dp: Fix spurious kfree() (git-fixes). - drm/msm/dp: fix the max supported bpp logic (git-fixes). - drm/msm/dp: reset the link phy params before link training (git-fixes). - drm/msm/dpu: capture snapshot on the first commit_done timeout (stable-fixes). - drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails (git-fixes). - drm/msm/dpu: do not play tricks with debug macros (git-fixes). - drm/msm/dpu: drop MSM_ENC_VBLANK support (stable-fixes). - drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() (git-fixes). - drm/msm/dpu: split dpu_encoder_wait_for_event into two functions (stable-fixes). - drm/msm/dpu: take plane rotation into account for wide planes (git-fixes). - drm/msm/dpu: try multirect based on mdp clock limits (stable-fixes). - drm/msm/dpu: use drmm-managed allocation for dpu_encoder_phys (stable-fixes). - drm/msm/mdss: Rename path references to mdp_path (stable-fixes). - drm/msm/mdss: switch mdss to use devm_of_icc_get() (stable-fixes). - drm/msm: Reduce fallout of fence signaling vs reclaim hangs (stable-fixes). - drm/nouveau: prime: fix refcount underflow (git-fixes). - drm/panel: nt36523: Set 120Hz fps for xiaomi,elish panels (stable-fixes). - drm/radeon/evergreen_cs: Clean up errors in evergreen_cs.c (bsc#1229024). - drm/radeon: Remove __counted_by from StateArray.states[] (git-fixes). - drm/rockchip: vop2: clear afbc en and transform bit for cluster window at linear mode (stable-fixes). - drm/virtio: Fix type of dma-fence context variable (git-fixes). - drm/vmwgfx: Fix a deadlock in dma buf fence polling (git-fixes). - drm/vmwgfx: Fix overlay when using Screen Targets (git-fixes). - drm/vmwgfx: Fix prime with external buffers (git-fixes). - efi/libstub: Zero initialize heap allocated struct screen_info (git-fixes). - evm: do not copy up 'security.evm' xattr (git-fixes). - firmware: cirrus: cs_dsp: Initialize debugfs_root to invalid (stable-fixes). - fs/netfs/fscache_cookie: add missing 'n_accesses' check (bsc#1229455). - fuse: Initialize beyond-EOF page contents before setting uptodate (bsc#1229456). - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (git-fixes). - genirq/generic_chip: Make irq_remove_generic_chip() irqdomain aware (git-fixes). - genirq/matrix: Exclude managed interrupts in irq_matrix_allocated() (git-fixes). - gfs2: setattr_chown: Add missing initialization (git-fixes). - gpio: mlxbf3: Support shutdown() function (git-fixes). - gpio: prevent potential speculation leaks in gpio_device_get_desc() (stable-fixes). - gpio: sysfs: extend the critical section for unregistering sysfs devices (stable-fixes). - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes). - hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes). - hwmon: (ltc2992) Avoid division by zero (stable-fixes). - hwmon: (ltc2992) Fix memory leak in ltc2992_parse_dt() (git-fixes). - hwmon: (pc87360) Bounds check data->innr usage (stable-fixes). - i2c: Fix conditional for substituting empty ACPI functions (stable-fixes). - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes). - i2c: qcom-geni: Add missing clk_disable_unprepare in geni_i2c_runtime_resume (git-fixes). - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes). - i2c: qcom-geni: Add missing geni_icc_disable in geni_i2c_runtime_resume (git-fixes). - i2c: riic: avoid potential division by zero (stable-fixes). - i2c: smbus: Improve handling of stuck alerts (git-fixes). - i2c: smbus: Send alert notifications to all devices if source not found (git-fixes). - i2c: stm32f7: Add atomic_xfer method to driver (stable-fixes). - i3c: mipi-i3c-hci: Do not unmap region not mapped for transfer (stable-fixes). - i3c: mipi-i3c-hci: Remove BUG() when Ring Abort request times out (stable-fixes). - i915/perf: Remove code to update PWR_CLK_STATE for gen12 (git-fixes). - ice: Fix NULL pointer access, if PF does not support SRIOV_LAG (bsc#1228737). - io_uring/advise: support 64-bit lengths (git-fixes). - io_uring: Drop per-ctx dummy_ubuf (git-fixes). - io_uring: Fix probe of disabled operations (git-fixes). - io_uring: fix io_match_task must_hold (git-fixes). - io_uring: tighten task exit cancellations (git-fixes). - iommu/amd: Convert comma to semicolon (git-fixes). - iommu/vt-d: Fix identity map bounds in si_domain_init() (git-fixes). - iommufd/device: Fix hwpt at err_unresv in iommufd_device_do_replace() (git-fixes). - ip6_tunnel: Fix broken GRO (bsc#1229444). - ipv6: sr: fix incorrect unregister order (git-fixes). - irqdomain: Fixed unbalanced fwnode get and put (git-fixes). - jfs: Fix shift-out-of-bounds in dbDiscardAG (git-fixes). - jfs: define xtree root and page independently (git-fixes). - jfs: fix null ptr deref in dtInsertEntry (git-fixes). - jump_label: Clarify condition in static_key_fast_inc_not_disabled() (git-fixes). - jump_label: Fix concurrency issues in static_key_slow_dec() (git-fixes). - jump_label: Fix the fix, brown paper bags galore (git-fixes). - jump_label: Simplify and clarify static_key_fast_inc_cpus_locked() (git-fixes). - kABI fix of: virtio-crypto: handle config changed by work queue (git-fixes). - kABI workaround for sound core UMP conversion (stable-fixes). - kabi fix for KVM: s390: fix LPSWEY handling (bsc#1227634 git-fixes). - kabi fix for SUNRPC: add a missing rpc_stat for TCP TLS (git-fixes). - kabi/severities: ignore kABI for FireWire sound local symbols (bsc#1208783) - kabi: more build fix without patches.kabi (bsc#1226502) - kcov: properly check for softirq context (git-fixes). - kernel-binary.spec.in: Enable klp_symbols on openSUSE Tumbleweed (boo#1229042). - kernel-binary: generate and install compile_commands.json (bsc#1228971). - kernfs: Convert kernfs_path_from_node_locked() from strlcpy() to strscpy() (bsc#1229134). - kernfs: fix false-positive WARN(nr_mmapped) in kernfs_drain_open_files (git-fixes). - kprobes: Fix to check symbol prefixes correctly (git-fixes). - kprobes: Prohibit probing on CFI preamble symbol (git-fixes). - kvm: s390: Reject memory region operations for ucontrol VMs (git-fixes bsc#1229168). - libbpf: Add missing LIBBPF_API annotation to libbpf_set_memlock_rlim API (git-fixes). - libbpf: Apply map_set_def_max_entries() for inner_maps on creation (git-fixes). - libbpf: Fix faccessat() usage on Android (git-fixes). - libbpf: Use OPTS_SET() macro in bpf_xdp_query() (git-fixes). - md-cluster: fix hanging issue while a new disk adding (bsc#1223395). - md-cluster: fix hanging issue while a new disk adding (bsc#1223395). - md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395). - md-cluster: fix no recovery job when adding/re-adding a disk (bsc#1223395). - md-cluster: keeping kabi compatibility for upstream commit 35a0a409fa26 (bsc#1223395). - md/md-bitmap: fix writing non bitmap pages (git-fixes). - md/raid1: set max_sectors during early return from choose_slow_rdev() (git-fixes). - md/raid1: support read error check (git-fixes). - md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (git-fixes). - md/raid5: fix spares errors about rcu usage (git-fixes). - md/raid5: recheck if reshape has finished with device_lock held (git-fixes). - md: Do not wait for MD_RECOVERY_NEEDED for HOT_REMOVE_DISK ioctl (git-fixes). - md: add a mddev_add_trace_msg helper (git-fixes). - md: add check for sleepers in md_wakeup_thread() (git-fixes). - md: change the return value type of md_write_start to void (git-fixes). - md: do not account sync_io if iostats of the disk is disabled (git-fixes). - md: do not delete safemode_timer in mddev_suspend (git-fixes). - md: factor out a helper exceed_read_errors() to check read_errors (git-fixes). - md: fix a suspicious RCU usage warning (git-fixes). - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes). - media: amphion: Remove lock in s_ctrl callback (stable-fixes). - media: drivers/media/dvb-core: copy user arrays safely (stable-fixes). - media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes). - media: uvcvideo: Add quirk for invalid dev_sof in Logitech C920 (git-fixes). - media: uvcvideo: Disable autosuspend for Insta360 Link (stable-fixes). - media: uvcvideo: Fix the bandwdith quirk on USB 3.x (stable-fixes). - media: uvcvideo: Ignore empty TS packets (stable-fixes). - media: uvcvideo: Quirk for invalid dev_sof in Logitech C922 (stable-fixes). - media: xc2028: avoid use-after-free in load_firmware_cb() (stable-fixes). - memcg: protect concurrent access to mem_cgroup_idr (git-fixes). - memory: stm32-fmc2-ebi: check regmap_read return value (stable-fixes). - memory: tegra: Skip SID programming if SID registers are not set (stable-fixes). - minmax: add a few more MIN_T/MAX_T users (bsc#1229024). - minmax: avoid overly complicated constant expressions in VM code (bsc#1229024). - minmax: do not use max() in situations that want a C constant expression (bsc#1229024). - minmax: fix up min3() and max3() too (bsc#1229024). - minmax: improve macro expansion and type checking (bsc#1229024). - minmax: make generic MIN() and MAX() macros available everywhere (bsc#1229024). - minmax: simplify and clarify min_t()/max_t() implementation (bsc#1229024). - minmax: simplify min()/max()/clamp() implementation (bsc#1229024). - mm, kmsan: fix infinite recursion due to RCU critical section (git-fixes). - mm: prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - mmc: dw_mmc: allow biu and ciu clocks to defer (git-fixes). - mmc: mmc_test: Fix NULL dereference on allocation failure (git-fixes). - mmc: mtk-sd: receive cmd8 data when hs400 tuning fail (git-fixes). - net/iucv: fix the allocation size of iucv_path_table array (git-fixes bsc#1229451). - net/iucv: fix use after free in iucv_sock_close() (bsc#1228973). - net/rds: fix possible cp null dereference (git-fixes). - net/sched: initialize noop_qdisc owner (git-fixes). - net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes). - net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() (git-fixes). - net: fix sk_memory_allocated_{add|sub} vs softirqs (bsc#1228757). - net: mana: Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530). - net: mana: Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086). - net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154). - net: mana: Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes). - net: missing check virtio (git-fixes). - net: phy: micrel: Fix the KSZ9131 MDI-X status issue (git-fixes). - net: phy: realtek: add support for RTL8366S Gigabit PHY (git-fixes). - net: usb: qmi_wwan: fix memory leak for not ip packets (git-fixes). - net: usb: sr9700: fix uninitialized variable use in sr_mdio_read (git-fixes). - netfs, fscache: export fscache_put_volume() and add fscache_try_get_volume() (bsc#1228459 bsc#1228462). - nfc: pn533: Add poll mod list filling check (git-fixes). - nfs: do not invalidate dentries on transient errors (git-fixes). - nfs: expose /proc/net/sunrpc/nfs in net namespaces (git-fixes). - nfs: make the rpc_stat per net namespace (git-fixes). - nfs: pass explicit offset/count to trace events (git-fixes). - nfs: propagate readlink errors in nfs_symlink_filler (git-fixes). - nouveau/firmware: use dma non-coherent allocator (git-fixes). - nvme-multipath: find NUMA path only for online numa-node (git-fixes). - nvme-multipath: implement 'queue-depth' iopolicy (bsc#1227706). - nvme-multipath: prepare for 'queue-depth' iopolicy (bsc#1227706). - nvme-pci: Fix the instructions for disabling power management (git-fixes). - nvme-pci: add missing condition check for existence of mapped data (git-fixes). - nvme-pci: do not directly handle subsys reset fallout (bsc#1220066). - nvme-sysfs: add 'tls_configured_key' sysfs attribute (bsc#1221857). - nvme-sysfs: add 'tls_keyring' attribute (bsc#1221857). - nvme-tcp: check for invalidated or revoked key (bsc#1221857). - nvme-tcp: sanitize TLS key handling (bsc#1221857). - nvme: add a newline to the 'tls_key' sysfs attribute (bsc#1221857). - nvme: adjust multiples of NVME_CTRL_PAGE_SIZE in offset (git-fixes). - nvme: avoid double free special payload (git-fixes). - nvme: fix NVME_NS_DEAC may incorrectly identifying the disk as EXT_LBA (git-fixes). - nvme: fixup comment for nvme RDMA Provider Type (git-fixes). - nvme: split off TLS sysfs attributes into a separate group (bsc#1221857). - nvme: tcp: remove unnecessary goto statement (bsc#1221857). - nvme_core: scan namespaces asynchronously (bsc#1224105). - nvmet-auth: fix nvmet_auth hash error handling (git-fixes). - nvmet: always initialize cqe.result (git-fixes). - nvmet: do not return 'reserved' for empty TSAS values (git-fixes). - nvmet: fix a possible leak when destroy a ctrl during qp establishment (git-fixes). - nvmet: make 'tsas' attribute idempotent for RDMA (git-fixes). - ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() (bsc#1228410). - padata: Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes). - perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes). - pinctrl: mediatek: common-v2: Fix broken bias-disable for PULL_PU_PD_RSEL_TYPE (git-fixes). - pinctrl: rockchip: correct RK3328 iomux width flag for GPIO2-B pins (git-fixes). - pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes). - pinctrl: starfive: jh7110: Correct the level trigger configuration of iev register (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes). - platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes). - platform/x86/amd/hsmp: Add support for ACPI based probing (jsc#PED-8779). - platform/x86/amd/hsmp: Cache pci_dev in struct hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779). - platform/x86/amd/hsmp: Check HSMP support on AMD family of processors (jsc#PED-8779). - platform/x86/amd/hsmp: Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779). - platform/x86/amd/hsmp: Create static func to handle platdev (jsc#PED-8779). - platform/x86/amd/hsmp: Define a struct to hold mailbox regs (jsc#PED-8779). - platform/x86/amd/hsmp: Move dev from platdev to hsmp_socket (jsc#PED-8779). - platform/x86/amd/hsmp: Move hsmp_test to probe (jsc#PED-8779). - platform/x86/amd/hsmp: Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779). - platform/x86/amd/hsmp: Remove extra parenthesis and add a space (jsc#PED-8779). - platform/x86/amd/hsmp: Restructure sysfs group creation (jsc#PED-8779). - platform/x86/amd/hsmp: switch to use device_add_groups() (jsc#PED-8779). - platform/x86/intel/ifs: Initialize union ifs_status to zero (git-fixes). - platform/x86: lg-laptop: fix %s null argument warning (stable-fixes). - power: supply: axp288_charger: Fix constant_charge_voltage writes (git-fixes). - power: supply: axp288_charger: Round constant_charge_voltage writes down (git-fixes). - power: supply: qcom_battmgr: return EAGAIN when firmware service is not up (git-fixes). - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869). - powerpc/io: Avoid clang null pointer arithmetic warnings (bsc#1194869). - powerpc/kexec: make the update_cpus_node() function public (bsc#1194869). - powerpc/kexec: split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869). - powerpc/kexec_file: fix cpus node update to FDT (bsc#1194869). - powerpc/pseries: Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869). - powerpc/pseries: Whitelist dtl slub object for copying to userspace (bsc#1194869). - powerpc/radix: Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869). - powerpc/topology: Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - powerpc/xmon: Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869). - powerpc: fix a file leak in kvm_vcpu_ioctl_enable_cap() (bsc#1194869). - powerpc: xor_vmx: Add '-mhard-float' to CFLAGS (bsc#1194869). - printk/panic: Allow cpu backtraces to be written into ringbuffer during panic (bsc#1225607). - reiserfs: fix uninit-value in comp_keys (git-fixes). - rtc: nct3018y: fix possible NULL dereference (stable-fixes). - s390/cpum_cf: Fix endless loop in CF_DIAG event stop (git-fixes bsc#1229171). - s390/dasd: fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229173). - s390/dasd: fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229452). - s390/pci: Add missing virt_to_phys() for directed DIBV (git-fixes bsc#1229174). - s390/pci: Allow allocation of more than 1 MSI interrupt (git-fixes bsc#1229172). - s390/pci: Refactor arch_setup_msi_irqs() (git-fixes bsc#1229172). - s390/pkey: harmonize pkey s390 debug feature calls (bsc#1228720). - s390/pkey: introduce dynamic debugging for pkey (bsc#1228720). - s390/sclp: Prevent release of buffer in I/O (git-fixes bsc#1229169). - s390/uv: Panic for set and remove shared access UVC errors (git-fixes bsc#1229170). - samples/bpf: syscall_tp_user: Fix array out-of-bound access (git-fixes). - samples/bpf: syscall_tp_user: Rename num_progs into nr_tests (git-fixes). - sbitmap: use READ_ONCE to access map->word (stable-fixes). - scsi: lpfc: Allow DEVICE_RECOVERY mode after RSCN receipt if in PRLI_ISSUE state (bsc#1228857). - scsi: lpfc: Cancel ELS WQE instead of issuing abort when SLI port is inactive (bsc#1228857). - scsi: lpfc: Fix handling of fully recovered fabric node in dev_loss callbk (bsc#1228857). - scsi: lpfc: Fix incorrect request len mbox field when setting trunking via sysfs (bsc#1228857). - scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (bsc#1228857). - scsi: lpfc: Relax PRLI issue conditions after GID_FT response (bsc#1228857). - scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages (bsc#1228857). - scsi: lpfc: Update lpfc version to 14.4.0.3 (bsc#1228857). - scsi: qla2xxx: Avoid possible run-time warning with long model_num (bsc#1228850). - scsi: qla2xxx: Complete command early within lock (bsc#1228850). - scsi: qla2xxx: Convert comma to semicolon (bsc#1228850). - scsi: qla2xxx: Drop driver owner assignment (bsc#1228850). - scsi: qla2xxx: During vport delete send async logout explicitly (bsc#1228850). - scsi: qla2xxx: Fix debugfs output for fw_resource_count (bsc#1228850). - scsi: qla2xxx: Fix flash read failure (bsc#1228850). - scsi: qla2xxx: Fix for possible memory corruption (bsc#1228850). - scsi: qla2xxx: Fix optrom version displayed in FDMI (bsc#1228850). - scsi: qla2xxx: Indent help text (bsc#1228850). - scsi: qla2xxx: Reduce fabric scan duplicate code (bsc#1228850). - scsi: qla2xxx: Remove unused struct 'scsi_dif_tuple' (bsc#1228850). - scsi: qla2xxx: Return ENOBUFS if sg_cnt is more than one for ELS cmds (bsc#1228850). - scsi: qla2xxx: Unable to act on RSCN for port online (bsc#1228850). - scsi: qla2xxx: Update version to 10.02.09.300-k (bsc#1228850). - scsi: qla2xxx: Use QP lock to search for bsg (bsc#1228850). - scsi: qla2xxx: validate nvme_local_port correctly (bsc#1228850). - selftest/bpf: Add map_in_maps with BPF_MAP_TYPE_PERF_EVENT_ARRAY values (git-fixes). - selftests/bpf: Add a test to verify previous stacksafe() fix (bsc#1225903). - selftests/bpf: Add assert for user stacks in test_task_stack (git-fixes). - selftests/bpf: Add netkit to tc_redirect selftest (git-fixes). - selftests/bpf: De-veth-ize the tc_redirect test case (git-fixes). - selftests/bpf: Disable IPv6 for lwt_redirect test (git-fixes). - selftests/bpf: Fix erroneous bitmask operation (git-fixes). - selftests/bpf: Fix issues in setup_classid_environment() (git-fixes). - selftests/bpf: Fix potential premature unload in bpf_testmod (git-fixes). - selftests/bpf: Fix pyperf180 compilation failure with clang18 (git-fixes). - selftests/bpf: Fix the flaky tc_redirect_dtime test (git-fixes). - selftests/bpf: Fix up xdp bonding test wrt feature flags (git-fixes). - selftests/bpf: Make linked_list failure test more robust (git-fixes). - selftests/bpf: Relax time_tai test for equal timestamps in tai_forward (git-fixes). - selftests/bpf: Skip module_fentry_shadow test when bpf_testmod is not available (git-fixes). - selftests/bpf: Wait for the netstamp_needed_key static key to be turned on (git-fixes). - selftests/bpf: fix RELEASE=1 build for tc_opts (git-fixes). - selftests/bpf: fix bpf_loop_bench for new callback verification scheme (git-fixes). - selftests/bpf: fix compiler warnings in RELEASE=1 mode (git-fixes). - selftests/bpf: satisfy compiler by having explicit return in btf test (git-fixes). - serial: core: check uartclk for zero to avoid divide by zero (stable-fixes). - soc: qcom: cmd-db: Map shared memory as WC, not WB (git-fixes). - soc: qcom: pmic_glink: Actually communicate when remote goes down (git-fixes). - soundwire: stream: fix programming slave ports for non-continous port maps (git-fixes). - spi: Add empty versions of ACPI functions (stable-fixes). - spi: microchip-core: fix init function not setting the master and motorola modes (git-fixes). - spi: microchip-core: switch to use modern name (stable-fixes). - spi: spi-fsl-lpspi: Fix scldiv calculation (git-fixes). - spi: spidev: Add missing spi_device_id for bh2228fv (git-fixes). - squashfs: squashfs_read_data need to check if the length is 0 (git-fixes). - ssb: Fix division by zero issue in ssb_calc_clock_rate (stable-fixes). - staging: iio: resolver: ad2s1210: fix use before initialization (stable-fixes). - staging: ks7010: disable bh on tx_dev_lock (stable-fixes). - string.h: Introduce memtostr() and memtostr_pad() (bsc#1228849). - sunrpc: add a struct rpc_stats arg to rpc_create_args (git-fixes). - swiotlb: do not set total_used to 0 in swiotlb_create_debugfs_files() (git-fixes). - swiotlb: fix swiotlb_bounce() to do partial sync's correctly (git-fixes). - syscalls: fix compat_sys_io_pgetevents_time64 usage (git-fixes). - thermal/drivers/broadcom: Fix race between removal and clock disable (git-fixes). - thermal: bcm2835: Convert to platform remove callback returning void (stable-fixes). - thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes). - tools/perf: Fix perf bench epoll to enable the run when some CPU's are offline (bsc#1227747). - tools/perf: Fix perf bench futex to enable the run when some CPU's are offline (bsc#1227747). - tools/perf: Fix timing issue with parallel threads in perf bench wake-up-parallel (bsc#1227747). - tools/resolve_btfids: Fix comparison of distinct pointer types warning in resolve_btfids (git-fixes). - tools/resolve_btfids: Fix cross-compilation to non-host endianness (git-fixes). - tools/resolve_btfids: Refactor set sorting with types from btf_ids.h (git-fixes). - tools/resolve_btfids: fix build with musl libc (git-fixes). - trace/pid_list: Change gfp flags in pid_list_fill_irq() (git-fixes). - tracing: Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes). - tty: atmel_serial: use the correct RTS flag (git-fixes). - tty: serial: fsl_lpuart: mark last busy before uart_add_one_port (git-fixes). - usb: cdnsp: fix for Link TRB with TC (git-fixes). - usb: cdnsp: fix incorrect index in cdnsp_get_hw_deq function (git-fixes). - usb: core: sysfs: Unmerge @usb3_hardware_lpm_attr_group in remove_power_attributes() (git-fixes). - usb: dwc3: core: Skip setting event buffers for host only controllers (stable-fixes). - usb: dwc3: omap: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes). - usb: gadget: core: Check for unset descriptor (git-fixes). - usb: gadget: fsl: Increase size of name buffer for endpoints (stable-fixes). - usb: gadget: u_audio: Check return codes from usb_ep_enable and config_ep_by_speed (git-fixes). - usb: gadget: u_serial: Set start_delayed during suspend (git-fixes). - usb: gadget: uvc: cleanup request when not in correct state (stable-fixes). - usb: typec: fsa4480: Add support to swap SBU orientation (git-fixes). - usb: typec: fsa4480: Check if the chip is really there (git-fixes). - usb: typec: fsa4480: Relax CHIP_ID check (git-fixes). - usb: typec: fsa4480: add support for Audio Accessory Mode (git-fixes). - usb: typec: fsa4480: rework mux & switch setup to handle more states (git-fixes). - usb: vhci-hcd: Do not drop references before new references are gained (stable-fixes). - vfio/pci: fix potential memory leak in vfio_intx_enable() (git-fixes). - vhost-scsi: Handle vhost_vq_work_queue failures for events (git-fixes). - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes). - vhost/vsock: always initialize seqpacket_allow (git-fixes). - vhost: Release worker mutex during flushes (git-fixes). - vhost: Use virtqueue mutex for swapping worker (git-fixes). - virt: guest_memfd: fix reference leak on hwpoisoned page (git-fixes). - virtio-crypto: handle config changed by work queue (git-fixes). - virtio: reenable config if freezing device failed (git-fixes). - virtio_net: use u64_stats_t infra to avoid data-races (git-fixes). - virtiofs: forbid newlines in tags (bsc#1229940). - wifi: ath12k: fix memory leak in ath12k_dp_rx_peer_frag_setup() (stable-fixes). - wifi: ath12k: fix soft lockup on suspend (git-fixes). - wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion (git-fixes). - wifi: cfg80211: fix reporting failed MLO links status with cfg80211_connect_done (git-fixes). - wifi: iwlwifi: fw: fix wgds rev 3 exact size (git-fixes). - wifi: mac80211: use monitor sdata with driver only if desired (git-fixes). - wifi: mwifiex: duplicate static structs used in driver instances (git-fixes). - wifi: nl80211: disallow setting special AP channel widths (stable-fixes). - wifi: nl80211: do not give key data to userspace (stable-fixes). - wifi: rtw88: usb: Fix disconnection after beacon loss (stable-fixes). - wifi: wfx: repair open network AP mode (git-fixes). - workqueue: Improve scalability of workqueue watchdog touch (bsc#1193454). - workqueue: wq_watchdog_touch is always called with valid CPU (bsc#1193454). - x86/asm: Use %c/%n instead of %P operand modifier in asm templates (git-fixes). - x86/entry/64: Remove obsolete comment on tracing vs. SYSRET (git-fixes). - x86/mm: Fix pti_clone_entry_text() for i386 (git-fixes). - x86/mm: Fix pti_clone_pgtable() alignment assumption (git-fixes). - x86/mtrr: Check if fixed MTRRs exist before saving them (git-fixes). - x86/numa: Fix SRAT lookup of CFMWS ranges with numa_fill_memblks() (git-fixes). - x86/numa: Fix the address overlap check in numa_fill_memblks() (git-fixes). - x86/numa: Fix the sort compare func used in numa_fill_memblks() (git-fixes). - x86/numa: Introduce numa_fill_memblks() (git-fixes). - x86/pci: Skip early E820 check for ECAM region (git-fixes). - x86/xen: Convert comma to semicolon (git-fixes). - xfs: Fix missing interval for missing_owner in xfs fsmap (git-fixes). - xfs: Fix the owner setting issue for rmap query in xfs fsmap (git-fixes). - xfs: allow cross-linking special files without project quota (git-fixes). - xfs: allow symlinks with short remote targets (bsc#1229160). - xfs: allow unlinked symlinks and dirs with zero size (git-fixes). - xfs: attr forks require attr, not attr2 (git-fixes). - xfs: convert comma to semicolon (git-fixes). - xfs: do not use current->journal_info (git-fixes). - xfs: fix unlink vs cluster buffer instantiation race (git-fixes). - xfs: honor init_xattrs in xfs_init_new_inode for !ATTR fs (git-fixes). - xfs: journal geometry is not properly bounds checked (git-fixes). - xfs: match lock mode in xfs_buffered_write_iomap_begin() (git-fixes). - xfs: require XFS_SB_FEAT_INCOMPAT_LOG_XATTRS for attr log intent item recovery (git-fixes). - xfs: upgrade the extent counters in xfs_reflink_end_cow_extent later (git-fixes). - xfs: use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes). - xfs: use consistent uid/gid when grabbing dquots for inodes (git-fixes). - xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes). - xprtrdma: Fix rpcrdma_reqs_reset() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3402-1 Released: Mon Sep 23 15:37:36 2024 Summary: Recommended update for makedumpfile Type: recommended Severity: moderate References: 1226183 This update for makedumpfile fixes the following issue: - don't reserve disk space for flattened format (bsc#1226183). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3424-1 Released: Tue Sep 24 17:25:50 2024 Summary: Security update for xen Type: security Severity: moderate References: 1230366,CVE-2024-45817 This update for xen fixes the following issues: - CVE-2024-45817: Fixed a deadlock in vlapic_error. (bsc#1230366, XSA-462) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3450-1 Released: Thu Sep 26 09:09:16 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1227216 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3466-1 Released: Fri Sep 27 08:18:07 2024 Summary: Recommended update for perl-Bootloader Type: recommended Severity: moderate References: 1230070 This update for perl-Bootloader fixes the following issues: - Handle missing grub_installdevice on PowerPC (bsc#1230070) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3476-1 Released: Fri Sep 27 15:16:38 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3487-1 Released: Fri Sep 27 19:56:02 2024 Summary: Recommended update for logrotate Type: recommended Severity: moderate References: This update for logrotate fixes the following issues: - Backport 'ignoreduplicates' configuration flag (jsc#PED-10366) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3496-1 Released: Mon Sep 30 09:19:26 2024 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1230984 This update for rsyslog fixes the following issue: - restart daemon after update at the end of the transaction (bsc#1230984). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3501-1 Released: Tue Oct 1 16:03:34 2024 Summary: Security update for openssl-3 Type: security Severity: important References: 1230698,CVE-2024-41996 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3504-1 Released: Tue Oct 1 16:22:27 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1230638 This update for glibc fixes the following issue: - Use nss-systemd by default also in SLE (bsc#1230638). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3512-1 Released: Wed Oct 2 18:14:56 2024 Summary: Recommended update for systemd Type: recommended Severity: important References: 1226414,1228091,1228223,1228809,1229518 This update for systemd fixes the following issues: - Determine the effective user limits in a systemd setup (jsc#PED-5659) - Don't try to restart the udev socket units anymore. (bsc#1228809). - Add systemd.rules rework (bsc#1229518). - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091). - upstream commit (bsc#1226414). - Make the 32bit version of libudev.so available again (bsc#1228223). - policykit-1 renamed to polkitd ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3522-1 Released: Fri Oct 4 10:02:34 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1230110,1230330,1230468,1230639 This update for dracut fixes the following issues: - Version update 059+suse.541.g3c2df232: * fix(dasd-rules): handle all possible options in `rd.dasd` (bsc#1230110). * fix(dracut.spec): add Builddeps for initrd posttrans macros (bsc#1230639). * fix(zfcp_rules): check for presence of legacy rules (bsc#1230330). * Fixes for NVMeoF boot (bsc#1230468) * fix(nvmf): install (only) required nvmf modules * fix(nvmf): require NVMeoF modules * fix(nvmf): move /etc/nvme/host{nqn,id} requirement to hostonly ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3529-1 Released: Fri Oct 4 15:37:44 2024 Summary: Recommended update for libpcap Type: recommended Severity: moderate References: 1230894 This update for libpcap fixes the following issue: - enable rdma support (bsc#1230894). The following package changes have been done: - containerd-ctr-1.7.21-150000.117.1 updated - containerd-1.7.21-150000.117.1 updated - dracut-059+suse.541.g3c2df232-150600.3.11.2 updated - e2fsprogs-1.47.0-150600.4.6.2 updated - fipscheck-1.7.0-150600.3.3.2 updated - glibc-locale-base-2.38-150600.14.11.2 updated - glibc-locale-2.38-150600.14.11.2 updated - glibc-2.38-150600.14.11.2 updated - grub2-i386-pc-2.12-150600.8.6.1 updated - grub2-x86_64-efi-2.12-150600.8.6.1 updated - grub2-2.12-150600.8.6.1 updated - kernel-default-6.4.0-150600.23.22.1 updated - libblkid1-2.39.3-150600.4.12.2 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libcurl4-8.6.0-150600.4.9.2 updated - libexpat1-2.4.4-150400.3.22.1 updated - libext2fs2-1.47.0-150600.4.6.2 updated - libfdisk1-2.39.3-150600.4.12.2 updated - libfipscheck1-1.7.0-150600.3.3.2 updated - libmount1-2.39.3-150600.4.12.2 updated - libncurses6-6.1-150000.5.27.1 updated - libopenssl3-3.1.4-150600.5.18.1 updated - libpcap1-1.10.4-150600.3.6.2 updated - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - libsmartcols1-2.39.3-150600.4.12.2 updated - libsolv-tools-base-0.7.30-150600.8.2.1 updated - libsystemd0-254.18-150600.4.15.10 updated - libudev1-254.18-150600.4.15.10 updated - libuuid1-2.39.3-150600.4.12.2 updated - libzypp-17.35.11-150600.3.24.1 updated - logrotate-3.18.1-150400.3.10.1 updated - makedumpfile-1.7.4-150600.3.3.2 updated - ncurses-utils-6.1-150000.5.27.1 updated - openssl-3-3.1.4-150600.5.18.1 updated - pam-config-1.1-150600.16.3.1 updated - perl-Bootloader-1.8.2-150600.3.3.1 updated - python3-base-3.6.15-150300.10.72.1 updated - python3-3.6.15-150300.10.72.1 updated - rsyslog-module-relp-8.2406.0-150600.12.6.2 updated - rsyslog-8.2406.0-150600.12.6.2 updated - runc-1.1.14-150000.70.1 updated - suseconnect-ng-1.12.0-150600.3.8.2 updated - systemd-254.18-150600.4.15.10 updated - terminfo-base-6.1-150000.5.27.1 updated - terminfo-6.1-150000.5.27.1 updated - udev-254.18-150600.4.15.10 updated - util-linux-systemd-2.39.3-150600.4.12.2 updated - util-linux-2.39.3-150600.4.12.2 updated - xen-libs-4.18.3_04-150600.3.9.1 updated - zypper-1.14.77-150600.10.11.2 updated - libabsl2401_0_0-20240116.1-150600.17.7 removed - libprotobuf-lite25_1_0-25.1-150600.16.4.2 removed From sle-container-updates at lists.suse.com Fri Oct 11 07:02:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 11 Oct 2024 09:02:22 +0200 (CEST) Subject: SUSE-IU-2024:1484-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20241011070222.CE285FCC1@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1484-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.197 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.197 Severity : important Type : security References : 1199769 1216223 1220382 1221610 1221650 1222629 1222973 1223600 1223848 1224085 1225903 1226003 1226606 1226662 1226666 1226846 1226860 1226875 1226915 1227487 1227726 1227819 1227832 1227890 1228507 1228576 1228620 1228771 1229031 1229034 1229086 1229156 1229289 1229334 1229362 1229363 1229364 1229394 1229429 1229453 1229572 1229573 1229585 1229607 1229619 1229633 1229662 1229753 1229764 1229790 1229810 1229830 1229899 1229928 1229947 1230015 1230129 1230130 1230170 1230171 1230174 1230175 1230176 1230178 1230180 1230185 1230192 1230193 1230194 1230200 1230204 1230209 1230211 1230212 1230217 1230224 1230230 1230233 1230244 1230245 1230247 1230248 1230269 1230339 1230340 1230392 1230398 1230431 1230433 1230434 1230440 1230442 1230444 1230450 1230451 1230454 1230506 1230507 1230511 1230515 1230517 1230524 1230533 1230535 1230549 1230556 1230582 1230589 1230591 1230592 1230699 1230700 1230701 1230702 1230703 1230705 1230706 1230707 1230709 1230710 1230711 1230712 1230719 1230724 1230725 1230730 1230731 1230732 1230733 1230747 1230748 1230751 1230752 1230756 1230761 1230766 1230767 1230768 1230771 1230772 1230776 1230783 1230786 1230791 1230794 1230796 1230802 1230806 1230808 1230810 1230812 1230813 1230814 1230815 1230821 1230825 1230830 1231013 1231017 1231116 1231120 1231146 1231180 1231181 CVE-2022-48901 CVE-2022-48911 CVE-2022-48923 CVE-2022-48935 CVE-2022-48944 CVE-2022-48945 CVE-2023-52610 CVE-2023-52916 CVE-2024-26640 CVE-2024-26759 CVE-2024-26767 CVE-2024-26804 CVE-2024-26837 CVE-2024-37353 CVE-2024-38538 CVE-2024-38596 CVE-2024-38632 CVE-2024-40910 CVE-2024-40973 CVE-2024-40983 CVE-2024-41062 CVE-2024-41082 CVE-2024-42154 CVE-2024-42259 CVE-2024-42265 CVE-2024-42304 CVE-2024-42305 CVE-2024-42306 CVE-2024-43828 CVE-2024-43835 CVE-2024-43890 CVE-2024-43898 CVE-2024-43912 CVE-2024-43914 CVE-2024-44935 CVE-2024-44944 CVE-2024-44946 CVE-2024-44948 CVE-2024-44950 CVE-2024-44952 CVE-2024-44954 CVE-2024-44967 CVE-2024-44969 CVE-2024-44970 CVE-2024-44971 CVE-2024-44972 CVE-2024-44977 CVE-2024-44982 CVE-2024-44986 CVE-2024-44987 CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44998 CVE-2024-44999 CVE-2024-45000 CVE-2024-45001 CVE-2024-45003 CVE-2024-45006 CVE-2024-45007 CVE-2024-45008 CVE-2024-45011 CVE-2024-45013 CVE-2024-45015 CVE-2024-45018 CVE-2024-45020 CVE-2024-45021 CVE-2024-45026 CVE-2024-45028 CVE-2024-45029 CVE-2024-46673 CVE-2024-46674 CVE-2024-46675 CVE-2024-46676 CVE-2024-46677 CVE-2024-46679 CVE-2024-46685 CVE-2024-46686 CVE-2024-46689 CVE-2024-46694 CVE-2024-46702 CVE-2024-46707 CVE-2024-46714 CVE-2024-46715 CVE-2024-46717 CVE-2024-46720 CVE-2024-46721 CVE-2024-46722 CVE-2024-46723 CVE-2024-46724 CVE-2024-46725 CVE-2024-46726 CVE-2024-46727 CVE-2024-46728 CVE-2024-46730 CVE-2024-46731 CVE-2024-46732 CVE-2024-46737 CVE-2024-46738 CVE-2024-46739 CVE-2024-46743 CVE-2024-46744 CVE-2024-46745 CVE-2024-46746 CVE-2024-46747 CVE-2024-46750 CVE-2024-46751 CVE-2024-46752 CVE-2024-46753 CVE-2024-46755 CVE-2024-46756 CVE-2024-46758 CVE-2024-46759 CVE-2024-46761 CVE-2024-46771 CVE-2024-46772 CVE-2024-46773 CVE-2024-46774 CVE-2024-46778 CVE-2024-46780 CVE-2024-46781 CVE-2024-46783 CVE-2024-46784 CVE-2024-46786 CVE-2024-46787 CVE-2024-46791 CVE-2024-46794 CVE-2024-46798 CVE-2024-46822 CVE-2024-46830 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3569-1 Released: Wed Oct 9 13:51:41 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1199769,1216223,1220382,1221610,1221650,1222629,1222973,1223600,1223848,1224085,1225903,1226003,1226606,1226662,1226666,1226846,1226860,1226875,1226915,1227487,1227726,1227819,1227832,1227890,1228507,1228576,1228620,1228771,1229031,1229034,1229086,1229156,1229289,1229334,1229362,1229363,1229364,1229394,1229429,1229453,1229572,1229573,1229585,1229607,1229619,1229633,1229662,1229753,1229764,1229790,1229810,1229830,1229899,1229928,1229947,1230015,1230129,1230130,1230170,1230171,1230174,1230175,1230176,1230178,1230180,1230185,1230192,1230193,1230194,1230200,1230204,1230209,1230211,1230212,1230217,1230224,1230230,1230233,1230244,1230245,1230247,1230248,1230269,1230339,1230340,1230392,1230398,1230431,1230433,1230434,1230440,1230442,1230444,1230450,1230451,1230454,1230506,1230507,1230511,1230515,1230517,1230524,1230533,1230535,1230549,1230556,1230582,1230589,1230591,1230592,1230699,1230700,1230701,1230702,1230703,1230705,1230706,1230707,1230709,1230710,1230711,1230712,1230719,1 230724,1230725,1230730,1230731,1230732,1230733,1230747,1230748,1230751,1230752,1230756,1230761,1230766,1230767,1230768,1230771,1230772,1230776,1230783,1230786,1230791,1230794,1230796,1230802,1230806,1230808,1230810,1230812,1230813,1230814,1230815,1230821,1230825,1230830,1231013,1231017,1231116,1231120,1231146,1231180,1231181,CVE-2022-48901,CVE-2022-48911,CVE-2022-48923,CVE-2022-48935,CVE-2022-48944,CVE-2022-48945,CVE-2023-52610,CVE-2023-52916,CVE-2024-26640,CVE-2024-26759,CVE-2024-26767,CVE-2024-26804,CVE-2024-26837,CVE-2024-37353,CVE-2024-38538,CVE-2024-38596,CVE-2024-38632,CVE-2024-40910,CVE-2024-40973,CVE-2024-40983,CVE-2024-41062,CVE-2024-41082,CVE-2024-42154,CVE-2024-42259,CVE-2024-42265,CVE-2024-42304,CVE-2024-42305,CVE-2024-42306,CVE-2024-43828,CVE-2024-43835,CVE-2024-43890,CVE-2024-43898,CVE-2024-43912,CVE-2024-43914,CVE-2024-44935,CVE-2024-44944,CVE-2024-44946,CVE-2024-44948,CVE-2024-44950,CVE-2024-44952,CVE-2024-44954,CVE-2024-44967,CVE-2024-44969,CVE-2024-44970,CVE-2024-4 4971,CVE-2024-44972,CVE-2024-44977,CVE-2024-44982,CVE-2024-44986,CVE-2024-44987,CVE-2024-44988,CVE-2024-44989,CVE-2024-44990,CVE-2024-44998,CVE-2024-44999,CVE-2024-45000,CVE-2024-45001,CVE-2024-45003,CVE-2024-45006,CVE-2024-45007,CVE-2024-45008,CVE-2024-45011,CVE-2024-45013,CVE-2024-45015,CVE-2024-45018,CVE-2024-45020,CVE-2024-45021,CVE-2024-45026,CVE-2024-45028,CVE-2024-45029,CVE-2024-46673,CVE-2024-46674,CVE-2024-46675,CVE-2024-46676,CVE-2024-46677,CVE-2024-46679,CVE-2024-46685,CVE-2024-46686,CVE-2024-46689,CVE-2024-46694,CVE-2024-46702,CVE-2024-46707,CVE-2024-46714,CVE-2024-46715,CVE-2024-46717,CVE-2024-46720,CVE-2024-46721,CVE-2024-46722,CVE-2024-46723,CVE-2024-46724,CVE-2024-46725,CVE-2024-46726,CVE-2024-46727,CVE-2024-46728,CVE-2024-46730,CVE-2024-46731,CVE-2024-46732,CVE-2024-46737,CVE-2024-46738,CVE-2024-46739,CVE-2024-46743,CVE-2024-46744,CVE-2024-46745,CVE-2024-46746,CVE-2024-46747,CVE-2024-46750,CVE-2024-46751,CVE-2024-46752,CVE-2024-46753,CVE-2024-46755,CVE-2024-46756,CV E-2024-46758,CVE-2024-46759,CVE-2024-46761,CVE-2024-46771,CVE-2024-46772,CVE-2024-46773,CVE-2024-46774,CVE-2024-46778,CVE-2024-46780,CVE-2024-46781,CVE-2024-46783,CVE-2024-46784,CVE-2024-46786,CVE-2024-46787,CVE-2024-46791,CVE-2024-46794,CVE-2024-46798,CVE-2024-46822,CVE-2024-46830 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48901: btrfs: do not start relocation until in progress drops are done (bsc#1229607). - CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). - CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662) - CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619) - CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610). - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). - CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650). - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). - CVE-2024-26767: drm/amd/display: fixed integer types and null check locations (bsc#1230339). - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). - CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973). - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875). - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). - CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832). - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082). - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). - CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156) - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364). - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). - CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394). - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). - CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830) - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). - CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810). - CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). - CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178). - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). - CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230) - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). - CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175). - CVE-2024-45008: Input: MT - limit max slots (bsc#1230248). - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). - CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444) - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). - CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507). - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). - CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515) - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). - CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524) - CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589) - CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (bsc#1230582). - CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700). - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). - CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710) - CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703) - CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701) - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). - CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772). - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). - CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (bsc#1231116). The following non-security bugs were fixed: - ACPI: battery: create alarm sysfs attribute atomically (git-fixes). - ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git-fixes). - ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes). - ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). - ACPI: SBS: manage alarm sysfs attribute through psy core (git-fixes). - ACPI: sysfs: validate return type of _STR method (git-fixes). - af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846). - af_unix: Fix data races around sk->sk_shutdown (bsc#1226846). - af_unix: Fix data-races around sk->sk_shutdown (git-fixes). - ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes). - ALSA: hda/conexant: Mute speakers at suspend / shutdown (stable-fixes). - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (stable-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes). - apparmor: fix possible NULL pointer dereference (stable-fixes). - arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). - arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes). - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes). - arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). - arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) - arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) - arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) - arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) - arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes). - ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). - ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes). - ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes). - ASoC: tegra: Fix CBB error during probe() (git-fixes). - ASoC: topology: Properly initialize soc_enum values (stable-fixes). - ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). - ata: pata_macio: Use WARN instead of BUG (stable-fixes). - blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). - blk-mq: add number of queue calc helper (bsc#1229034). - blk-mq: Build default queue map via group_cpus_evenly() (bsc#1229031). - blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). - blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1229034). - blk-mq: use hk cpus only when isolcpus=io_queue is enabled (bsc#1229034). - Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). - Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). - Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes). - Bluetooth: L2CAP: Fix deadlock (git-fixes). - Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes). - cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231181). - cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231013). - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). - can: bcm: Remove proc entry when dev is unregistered (git-fixes). - can: j1939: use correct function name in comment (git-fixes). - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes). - ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231180). - char: xillybus: Check USB endpoints when probing device (git-fixes). - clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes). - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes). - clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes). - cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). - crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). - crypto: virtio - Handle dataq logic with tasklet (git-fixes). - crypto: virtio - Wait for tasklet to complete on device remove (git-fixes). - crypto: xor - fix template benchmarking (git-fixes). - devres: Initialize an uninitialized struct member (stable-fixes). - driver core: Add debug logs when fwnode links are added/deleted (git-fixes). - driver core: Add missing parameter description to __fwnode_link_add() (git-fixes). - driver core: Create __fwnode_link_del() helper function (git-fixes). - driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle (git-fixes). - driver core: fw_devlink: Consolidate device link flag computation (git-fixes). - driver core: Set deferred probe reason when deferred by driver core (git-fixes). - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). - Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). - drm/amd/amdgpu: Check tbo resource pointer (stable-fixes). - drm/amd/amdgpu: Properly tune the size of struct (git-fixes). - drm/amd/display: Add array index check for hdcp ddc access (stable-fixes). - drm/amd/display: added NULL check at start of dc_validate_stream (stable-fixes). - drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes). - drm/amd/display: Check denominator pbn_div before used (stable-fixes). - drm/amd/display: Check gpio_id before used as array index (stable-fixes). - drm/amd/display: Check HDCP returned status (stable-fixes). - drm/amd/display: Check msg_id before processing transcation (stable-fixes). - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes). - drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes). - drm/amd/display: Ensure index calculation will not overflow (stable-fixes). - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes). - drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes). - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable-fixes). - drm/amd/display: Spinlock before reading event (stable-fixes). - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes). - drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). - drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes). - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). - drm/amdgpu: fix a possible null pointer dereference (git-fixes). - drm/amdgpu: fix dereference after null check (stable-fixes). - drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes). - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes). - drm/amdgpu: Fix out-of-bounds write warning (stable-fixes). - drm/amdgpu: fix overflowed array index read warning (stable-fixes). - drm/amdgpu: Fix smatch static checker warning (stable-fixes). - drm/amdgpu: fix the waring dereferencing hive (stable-fixes). - drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes). - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable-fixes). - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes). - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes). - drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). - drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes). - drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes). - drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes). - drm/amd/pm: check negtive return for table entries (stable-fixes). - drm/amd/pm: check specific index for aldebaran (stable-fixes). - drm/amd/pm: Fix negative array index read (stable-fixes). - drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes). - drm/amd/pm: fix uninitialized variable warning (stable-fixes). - drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable-fixes). - drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). - drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes). - drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes). - drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git-fixes). - drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). - drm/meson: plane: Add error handling (stable-fixes). - drm/msm/a5xx: disable preemption in submits by default (git-fixes). - drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). - drm/msm/a5xx: properly clear preemption records on resume (git-fixes). - drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). - drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). - drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444) - drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). - drm/msm: fix %s null argument error (git-fixes). - drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes). - drm/radeon: fix null pointer dereference in radeon_add_common_modes (git-fixes). - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes). - drm/rockchip: vop: Allow 4096px width scaling (git-fixes). - drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). - exfat: fix memory leak in exfat_load_bitmap() (git-fixes). - fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). - filemap: remove use of wait bookmarks (bsc#1224085). - firmware_loader: Block path traversal (git-fixes). - fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230592). - fuse: update stats for pages in dropped aux writeback list (bsc#1230130). - fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230129). - genirq/affinity: Do not pass irq_affinity_desc array to irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Move group_cpus_evenly() into lib/ (bsc#1229031). - genirq/affinity: Only build SMP-only helper functions on SMP kernels (bsc#1229031). - genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly (bsc#1229031). - genirq/affinity: Replace cpumask_weight() with cpumask_empty() where appropriate (bsc#1229031). - gfs2: setattr_chown: Add missing initialization (git-fixes). - HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable-fixes). - hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). - hwmon: (ntc_thermistor) fix module autoloading (git-fixes). - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). - hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git-fixes). - hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git-fixes). - hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). - i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes). - i2c: Fix conditional for substituting empty ACPI functions (stable-fixes). - i2c: isch: Add missed 'else' (git-fixes). - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes). - i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes). - IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) - IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git-fixes) - iio: adc: ad7124: fix chip ID mismatch (git-fixes). - iio: adc: ad7124: fix config comparison (git-fixes). - iio: adc: ad7606: fix oversampling gpio array (git-fixes). - iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes). - iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes). - iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes). - iio: fix scale application in iio_convert_raw_to_processed_unlocked (git-fixes). - iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). - Input: ilitek_ts_i2c - add report id message validation (git-fixes). - Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). - Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - Input: uinput - reject requests with unreasonable number of slots (stable-fixes). - ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). - ipmi:ssif: Improve detecting during probing (bsc#1228771) - ipmi:ssif: Improve detecting during probing (bsc#1228771) - jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). - kabi: add __nf_queue_get_refs() for kabi compliance. - kABI, crypto: virtio - Handle dataq logic with tasklet (git-fixes). - kthread: Fix task state in kthread worker if being frozen (bsc#1231146). - lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1229031). - lib/group_cpus.c: honor housekeeping config when grouping CPUs (bsc#1229034). - lib/group_cpus: Export group_cpus_evenly() (bsc#1229031). - lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). - mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). - mailbox: rockchip: fix a typo in module autoloading (git-fixes). - media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269) - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). - media: qcom: camss: Fix ordering of pm_runtime_enable (git-fixes). - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes). - media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). - media: uvcvideo: Enforce alignment of frame and interval (stable-fixes). - media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). - media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). - media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). - media: vivid: fix wrong sizeimage value for mplane (stable-fixes). - mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes). - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes). - mmc: sdhci-of-aspeed: fix module autoloading (git-fixes). - mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). - mtd: slram: insert break after errors in parsing the map (git-fixes). - net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes). - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes). - net: missing check virtio (git-fixes). - net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). - nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH (bsc#1199769). - NFSD: Fix frame size warning in svc_export_parse() (git-fixes). - NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes). - NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726). - NFS: Reduce use of uncached readdir (bsc#1226662). - NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). - nilfs2: Constify struct kobj_type (git-fixes). - nilfs2: determine empty node blocks as corrupted (git-fixes). - nilfs2: fix missing cleanup on rollforward recovery error (git-fixes). - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). - nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). - nilfs2: fix state management in error path of log writing function (git-fixes). - nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes). - nilfs2: replace snprintf in show functions with sysfs_emit (git-fixes). - nilfs2: use default_groups in kobj_type (git-fixes). - nvme: move stopping keep-alive into nvme_uninit_ctrl() (git-fixes). - nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). - nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1229034). - nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). - nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). - nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). - nvmet-tcp: do not continue for invalid icreq (git-fixes). - nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). - nvmet-trace: avoid dereferencing pointer too early (git-fixes). - ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). - ocfs2: fix null-ptr-deref when journal load failed (git-fixes). - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). - PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). - PCI: al: Check IORESOURCE_BUS existence during probe (git-fixes). - PCI/ASPM: Move pci_function_0() upward (bsc#1226915) - PCI/ASPM: Remove struct aspm_latency (bsc#1226915) - PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915) - PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915) - PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). - PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). - PCI: dwc: Restore MSI Receiver mask during resume (git-fixes). - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes). - PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). - PCI: Support BAR sizes up to 8TB (bsc#1231017) - PCI: Wait for Link before restoring Downstream Buses (git-fixes). - PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). - PCI: xilinx-nwl: Fix register misspelling (git-fixes). - pcmcia: Use resource_size function on resource object (stable-fixes). - pinctrl: single: fix missing error code in pcs_probe() (git-fixes). - pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes). - PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). - platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes). - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes). - power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes). - power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). - power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). - power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). - RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) - RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) - RDMA/efa: Properly handle unexpected AQ completions (git-fixes) - RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) - RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) - RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) - RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes) - RDMA/hns: Optimize hem allocation performance (git-fixes) - RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes) - RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) - RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes) - RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes) - Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes). - Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (git-fixes). - Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (git-fixes). - Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (stable-fixes). - rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). - scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429). - scsi: lpfc: Copyright updates for 14.4.0.4 patches (bsc#1229429). - scsi: lpfc: Fix overflow build issue (bsc#1229429). - scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429). - scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429). - scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429). - scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429). - scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429). - scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429). - scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034). - scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). - scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). - scsi: use block layer helpers to calculate num of queues (bsc#1229034). - spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). - Squashfs: sanity check symbolic link size (git-fixes). - staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes). - thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes). - tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes). - tools/virtio: fix build (git-fixes). - tpm: Clean up TPM space after command failure (git-fixes). - tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). - tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). - udp: fix receiving fraglist GSO packets (git-fixes). - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes). - usb: cdnsp: Fix incorrect usb_request status (git-fixes). - USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). - usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). - usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). - usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes). - usb: dwc3: core: Skip setting event buffers for host only controllers (git-fixes). - usb: dwc3: core: update LC timer as per USB Spec V3.2 (git-fixes). - usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes). - usb: dwc3: omap: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes). - usbip: Do not submit special requests twice (stable-fixes). - usbnet: fix cyclical race on disconnect with work queue (git-fixes). - usbnet: ipheth: race between ipheth_close and error handling (git-fixes). - usbnet: modern method to get random MAC (git-fixes). - USB: serial: kobil_sct: restore initial terminal settings (git-fixes). - USB: serial: option: add MeiG Smart SRM825L (git-fixes). - usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes). - usb: uas: set host status byte on data completion error (git-fixes). - usb: uas: set host status byte on data completion error (stable-fixes). - USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). - usb: xhci: fix loss of data on Cadence xHC (git-fixes). - vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes). - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes). - virito: add APIs for retrieving vq affinity (bsc#1229034). - virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1229034). - virtio: blk/scs: replace blk_mq_virtio_map_queues with blk_mq_dev_map_queues (bsc#1229034). - virtiofs: forbid newlines in tags (bsc#1230591). - virtio_net: checksum offloading handling fix (git-fixes). - virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (git-fixes). - virtio_net: use u64_stats_t infra to avoid data-races (git-fixes). - virtio: reenable config if freezing device failed (git-fixes). - virtio/vsock: fix logic which reduces credit update messages (git-fixes). - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes). - vsock/virtio: add support for device suspend/resume (git-fixes). - vsock/virtio: factor our the code to initialize and delete VQs (git-fixes). - vsock/virtio: initialize the_virtio_vsock before using VQs (git-fixes). - vsock/virtio: remove socket from connected/bound list on shutdown (git-fixes). - watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes). - wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). - wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes). - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git-fixes). - wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes). - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). - wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). - wifi: rtw88: always wait for both firmware loading attempts (git-fixes). - wifi: rtw88: remove CPT execution branch never used (git-fixes). - wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). - x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). - x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). - x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). - x86/xen: Convert comma to semicolon (git-fixes). - xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). - xen: allow mapping ACPI data using a different physical address (bsc#1226003). - xen: introduce generic helper checking for memory map conflicts (bsc#1226003). - xen: move checks for e820 conflicts further up (bsc#1226003). - xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). - xen/swiotlb: add alignment check for dma buffers (bsc#1229928). - xen/swiotlb: fix allocated size (git-fixes). - xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). - xen: use correct end address of kernel for conflict checking (bsc#1226003). - xfs: do not include bnobt blocks when reserving free block pool (git-fixes). - xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git-fixes). - xz: cleanup CRC32 edits from 2018 (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3588-1 Released: Thu Oct 10 15:34:10 2024 Summary: Recommended update for elemental-toolkit Type: recommended Severity: moderate References: This update for elemental-toolkit contains the following fix: - Update to version 1.1.6: * Run KVM tests on ubuntu-latest * Install qemu in github workflow * Do not return error for efi.ReadLoadOption The following package changes have been done: - kernel-default-base-5.14.21-150500.55.83.1.150500.6.37.1 updated - elemental-toolkit-1.1.6-150500.3.6.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.99 updated From sle-container-updates at lists.suse.com Fri Oct 11 07:02:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 11 Oct 2024 09:02:38 +0200 (CEST) Subject: SUSE-IU-2024:1485-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20241011070238.6A497FCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1485-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.211 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.211 Severity : important Type : security References : 1199769 1216223 1220382 1221610 1221650 1222629 1222973 1223600 1223848 1224085 1225903 1226003 1226606 1226662 1226666 1226846 1226860 1226875 1226915 1227487 1227726 1227819 1227832 1227890 1228507 1228576 1228620 1228771 1229031 1229034 1229086 1229156 1229289 1229334 1229362 1229363 1229364 1229394 1229429 1229453 1229572 1229573 1229585 1229607 1229619 1229633 1229662 1229753 1229764 1229790 1229810 1229830 1229899 1229928 1229947 1230015 1230129 1230130 1230170 1230171 1230174 1230175 1230176 1230178 1230180 1230185 1230192 1230193 1230194 1230200 1230204 1230209 1230211 1230212 1230217 1230224 1230230 1230233 1230244 1230245 1230247 1230248 1230269 1230339 1230340 1230392 1230398 1230431 1230433 1230434 1230440 1230442 1230444 1230450 1230451 1230454 1230506 1230507 1230511 1230515 1230517 1230524 1230533 1230535 1230549 1230556 1230582 1230589 1230591 1230592 1230699 1230700 1230701 1230702 1230703 1230705 1230706 1230707 1230709 1230710 1230711 1230712 1230719 1230724 1230725 1230730 1230731 1230732 1230733 1230747 1230748 1230751 1230752 1230756 1230761 1230766 1230767 1230768 1230771 1230772 1230776 1230783 1230786 1230791 1230794 1230796 1230802 1230806 1230808 1230810 1230812 1230813 1230814 1230815 1230821 1230825 1230830 1231013 1231017 1231116 1231120 1231146 1231180 1231181 CVE-2022-48901 CVE-2022-48911 CVE-2022-48923 CVE-2022-48935 CVE-2022-48944 CVE-2022-48945 CVE-2023-52610 CVE-2023-52916 CVE-2024-26640 CVE-2024-26759 CVE-2024-26767 CVE-2024-26804 CVE-2024-26837 CVE-2024-37353 CVE-2024-38538 CVE-2024-38596 CVE-2024-38632 CVE-2024-40910 CVE-2024-40973 CVE-2024-40983 CVE-2024-41062 CVE-2024-41082 CVE-2024-42154 CVE-2024-42259 CVE-2024-42265 CVE-2024-42304 CVE-2024-42305 CVE-2024-42306 CVE-2024-43828 CVE-2024-43835 CVE-2024-43890 CVE-2024-43898 CVE-2024-43912 CVE-2024-43914 CVE-2024-44935 CVE-2024-44944 CVE-2024-44946 CVE-2024-44948 CVE-2024-44950 CVE-2024-44952 CVE-2024-44954 CVE-2024-44967 CVE-2024-44969 CVE-2024-44970 CVE-2024-44971 CVE-2024-44972 CVE-2024-44977 CVE-2024-44982 CVE-2024-44986 CVE-2024-44987 CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44998 CVE-2024-44999 CVE-2024-45000 CVE-2024-45001 CVE-2024-45003 CVE-2024-45006 CVE-2024-45007 CVE-2024-45008 CVE-2024-45011 CVE-2024-45013 CVE-2024-45015 CVE-2024-45018 CVE-2024-45020 CVE-2024-45021 CVE-2024-45026 CVE-2024-45028 CVE-2024-45029 CVE-2024-46673 CVE-2024-46674 CVE-2024-46675 CVE-2024-46676 CVE-2024-46677 CVE-2024-46679 CVE-2024-46685 CVE-2024-46686 CVE-2024-46689 CVE-2024-46694 CVE-2024-46702 CVE-2024-46707 CVE-2024-46714 CVE-2024-46715 CVE-2024-46717 CVE-2024-46720 CVE-2024-46721 CVE-2024-46722 CVE-2024-46723 CVE-2024-46724 CVE-2024-46725 CVE-2024-46726 CVE-2024-46727 CVE-2024-46728 CVE-2024-46730 CVE-2024-46731 CVE-2024-46732 CVE-2024-46737 CVE-2024-46738 CVE-2024-46739 CVE-2024-46743 CVE-2024-46744 CVE-2024-46745 CVE-2024-46746 CVE-2024-46747 CVE-2024-46750 CVE-2024-46751 CVE-2024-46752 CVE-2024-46753 CVE-2024-46755 CVE-2024-46756 CVE-2024-46758 CVE-2024-46759 CVE-2024-46761 CVE-2024-46771 CVE-2024-46772 CVE-2024-46773 CVE-2024-46774 CVE-2024-46778 CVE-2024-46780 CVE-2024-46781 CVE-2024-46783 CVE-2024-46784 CVE-2024-46786 CVE-2024-46787 CVE-2024-46791 CVE-2024-46794 CVE-2024-46798 CVE-2024-46822 CVE-2024-46830 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3588-1 Released: Thu Oct 10 15:34:10 2024 Summary: Recommended update for elemental-toolkit Type: recommended Severity: moderate References: This update for elemental-toolkit contains the following fix: - Update to version 1.1.6: * Run KVM tests on ubuntu-latest * Install qemu in github workflow * Do not return error for efi.ReadLoadOption ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3592-1 Released: Thu Oct 10 18:03:48 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1199769,1216223,1220382,1221610,1221650,1222629,1222973,1223600,1223848,1224085,1225903,1226003,1226606,1226662,1226666,1226846,1226860,1226875,1226915,1227487,1227726,1227819,1227832,1227890,1228507,1228576,1228620,1228771,1229031,1229034,1229086,1229156,1229289,1229334,1229362,1229363,1229364,1229394,1229429,1229453,1229572,1229573,1229585,1229607,1229619,1229633,1229662,1229753,1229764,1229790,1229810,1229830,1229899,1229928,1229947,1230015,1230129,1230130,1230170,1230171,1230174,1230175,1230176,1230178,1230180,1230185,1230192,1230193,1230194,1230200,1230204,1230209,1230211,1230212,1230217,1230224,1230230,1230233,1230244,1230245,1230247,1230248,1230269,1230339,1230340,1230392,1230398,1230431,1230433,1230434,1230440,1230442,1230444,1230450,1230451,1230454,1230506,1230507,1230511,1230515,1230517,1230524,1230533,1230535,1230549,1230556,1230582,1230589,1230591,1230592,1230699,1230700,1230701,1230702,1230703,1230705,1230706,1230707,1230709,1230710,1230711,1230712,1230719,1 230724,1230725,1230730,1230731,1230732,1230733,1230747,1230748,1230751,1230752,1230756,1230761,1230766,1230767,1230768,1230771,1230772,1230776,1230783,1230786,1230791,1230794,1230796,1230802,1230806,1230808,1230810,1230812,1230813,1230814,1230815,1230821,1230825,1230830,1231013,1231017,1231116,1231120,1231146,1231180,1231181,CVE-2022-48901,CVE-2022-48911,CVE-2022-48923,CVE-2022-48935,CVE-2022-48944,CVE-2022-48945,CVE-2023-52610,CVE-2023-52916,CVE-2024-26640,CVE-2024-26759,CVE-2024-26767,CVE-2024-26804,CVE-2024-26837,CVE-2024-37353,CVE-2024-38538,CVE-2024-38596,CVE-2024-38632,CVE-2024-40910,CVE-2024-40973,CVE-2024-40983,CVE-2024-41062,CVE-2024-41082,CVE-2024-42154,CVE-2024-42259,CVE-2024-42265,CVE-2024-42304,CVE-2024-42305,CVE-2024-42306,CVE-2024-43828,CVE-2024-43835,CVE-2024-43890,CVE-2024-43898,CVE-2024-43912,CVE-2024-43914,CVE-2024-44935,CVE-2024-44944,CVE-2024-44946,CVE-2024-44948,CVE-2024-44950,CVE-2024-44952,CVE-2024-44954,CVE-2024-44967,CVE-2024-44969,CVE-2024-44970,CVE-2024-4 4971,CVE-2024-44972,CVE-2024-44977,CVE-2024-44982,CVE-2024-44986,CVE-2024-44987,CVE-2024-44988,CVE-2024-44989,CVE-2024-44990,CVE-2024-44998,CVE-2024-44999,CVE-2024-45000,CVE-2024-45001,CVE-2024-45003,CVE-2024-45006,CVE-2024-45007,CVE-2024-45008,CVE-2024-45011,CVE-2024-45013,CVE-2024-45015,CVE-2024-45018,CVE-2024-45020,CVE-2024-45021,CVE-2024-45026,CVE-2024-45028,CVE-2024-45029,CVE-2024-46673,CVE-2024-46674,CVE-2024-46675,CVE-2024-46676,CVE-2024-46677,CVE-2024-46679,CVE-2024-46685,CVE-2024-46686,CVE-2024-46689,CVE-2024-46694,CVE-2024-46702,CVE-2024-46707,CVE-2024-46714,CVE-2024-46715,CVE-2024-46717,CVE-2024-46720,CVE-2024-46721,CVE-2024-46722,CVE-2024-46723,CVE-2024-46724,CVE-2024-46725,CVE-2024-46726,CVE-2024-46727,CVE-2024-46728,CVE-2024-46730,CVE-2024-46731,CVE-2024-46732,CVE-2024-46737,CVE-2024-46738,CVE-2024-46739,CVE-2024-46743,CVE-2024-46744,CVE-2024-46745,CVE-2024-46746,CVE-2024-46747,CVE-2024-46750,CVE-2024-46751,CVE-2024-46752,CVE-2024-46753,CVE-2024-46755,CVE-2024-46756,CV E-2024-46758,CVE-2024-46759,CVE-2024-46761,CVE-2024-46771,CVE-2024-46772,CVE-2024-46773,CVE-2024-46774,CVE-2024-46778,CVE-2024-46780,CVE-2024-46781,CVE-2024-46783,CVE-2024-46784,CVE-2024-46786,CVE-2024-46787,CVE-2024-46791,CVE-2024-46794,CVE-2024-46798,CVE-2024-46822,CVE-2024-46830 The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48901: btrfs: do not start relocation until in progress drops are done (bsc#1229607). - CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). - CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662) - CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619) - CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610). - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). - CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650). - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). - CVE-2024-26767: drm/amd/display: fixed integer types and null check locations (bsc#1230339). - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). - CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973). - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875). - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). - CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832). - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082). - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). - CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156) - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364). - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). - CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394). - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). - CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830) - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). - CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810). - CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). - CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178). - CVE-2024-44954: ALSA: line6: Fix racy access to midibuf (bsc#1230176). - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). - CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230) - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). - CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175). - CVE-2024-45008: Input: MT - limit max slots (bsc#1230248). - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). - CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444) - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). - CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507). - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). - CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515) - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). - CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524) - CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589) - CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (bsc#1230582). - CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700). - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). - CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710) - CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703) - CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701) - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). - CVE-2024-46750: PCI: Add missing bridge lock to pci_bus_lock() (bsc#1230783). - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). - CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772). - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). - CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (bsc#1231116). The following non-security bugs were fixed: - ACPI: battery: create alarm sysfs attribute atomically (git-fixes). - ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git-fixes). - ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes). - ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). - ACPI: SBS: manage alarm sysfs attribute through psy core (git-fixes). - ACPI: sysfs: validate return type of _STR method (git-fixes). - af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846). - af_unix: Fix data races around sk->sk_shutdown (bsc#1226846). - af_unix: Fix data-races around sk->sk_shutdown (git-fixes). - ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes). - ALSA: hda/conexant: Mute speakers at suspend / shutdown (stable-fixes). - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (stable-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes). - apparmor: fix possible NULL pointer dereference (stable-fixes). - arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). - arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes). - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes). - arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). - arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) - arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) - arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) - arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) - arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes). - ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). - ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes). - ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes). - ASoC: tegra: Fix CBB error during probe() (git-fixes). - ASoC: topology: Properly initialize soc_enum values (stable-fixes). - ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). - ata: pata_macio: Use WARN instead of BUG (stable-fixes). - blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). - blk-mq: add number of queue calc helper (bsc#1229034). - blk-mq: Build default queue map via group_cpus_evenly() (bsc#1229031). - blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). - blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1229034). - blk-mq: use hk cpus only when isolcpus=io_queue is enabled (bsc#1229034). - Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). - Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). - Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes). - Bluetooth: L2CAP: Fix deadlock (git-fixes). - Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes). - cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231181). - cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231013). - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). - can: bcm: Remove proc entry when dev is unregistered (git-fixes). - can: j1939: use correct function name in comment (git-fixes). - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes). - ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231180). - char: xillybus: Check USB endpoints when probing device (git-fixes). - clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes). - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes). - clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes). - cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). - crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). - crypto: virtio - Handle dataq logic with tasklet (git-fixes). - crypto: virtio - Wait for tasklet to complete on device remove (git-fixes). - crypto: xor - fix template benchmarking (git-fixes). - devres: Initialize an uninitialized struct member (stable-fixes). - driver core: Add debug logs when fwnode links are added/deleted (git-fixes). - driver core: Add missing parameter description to __fwnode_link_add() (git-fixes). - driver core: Create __fwnode_link_del() helper function (git-fixes). - driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle (git-fixes). - driver core: fw_devlink: Consolidate device link flag computation (git-fixes). - driver core: Set deferred probe reason when deferred by driver core (git-fixes). - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). - Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). - drm/amd/amdgpu: Check tbo resource pointer (stable-fixes). - drm/amd/amdgpu: Properly tune the size of struct (git-fixes). - drm/amd/display: Add array index check for hdcp ddc access (stable-fixes). - drm/amd/display: added NULL check at start of dc_validate_stream (stable-fixes). - drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes). - drm/amd/display: Check denominator pbn_div before used (stable-fixes). - drm/amd/display: Check gpio_id before used as array index (stable-fixes). - drm/amd/display: Check HDCP returned status (stable-fixes). - drm/amd/display: Check msg_id before processing transcation (stable-fixes). - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes). - drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes). - drm/amd/display: Ensure index calculation will not overflow (stable-fixes). - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes). - drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes). - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable-fixes). - drm/amd/display: Spinlock before reading event (stable-fixes). - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes). - drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). - drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes). - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). - drm/amdgpu: fix a possible null pointer dereference (git-fixes). - drm/amdgpu: fix dereference after null check (stable-fixes). - drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes). - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes). - drm/amdgpu: Fix out-of-bounds write warning (stable-fixes). - drm/amdgpu: fix overflowed array index read warning (stable-fixes). - drm/amdgpu: Fix smatch static checker warning (stable-fixes). - drm/amdgpu: fix the waring dereferencing hive (stable-fixes). - drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes). - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable-fixes). - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes). - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes). - drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). - drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes). - drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes). - drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes). - drm/amd/pm: check negtive return for table entries (stable-fixes). - drm/amd/pm: check specific index for aldebaran (stable-fixes). - drm/amd/pm: Fix negative array index read (stable-fixes). - drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes). - drm/amd/pm: fix uninitialized variable warning (stable-fixes). - drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable-fixes). - drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). - drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes). - drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes). - drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git-fixes). - drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). - drm/meson: plane: Add error handling (stable-fixes). - drm/msm/a5xx: disable preemption in submits by default (git-fixes). - drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). - drm/msm/a5xx: properly clear preemption records on resume (git-fixes). - drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). - drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). - drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444) - drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). - drm/msm: fix %s null argument error (git-fixes). - drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes). - drm/radeon: fix null pointer dereference in radeon_add_common_modes (git-fixes). - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes). - drm/rockchip: vop: Allow 4096px width scaling (git-fixes). - drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). - exfat: fix memory leak in exfat_load_bitmap() (git-fixes). - fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). - filemap: remove use of wait bookmarks (bsc#1224085). - firmware_loader: Block path traversal (git-fixes). - fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230592). - fuse: update stats for pages in dropped aux writeback list (bsc#1230130). - fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230129). - genirq/affinity: Do not pass irq_affinity_desc array to irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Move group_cpus_evenly() into lib/ (bsc#1229031). - genirq/affinity: Only build SMP-only helper functions on SMP kernels (bsc#1229031). - genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly (bsc#1229031). - genirq/affinity: Replace cpumask_weight() with cpumask_empty() where appropriate (bsc#1229031). - gfs2: setattr_chown: Add missing initialization (git-fixes). - HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable-fixes). - hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). - hwmon: (ntc_thermistor) fix module autoloading (git-fixes). - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). - hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git-fixes). - hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git-fixes). - hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). - i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes). - i2c: Fix conditional for substituting empty ACPI functions (stable-fixes). - i2c: isch: Add missed 'else' (git-fixes). - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes). - i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes). - IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) - IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git-fixes) - iio: adc: ad7124: fix chip ID mismatch (git-fixes). - iio: adc: ad7124: fix config comparison (git-fixes). - iio: adc: ad7606: fix oversampling gpio array (git-fixes). - iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes). - iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes). - iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes). - iio: fix scale application in iio_convert_raw_to_processed_unlocked (git-fixes). - iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). - Input: ilitek_ts_i2c - add report id message validation (git-fixes). - Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). - Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - Input: uinput - reject requests with unreasonable number of slots (stable-fixes). - ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). - ipmi:ssif: Improve detecting during probing (bsc#1228771) - ipmi:ssif: Improve detecting during probing (bsc#1228771) - jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). - kabi: add __nf_queue_get_refs() for kabi compliance. - kABI, crypto: virtio - Handle dataq logic with tasklet (git-fixes). - kthread: Fix task state in kthread worker if being frozen (bsc#1231146). - lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1229031). - lib/group_cpus.c: honor housekeeping config when grouping CPUs (bsc#1229034). - lib/group_cpus: Export group_cpus_evenly() (bsc#1229031). - lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). - mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). - mailbox: rockchip: fix a typo in module autoloading (git-fixes). - media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269) - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). - media: qcom: camss: Fix ordering of pm_runtime_enable (git-fixes). - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes). - media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). - media: uvcvideo: Enforce alignment of frame and interval (stable-fixes). - media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). - media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). - media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). - media: vivid: fix wrong sizeimage value for mplane (stable-fixes). - mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes). - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes). - mmc: sdhci-of-aspeed: fix module autoloading (git-fixes). - mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). - mtd: slram: insert break after errors in parsing the map (git-fixes). - net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes). - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes). - net: missing check virtio (git-fixes). - net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). - nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH (bsc#1199769). - NFSD: Fix frame size warning in svc_export_parse() (git-fixes). - NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes). - NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726). - NFS: Reduce use of uncached readdir (bsc#1226662). - NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). - nilfs2: Constify struct kobj_type (git-fixes). - nilfs2: determine empty node blocks as corrupted (git-fixes). - nilfs2: fix missing cleanup on rollforward recovery error (git-fixes). - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). - nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). - nilfs2: fix state management in error path of log writing function (git-fixes). - nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes). - nilfs2: replace snprintf in show functions with sysfs_emit (git-fixes). - nilfs2: use default_groups in kobj_type (git-fixes). - nvme: move stopping keep-alive into nvme_uninit_ctrl() (git-fixes). - nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). - nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1229034). - nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). - nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). - nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). - nvmet-tcp: do not continue for invalid icreq (git-fixes). - nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). - nvmet-trace: avoid dereferencing pointer too early (git-fixes). - ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). - ocfs2: fix null-ptr-deref when journal load failed (git-fixes). - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). - PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). - PCI: al: Check IORESOURCE_BUS existence during probe (git-fixes). - PCI/ASPM: Move pci_function_0() upward (bsc#1226915) - PCI/ASPM: Remove struct aspm_latency (bsc#1226915) - PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915) - PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915) - PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). - PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). - PCI: dwc: Restore MSI Receiver mask during resume (git-fixes). - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes). - PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). - PCI: Support BAR sizes up to 8TB (bsc#1231017) - PCI: Wait for Link before restoring Downstream Buses (git-fixes). - PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). - PCI: xilinx-nwl: Fix register misspelling (git-fixes). - pcmcia: Use resource_size function on resource object (stable-fixes). - pinctrl: single: fix missing error code in pcs_probe() (git-fixes). - pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes). - PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). - platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes). - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes). - power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes). - power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). - power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). - power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). - RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) - RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) - RDMA/efa: Properly handle unexpected AQ completions (git-fixes) - RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) - RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) - RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) - RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes) - RDMA/hns: Optimize hem allocation performance (git-fixes) - RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes) - RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) - RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes) - RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes) - Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes). - Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (git-fixes). - Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (git-fixes). - Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (stable-fixes). - rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). - scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429). - scsi: lpfc: Copyright updates for 14.4.0.4 patches (bsc#1229429). - scsi: lpfc: Fix overflow build issue (bsc#1229429). - scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429). - scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429). - scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429). - scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429). - scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429). - scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429). - scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034). - scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). - scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). - scsi: use block layer helpers to calculate num of queues (bsc#1229034). - spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). - Squashfs: sanity check symbolic link size (git-fixes). - staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes). - thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes). - tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes). - tools/virtio: fix build (git-fixes). - tpm: Clean up TPM space after command failure (git-fixes). - tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). - tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). - udp: fix receiving fraglist GSO packets (git-fixes). - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes). - usb: cdnsp: Fix incorrect usb_request status (git-fixes). - USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). - usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). - usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). - usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes). - usb: dwc3: core: Skip setting event buffers for host only controllers (git-fixes). - usb: dwc3: core: update LC timer as per USB Spec V3.2 (git-fixes). - usb: dwc3: omap: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes). - usbip: Do not submit special requests twice (stable-fixes). - usbnet: fix cyclical race on disconnect with work queue (git-fixes). - usbnet: ipheth: race between ipheth_close and error handling (git-fixes). - usbnet: modern method to get random MAC (git-fixes). - USB: serial: kobil_sct: restore initial terminal settings (git-fixes). - USB: serial: option: add MeiG Smart SRM825L (git-fixes). - usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes). - usb: uas: set host status byte on data completion error (git-fixes). - usb: uas: set host status byte on data completion error (stable-fixes). - USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). - usb: xhci: fix loss of data on Cadence xHC (git-fixes). - vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes). - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes). - virito: add APIs for retrieving vq affinity (bsc#1229034). - virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1229034). - virtio: blk/scs: replace blk_mq_virtio_map_queues with blk_mq_dev_map_queues (bsc#1229034). - virtiofs: forbid newlines in tags (bsc#1230591). - virtio_net: checksum offloading handling fix (git-fixes). - virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (git-fixes). - virtio_net: use u64_stats_t infra to avoid data-races (git-fixes). - virtio: reenable config if freezing device failed (git-fixes). - virtio/vsock: fix logic which reduces credit update messages (git-fixes). - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes). - vsock/virtio: add support for device suspend/resume (git-fixes). - vsock/virtio: factor our the code to initialize and delete VQs (git-fixes). - vsock/virtio: initialize the_virtio_vsock before using VQs (git-fixes). - vsock/virtio: remove socket from connected/bound list on shutdown (git-fixes). - watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes). - wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). - wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes). - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git-fixes). - wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes). - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). - wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). - wifi: rtw88: always wait for both firmware loading attempts (git-fixes). - wifi: rtw88: remove CPT execution branch never used (git-fixes). - wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). - x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). - x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). - x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). - x86/xen: Convert comma to semicolon (git-fixes). - xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). - xen: allow mapping ACPI data using a different physical address (bsc#1226003). - xen: introduce generic helper checking for memory map conflicts (bsc#1226003). - xen: move checks for e820 conflicts further up (bsc#1226003). - xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). - xen/swiotlb: add alignment check for dma buffers (bsc#1229928). - xen/swiotlb: fix allocated size (git-fixes). - xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). - xen: use correct end address of kernel for conflict checking (bsc#1226003). - xfs: do not include bnobt blocks when reserving free block pool (git-fixes). - xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git-fixes). - xz: cleanup CRC32 edits from 2018 (git-fixes). The following package changes have been done: - elemental-toolkit-1.1.6-150500.3.6.1 updated - kernel-rt-5.14.21-150500.13.73.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.160 updated From sle-container-updates at lists.suse.com Fri Oct 11 07:15:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 11 Oct 2024 09:15:03 +0200 (CEST) Subject: SUSE-CU-2024:4930-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20241011071503.967E0FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4930-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.26.7 Container Release : 26.7 Severity : important Type : security References : 1199769 1216223 1220382 1221610 1221650 1222629 1222973 1223600 1223848 1224085 1225903 1226003 1226606 1226662 1226666 1226846 1226860 1226875 1226915 1227487 1227726 1227819 1227832 1227890 1228507 1228576 1228620 1228771 1229031 1229034 1229086 1229156 1229289 1229334 1229362 1229363 1229364 1229394 1229429 1229453 1229572 1229573 1229585 1229607 1229619 1229633 1229662 1229753 1229764 1229790 1229810 1229830 1229899 1229928 1229947 1230015 1230129 1230130 1230170 1230171 1230174 1230175 1230176 1230178 1230180 1230185 1230192 1230193 1230194 1230200 1230204 1230209 1230211 1230212 1230217 1230224 1230230 1230233 1230244 1230245 1230247 1230248 1230269 1230339 1230340 1230392 1230398 1230431 1230433 1230434 1230440 1230442 1230444 1230450 1230451 1230454 1230506 1230507 1230511 1230515 1230517 1230524 1230533 1230535 1230549 1230556 1230582 1230589 1230591 1230592 1230699 1230700 1230701 1230702 1230703 1230705 1230706 1230707 1230709 1230710 1230711 1230712 1230719 1230724 1230725 1230730 1230731 1230732 1230733 1230747 1230748 1230751 1230752 1230756 1230761 1230766 1230767 1230768 1230771 1230772 1230776 1230783 1230786 1230791 1230794 1230796 1230802 1230806 1230808 1230810 1230812 1230813 1230814 1230815 1230821 1230825 1230830 1231013 1231017 1231116 1231120 1231146 1231180 1231181 CVE-2022-48901 CVE-2022-48911 CVE-2022-48923 CVE-2022-48935 CVE-2022-48944 CVE-2022-48945 CVE-2023-52610 CVE-2023-52916 CVE-2024-26640 CVE-2024-26759 CVE-2024-26767 CVE-2024-26804 CVE-2024-26837 CVE-2024-37353 CVE-2024-38538 CVE-2024-38596 CVE-2024-38632 CVE-2024-40910 CVE-2024-40973 CVE-2024-40983 CVE-2024-41062 CVE-2024-41082 CVE-2024-42154 CVE-2024-42259 CVE-2024-42265 CVE-2024-42304 CVE-2024-42305 CVE-2024-42306 CVE-2024-43828 CVE-2024-43835 CVE-2024-43890 CVE-2024-43898 CVE-2024-43912 CVE-2024-43914 CVE-2024-44935 CVE-2024-44944 CVE-2024-44946 CVE-2024-44948 CVE-2024-44950 CVE-2024-44952 CVE-2024-44954 CVE-2024-44967 CVE-2024-44969 CVE-2024-44970 CVE-2024-44971 CVE-2024-44972 CVE-2024-44977 CVE-2024-44982 CVE-2024-44986 CVE-2024-44987 CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44998 CVE-2024-44999 CVE-2024-45000 CVE-2024-45001 CVE-2024-45003 CVE-2024-45006 CVE-2024-45007 CVE-2024-45008 CVE-2024-45011 CVE-2024-45013 CVE-2024-45015 CVE-2024-45018 CVE-2024-45020 CVE-2024-45021 CVE-2024-45026 CVE-2024-45028 CVE-2024-45029 CVE-2024-46673 CVE-2024-46674 CVE-2024-46675 CVE-2024-46676 CVE-2024-46677 CVE-2024-46679 CVE-2024-46685 CVE-2024-46686 CVE-2024-46689 CVE-2024-46694 CVE-2024-46702 CVE-2024-46707 CVE-2024-46714 CVE-2024-46715 CVE-2024-46717 CVE-2024-46720 CVE-2024-46721 CVE-2024-46722 CVE-2024-46723 CVE-2024-46724 CVE-2024-46725 CVE-2024-46726 CVE-2024-46727 CVE-2024-46728 CVE-2024-46730 CVE-2024-46731 CVE-2024-46732 CVE-2024-46737 CVE-2024-46738 CVE-2024-46739 CVE-2024-46743 CVE-2024-46744 CVE-2024-46745 CVE-2024-46746 CVE-2024-46747 CVE-2024-46750 CVE-2024-46751 CVE-2024-46752 CVE-2024-46753 CVE-2024-46755 CVE-2024-46756 CVE-2024-46758 CVE-2024-46759 CVE-2024-46761 CVE-2024-46771 CVE-2024-46772 CVE-2024-46773 CVE-2024-46774 CVE-2024-46778 CVE-2024-46780 CVE-2024-46781 CVE-2024-46783 CVE-2024-46784 CVE-2024-46786 CVE-2024-46787 CVE-2024-46791 CVE-2024-46794 CVE-2024-46798 CVE-2024-46822 CVE-2024-46830 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3569-1 Released: Wed Oct 9 13:51:41 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1199769,1216223,1220382,1221610,1221650,1222629,1222973,1223600,1223848,1224085,1225903,1226003,1226606,1226662,1226666,1226846,1226860,1226875,1226915,1227487,1227726,1227819,1227832,1227890,1228507,1228576,1228620,1228771,1229031,1229034,1229086,1229156,1229289,1229334,1229362,1229363,1229364,1229394,1229429,1229453,1229572,1229573,1229585,1229607,1229619,1229633,1229662,1229753,1229764,1229790,1229810,1229830,1229899,1229928,1229947,1230015,1230129,1230130,1230170,1230171,1230174,1230175,1230176,1230178,1230180,1230185,1230192,1230193,1230194,1230200,1230204,1230209,1230211,1230212,1230217,1230224,1230230,1230233,1230244,1230245,1230247,1230248,1230269,1230339,1230340,1230392,1230398,1230431,1230433,1230434,1230440,1230442,1230444,1230450,1230451,1230454,1230506,1230507,1230511,1230515,1230517,1230524,1230533,1230535,1230549,1230556,1230582,1230589,1230591,1230592,1230699,1230700,1230701,1230702,1230703,1230705,1230706,1230707,1230709,1230710,1230711,1230712,1230719,1 230724,1230725,1230730,1230731,1230732,1230733,1230747,1230748,1230751,1230752,1230756,1230761,1230766,1230767,1230768,1230771,1230772,1230776,1230783,1230786,1230791,1230794,1230796,1230802,1230806,1230808,1230810,1230812,1230813,1230814,1230815,1230821,1230825,1230830,1231013,1231017,1231116,1231120,1231146,1231180,1231181,CVE-2022-48901,CVE-2022-48911,CVE-2022-48923,CVE-2022-48935,CVE-2022-48944,CVE-2022-48945,CVE-2023-52610,CVE-2023-52916,CVE-2024-26640,CVE-2024-26759,CVE-2024-26767,CVE-2024-26804,CVE-2024-26837,CVE-2024-37353,CVE-2024-38538,CVE-2024-38596,CVE-2024-38632,CVE-2024-40910,CVE-2024-40973,CVE-2024-40983,CVE-2024-41062,CVE-2024-41082,CVE-2024-42154,CVE-2024-42259,CVE-2024-42265,CVE-2024-42304,CVE-2024-42305,CVE-2024-42306,CVE-2024-43828,CVE-2024-43835,CVE-2024-43890,CVE-2024-43898,CVE-2024-43912,CVE-2024-43914,CVE-2024-44935,CVE-2024-44944,CVE-2024-44946,CVE-2024-44948,CVE-2024-44950,CVE-2024-44952,CVE-2024-44954,CVE-2024-44967,CVE-2024-44969,CVE-2024-44970,CVE-2024-4 4971,CVE-2024-44972,CVE-2024-44977,CVE-2024-44982,CVE-2024-44986,CVE-2024-44987,CVE-2024-44988,CVE-2024-44989,CVE-2024-44990,CVE-2024-44998,CVE-2024-44999,CVE-2024-45000,CVE-2024-45001,CVE-2024-45003,CVE-2024-45006,CVE-2024-45007,CVE-2024-45008,CVE-2024-45011,CVE-2024-45013,CVE-2024-45015,CVE-2024-45018,CVE-2024-45020,CVE-2024-45021,CVE-2024-45026,CVE-2024-45028,CVE-2024-45029,CVE-2024-46673,CVE-2024-46674,CVE-2024-46675,CVE-2024-46676,CVE-2024-46677,CVE-2024-46679,CVE-2024-46685,CVE-2024-46686,CVE-2024-46689,CVE-2024-46694,CVE-2024-46702,CVE-2024-46707,CVE-2024-46714,CVE-2024-46715,CVE-2024-46717,CVE-2024-46720,CVE-2024-46721,CVE-2024-46722,CVE-2024-46723,CVE-2024-46724,CVE-2024-46725,CVE-2024-46726,CVE-2024-46727,CVE-2024-46728,CVE-2024-46730,CVE-2024-46731,CVE-2024-46732,CVE-2024-46737,CVE-2024-46738,CVE-2024-46739,CVE-2024-46743,CVE-2024-46744,CVE-2024-46745,CVE-2024-46746,CVE-2024-46747,CVE-2024-46750,CVE-2024-46751,CVE-2024-46752,CVE-2024-46753,CVE-2024-46755,CVE-2024-46756,CV E-2024-46758,CVE-2024-46759,CVE-2024-46761,CVE-2024-46771,CVE-2024-46772,CVE-2024-46773,CVE-2024-46774,CVE-2024-46778,CVE-2024-46780,CVE-2024-46781,CVE-2024-46783,CVE-2024-46784,CVE-2024-46786,CVE-2024-46787,CVE-2024-46791,CVE-2024-46794,CVE-2024-46798,CVE-2024-46822,CVE-2024-46830 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48901: btrfs: do not start relocation until in progress drops are done (bsc#1229607). - CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). - CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662) - CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619) - CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610). - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). - CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650). - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). - CVE-2024-26767: drm/amd/display: fixed integer types and null check locations (bsc#1230339). - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). - CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973). - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875). - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). - CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832). - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082). - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). - CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156) - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364). - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). - CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394). - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). - CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830) - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). - CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810). - CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). - CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178). - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). - CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230) - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). - CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175). - CVE-2024-45008: Input: MT - limit max slots (bsc#1230248). - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). - CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444) - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). - CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507). - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). - CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515) - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). - CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524) - CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589) - CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (bsc#1230582). - CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700). - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). - CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710) - CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703) - CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701) - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). - CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772). - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). - CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (bsc#1231116). The following non-security bugs were fixed: - ACPI: battery: create alarm sysfs attribute atomically (git-fixes). - ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git-fixes). - ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes). - ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). - ACPI: SBS: manage alarm sysfs attribute through psy core (git-fixes). - ACPI: sysfs: validate return type of _STR method (git-fixes). - af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846). - af_unix: Fix data races around sk->sk_shutdown (bsc#1226846). - af_unix: Fix data-races around sk->sk_shutdown (git-fixes). - ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes). - ALSA: hda/conexant: Mute speakers at suspend / shutdown (stable-fixes). - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (stable-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes). - apparmor: fix possible NULL pointer dereference (stable-fixes). - arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). - arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes). - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes). - arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). - arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) - arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) - arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) - arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) - arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes). - ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). - ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes). - ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes). - ASoC: tegra: Fix CBB error during probe() (git-fixes). - ASoC: topology: Properly initialize soc_enum values (stable-fixes). - ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). - ata: pata_macio: Use WARN instead of BUG (stable-fixes). - blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). - blk-mq: add number of queue calc helper (bsc#1229034). - blk-mq: Build default queue map via group_cpus_evenly() (bsc#1229031). - blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). - blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1229034). - blk-mq: use hk cpus only when isolcpus=io_queue is enabled (bsc#1229034). - Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). - Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). - Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes). - Bluetooth: L2CAP: Fix deadlock (git-fixes). - Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes). - cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231181). - cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231013). - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). - can: bcm: Remove proc entry when dev is unregistered (git-fixes). - can: j1939: use correct function name in comment (git-fixes). - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes). - ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231180). - char: xillybus: Check USB endpoints when probing device (git-fixes). - clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes). - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes). - clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes). - cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). - crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). - crypto: virtio - Handle dataq logic with tasklet (git-fixes). - crypto: virtio - Wait for tasklet to complete on device remove (git-fixes). - crypto: xor - fix template benchmarking (git-fixes). - devres: Initialize an uninitialized struct member (stable-fixes). - driver core: Add debug logs when fwnode links are added/deleted (git-fixes). - driver core: Add missing parameter description to __fwnode_link_add() (git-fixes). - driver core: Create __fwnode_link_del() helper function (git-fixes). - driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle (git-fixes). - driver core: fw_devlink: Consolidate device link flag computation (git-fixes). - driver core: Set deferred probe reason when deferred by driver core (git-fixes). - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). - Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). - drm/amd/amdgpu: Check tbo resource pointer (stable-fixes). - drm/amd/amdgpu: Properly tune the size of struct (git-fixes). - drm/amd/display: Add array index check for hdcp ddc access (stable-fixes). - drm/amd/display: added NULL check at start of dc_validate_stream (stable-fixes). - drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes). - drm/amd/display: Check denominator pbn_div before used (stable-fixes). - drm/amd/display: Check gpio_id before used as array index (stable-fixes). - drm/amd/display: Check HDCP returned status (stable-fixes). - drm/amd/display: Check msg_id before processing transcation (stable-fixes). - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes). - drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes). - drm/amd/display: Ensure index calculation will not overflow (stable-fixes). - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes). - drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes). - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable-fixes). - drm/amd/display: Spinlock before reading event (stable-fixes). - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes). - drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). - drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes). - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). - drm/amdgpu: fix a possible null pointer dereference (git-fixes). - drm/amdgpu: fix dereference after null check (stable-fixes). - drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes). - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes). - drm/amdgpu: Fix out-of-bounds write warning (stable-fixes). - drm/amdgpu: fix overflowed array index read warning (stable-fixes). - drm/amdgpu: Fix smatch static checker warning (stable-fixes). - drm/amdgpu: fix the waring dereferencing hive (stable-fixes). - drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes). - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable-fixes). - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes). - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes). - drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). - drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes). - drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes). - drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes). - drm/amd/pm: check negtive return for table entries (stable-fixes). - drm/amd/pm: check specific index for aldebaran (stable-fixes). - drm/amd/pm: Fix negative array index read (stable-fixes). - drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes). - drm/amd/pm: fix uninitialized variable warning (stable-fixes). - drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable-fixes). - drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). - drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes). - drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes). - drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git-fixes). - drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). - drm/meson: plane: Add error handling (stable-fixes). - drm/msm/a5xx: disable preemption in submits by default (git-fixes). - drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). - drm/msm/a5xx: properly clear preemption records on resume (git-fixes). - drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). - drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). - drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444) - drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). - drm/msm: fix %s null argument error (git-fixes). - drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes). - drm/radeon: fix null pointer dereference in radeon_add_common_modes (git-fixes). - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes). - drm/rockchip: vop: Allow 4096px width scaling (git-fixes). - drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). - exfat: fix memory leak in exfat_load_bitmap() (git-fixes). - fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). - filemap: remove use of wait bookmarks (bsc#1224085). - firmware_loader: Block path traversal (git-fixes). - fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230592). - fuse: update stats for pages in dropped aux writeback list (bsc#1230130). - fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230129). - genirq/affinity: Do not pass irq_affinity_desc array to irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Move group_cpus_evenly() into lib/ (bsc#1229031). - genirq/affinity: Only build SMP-only helper functions on SMP kernels (bsc#1229031). - genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly (bsc#1229031). - genirq/affinity: Replace cpumask_weight() with cpumask_empty() where appropriate (bsc#1229031). - gfs2: setattr_chown: Add missing initialization (git-fixes). - HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable-fixes). - hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). - hwmon: (ntc_thermistor) fix module autoloading (git-fixes). - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). - hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git-fixes). - hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git-fixes). - hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). - i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes). - i2c: Fix conditional for substituting empty ACPI functions (stable-fixes). - i2c: isch: Add missed 'else' (git-fixes). - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes). - i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes). - IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) - IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git-fixes) - iio: adc: ad7124: fix chip ID mismatch (git-fixes). - iio: adc: ad7124: fix config comparison (git-fixes). - iio: adc: ad7606: fix oversampling gpio array (git-fixes). - iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes). - iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes). - iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes). - iio: fix scale application in iio_convert_raw_to_processed_unlocked (git-fixes). - iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). - Input: ilitek_ts_i2c - add report id message validation (git-fixes). - Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). - Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - Input: uinput - reject requests with unreasonable number of slots (stable-fixes). - ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). - ipmi:ssif: Improve detecting during probing (bsc#1228771) - ipmi:ssif: Improve detecting during probing (bsc#1228771) - jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). - kabi: add __nf_queue_get_refs() for kabi compliance. - kABI, crypto: virtio - Handle dataq logic with tasklet (git-fixes). - kthread: Fix task state in kthread worker if being frozen (bsc#1231146). - lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1229031). - lib/group_cpus.c: honor housekeeping config when grouping CPUs (bsc#1229034). - lib/group_cpus: Export group_cpus_evenly() (bsc#1229031). - lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). - mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). - mailbox: rockchip: fix a typo in module autoloading (git-fixes). - media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269) - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). - media: qcom: camss: Fix ordering of pm_runtime_enable (git-fixes). - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes). - media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). - media: uvcvideo: Enforce alignment of frame and interval (stable-fixes). - media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). - media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). - media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). - media: vivid: fix wrong sizeimage value for mplane (stable-fixes). - mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes). - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes). - mmc: sdhci-of-aspeed: fix module autoloading (git-fixes). - mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). - mtd: slram: insert break after errors in parsing the map (git-fixes). - net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes). - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes). - net: missing check virtio (git-fixes). - net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). - nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH (bsc#1199769). - NFSD: Fix frame size warning in svc_export_parse() (git-fixes). - NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes). - NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726). - NFS: Reduce use of uncached readdir (bsc#1226662). - NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). - nilfs2: Constify struct kobj_type (git-fixes). - nilfs2: determine empty node blocks as corrupted (git-fixes). - nilfs2: fix missing cleanup on rollforward recovery error (git-fixes). - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). - nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). - nilfs2: fix state management in error path of log writing function (git-fixes). - nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes). - nilfs2: replace snprintf in show functions with sysfs_emit (git-fixes). - nilfs2: use default_groups in kobj_type (git-fixes). - nvme: move stopping keep-alive into nvme_uninit_ctrl() (git-fixes). - nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). - nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1229034). - nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). - nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). - nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). - nvmet-tcp: do not continue for invalid icreq (git-fixes). - nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). - nvmet-trace: avoid dereferencing pointer too early (git-fixes). - ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). - ocfs2: fix null-ptr-deref when journal load failed (git-fixes). - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). - PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). - PCI: al: Check IORESOURCE_BUS existence during probe (git-fixes). - PCI/ASPM: Move pci_function_0() upward (bsc#1226915) - PCI/ASPM: Remove struct aspm_latency (bsc#1226915) - PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915) - PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915) - PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). - PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). - PCI: dwc: Restore MSI Receiver mask during resume (git-fixes). - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes). - PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). - PCI: Support BAR sizes up to 8TB (bsc#1231017) - PCI: Wait for Link before restoring Downstream Buses (git-fixes). - PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). - PCI: xilinx-nwl: Fix register misspelling (git-fixes). - pcmcia: Use resource_size function on resource object (stable-fixes). - pinctrl: single: fix missing error code in pcs_probe() (git-fixes). - pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes). - PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). - platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes). - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes). - power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes). - power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). - power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). - power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). - RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) - RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) - RDMA/efa: Properly handle unexpected AQ completions (git-fixes) - RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) - RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) - RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) - RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes) - RDMA/hns: Optimize hem allocation performance (git-fixes) - RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes) - RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) - RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes) - RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes) - Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes). - Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (git-fixes). - Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (git-fixes). - Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (stable-fixes). - rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). - scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429). - scsi: lpfc: Copyright updates for 14.4.0.4 patches (bsc#1229429). - scsi: lpfc: Fix overflow build issue (bsc#1229429). - scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429). - scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429). - scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429). - scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429). - scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429). - scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429). - scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034). - scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). - scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). - scsi: use block layer helpers to calculate num of queues (bsc#1229034). - spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). - Squashfs: sanity check symbolic link size (git-fixes). - staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes). - thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes). - tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes). - tools/virtio: fix build (git-fixes). - tpm: Clean up TPM space after command failure (git-fixes). - tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). - tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). - udp: fix receiving fraglist GSO packets (git-fixes). - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes). - usb: cdnsp: Fix incorrect usb_request status (git-fixes). - USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). - usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). - usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). - usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes). - usb: dwc3: core: Skip setting event buffers for host only controllers (git-fixes). - usb: dwc3: core: update LC timer as per USB Spec V3.2 (git-fixes). - usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes). - usb: dwc3: omap: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes). - usbip: Do not submit special requests twice (stable-fixes). - usbnet: fix cyclical race on disconnect with work queue (git-fixes). - usbnet: ipheth: race between ipheth_close and error handling (git-fixes). - usbnet: modern method to get random MAC (git-fixes). - USB: serial: kobil_sct: restore initial terminal settings (git-fixes). - USB: serial: option: add MeiG Smart SRM825L (git-fixes). - usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes). - usb: uas: set host status byte on data completion error (git-fixes). - usb: uas: set host status byte on data completion error (stable-fixes). - USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). - usb: xhci: fix loss of data on Cadence xHC (git-fixes). - vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes). - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes). - virito: add APIs for retrieving vq affinity (bsc#1229034). - virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1229034). - virtio: blk/scs: replace blk_mq_virtio_map_queues with blk_mq_dev_map_queues (bsc#1229034). - virtiofs: forbid newlines in tags (bsc#1230591). - virtio_net: checksum offloading handling fix (git-fixes). - virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (git-fixes). - virtio_net: use u64_stats_t infra to avoid data-races (git-fixes). - virtio: reenable config if freezing device failed (git-fixes). - virtio/vsock: fix logic which reduces credit update messages (git-fixes). - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes). - vsock/virtio: add support for device suspend/resume (git-fixes). - vsock/virtio: factor our the code to initialize and delete VQs (git-fixes). - vsock/virtio: initialize the_virtio_vsock before using VQs (git-fixes). - vsock/virtio: remove socket from connected/bound list on shutdown (git-fixes). - watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes). - wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). - wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes). - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git-fixes). - wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes). - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). - wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). - wifi: rtw88: always wait for both firmware loading attempts (git-fixes). - wifi: rtw88: remove CPT execution branch never used (git-fixes). - wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). - x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). - x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). - x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). - x86/xen: Convert comma to semicolon (git-fixes). - xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). - xen: allow mapping ACPI data using a different physical address (bsc#1226003). - xen: introduce generic helper checking for memory map conflicts (bsc#1226003). - xen: move checks for e820 conflicts further up (bsc#1226003). - xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). - xen/swiotlb: add alignment check for dma buffers (bsc#1229928). - xen/swiotlb: fix allocated size (git-fixes). - xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). - xen: use correct end address of kernel for conflict checking (bsc#1226003). - xfs: do not include bnobt blocks when reserving free block pool (git-fixes). - xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git-fixes). - xz: cleanup CRC32 edits from 2018 (git-fixes). The following package changes have been done: - kernel-macros-5.14.21-150500.55.83.1 updated - kernel-devel-5.14.21-150500.55.83.1 updated - kernel-default-devel-5.14.21-150500.55.83.1 updated - kernel-syms-5.14.21-150500.55.83.1 updated From sle-container-updates at lists.suse.com Fri Oct 11 07:18:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 11 Oct 2024 09:18:24 +0200 (CEST) Subject: SUSE-CU-2024:4944-1: Security update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20241011071824.A2C6EFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4944-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.49 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.49 Severity : important Type : security References : 1012628 1183045 1215199 1216223 1216776 1220382 1221527 1221610 1221650 1222629 1223600 1223848 1225487 1225812 1225903 1226003 1226507 1226606 1226666 1226846 1226860 1227487 1227694 1227726 1227819 1227885 1227890 1227962 1228090 1228140 1228244 1228507 1228771 1229001 1229004 1229019 1229086 1229167 1229169 1229289 1229334 1229362 1229363 1229364 1229371 1229380 1229389 1229394 1229429 1229443 1229452 1229455 1229456 1229494 1229555 1229585 1229753 1229764 1229768 1229790 1229810 1229899 1229928 1230015 1230111 1230119 1230123 1230124 1230125 1230169 1230170 1230171 1230173 1230174 1230175 1230176 1230178 1230180 1230181 1230185 1230191 1230192 1230193 1230194 1230195 1230200 1230204 1230206 1230207 1230209 1230211 1230213 1230217 1230221 1230224 1230230 1230232 1230233 1230240 1230244 1230245 1230247 1230248 1230269 1230270 1230295 1230340 1230426 1230430 1230431 1230432 1230433 1230434 1230435 1230440 1230441 1230442 1230444 1230450 1230451 1230454 1230455 1230457 1230459 1230506 1230507 1230511 1230515 1230517 1230518 1230519 1230520 1230521 1230524 1230526 1230533 1230535 1230539 1230540 1230549 1230556 1230562 1230563 1230564 1230580 1230582 1230589 1230602 1230699 1230700 1230701 1230702 1230703 1230704 1230705 1230706 1230709 1230711 1230712 1230715 1230719 1230722 1230724 1230725 1230726 1230727 1230730 1230731 1230732 1230747 1230748 1230749 1230751 1230752 1230753 1230756 1230761 1230766 1230767 1230768 1230771 1230772 1230775 1230776 1230780 1230783 1230786 1230787 1230791 1230794 1230796 1230802 1230806 1230808 1230809 1230810 1230812 1230813 1230814 1230815 1230821 1230825 1230830 1230831 1230854 1230948 1231008 1231035 1231120 1231146 1231182 1231183 CVE-2023-52610 CVE-2023-52752 CVE-2023-52915 CVE-2023-52916 CVE-2024-26640 CVE-2024-26759 CVE-2024-26804 CVE-2024-36953 CVE-2024-38538 CVE-2024-38596 CVE-2024-38632 CVE-2024-40965 CVE-2024-40973 CVE-2024-40983 CVE-2024-42154 CVE-2024-42243 CVE-2024-42252 CVE-2024-42265 CVE-2024-42294 CVE-2024-42304 CVE-2024-42305 CVE-2024-42306 CVE-2024-43828 CVE-2024-43832 CVE-2024-43835 CVE-2024-43845 CVE-2024-43870 CVE-2024-43890 CVE-2024-43898 CVE-2024-43904 CVE-2024-43914 CVE-2024-44935 CVE-2024-44944 CVE-2024-44946 CVE-2024-44947 CVE-2024-44948 CVE-2024-44950 CVE-2024-44951 CVE-2024-44952 CVE-2024-44954 CVE-2024-44960 CVE-2024-44961 CVE-2024-44962 CVE-2024-44965 CVE-2024-44967 CVE-2024-44969 CVE-2024-44970 CVE-2024-44971 CVE-2024-44977 CVE-2024-44982 CVE-2024-44984 CVE-2024-44985 CVE-2024-44986 CVE-2024-44987 CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44991 CVE-2024-44997 CVE-2024-44998 CVE-2024-44999 CVE-2024-45000 CVE-2024-45001 CVE-2024-45002 CVE-2024-45003 CVE-2024-45005 CVE-2024-45006 CVE-2024-45007 CVE-2024-45008 CVE-2024-45011 CVE-2024-45012 CVE-2024-45013 CVE-2024-45015 CVE-2024-45017 CVE-2024-45018 CVE-2024-45019 CVE-2024-45020 CVE-2024-45021 CVE-2024-45022 CVE-2024-45023 CVE-2024-45026 CVE-2024-45028 CVE-2024-45029 CVE-2024-45030 CVE-2024-46672 CVE-2024-46673 CVE-2024-46674 CVE-2024-46675 CVE-2024-46676 CVE-2024-46677 CVE-2024-46679 CVE-2024-46685 CVE-2024-46686 CVE-2024-46687 CVE-2024-46689 CVE-2024-46691 CVE-2024-46692 CVE-2024-46693 CVE-2024-46694 CVE-2024-46695 CVE-2024-46702 CVE-2024-46706 CVE-2024-46707 CVE-2024-46709 CVE-2024-46710 CVE-2024-46714 CVE-2024-46715 CVE-2024-46716 CVE-2024-46717 CVE-2024-46719 CVE-2024-46720 CVE-2024-46722 CVE-2024-46723 CVE-2024-46724 CVE-2024-46725 CVE-2024-46726 CVE-2024-46728 CVE-2024-46729 CVE-2024-46730 CVE-2024-46731 CVE-2024-46732 CVE-2024-46734 CVE-2024-46735 CVE-2024-46737 CVE-2024-46738 CVE-2024-46739 CVE-2024-46741 CVE-2024-46743 CVE-2024-46744 CVE-2024-46745 CVE-2024-46746 CVE-2024-46747 CVE-2024-46749 CVE-2024-46750 CVE-2024-46751 CVE-2024-46752 CVE-2024-46753 CVE-2024-46755 CVE-2024-46756 CVE-2024-46757 CVE-2024-46758 CVE-2024-46759 CVE-2024-46760 CVE-2024-46761 CVE-2024-46767 CVE-2024-46771 CVE-2024-46772 CVE-2024-46773 CVE-2024-46774 CVE-2024-46776 CVE-2024-46778 CVE-2024-46780 CVE-2024-46781 CVE-2024-46783 CVE-2024-46784 CVE-2024-46786 CVE-2024-46787 CVE-2024-46791 CVE-2024-46794 CVE-2024-46797 CVE-2024-46798 CVE-2024-46822 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3561-1 Released: Wed Oct 9 10:45:11 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1183045,1215199,1216223,1216776,1220382,1221527,1221610,1221650,1222629,1223600,1223848,1225487,1225812,1225903,1226003,1226507,1226606,1226666,1226846,1226860,1227487,1227694,1227726,1227819,1227885,1227890,1227962,1228090,1228140,1228244,1228507,1228771,1229001,1229004,1229019,1229086,1229167,1229169,1229289,1229334,1229362,1229363,1229364,1229371,1229380,1229389,1229394,1229429,1229443,1229452,1229455,1229456,1229494,1229585,1229753,1229764,1229768,1229790,1229810,1229899,1229928,1230015,1230119,1230123,1230124,1230125,1230169,1230170,1230171,1230173,1230174,1230175,1230176,1230178,1230180,1230181,1230185,1230191,1230192,1230193,1230194,1230195,1230200,1230204,1230206,1230207,1230209,1230211,1230213,1230217,1230221,1230224,1230230,1230232,1230233,1230240,1230244,1230245,1230247,1230248,1230269,1230270,1230295,1230340,1230426,1230430,1230431,1230432,1230433,1230434,1230435,1230440,1230441,1230442,1230444,1230450,1230451,1230454,1230455,1230457,1230459,1230506,1 230507,1230511,1230515,1230517,1230518,1230519,1230520,1230521,1230524,1230526,1230533,1230535,1230539,1230540,1230549,1230556,1230562,1230563,1230564,1230580,1230582,1230589,1230602,1230699,1230700,1230701,1230702,1230703,1230704,1230705,1230706,1230709,1230711,1230712,1230715,1230719,1230722,1230724,1230725,1230726,1230727,1230730,1230731,1230732,1230747,1230748,1230749,1230751,1230752,1230753,1230756,1230761,1230766,1230767,1230768,1230771,1230772,1230775,1230776,1230780,1230783,1230786,1230787,1230791,1230794,1230796,1230802,1230806,1230808,1230809,1230810,1230812,1230813,1230814,1230815,1230821,1230825,1230830,1230831,1230854,1230948,1231008,1231035,1231120,1231146,1231182,1231183,CVE-2023-52610,CVE-2023-52752,CVE-2023-52915,CVE-2023-52916,CVE-2024-26640,CVE-2024-26759,CVE-2024-26804,CVE-2024-36953,CVE-2024-38538,CVE-2024-38596,CVE-2024-38632,CVE-2024-40965,CVE-2024-40973,CVE-2024-40983,CVE-2024-42154,CVE-2024-42243,CVE-2024-42252,CVE-2024-42265,CVE-2024-42294,CVE-2024-42304,CV E-2024-42305,CVE-2024-42306,CVE-2024-43828,CVE-2024-43832,CVE-2024-43835,CVE-2024-43845,CVE-2024-43870,CVE-2024-43890,CVE-2024-43898,CVE-2024-43904,CVE-2024-43914,CVE-2024-44935,CVE-2024-44944,CVE-2024-44946,CVE-2024-44947,CVE-2024-44948,CVE-2024-44950,CVE-2024-44951,CVE-2024-44952,CVE-2024-44954,CVE-2024-44960,CVE-2024-44961,CVE-2024-44962,CVE-2024-44965,CVE-2024-44967,CVE-2024-44969,CVE-2024-44970,CVE-2024-44971,CVE-2024-44977,CVE-2024-44982,CVE-2024-44984,CVE-2024-44985,CVE-2024-44986,CVE-2024-44987,CVE-2024-44988,CVE-2024-44989,CVE-2024-44990,CVE-2024-44991,CVE-2024-44997,CVE-2024-44998,CVE-2024-44999,CVE-2024-45000,CVE-2024-45001,CVE-2024-45002,CVE-2024-45003,CVE-2024-45005,CVE-2024-45006,CVE-2024-45007,CVE-2024-45008,CVE-2024-45011,CVE-2024-45012,CVE-2024-45013,CVE-2024-45015,CVE-2024-45017,CVE-2024-45018,CVE-2024-45019,CVE-2024-45020,CVE-2024-45021,CVE-2024-45022,CVE-2024-45023,CVE-2024-45026,CVE-2024-45028,CVE-2024-45029,CVE-2024-45030,CVE-2024-46672,CVE-2024-46673,CVE-2024- 46674,CVE-2024-46675,CVE-2024-46676,CVE-2024-46677,CVE-2024-46679,CVE-2024-46685,CVE-2024-46686,CVE-2024-46687,CVE-2024-46689,CVE-2024-46691,CVE-2024-46692,CVE-2024-46693,CVE-2024-46694,CVE-2024-46695,CVE-2024-46702,CVE-2024-46706,CVE-2024-46707,CVE-2024-46709,CVE-2024-46710,CVE-2024-46714,CVE-2024-46715,CVE-2024-46716,CVE-2024-46717,CVE-2024-46719,CVE-2024-46720,CVE-2024-46722,CVE-2024-46723,CVE-2024-46724,CVE-2024-46725,CVE-2024-46726,CVE-2024-46728,CVE-2024-46729,CVE-2024-46730,CVE-2024-46731,CVE-2024-46732,CVE-2024-46734,CVE-2024-46735,CVE-2024-46737,CVE-2024-46738,CVE-2024-46739,CVE-2024-46741,CVE-2024-46743,CVE-2024-46744,CVE-2024-46745,CVE-2024-46746,CVE-2024-46747,CVE-2024-46749,CVE-2024-46750,CVE-2024-46751,CVE-2024-46752,CVE-2024-46753,CVE-2024-46755,CVE-2024-46756,CVE-2024-46757,CVE-2024-46758,CVE-2024-46759,CVE-2024-46760,CVE-2024-46761,CVE-2024-46767,CVE-2024-46771,CVE-2024-46772,CVE-2024-46773,CVE-2024-46774,CVE-2024-46776,CVE-2024-46778,CVE-2024-46780,CVE-2024-46781,C VE-2024-46783,CVE-2024-46784,CVE-2024-46786,CVE-2024-46787,CVE-2024-46791,CVE-2024-46794,CVE-2024-46797,CVE-2024-46798,CVE-2024-46822 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). - CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650). - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). - CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885). - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). - CVE-2024-42243: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray (bsc#1229001). - CVE-2024-42252: closures: Change BUG_ON() to WARN_ON() (bsc#1229004). - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-42294: block: fix deadlock between sd_remove & sd_release (bsc#1229371). - CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364). - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). - CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394). - CVE-2024-43832: s390/uv: Do not call folio_wait_writeback() without a folio reference (bsc#1229380). - CVE-2024-43845: udf: Fix bogus checksum computation in udf_rename() (bsc#1229389). - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). - CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810). - CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). - CVE-2024-44951: serial: sc16is7xx: fix TX fifo corruption (bsc#1230181). - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). - CVE-2024-44984: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT (bsc#1230240). - CVE-2024-44985: ipv6: prevent possible UAF in ip6_xmit() (bsc#1230206). - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). - CVE-2024-44991: tcp: prevent concurrent execution of tcp_sk_exit_batch (bsc#1230195). - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). - CVE-2024-45002: rtla/osnoise: Prevent NULL dereference in error handling (bsc#1230169). - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). - CVE-2024-45017: net/mlx5: Fix IPsec RoCE MPV trace call (bsc#1230430). - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). - CVE-2024-45019: net/mlx5e: Take state lock during tx timeout reporter (bsc#1230432). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-45022: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 (bsc#1230435). - CVE-2024-45023: md/raid1: Fix data corruption for degraded array with slow disk (bsc#1230455). - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). - CVE-2024-45030: igb: cope with large MAX_SKB_FRAGS (bsc#1230457). - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). - CVE-2024-46687: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() (bsc#1230518). - CVE-2024-46691: usb: typec: ucsi: Move unregister out of atomic section (bsc#1230526). - CVE-2024-46692: firmware: qcom: scm: Mark get_wq_ctx() as atomic call (bsc#1230520). - CVE-2024-46693: kABI workaround for soc-qcom pmic_glink changes (bsc#1230521). - CVE-2024-46710: drm/vmwgfx: Prevent unmapping active read buffers (bsc#1230540). - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). - CVE-2024-46729: drm/amd/display: Fix incorrect size calculation for loop (bsc#1230704). - CVE-2024-46735: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() (bsc#1230727). - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). - CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772). - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). The following non-security bugs were fixed: - ABI: testing: fix admv8818 attr description (git-fixes). - ACPI: CPPC: Add helper to get the highest performance value (stable-fixes). - ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git-fixes). - ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes). - ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). - ACPI: sysfs: validate return type of _STR method (git-fixes). - ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE (stable-fixes). - ACPICA: executer/exsystem: Do not nag user about every Stall() violating the spec (git-fixes). - ALSA: control: Apply sanity check of input values for user elements (stable-fixes). - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes). - ALSA: hda/realtek - Fix inactive headset mic jack for ASUS Vivobook 15 X1504VAP (stable-fixes). - ALSA: hda/realtek: Enable Mute Led for HP Victus 15-fb1xxx (stable-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes). - ALSA: hda/realtek: add patch for internal mic in Lenovo V145 (stable-fixes). - ALSA: hda/realtek: extend quirks for Clevo V5[46]0 (stable-fixes). - ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). - ALSA: hda: add HDMI codec ID for Intel PTL (stable-fixes). - ALSA: hda: cs35l41: fix module autoloading (git-fixes). - ARM: 9406/1: Fix callchain_trace() return value (git-fixes). - ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - ASoC: amd: yc: Add a quirk for MSI Bravo 17 (D7VEK) (stable-fixes). - ASoC: codecs: avoid possible garbage value in peb2466_reg_read() (git-fixes). - ASoC: cs42l42: Convert comma to semicolon (git-fixes). - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes). - ASoC: intel: fix module autoloading (stable-fixes). - ASoC: meson: Remove unused declartion in header file (git-fixes). - ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). - ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes). - ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes). - ASoC: soc-ac97: Fix the incorrect description (git-fixes). - ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes). - ASoC: tas2781-i2c: Get the right GPIO line (git-fixes). - ASoC: tda7419: fix module autoloading (stable-fixes). - ASoC: tegra: Fix CBB error during probe() (git-fixes). - ASoC: topology: Properly initialize soc_enum values (stable-fixes). - ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes). - ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially broken alignment (stable-fixes). - Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes). - Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() (stable-fixes). - Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). - Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). - Bluetooth: hci_event: Use HCI error defines instead of magic values (stable-fixes). - Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue (stable-fixes). - Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes). - Detect memory allocation failure in annotated_source__alloc_histograms (bsc#1227962). - Documentation: ioctl: document 0x07 ioctl code (git-fixes). - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). - Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). - HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable-fixes). - HID: multitouch: Add support for GT7868Q (stable-fixes). - HID: wacom: Do not warn about dropped packets for first packet (git-fixes). - HID: wacom: Support sequence numbers smaller than 16-bit (git-fixes). - IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) - Input: adp5588-keys - fix check on return code (git-fixes). - Input: ads7846 - ratelimit the spi_sync error message (stable-fixes). - Input: ili210x - use kvmalloc() to allocate buffer for firmware update (stable-fixes). - Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). - Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - Input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes). - Input: tsc2004/5 - do not hard code interrupt trigger (git-fixes). - Input: tsc2004/5 - fix reset handling on probe (git-fixes). - Input: tsc2004/5 - use device core to create driver-specific device attributes (git-fixes). - Input: uinput - reject requests with unreasonable number of slots (stable-fixes). - KEYS: prevent NULL pointer dereference in find_asymmetric_key() (git-fixes). - KVM: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes). - KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes). - KVM: arm64: Block unsafe FF-A calls from the host (git-fixes). - KVM: arm64: Disallow copying MTE to guest memory while KVM is dirty logging (git-fixes). - KVM: arm64: Do not pass a TLBI level hint when zapping table entries (git-fixes). - KVM: arm64: Do not re-initialize the KVM lock (git-fixes). - KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes). - KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (git-fixes). - KVM: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes). - KVM: arm64: nvhe: Ignore SVE hint in SMCCC function ID (git-fixes). - KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git-fixes). - KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (git-fixes). - Move fixes into sorted section (bsc#1230119) - NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726). - NFSD: Fix frame size warning in svc_export_parse() (git-fixes). - NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes). - NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). - PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). - PCI: Wait for Link before restoring Downstream Buses (git-fixes). - PCI: al: Check IORESOURCE_BUS existence during probe (stable-fixes). - PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). - PCI: dra7xx: Fix threaded IRQ request for 'dra7xx-pcie-main' IRQ (git-fixes). - PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). - PCI: imx6: Fix missing call to phy_power_off() in error handling (git-fixes). - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes). - PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). - PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() (git-fixes). - PCI: qcom-ep: Enable controller resources like PHY only after refclk is available (git-fixes). - PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). - PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). - RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) - RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) - RDMA/efa: Properly handle unexpected AQ completions (git-fixes) - RDMA/erdma: Return QP state in erdma_query_qp (git-fixes) - RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) - RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS (git-fixes) - RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 (git-fixes) - RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes) - RDMA/hns: Fix ah error counter in sw stat not increasing (git-fixes) - RDMA/hns: Fix restricted __le16 degrades to integer issue (git-fixes) - RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) - RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) - RDMA/hns: Optimize hem allocation performance (git-fixes) - RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes) - RDMA/mlx5: Drop redundant work canceling from clean_keys() (git-fixes) - RDMA/mlx5: Fix MR cache temp entries cleanup (git-fixes) - RDMA/mlx5: Fix counter update on MR cache mkey creation (git-fixes) - RDMA/mlx5: Limit usage of over-sized mkeys from the MR cache (git-fixes) - RDMA/mlx5: Obtain upper net device only when needed (git-fixes) - RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) - RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes) - Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes). - Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (git-fixes). - Revert 'PCI: Extend ACS configurability (bsc#1228090).' (bsc#1229019) - Revert 'drm/amdgpu: align pp_power_profile_mode with kernel docs' (stable-fixes). - Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (git-fixes). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' - Squashfs: sanity check symbolic link size (git-fixes). - USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). - USB: serial: kobil_sct: restore initial terminal settings (git-fixes). - USB: serial: option: add MeiG Smart SRM825L (git-fixes). - USB: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes). - USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes). - afs: Do not cross .backup mountpoint from backup volume (git-fixes). - afs: Revert 'afs: Hide silly-rename files from userspace' (git-fixes). - arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) - arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) - arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). - arm64: dts: allwinner: h616: Add r_i2c pinctrl nodes (git-fixes). - arm64: dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB (git-fixes). - arm64: dts: imx8-ss-dma: Fix adc0 closing brace location (git-fixes). - arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes). - arm64: dts: rockchip: Correct vendor prefix for Hardkernel ODROID-M1 (git-fixes). - arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes). - arm64: dts: rockchip: fix eMMC/SPI corruption when audio has been used on RK3399 Puma (git-fixes). - arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes). - arm64: signal: Fix some under-bracketed UAPI macros (git-fixes). - arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) - arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) - arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) - ata: libata-scsi: Fix ata_msense_control() CDL page reporting (git-fixes). - ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense data (git-fixes). - ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). - ata: pata_macio: Use WARN instead of BUG (stable-fixes). - blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). - blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). - bpf, events: Use prog to emit ksymbol event for main program (git-fixes). - bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() (git-fixes). - btrfs: fix race between direct IO write and fsync when using same fd (git-fixes). - btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1230854). - bus: integrator-lm: fix OF node leak in probe() (git-fixes). - cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231008). - cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231183). - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). - can: bcm: Remove proc entry when dev is unregistered (git-fixes). - can: j1939: use correct function name in comment (git-fixes). - can: kvaser_pciefd: Skip redundant NULL pointer check in ISR (stable-fixes). - can: m_can: Release irq on error in m_can_open (git-fixes). - can: m_can: enable NAPI before enabling interrupts (git-fixes). - can: m_can: m_can_close(): stop clocks after device has been shut down (git-fixes). - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes). - can: mcp251xfd: clarify the meaning of timestamp (stable-fixes). - can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode (git-fixes). - can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function (stable-fixes). - can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration (stable-fixes). - can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop() (stable-fixes). - can: mcp251xfd: properly indent labels (stable-fixes). - can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes). - can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum (stable-fixes). - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (stable-fixes). - ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231182). - clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885). - clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885). - clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes). - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes). - clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes). - clk: qcom: gcc-sc8280xp: do not use parking clk_ops for QUPs (git-fixes). - clk: qcom: gcc-sm8550: Do not park the USB RCG at registration time (git-fixes). - clk: qcom: gcc-sm8550: Do not use parking clk_ops for QUPs (git-fixes). - clk: qcom: ipq9574: Update the alpha PLL type for GPLLs (git-fixes). - clk: ti: dra7-atl: Fix leak of of_nodes (git-fixes). - clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (git-fixes). - clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (git-fixes). - clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() (git-fixes). - cpufreq: amd-pstate: Enable amd-pstate preferred core support (stable-fixes). - cpufreq: amd-pstate: fix the highest frequency issue which limits performance (git-fixes). - cpufreq: scmi: Avoid overflow of target_freq in fast switch (stable-fixes). - cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). - crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). - crypto: ccp - do not request interrupt on cmd completion when irqs disabled (git-fixes). - crypto: iaa - Fix potential use after free bug (git-fixes). - crypto: qat - fix unintentional re-enabling of error interrupts (stable-fixes). - crypto: xor - fix template benchmarking (git-fixes). - cxl/core: Fix incorrect vendor debug UUID define (git-fixes). - cxl/pci: Fix to record only non-zero ranges (git-fixes). - devres: Initialize an uninitialized struct member (stable-fixes). - dma-buf: heaps: Fix off-by-one in CMA heap fault handler (git-fixes). - dma-debug: avoid deadlock between dma debug vs printk and netconsole (stable-fixes). - dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (stable-fixes). - dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks (stable-fixes). - driver core: Fix a potential null-ptr-deref in module_add_driver() (git-fixes). - driver core: Fix error handling in driver API device_rename() (git-fixes). - driver: iio: add missing checks on iio_info's callback access (stable-fixes). - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). - drm/amd/amdgpu: Check tbo resource pointer (stable-fixes). - drm/amd/amdgpu: Properly tune the size of struct (git-fixes). - drm/amd/display: Add array index check for hdcp ddc access (stable-fixes). - drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (git-fixes). - drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing (stable-fixes). - drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes). - drm/amd/display: Avoid overflow from uint32_t to uint8_t (stable-fixes). - drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() (git-fixes). - drm/amd/display: Check BIOS images before it is used (stable-fixes). - drm/amd/display: Check HDCP returned status (stable-fixes). - drm/amd/display: Check UnboundedRequestEnabled's value (stable-fixes). - drm/amd/display: Check denominator pbn_div before used (stable-fixes). - drm/amd/display: Check gpio_id before used as array index (stable-fixes). - drm/amd/display: Check index for aux_rd_interval before using (stable-fixes). - drm/amd/display: Check msg_id before processing transcation (stable-fixes). - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes). - drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes). - drm/amd/display: Defer handling mst up request in resume (stable-fixes). - drm/amd/display: Disable error correction if it's not supported (stable-fixes). - drm/amd/display: Do not use fsleep for PSR exit waits on dmub replay (stable-fixes). - drm/amd/display: Ensure array index tg_inst won't be -1 (stable-fixes). - drm/amd/display: Ensure index calculation will not overflow (stable-fixes). - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes). - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within decide_fallback_link_setting_max_bw_policy (stable-fixes). - drm/amd/display: Fix Coverity INTERGER_OVERFLOW within construct_integrated_info (stable-fixes). - drm/amd/display: Fix FEC_READY write on DP LT (stable-fixes). - drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (stable-fixes). - drm/amd/display: Fix pipe addition logic in calc_blocks_to_ungate DCN35 (stable-fixes). - drm/amd/display: Handle the case which quad_part is equal 0 (stable-fixes). - drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection (stable-fixes). - drm/amd/display: Replace dm_execute_dmub_cmd with dc_wake_and_execute_dmub_cmd (git-fixes). - drm/amd/display: Run DC_LOG_DC after checking link->link_enc (stable-fixes). - drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes). - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable-fixes). - drm/amd/display: Solve mst monitors blank out problem after resume (git-fixes). - drm/amd/display: Spinlock before reading event (stable-fixes). - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes). - drm/amd/display: Wake DMCUB before sending a command for replay feature (stable-fixes). - drm/amd/display: added NULL check at start of dc_validate_stream (stable-fixes). - drm/amd/display: handle nulled pipe context in DCE110's set_drr() (git-fixes). - drm/amd/display: use preferred link settings for dp signal only (stable-fixes). - drm/amd/pm: Fix negative array index read (stable-fixes). - drm/amd/pm: check negtive return for table entries (stable-fixes). - drm/amd/pm: check specific index for aldebaran (stable-fixes). - drm/amd/pm: check specific index for smu13 (stable-fixes). - drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes). - drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable-fixes). - drm/amd: Add gfx12 swizzle mode defs (stable-fixes). - drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). - drm/amdgpu/display: handle gfx12 in amdgpu_dm_plane_format_mod_supported (stable-fixes). - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes). - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes). - drm/amdgpu/swsmu: always force a state reprogram on init (stable-fixes). - drm/amdgpu: Fix get each xcp macro (git-fixes). - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes). - drm/amdgpu: Fix out-of-bounds write warning (stable-fixes). - drm/amdgpu: Fix smatch static checker warning (stable-fixes). - drm/amdgpu: Fix the uninitialized variable warning (stable-fixes). - drm/amdgpu: Fix the warning division or modulo by zero (stable-fixes). - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable-fixes). - drm/amdgpu: Fix uninitialized variable warning in amdgpu_info_ioctl (stable-fixes). - drm/amdgpu: Handle sg size limit for contiguous allocation (stable-fixes). - drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). - drm/amdgpu: add lock in amdgpu_gart_invalidate_tlb (stable-fixes). - drm/amdgpu: add lock in kfd_process_dequeue_from_device (stable-fixes). - drm/amdgpu: add missing error handling in function amdgpu_gmc_flush_gpu_tlb_pasid (stable-fixes). - drm/amdgpu: add skip_hw_access checks for sriov (stable-fixes). - drm/amdgpu: align pp_power_profile_mode with kernel docs (stable-fixes). - drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes). - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). - drm/amdgpu: fix a possible null pointer dereference (git-fixes). - drm/amdgpu: fix contiguous handling for IB parsing v2 (git-fixes). - drm/amdgpu: fix dereference after null check (stable-fixes). - drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes). - drm/amdgpu: fix overflowed array index read warning (stable-fixes). - drm/amdgpu: fix overflowed constant warning in mmhub_set_clockgating() (stable-fixes). - drm/amdgpu: fix the waring dereferencing hive (stable-fixes). - drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes (stable-fixes). - drm/amdgpu: properly handle vbios fake edid sizing (git-fixes). - drm/amdgpu: reject gang submit on reserved VMIDs (stable-fixes). - drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes). - drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes). - drm/amdgu: fix Unintentional integer overflow for mall size (stable-fixes). - drm/amdkfd: Check debug trap enable before write dbg_ev_file (stable-fixes). - drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes). - drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). - drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes). - drm/drm-bridge: Drop conditionals around of_node pointers (stable-fixes). - drm/fb-helper: Do not schedule_work() to flush frame buffer during panic() (stable-fixes). - drm/gpuvm: fix missing dependency to DRM_EXEC (git-fixes). - drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes). - drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git-fixes). - drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). - drm/i915: Do not attempt to load the GSC multiple times (git-fixes). - drm/kfd: Correct pinned buffer handling at kfd restore and validate process (stable-fixes). - drm/mediatek: Set sensible cursor width/height values to fix crash (stable-fixes). - drm/mediatek: ovl_adaptor: Add missing of_node_put() (git-fixes). - drm/meson: plane: Add error handling (stable-fixes). - drm/msm/a5xx: disable preemption in submits by default (git-fixes). - drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). - drm/msm/a5xx: properly clear preemption records on resume (git-fixes). - drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). - drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). - drm/msm/dsi: correct programming sequence for SM8350 / SM8450 (git-fixes). - drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). - drm/msm: fix %s null argument error (git-fixes). - drm/nouveau/fb: restore init() for ramgp102 (git-fixes). - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes). - drm/radeon: fix null pointer dereference in radeon_add_common_modes (git-fixes). - drm/radeon: properly handle vbios fake edid sizing (git-fixes). - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes). - drm/rockchip: vop: Allow 4096px width scaling (git-fixes). - drm/rockchip: vop: clear DMA stop bit on RK3066 (git-fixes). - drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 (git-fixes). - drm/stm: Fix an error handling path in stm_drm_platform_probe() (git-fixes). - drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). - drm/syncobj: Fix syncobj leak in drm_syncobj_eventfd_ioctl (git-fixes). - drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get (git-fixes). - drm: komeda: Fix an issue related to normalized zpos (stable-fixes). - drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). - drm: panel-orientation-quirks: Add quirk for Ayn Loki Max (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero (stable-fixes). - drm: panel-orientation-quirks: Add quirk for OrangePi Neo (stable-fixes). - ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() (git-fixes). - erofs: fix incorrect symlink detection in fast symlink (git-fixes). - exfat: fix memory leak in exfat_load_bitmap() (git-fixes). - fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). - firmware: arm_scmi: Fix double free in OPTEE transport (git-fixes). - firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes). - firmware_loader: Block path traversal (git-fixes). - fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230602). - fuse: fix memory leak in fuse_create_open (bsc#1230124). - fuse: update stats for pages in dropped aux writeback list (bsc#1230125). - fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230123). - gpio: modepin: Enable module autoloading (git-fixes). - gpio: rockchip: fix OF node leak in probe() (git-fixes). - hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING (stable-fixes). - hwmon: (k10temp) Check return value of amd_smn_read() (stable-fixes). - hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). - hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (ntc_thermistor) fix module autoloading (git-fixes). - hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >= 1.2 (git-fixes). - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). - hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git-fixes). - hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git-fixes). - hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). - i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes). - i2c: designware: fix controller is holding SCL low while ENABLE bit is disabled (git-fixes). - i2c: isch: Add missed 'else' (git-fixes). - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). - i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition (git-fixes). - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes). - iio: adc: ad7124: fix chip ID mismatch (git-fixes). - iio: adc: ad7124: fix config comparison (git-fixes). - iio: adc: ad7606: fix oversampling gpio array (git-fixes). - iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes). - iio: adc: ad7606: remove frstdata check for serial mode (git-fixes). - iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes). - iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes). - iio: fix scale application in iio_convert_raw_to_processed_unlocked (git-fixes). - iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). - ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). - ipmi:ssif: Improve detecting during probing (bsc#1228771) - ipmi:ssif: Improve detecting during probing (bsc#1228771) - ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230206) - jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). - kABI workaround for cros_ec stuff (git-fixes). - kabi: dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). - kselftests: dmabuf-heaps: Ensure the driver name is null-terminated (stable-fixes). - kthread: Fix task state in kthread worker if being frozen (bsc#1231146). - leds: spi-byte: Call of_node_put() on error path (stable-fixes). - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (stable-fixes). - lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). - mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). - mailbox: rockchip: fix a typo in module autoloading (git-fixes). - media: i2c: ar0521: Use cansleep version of gpiod_set_value() (git-fixes). - media: ov5675: Fix power on/off delay timings (git-fixes). - media: platform: rzg2l-cru: rzg2l-csi2: Add missing MODULE_DEVICE_TABLE (git-fixes). - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). - media: qcom: camss: Remove use_count guard in stop_streaming (git-fixes). - media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). - media: uvcvideo: Enforce alignment of frame and interval (stable-fixes). - media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). - media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). - media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). - media: vivid: fix wrong sizeimage value for mplane (stable-fixes). - memory: mtk-smi: Use devm_clk_get_enabled() (git-fixes). - memory: tegra186-emc: drop unused to_tegra186_emc() (git-fixes). - minmax: reduce min/max macro expansion in atomisp driver (git-fixes). - misc: fastrpc: Fix double free of 'buf' in error path (git-fixes). - mmc: core: apply SD quirks earlier during probe (git-fixes). - mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes). - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes). - mmc: sdhci-of-aspeed: fix module autoloading (git-fixes). - module: Fix KCOV-ignored file name (git-fixes). - mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). - mtd: slram: insert break after errors in parsing the map (git-fixes). - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes). - net: phy: Fix missing of_node_put() for leds (git-fixes). - net: phy: vitesse: repair vsc73xx autonegotiation (stable-fixes). - net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). - net: usb: qmi_wwan: add MeiG Smart SRM825L (stable-fixes). - nfsd: Do not leave work of closing files to a work queue (bsc#1228140). - nilfs2: determine empty node blocks as corrupted (git-fixes). - nilfs2: fix missing cleanup on rollforward recovery error (git-fixes). - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). - nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). - nilfs2: fix state management in error path of log writing function (git-fixes). - nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes). - nouveau: fix the fwsec sb verification register (git-fixes). - nvme-multipath: avoid hang on inaccessible namespaces (bsc#1228244). - nvme-multipath: system fails to create generic nvme device (bsc#1228244). - nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). - nvme-pci: allocate tagset on reset if necessary (git-fixes). - nvme-tcp: fix link failure for TCP auth (git-fixes). - nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). - nvme: clear caller pointer on identify failure (git-fixes). - nvme: fix namespace removal list (git-fixes). - nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). - nvmet-tcp: do not continue for invalid icreq (git-fixes). - nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). - nvmet-trace: avoid dereferencing pointer too early (git-fixes). - nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). - ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). - ocfs2: fix null-ptr-deref when journal load failed (git-fixes). - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). - pcmcia: Use resource_size function on resource object (stable-fixes). - perf annotate: Introduce global annotation_options (git-fixes). - perf annotate: Split branch stack cycles information out of 'struct annotation_line' (git-fixes). - perf annotate: Use global annotation_options (git-fixes). - perf arch events: Fix duplicate RISC-V SBI firmware event name (git-fixes). - perf intel-pt: Fix aux_watermark calculation for 64-bit size (git-fixes). - perf intel-pt: Fix exclude_guest setting (git-fixes). - perf machine thread: Remove exited threads by default (git-fixes). - perf maps: Move symbol maps functions to maps.c (git-fixes). - perf pmu: Assume sysfs events are always the same case (git-fixes). - perf pmus: Fixes always false when compare duplicates aliases (git-fixes). - perf record: Lazy load kernel symbols (git-fixes). - perf report: Convert to the global annotation_options (git-fixes). - perf report: Fix condition in sort__sym_cmp() (git-fixes). - perf stat: Fix the hard-coded metrics calculation on the hybrid (git-fixes). - perf test: Make test_arm_callgraph_fp.sh more robust (git-fixes). - perf tool: fix dereferencing NULL al->maps (git-fixes). - perf tools: Add/use PMU reverse lookup from config to name (git-fixes). - perf tools: Use pmus to describe type from attribute (git-fixes). - perf top: Convert to the global annotation_options (git-fixes). - perf/core: Fix missing wakeup when waiting for context reference (git-fixes). - perf/x86/intel/cstate: Add pkg C2 residency counter for Sierra Forest (git-fixes). - perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake (git-fixes). - perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake (git-fixes). - perf/x86/intel/pt: Fix a topa_entry base address calculation (git-fixes). - perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (git-fixes). - perf/x86/intel/pt: Fix topa_entry base length (git-fixes). - perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR (git-fixes). - perf/x86/intel/uncore: Support HBM and CXL PMON counters (bsc#1230119). - perf/x86/intel: Add a distinct name for Granite Rapids (git-fixes). - perf/x86/intel: Factor out the initialization code for SPR (git fixes). - perf/x86/intel: Limit the period on Haswell (git-fixes). - perf/x86/intel: Use the common uarch name for the shared functions (git fixes). - perf/x86/uncore: Apply the unit control RB tree to MMIO uncore units (bsc#1230119). - perf/x86/uncore: Apply the unit control RB tree to MSR uncore units (bsc#1230119). - perf/x86/uncore: Apply the unit control RB tree to PCI uncore units (bsc#1230119). - perf/x86/uncore: Cleanup unused unit structure (bsc#1230119). - perf/x86/uncore: Retrieve the unit ID from the unit control RB tree (bsc#1230119). - perf/x86/uncore: Save the unit control address of all units (bsc#1230119). - perf/x86/uncore: Support per PMU cpumask (bsc#1230119). - perf/x86: Fix smp_processor_id()-in-preemptible warnings (git-fixes). - perf/x86: Serialize set_attr_rdpmc() (git-fixes). - perf: Fix default aux_watermark calculation (git-fixes). - perf: Fix event leak upon exit (git-fixes). - perf: Fix perf_aux_size() for greater-than 32-bit size (git-fixes). - perf: Prevent passing zero nr_pages to rb_alloc_aux() (git-fixes). - perf: script: add raw|disasm arguments to --insn-trace option (git-fixes). - phy: zynqmp: Take the phy mutex in xlate (stable-fixes). - pinctrl: at91: make it work with current gpiolib (stable-fixes). - pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID (stable-fixes). - pinctrl: single: fix missing error code in pcs_probe() (git-fixes). - platform/chrome: cros_ec_lpc: MEC access can use an AML mutex (stable-fixes). - platform/surface: aggregator_registry: Add Support for Surface Pro 10 (stable-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes). - platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes). - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes). - platform/x86: x86-android-tablets: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). - power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes). - power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). - power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). - powercap/intel_rapl: Add support for AMD family 1Ah (stable-fixes). - powerpc/qspinlock: Fix deadlock in MCS queue (bac#1230295 ltc#206656). - pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode (stable-fixes). - r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes). - regmap: maple: work around gcc-14.1 false-positive warning (stable-fixes). - regmap: spi: Fix potential off-by-one when calculating reserved size (stable-fixes). - regulator: Return actual error in of_regulator_bulk_get_all() (git-fixes). - regulator: core: Fix regulator_is_supported_voltage() kerneldoc return value (git-fixes). - regulator: core: Fix short description for _regulator_check_status_enabled() (git-fixes). - regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR (git-fixes). - regulator: rt5120: Convert comma to semicolon (git-fixes). - regulator: wm831x-isink: Convert comma to semicolon (git-fixes). - remoteproc: imx_rproc: Correct ddr alias for i.MX8M (git-fixes). - remoteproc: imx_rproc: Initialize workqueue earlier (git-fixes). - remoteproc: k3-r5: Fix error handling when power-up failed (git-fixes). - reset: berlin: fix OF node leak in probe() error path (git-fixes). - reset: k210: fix OF node leak in probe() error path (git-fixes). - resource: fix region_intersects() vs add_memory_driver_managed() (git-fixes). - rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY gcc version dependent, at least on ppc - rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). - s390/dasd: Fix redundant /proc/dasd* entries removal (bsc#1227694). - s390/dasd: Remove DMA alignment (LTC#208933 bsc#1230426 git-fixes). - s390/mm: Convert gmap_make_secure to use a folio (git-fixes bsc#1230562). - s390/mm: Convert make_page_secure to use a folio (git-fixes bsc#1230563). - s390: allow pte_offset_map_lock() to fail (git-fixes bsc#1230564). - scripts: kconfig: merge_config: config files: add a trailing newline (stable-fixes). - scripts: sphinx-pre-install: remove unnecessary double check for $cur_version (git-fixes). - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). - scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Fix overflow build issue (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429 jsc#PED-9899). - scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). - selftests: lib: remove strscpy test (git-fixes). - selinux,smack: do not bypass permissions check in inode_setsecctx hook (stable-fixes). - soc: fsl: cpm1: tsa: Fix tsa_write8() (git-fixes). - soc: versatile: integrator: fix OF node leak in probe() error path (git-fixes). - spi: atmel-quadspi: Avoid overwriting delay register settings (git-fixes). - spi: atmel-quadspi: Undo runtime PM changes at driver exit time (git-fixes). - spi: bcm63xx: Enable module autoloading (stable-fixes). - spi: bcm63xx: Fix module autoloading (git-fixes). - spi: meson-spicc: convert comma to semicolon (git-fixes). - spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). - spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes). - spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes). - spi: rockchip: Resolve unbalanced runtime PM / system PM handling (git-fixes). - spi: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes). - spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes). - spi: spidev: Add an entry for elgin,jg10309-01 (stable-fixes). - spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes). - staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes). - supported.conf: mark adiantum and xctr crypto modules as supported (bsc#1231035) - thunderbolt: Fix XDomain rx_lanes_show and tx_lanes_show (git-fixes). - thunderbolt: Fix calculation of consumed USB3 bandwidth on a path (git-fixes). - thunderbolt: Fix rollback in tb_port_lane_bonding_enable() for lane 1 (git-fixes). - thunderbolt: There are only 5 basic router registers in pre-USB4 routers (git-fixes). - tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes). - tools/perf: Fix the string match for '/tmp/perf-$PID.map' files in dso__load (git-fixes). - tpm: Clean up TPM space after command failure (git-fixes). - tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). - tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes). - usb: cdnsp: Fix incorrect usb_request status (git-fixes). - usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). - usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). - usb: dwc3: Avoid waking up gadget during startxfer (git-fixes). - usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes). - usb: dwc3: core: Prevent USB core invalid event buffer address access (stable-fixes). - usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes). - usb: gadget: aspeed_udc: validate endpoint index for ast udc (stable-fixes). - usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes). - usb: typec: ucsi: Wait 20ms before reading CCI after a reset (git-fixes). - usb: uas: set host status byte on data completion error (stable-fixes). - usbip: Do not submit special requests twice (stable-fixes). - usbnet: ipheth: add CDC NCM support (git-fixes). - usbnet: ipheth: do not stop RX on failing RX callback (git-fixes). - usbnet: ipheth: drop RX URBs with no payload (git-fixes). - usbnet: ipheth: fix carrier detection in modes 1 and 4 (git-fixes). - usbnet: ipheth: fix risk of NULL pointer deallocation (git-fixes). - usbnet: ipheth: race between ipheth_close and error handling (stable-fixes). - usbnet: ipheth: remove extraneous rx URB length check (git-fixes). - usbnet: ipheth: transmit URBs without trailing padding (git-fixes). - usbnet: modern method to get random MAC (git-fixes). - virtio-net: synchronize probe with ndo_set_features (git-fixes). - virtio_net: Fix napi_skb_cache_put warning (git-fixes). - virtio_net: fixing XDP for fully checksummed packets handling (git-fixes). - watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). - wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem() (stable-fixes). - wifi: ath12k: fix BSS chan info request WMI command (git-fixes). - wifi: ath12k: fix firmware crash due to invalid peer nss (stable-fixes). - wifi: ath12k: fix invalid AMPDU factor calculation in ath12k_peer_assoc_h_he() (git-fixes). - wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he() (stable-fixes). - wifi: ath12k: initialize 'ret' in ath12k_dp_rxdma_ring_sel_config_wcn7850() (stable-fixes). - wifi: ath12k: initialize 'ret' in ath12k_qmi_load_file_target_mem() (stable-fixes). - wifi: ath12k: match WMI BSS chan info structure with firmware definition (git-fixes). - wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes). - wifi: brcmfmac: introducing fwil query functions (git-fixes). - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). - wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). - wifi: cfg80211: fix bug of mapping AF3x to incorrect User Priority (git-fixes). - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes). - wifi: cfg80211: make hash table duplicates more survivable (stable-fixes). - wifi: cfg80211: restrict operation during radar detection (stable-fixes). - wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes). - wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes). - wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (stable-fixes). - wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() (stable-fixes). - wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes). - wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes). - wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (stable-fixes). - wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check (stable-fixes). - wifi: mac80211: check ieee80211_bss_info_change_notify() against MLD (stable-fixes). - wifi: mac80211: do not use rate mask for offchannel TX either (git-fixes). - wifi: mac80211: fix the comeback long retry times (git-fixes). - wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap() (stable-fixes). - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git-fixes). - wifi: mt76: connac: fix checksum offload fields of connac3 RXD (git-fixes). - wifi: mt76: mt7603: fix mixed declarations and code (git-fixes). - wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7915: check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7915: fix oops on non-dbdc mt7986 (git-fixes). - wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7921: Check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change (stable-fixes). - wifi: mt76: mt7921: fix wrong UNII-4 freq range check for the channel usage (git-fixes). - wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc (git-fixes). - wifi: mt76: mt7996: fix EHT beamforming capability check (git-fixes). - wifi: mt76: mt7996: fix HE and EHT beamforming capabilities (git-fixes). - wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he (git-fixes). - wifi: mt76: mt7996: fix traffic delay when switching back to working channel (git-fixes). - wifi: mt76: mt7996: fix uninitialized TLV data (git-fixes). - wifi: mt76: mt7996: fix wmm set of station interface to 3 (git-fixes). - wifi: mt76: mt7996: use hweight16 to get correct tx antenna (git-fixes). - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). - wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). - wifi: rtw88: always wait for both firmware loading attempts (git-fixes). - wifi: rtw88: remove CPT execution branch never used (git-fixes). - wifi: rtw88: usb: schedule rx work after everything is set up (stable-fixes). - wifi: rtw89: ser: avoid multiple deinit on same CAM (stable-fixes). - wifi: rtw89: wow: prevent to send unexpected H2C during download Firmware (stable-fixes). - wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). - x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). - x86/kaslr: Expose and use the end of the physical memory address space (bsc#1229443). - x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). - x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). - x86/mm: Use lookup_address_in_pgd_attr() in show_fault_oops() (bsc#1221527). - x86/pat: Fix W^X violation false-positives when running as Xen PV guest (bsc#1221527). - x86/pat: Introduce lookup_address_in_pgd_attr() (bsc#1221527). - x86/pat: Restructure _lookup_address_cpa() (bsc#1221527). - xen/swiotlb: add alignment check for dma buffers (bsc#1229928). - xen/swiotlb: fix allocated size (git-fixes). - xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). - xen: allow mapping ACPI data using a different physical address (bsc#1226003). - xen: introduce generic helper checking for memory map conflicts (bsc#1226003). - xen: move checks for e820 conflicts further up (bsc#1226003). - xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). - xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). - xen: use correct end address of kernel for conflict checking (bsc#1226003). - xfs: restrict when we try to align cow fork delalloc to cowextsz hints (git-fixes). - xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git-fixes). - xz: cleanup CRC32 edits from 2018 (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3583-1 Released: Thu Oct 10 08:56:24 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1229555 This update for wicked fixes the following issues: - compat-suse: fix dummy interfaces configuration with `INTERFACETYPE=dummy` (bsc#1229555). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - kernel-default-6.4.0-150600.23.25.1 updated - libsasl2-3-2.1.28-150600.7.3.1 updated - wicked-service-0.6.76-150600.11.12.2 updated - wicked-0.6.76-150600.11.12.2 updated From sle-container-updates at lists.suse.com Fri Oct 11 07:21:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 11 Oct 2024 09:21:55 +0200 (CEST) Subject: SUSE-CU-2024:4958-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20241011072155.E029BFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4958-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.27.8 , bci/bci-sle15-kernel-module-devel:latest Container Release : 27.8 Severity : important Type : security References : 1012628 1183045 1215199 1216223 1216776 1220382 1221527 1221610 1221650 1222629 1223600 1223848 1225487 1225812 1225903 1226003 1226507 1226606 1226666 1226846 1226860 1227487 1227694 1227726 1227819 1227885 1227890 1227962 1228090 1228140 1228244 1228507 1228771 1229001 1229004 1229019 1229086 1229167 1229169 1229289 1229334 1229362 1229363 1229364 1229371 1229380 1229389 1229394 1229429 1229443 1229452 1229455 1229456 1229494 1229585 1229753 1229764 1229768 1229790 1229810 1229899 1229928 1230015 1230119 1230123 1230124 1230125 1230169 1230170 1230171 1230173 1230174 1230175 1230176 1230178 1230180 1230181 1230185 1230191 1230192 1230193 1230194 1230195 1230200 1230204 1230206 1230207 1230209 1230211 1230213 1230217 1230221 1230224 1230230 1230232 1230233 1230240 1230244 1230245 1230247 1230248 1230269 1230270 1230295 1230340 1230426 1230430 1230431 1230432 1230433 1230434 1230435 1230440 1230441 1230442 1230444 1230450 1230451 1230454 1230455 1230457 1230459 1230506 1230507 1230511 1230515 1230517 1230518 1230519 1230520 1230521 1230524 1230526 1230533 1230535 1230539 1230540 1230549 1230556 1230562 1230563 1230564 1230580 1230582 1230589 1230602 1230699 1230700 1230701 1230702 1230703 1230704 1230705 1230706 1230709 1230711 1230712 1230715 1230719 1230722 1230724 1230725 1230726 1230727 1230730 1230731 1230732 1230747 1230748 1230749 1230751 1230752 1230753 1230756 1230761 1230766 1230767 1230768 1230771 1230772 1230775 1230776 1230780 1230783 1230786 1230787 1230791 1230794 1230796 1230802 1230806 1230808 1230809 1230810 1230812 1230813 1230814 1230815 1230821 1230825 1230830 1230831 1230854 1230948 1231008 1231035 1231120 1231146 1231182 1231183 CVE-2023-52610 CVE-2023-52752 CVE-2023-52915 CVE-2023-52916 CVE-2024-26640 CVE-2024-26759 CVE-2024-26804 CVE-2024-36953 CVE-2024-38538 CVE-2024-38596 CVE-2024-38632 CVE-2024-40965 CVE-2024-40973 CVE-2024-40983 CVE-2024-42154 CVE-2024-42243 CVE-2024-42252 CVE-2024-42265 CVE-2024-42294 CVE-2024-42304 CVE-2024-42305 CVE-2024-42306 CVE-2024-43828 CVE-2024-43832 CVE-2024-43835 CVE-2024-43845 CVE-2024-43870 CVE-2024-43890 CVE-2024-43898 CVE-2024-43904 CVE-2024-43914 CVE-2024-44935 CVE-2024-44944 CVE-2024-44946 CVE-2024-44947 CVE-2024-44948 CVE-2024-44950 CVE-2024-44951 CVE-2024-44952 CVE-2024-44954 CVE-2024-44960 CVE-2024-44961 CVE-2024-44962 CVE-2024-44965 CVE-2024-44967 CVE-2024-44969 CVE-2024-44970 CVE-2024-44971 CVE-2024-44977 CVE-2024-44982 CVE-2024-44984 CVE-2024-44985 CVE-2024-44986 CVE-2024-44987 CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44991 CVE-2024-44997 CVE-2024-44998 CVE-2024-44999 CVE-2024-45000 CVE-2024-45001 CVE-2024-45002 CVE-2024-45003 CVE-2024-45005 CVE-2024-45006 CVE-2024-45007 CVE-2024-45008 CVE-2024-45011 CVE-2024-45012 CVE-2024-45013 CVE-2024-45015 CVE-2024-45017 CVE-2024-45018 CVE-2024-45019 CVE-2024-45020 CVE-2024-45021 CVE-2024-45022 CVE-2024-45023 CVE-2024-45026 CVE-2024-45028 CVE-2024-45029 CVE-2024-45030 CVE-2024-46672 CVE-2024-46673 CVE-2024-46674 CVE-2024-46675 CVE-2024-46676 CVE-2024-46677 CVE-2024-46679 CVE-2024-46685 CVE-2024-46686 CVE-2024-46687 CVE-2024-46689 CVE-2024-46691 CVE-2024-46692 CVE-2024-46693 CVE-2024-46694 CVE-2024-46695 CVE-2024-46702 CVE-2024-46706 CVE-2024-46707 CVE-2024-46709 CVE-2024-46710 CVE-2024-46714 CVE-2024-46715 CVE-2024-46716 CVE-2024-46717 CVE-2024-46719 CVE-2024-46720 CVE-2024-46722 CVE-2024-46723 CVE-2024-46724 CVE-2024-46725 CVE-2024-46726 CVE-2024-46728 CVE-2024-46729 CVE-2024-46730 CVE-2024-46731 CVE-2024-46732 CVE-2024-46734 CVE-2024-46735 CVE-2024-46737 CVE-2024-46738 CVE-2024-46739 CVE-2024-46741 CVE-2024-46743 CVE-2024-46744 CVE-2024-46745 CVE-2024-46746 CVE-2024-46747 CVE-2024-46749 CVE-2024-46750 CVE-2024-46751 CVE-2024-46752 CVE-2024-46753 CVE-2024-46755 CVE-2024-46756 CVE-2024-46757 CVE-2024-46758 CVE-2024-46759 CVE-2024-46760 CVE-2024-46761 CVE-2024-46767 CVE-2024-46771 CVE-2024-46772 CVE-2024-46773 CVE-2024-46774 CVE-2024-46776 CVE-2024-46778 CVE-2024-46780 CVE-2024-46781 CVE-2024-46783 CVE-2024-46784 CVE-2024-46786 CVE-2024-46787 CVE-2024-46791 CVE-2024-46794 CVE-2024-46797 CVE-2024-46798 CVE-2024-46822 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3561-1 Released: Wed Oct 9 10:45:11 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1012628,1183045,1215199,1216223,1216776,1220382,1221527,1221610,1221650,1222629,1223600,1223848,1225487,1225812,1225903,1226003,1226507,1226606,1226666,1226846,1226860,1227487,1227694,1227726,1227819,1227885,1227890,1227962,1228090,1228140,1228244,1228507,1228771,1229001,1229004,1229019,1229086,1229167,1229169,1229289,1229334,1229362,1229363,1229364,1229371,1229380,1229389,1229394,1229429,1229443,1229452,1229455,1229456,1229494,1229585,1229753,1229764,1229768,1229790,1229810,1229899,1229928,1230015,1230119,1230123,1230124,1230125,1230169,1230170,1230171,1230173,1230174,1230175,1230176,1230178,1230180,1230181,1230185,1230191,1230192,1230193,1230194,1230195,1230200,1230204,1230206,1230207,1230209,1230211,1230213,1230217,1230221,1230224,1230230,1230232,1230233,1230240,1230244,1230245,1230247,1230248,1230269,1230270,1230295,1230340,1230426,1230430,1230431,1230432,1230433,1230434,1230435,1230440,1230441,1230442,1230444,1230450,1230451,1230454,1230455,1230457,1230459,1230506,1 230507,1230511,1230515,1230517,1230518,1230519,1230520,1230521,1230524,1230526,1230533,1230535,1230539,1230540,1230549,1230556,1230562,1230563,1230564,1230580,1230582,1230589,1230602,1230699,1230700,1230701,1230702,1230703,1230704,1230705,1230706,1230709,1230711,1230712,1230715,1230719,1230722,1230724,1230725,1230726,1230727,1230730,1230731,1230732,1230747,1230748,1230749,1230751,1230752,1230753,1230756,1230761,1230766,1230767,1230768,1230771,1230772,1230775,1230776,1230780,1230783,1230786,1230787,1230791,1230794,1230796,1230802,1230806,1230808,1230809,1230810,1230812,1230813,1230814,1230815,1230821,1230825,1230830,1230831,1230854,1230948,1231008,1231035,1231120,1231146,1231182,1231183,CVE-2023-52610,CVE-2023-52752,CVE-2023-52915,CVE-2023-52916,CVE-2024-26640,CVE-2024-26759,CVE-2024-26804,CVE-2024-36953,CVE-2024-38538,CVE-2024-38596,CVE-2024-38632,CVE-2024-40965,CVE-2024-40973,CVE-2024-40983,CVE-2024-42154,CVE-2024-42243,CVE-2024-42252,CVE-2024-42265,CVE-2024-42294,CVE-2024-42304,CV E-2024-42305,CVE-2024-42306,CVE-2024-43828,CVE-2024-43832,CVE-2024-43835,CVE-2024-43845,CVE-2024-43870,CVE-2024-43890,CVE-2024-43898,CVE-2024-43904,CVE-2024-43914,CVE-2024-44935,CVE-2024-44944,CVE-2024-44946,CVE-2024-44947,CVE-2024-44948,CVE-2024-44950,CVE-2024-44951,CVE-2024-44952,CVE-2024-44954,CVE-2024-44960,CVE-2024-44961,CVE-2024-44962,CVE-2024-44965,CVE-2024-44967,CVE-2024-44969,CVE-2024-44970,CVE-2024-44971,CVE-2024-44977,CVE-2024-44982,CVE-2024-44984,CVE-2024-44985,CVE-2024-44986,CVE-2024-44987,CVE-2024-44988,CVE-2024-44989,CVE-2024-44990,CVE-2024-44991,CVE-2024-44997,CVE-2024-44998,CVE-2024-44999,CVE-2024-45000,CVE-2024-45001,CVE-2024-45002,CVE-2024-45003,CVE-2024-45005,CVE-2024-45006,CVE-2024-45007,CVE-2024-45008,CVE-2024-45011,CVE-2024-45012,CVE-2024-45013,CVE-2024-45015,CVE-2024-45017,CVE-2024-45018,CVE-2024-45019,CVE-2024-45020,CVE-2024-45021,CVE-2024-45022,CVE-2024-45023,CVE-2024-45026,CVE-2024-45028,CVE-2024-45029,CVE-2024-45030,CVE-2024-46672,CVE-2024-46673,CVE-2024- 46674,CVE-2024-46675,CVE-2024-46676,CVE-2024-46677,CVE-2024-46679,CVE-2024-46685,CVE-2024-46686,CVE-2024-46687,CVE-2024-46689,CVE-2024-46691,CVE-2024-46692,CVE-2024-46693,CVE-2024-46694,CVE-2024-46695,CVE-2024-46702,CVE-2024-46706,CVE-2024-46707,CVE-2024-46709,CVE-2024-46710,CVE-2024-46714,CVE-2024-46715,CVE-2024-46716,CVE-2024-46717,CVE-2024-46719,CVE-2024-46720,CVE-2024-46722,CVE-2024-46723,CVE-2024-46724,CVE-2024-46725,CVE-2024-46726,CVE-2024-46728,CVE-2024-46729,CVE-2024-46730,CVE-2024-46731,CVE-2024-46732,CVE-2024-46734,CVE-2024-46735,CVE-2024-46737,CVE-2024-46738,CVE-2024-46739,CVE-2024-46741,CVE-2024-46743,CVE-2024-46744,CVE-2024-46745,CVE-2024-46746,CVE-2024-46747,CVE-2024-46749,CVE-2024-46750,CVE-2024-46751,CVE-2024-46752,CVE-2024-46753,CVE-2024-46755,CVE-2024-46756,CVE-2024-46757,CVE-2024-46758,CVE-2024-46759,CVE-2024-46760,CVE-2024-46761,CVE-2024-46767,CVE-2024-46771,CVE-2024-46772,CVE-2024-46773,CVE-2024-46774,CVE-2024-46776,CVE-2024-46778,CVE-2024-46780,CVE-2024-46781,C VE-2024-46783,CVE-2024-46784,CVE-2024-46786,CVE-2024-46787,CVE-2024-46791,CVE-2024-46794,CVE-2024-46797,CVE-2024-46798,CVE-2024-46822 The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610). - CVE-2023-52752: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (bsc#1225487). - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). - CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650). - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). - CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885). - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). - CVE-2024-42243: mm/filemap: make MAX_PAGECACHE_ORDER acceptable to xarray (bsc#1229001). - CVE-2024-42252: closures: Change BUG_ON() to WARN_ON() (bsc#1229004). - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-42294: block: fix deadlock between sd_remove & sd_release (bsc#1229371). - CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364). - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). - CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394). - CVE-2024-43832: s390/uv: Do not call folio_wait_writeback() without a folio reference (bsc#1229380). - CVE-2024-43845: udf: Fix bogus checksum computation in udf_rename() (bsc#1229389). - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). - CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810). - CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). - CVE-2024-44951: serial: sc16is7xx: fix TX fifo corruption (bsc#1230181). - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). - CVE-2024-44984: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT (bsc#1230240). - CVE-2024-44985: ipv6: prevent possible UAF in ip6_xmit() (bsc#1230206). - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). - CVE-2024-44991: tcp: prevent concurrent execution of tcp_sk_exit_batch (bsc#1230195). - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). - CVE-2024-45002: rtla/osnoise: Prevent NULL dereference in error handling (bsc#1230169). - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). - CVE-2024-45017: net/mlx5: Fix IPsec RoCE MPV trace call (bsc#1230430). - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). - CVE-2024-45019: net/mlx5e: Take state lock during tx timeout reporter (bsc#1230432). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-45022: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 (bsc#1230435). - CVE-2024-45023: md/raid1: Fix data corruption for degraded array with slow disk (bsc#1230455). - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). - CVE-2024-45030: igb: cope with large MAX_SKB_FRAGS (bsc#1230457). - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). - CVE-2024-46687: btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk() (bsc#1230518). - CVE-2024-46691: usb: typec: ucsi: Move unregister out of atomic section (bsc#1230526). - CVE-2024-46692: firmware: qcom: scm: Mark get_wq_ctx() as atomic call (bsc#1230520). - CVE-2024-46693: kABI workaround for soc-qcom pmic_glink changes (bsc#1230521). - CVE-2024-46710: drm/vmwgfx: Prevent unmapping active read buffers (bsc#1230540). - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). - CVE-2024-46729: drm/amd/display: Fix incorrect size calculation for loop (bsc#1230704). - CVE-2024-46735: ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery() (bsc#1230727). - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). - CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772). - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). The following non-security bugs were fixed: - ABI: testing: fix admv8818 attr description (git-fixes). - ACPI: CPPC: Add helper to get the highest performance value (stable-fixes). - ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git-fixes). - ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes). - ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). - ACPI: sysfs: validate return type of _STR method (git-fixes). - ACPICA: Implement ACPI_WARNING_ONCE and ACPI_ERROR_ONCE (stable-fixes). - ACPICA: executer/exsystem: Do not nag user about every Stall() violating the spec (git-fixes). - ALSA: control: Apply sanity check of input values for user elements (stable-fixes). - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes). - ALSA: hda/realtek - Fix inactive headset mic jack for ASUS Vivobook 15 X1504VAP (stable-fixes). - ALSA: hda/realtek: Enable Mute Led for HP Victus 15-fb1xxx (stable-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes). - ALSA: hda/realtek: add patch for internal mic in Lenovo V145 (stable-fixes). - ALSA: hda/realtek: extend quirks for Clevo V5[46]0 (stable-fixes). - ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). - ALSA: hda: add HDMI codec ID for Intel PTL (stable-fixes). - ALSA: hda: cs35l41: fix module autoloading (git-fixes). - ARM: 9406/1: Fix callchain_trace() return value (git-fixes). - ASoC: Intel: soc-acpi-cht: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - ASoC: amd: yc: Add a quirk for MSI Bravo 17 (D7VEK) (stable-fixes). - ASoC: codecs: avoid possible garbage value in peb2466_reg_read() (git-fixes). - ASoC: cs42l42: Convert comma to semicolon (git-fixes). - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes). - ASoC: intel: fix module autoloading (stable-fixes). - ASoC: meson: Remove unused declartion in header file (git-fixes). - ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). - ASoC: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes). - ASoC: rt5682s: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes). - ASoC: soc-ac97: Fix the incorrect description (git-fixes). - ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes). - ASoC: tas2781-i2c: Get the right GPIO line (git-fixes). - ASoC: tda7419: fix module autoloading (stable-fixes). - ASoC: tegra: Fix CBB error during probe() (git-fixes). - ASoC: topology: Properly initialize soc_enum values (stable-fixes). - ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes). - ASoc: TAS2781: replace beXX_to_cpup with get_unaligned_beXX for potentially broken alignment (stable-fixes). - Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes). - Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush() (stable-fixes). - Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). - Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). - Bluetooth: hci_event: Use HCI error defines instead of magic values (stable-fixes). - Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue (stable-fixes). - Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes). - Detect memory allocation failure in annotated_source__alloc_histograms (bsc#1227962). - Documentation: ioctl: document 0x07 ioctl code (git-fixes). - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). - Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). - HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable-fixes). - HID: multitouch: Add support for GT7868Q (stable-fixes). - HID: wacom: Do not warn about dropped packets for first packet (git-fixes). - HID: wacom: Support sequence numbers smaller than 16-bit (git-fixes). - IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) - Input: adp5588-keys - fix check on return code (git-fixes). - Input: ads7846 - ratelimit the spi_sync error message (stable-fixes). - Input: ili210x - use kvmalloc() to allocate buffer for firmware update (stable-fixes). - Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). - Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - Input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes). - Input: tsc2004/5 - do not hard code interrupt trigger (git-fixes). - Input: tsc2004/5 - fix reset handling on probe (git-fixes). - Input: tsc2004/5 - use device core to create driver-specific device attributes (git-fixes). - Input: uinput - reject requests with unreasonable number of slots (stable-fixes). - KEYS: prevent NULL pointer dereference in find_asymmetric_key() (git-fixes). - KVM: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes). - KVM: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes). - KVM: arm64: Block unsafe FF-A calls from the host (git-fixes). - KVM: arm64: Disallow copying MTE to guest memory while KVM is dirty logging (git-fixes). - KVM: arm64: Do not pass a TLBI level hint when zapping table entries (git-fixes). - KVM: arm64: Do not re-initialize the KVM lock (git-fixes). - KVM: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes). - KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (git-fixes). - KVM: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes). - KVM: arm64: nvhe: Ignore SVE hint in SMCCC function ID (git-fixes). - KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git-fixes). - KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (git-fixes). - Move fixes into sorted section (bsc#1230119) - NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726). - NFSD: Fix frame size warning in svc_export_parse() (git-fixes). - NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes). - NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). - PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). - PCI: Wait for Link before restoring Downstream Buses (git-fixes). - PCI: al: Check IORESOURCE_BUS existence during probe (stable-fixes). - PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). - PCI: dra7xx: Fix threaded IRQ request for 'dra7xx-pcie-main' IRQ (git-fixes). - PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). - PCI: imx6: Fix missing call to phy_power_off() in error handling (git-fixes). - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes). - PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). - PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port() (git-fixes). - PCI: qcom-ep: Enable controller resources like PHY only after refclk is available (git-fixes). - PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). - PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). - RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) - RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) - RDMA/efa: Properly handle unexpected AQ completions (git-fixes) - RDMA/erdma: Return QP state in erdma_query_qp (git-fixes) - RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) - RDMA/hns: Fix 1bit-ECC recovery address in non-4K OS (git-fixes) - RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08 (git-fixes) - RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes) - RDMA/hns: Fix ah error counter in sw stat not increasing (git-fixes) - RDMA/hns: Fix restricted __le16 degrades to integer issue (git-fixes) - RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) - RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) - RDMA/hns: Optimize hem allocation performance (git-fixes) - RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes) - RDMA/mlx5: Drop redundant work canceling from clean_keys() (git-fixes) - RDMA/mlx5: Fix MR cache temp entries cleanup (git-fixes) - RDMA/mlx5: Fix counter update on MR cache mkey creation (git-fixes) - RDMA/mlx5: Limit usage of over-sized mkeys from the MR cache (git-fixes) - RDMA/mlx5: Obtain upper net device only when needed (git-fixes) - RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) - RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes) - Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes). - Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (git-fixes). - Revert 'PCI: Extend ACS configurability (bsc#1228090).' (bsc#1229019) - Revert 'drm/amdgpu: align pp_power_profile_mode with kernel docs' (stable-fixes). - Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (git-fixes). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' - Squashfs: sanity check symbolic link size (git-fixes). - USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). - USB: serial: kobil_sct: restore initial terminal settings (git-fixes). - USB: serial: option: add MeiG Smart SRM825L (git-fixes). - USB: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes). - USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes). - afs: Do not cross .backup mountpoint from backup volume (git-fixes). - afs: Revert 'afs: Hide silly-rename files from userspace' (git-fixes). - arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) - arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) - arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). - arm64: dts: allwinner: h616: Add r_i2c pinctrl nodes (git-fixes). - arm64: dts: exynos: exynos7885-jackpotlte: Correct RAM amount to 4GB (git-fixes). - arm64: dts: imx8-ss-dma: Fix adc0 closing brace location (git-fixes). - arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes). - arm64: dts: rockchip: Correct vendor prefix for Hardkernel ODROID-M1 (git-fixes). - arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes). - arm64: dts: rockchip: fix eMMC/SPI corruption when audio has been used on RK3399 Puma (git-fixes). - arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes). - arm64: signal: Fix some under-bracketed UAPI macros (git-fixes). - arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) - arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) - arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) - ata: libata-scsi: Fix ata_msense_control() CDL page reporting (git-fixes). - ata: libata: Clear DID_TIME_OUT for ATA PT commands with sense data (git-fixes). - ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). - ata: pata_macio: Use WARN instead of BUG (stable-fixes). - blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). - blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). - bpf, events: Use prog to emit ksymbol event for main program (git-fixes). - bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() (git-fixes). - btrfs: fix race between direct IO write and fsync when using same fd (git-fixes). - btrfs: send: allow cloning non-aligned extent if it ends at i_size (bsc#1230854). - bus: integrator-lm: fix OF node leak in probe() (git-fixes). - cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231008). - cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231183). - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). - can: bcm: Remove proc entry when dev is unregistered (git-fixes). - can: j1939: use correct function name in comment (git-fixes). - can: kvaser_pciefd: Skip redundant NULL pointer check in ISR (stable-fixes). - can: m_can: Release irq on error in m_can_open (git-fixes). - can: m_can: enable NAPI before enabling interrupts (git-fixes). - can: m_can: m_can_close(): stop clocks after device has been shut down (git-fixes). - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes). - can: mcp251xfd: clarify the meaning of timestamp (stable-fixes). - can: mcp251xfd: fix ring configuration when switching from CAN-CC to CAN-FD mode (git-fixes). - can: mcp251xfd: mcp251xfd_handle_rxif_ring_uinc(): factor out in separate function (stable-fixes). - can: mcp251xfd: mcp251xfd_ring_init(): check TX-coalescing configuration (stable-fixes). - can: mcp251xfd: move mcp251xfd_timestamp_start()/stop() into mcp251xfd_chip_start/stop() (stable-fixes). - can: mcp251xfd: properly indent labels (stable-fixes). - can: mcp251xfd: rx: add workaround for erratum DS80000789E 6 of mcp2518fd (stable-fixes). - can: mcp251xfd: rx: prepare to workaround broken RX FIFO head index erratum (stable-fixes). - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (stable-fixes). - ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231182). - clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885). - clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885). - clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes). - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes). - clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes). - clk: qcom: gcc-sc8280xp: do not use parking clk_ops for QUPs (git-fixes). - clk: qcom: gcc-sm8550: Do not park the USB RCG at registration time (git-fixes). - clk: qcom: gcc-sm8550: Do not use parking clk_ops for QUPs (git-fixes). - clk: qcom: ipq9574: Update the alpha PLL type for GPLLs (git-fixes). - clk: ti: dra7-atl: Fix leak of of_nodes (git-fixes). - clocksource/drivers/imx-tpm: Fix next event not taking effect sometime (git-fixes). - clocksource/drivers/imx-tpm: Fix return -ETIME when delta exceeds INT_MAX (git-fixes). - clocksource/drivers/qcom: Add missing iounmap() on errors in msm_dt_timer_init() (git-fixes). - cpufreq: amd-pstate: Enable amd-pstate preferred core support (stable-fixes). - cpufreq: amd-pstate: fix the highest frequency issue which limits performance (git-fixes). - cpufreq: scmi: Avoid overflow of target_freq in fast switch (stable-fixes). - cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). - crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). - crypto: ccp - do not request interrupt on cmd completion when irqs disabled (git-fixes). - crypto: iaa - Fix potential use after free bug (git-fixes). - crypto: qat - fix unintentional re-enabling of error interrupts (stable-fixes). - crypto: xor - fix template benchmarking (git-fixes). - cxl/core: Fix incorrect vendor debug UUID define (git-fixes). - cxl/pci: Fix to record only non-zero ranges (git-fixes). - devres: Initialize an uninitialized struct member (stable-fixes). - dma-buf: heaps: Fix off-by-one in CMA heap fault handler (git-fixes). - dma-debug: avoid deadlock between dma debug vs printk and netconsole (stable-fixes). - dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (stable-fixes). - dmaengine: altera-msgdma: use irq variant of spin_lock/unlock while invoking callbacks (stable-fixes). - driver core: Fix a potential null-ptr-deref in module_add_driver() (git-fixes). - driver core: Fix error handling in driver API device_rename() (git-fixes). - driver: iio: add missing checks on iio_info's callback access (stable-fixes). - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). - drm/amd/amdgpu: Check tbo resource pointer (stable-fixes). - drm/amd/amdgpu: Properly tune the size of struct (git-fixes). - drm/amd/display: Add array index check for hdcp ddc access (stable-fixes). - drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (git-fixes). - drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing (stable-fixes). - drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes). - drm/amd/display: Avoid overflow from uint32_t to uint8_t (stable-fixes). - drm/amd/display: Avoid race between dcn10_set_drr() and dc_state_destruct() (git-fixes). - drm/amd/display: Check BIOS images before it is used (stable-fixes). - drm/amd/display: Check HDCP returned status (stable-fixes). - drm/amd/display: Check UnboundedRequestEnabled's value (stable-fixes). - drm/amd/display: Check denominator pbn_div before used (stable-fixes). - drm/amd/display: Check gpio_id before used as array index (stable-fixes). - drm/amd/display: Check index for aux_rd_interval before using (stable-fixes). - drm/amd/display: Check msg_id before processing transcation (stable-fixes). - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes). - drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes). - drm/amd/display: Defer handling mst up request in resume (stable-fixes). - drm/amd/display: Disable error correction if it's not supported (stable-fixes). - drm/amd/display: Do not use fsleep for PSR exit waits on dmub replay (stable-fixes). - drm/amd/display: Ensure array index tg_inst won't be -1 (stable-fixes). - drm/amd/display: Ensure index calculation will not overflow (stable-fixes). - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes). - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within decide_fallback_link_setting_max_bw_policy (stable-fixes). - drm/amd/display: Fix Coverity INTERGER_OVERFLOW within construct_integrated_info (stable-fixes). - drm/amd/display: Fix FEC_READY write on DP LT (stable-fixes). - drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (stable-fixes). - drm/amd/display: Fix pipe addition logic in calc_blocks_to_ungate DCN35 (stable-fixes). - drm/amd/display: Handle the case which quad_part is equal 0 (stable-fixes). - drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection (stable-fixes). - drm/amd/display: Replace dm_execute_dmub_cmd with dc_wake_and_execute_dmub_cmd (git-fixes). - drm/amd/display: Run DC_LOG_DC after checking link->link_enc (stable-fixes). - drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes). - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable-fixes). - drm/amd/display: Solve mst monitors blank out problem after resume (git-fixes). - drm/amd/display: Spinlock before reading event (stable-fixes). - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes). - drm/amd/display: Wake DMCUB before sending a command for replay feature (stable-fixes). - drm/amd/display: added NULL check at start of dc_validate_stream (stable-fixes). - drm/amd/display: handle nulled pipe context in DCE110's set_drr() (git-fixes). - drm/amd/display: use preferred link settings for dp signal only (stable-fixes). - drm/amd/pm: Fix negative array index read (stable-fixes). - drm/amd/pm: check negtive return for table entries (stable-fixes). - drm/amd/pm: check specific index for aldebaran (stable-fixes). - drm/amd/pm: check specific index for smu13 (stable-fixes). - drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes). - drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable-fixes). - drm/amd: Add gfx12 swizzle mode defs (stable-fixes). - drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). - drm/amdgpu/display: handle gfx12 in amdgpu_dm_plane_format_mod_supported (stable-fixes). - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes). - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes). - drm/amdgpu/swsmu: always force a state reprogram on init (stable-fixes). - drm/amdgpu: Fix get each xcp macro (git-fixes). - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes). - drm/amdgpu: Fix out-of-bounds write warning (stable-fixes). - drm/amdgpu: Fix smatch static checker warning (stable-fixes). - drm/amdgpu: Fix the uninitialized variable warning (stable-fixes). - drm/amdgpu: Fix the warning division or modulo by zero (stable-fixes). - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable-fixes). - drm/amdgpu: Fix uninitialized variable warning in amdgpu_info_ioctl (stable-fixes). - drm/amdgpu: Handle sg size limit for contiguous allocation (stable-fixes). - drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). - drm/amdgpu: add lock in amdgpu_gart_invalidate_tlb (stable-fixes). - drm/amdgpu: add lock in kfd_process_dequeue_from_device (stable-fixes). - drm/amdgpu: add missing error handling in function amdgpu_gmc_flush_gpu_tlb_pasid (stable-fixes). - drm/amdgpu: add skip_hw_access checks for sriov (stable-fixes). - drm/amdgpu: align pp_power_profile_mode with kernel docs (stable-fixes). - drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes). - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). - drm/amdgpu: fix a possible null pointer dereference (git-fixes). - drm/amdgpu: fix contiguous handling for IB parsing v2 (git-fixes). - drm/amdgpu: fix dereference after null check (stable-fixes). - drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes). - drm/amdgpu: fix overflowed array index read warning (stable-fixes). - drm/amdgpu: fix overflowed constant warning in mmhub_set_clockgating() (stable-fixes). - drm/amdgpu: fix the waring dereferencing hive (stable-fixes). - drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes). - drm/amdgpu: fix uninitialized scalar variable warning (stable-fixes). - drm/amdgpu: handle gfx12 in amdgpu_display_verify_sizes (stable-fixes). - drm/amdgpu: properly handle vbios fake edid sizing (git-fixes). - drm/amdgpu: reject gang submit on reserved VMIDs (stable-fixes). - drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes). - drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes). - drm/amdgu: fix Unintentional integer overflow for mall size (stable-fixes). - drm/amdkfd: Check debug trap enable before write dbg_ev_file (stable-fixes). - drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes). - drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). - drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes). - drm/drm-bridge: Drop conditionals around of_node pointers (stable-fixes). - drm/fb-helper: Do not schedule_work() to flush frame buffer during panic() (stable-fixes). - drm/gpuvm: fix missing dependency to DRM_EXEC (git-fixes). - drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes). - drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git-fixes). - drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). - drm/i915: Do not attempt to load the GSC multiple times (git-fixes). - drm/kfd: Correct pinned buffer handling at kfd restore and validate process (stable-fixes). - drm/mediatek: Set sensible cursor width/height values to fix crash (stable-fixes). - drm/mediatek: ovl_adaptor: Add missing of_node_put() (git-fixes). - drm/meson: plane: Add error handling (stable-fixes). - drm/msm/a5xx: disable preemption in submits by default (git-fixes). - drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). - drm/msm/a5xx: properly clear preemption records on resume (git-fixes). - drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). - drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). - drm/msm/dsi: correct programming sequence for SM8350 / SM8450 (git-fixes). - drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). - drm/msm: fix %s null argument error (git-fixes). - drm/nouveau/fb: restore init() for ramgp102 (git-fixes). - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes). - drm/radeon: fix null pointer dereference in radeon_add_common_modes (git-fixes). - drm/radeon: properly handle vbios fake edid sizing (git-fixes). - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes). - drm/rockchip: vop: Allow 4096px width scaling (git-fixes). - drm/rockchip: vop: clear DMA stop bit on RK3066 (git-fixes). - drm/rockchip: vop: enable VOP_FEATURE_INTERNAL_RGB on RK3066 (git-fixes). - drm/stm: Fix an error handling path in stm_drm_platform_probe() (git-fixes). - drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). - drm/syncobj: Fix syncobj leak in drm_syncobj_eventfd_ioctl (git-fixes). - drm/vc4: hdmi: Handle error case of pm_runtime_resume_and_get (git-fixes). - drm: komeda: Fix an issue related to normalized zpos (stable-fixes). - drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). - drm: panel-orientation-quirks: Add quirk for Ayn Loki Max (stable-fixes). - drm: panel-orientation-quirks: Add quirk for Ayn Loki Zero (stable-fixes). - drm: panel-orientation-quirks: Add quirk for OrangePi Neo (stable-fixes). - ep93xx: clock: Fix off by one in ep93xx_div_recalc_rate() (git-fixes). - erofs: fix incorrect symlink detection in fast symlink (git-fixes). - exfat: fix memory leak in exfat_load_bitmap() (git-fixes). - fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). - firmware: arm_scmi: Fix double free in OPTEE transport (git-fixes). - firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes). - firmware_loader: Block path traversal (git-fixes). - fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230602). - fuse: fix memory leak in fuse_create_open (bsc#1230124). - fuse: update stats for pages in dropped aux writeback list (bsc#1230125). - fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230123). - gpio: modepin: Enable module autoloading (git-fixes). - gpio: rockchip: fix OF node leak in probe() (git-fixes). - hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (asus-ec-sensors) remove VRM temp X570-E GAMING (stable-fixes). - hwmon: (k10temp) Check return value of amd_smn_read() (stable-fixes). - hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). - hwmon: (nct6775-core) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (ntc_thermistor) fix module autoloading (git-fixes). - hwmon: (pmbus) Conditionally clear individual status bits for pmbus rev >= 1.2 (git-fixes). - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). - hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git-fixes). - hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git-fixes). - hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). - i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes). - i2c: designware: fix controller is holding SCL low while ENABLE bit is disabled (git-fixes). - i2c: isch: Add missed 'else' (git-fixes). - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). - i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition (git-fixes). - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes). - iio: adc: ad7124: fix chip ID mismatch (git-fixes). - iio: adc: ad7124: fix config comparison (git-fixes). - iio: adc: ad7606: fix oversampling gpio array (git-fixes). - iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes). - iio: adc: ad7606: remove frstdata check for serial mode (git-fixes). - iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes). - iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes). - iio: fix scale application in iio_convert_raw_to_processed_unlocked (git-fixes). - iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). - ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). - ipmi:ssif: Improve detecting during probing (bsc#1228771) - ipmi:ssif: Improve detecting during probing (bsc#1228771) - ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230206) - jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). - kABI workaround for cros_ec stuff (git-fixes). - kabi: dm_blk_ioctl: implement path failover for SG_IO (bsc#1183045, bsc#1216776). - kselftests: dmabuf-heaps: Ensure the driver name is null-terminated (stable-fixes). - kthread: Fix task state in kthread worker if being frozen (bsc#1231146). - leds: spi-byte: Call of_node_put() on error path (stable-fixes). - lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (stable-fixes). - lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). - mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). - mailbox: rockchip: fix a typo in module autoloading (git-fixes). - media: i2c: ar0521: Use cansleep version of gpiod_set_value() (git-fixes). - media: ov5675: Fix power on/off delay timings (git-fixes). - media: platform: rzg2l-cru: rzg2l-csi2: Add missing MODULE_DEVICE_TABLE (git-fixes). - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). - media: qcom: camss: Remove use_count guard in stop_streaming (git-fixes). - media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). - media: uvcvideo: Enforce alignment of frame and interval (stable-fixes). - media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). - media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). - media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). - media: vivid: fix wrong sizeimage value for mplane (stable-fixes). - memory: mtk-smi: Use devm_clk_get_enabled() (git-fixes). - memory: tegra186-emc: drop unused to_tegra186_emc() (git-fixes). - minmax: reduce min/max macro expansion in atomisp driver (git-fixes). - misc: fastrpc: Fix double free of 'buf' in error path (git-fixes). - mmc: core: apply SD quirks earlier during probe (git-fixes). - mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes). - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes). - mmc: sdhci-of-aspeed: fix module autoloading (git-fixes). - module: Fix KCOV-ignored file name (git-fixes). - mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). - mtd: slram: insert break after errors in parsing the map (git-fixes). - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes). - net: phy: Fix missing of_node_put() for leds (git-fixes). - net: phy: vitesse: repair vsc73xx autonegotiation (stable-fixes). - net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). - net: usb: qmi_wwan: add MeiG Smart SRM825L (stable-fixes). - nfsd: Do not leave work of closing files to a work queue (bsc#1228140). - nilfs2: determine empty node blocks as corrupted (git-fixes). - nilfs2: fix missing cleanup on rollforward recovery error (git-fixes). - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). - nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). - nilfs2: fix state management in error path of log writing function (git-fixes). - nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes). - nouveau: fix the fwsec sb verification register (git-fixes). - nvme-multipath: avoid hang on inaccessible namespaces (bsc#1228244). - nvme-multipath: system fails to create generic nvme device (bsc#1228244). - nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). - nvme-pci: allocate tagset on reset if necessary (git-fixes). - nvme-tcp: fix link failure for TCP auth (git-fixes). - nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). - nvme: clear caller pointer on identify failure (git-fixes). - nvme: fix namespace removal list (git-fixes). - nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). - nvmet-tcp: do not continue for invalid icreq (git-fixes). - nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). - nvmet-trace: avoid dereferencing pointer too early (git-fixes). - nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). - ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). - ocfs2: fix null-ptr-deref when journal load failed (git-fixes). - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). - pcmcia: Use resource_size function on resource object (stable-fixes). - perf annotate: Introduce global annotation_options (git-fixes). - perf annotate: Split branch stack cycles information out of 'struct annotation_line' (git-fixes). - perf annotate: Use global annotation_options (git-fixes). - perf arch events: Fix duplicate RISC-V SBI firmware event name (git-fixes). - perf intel-pt: Fix aux_watermark calculation for 64-bit size (git-fixes). - perf intel-pt: Fix exclude_guest setting (git-fixes). - perf machine thread: Remove exited threads by default (git-fixes). - perf maps: Move symbol maps functions to maps.c (git-fixes). - perf pmu: Assume sysfs events are always the same case (git-fixes). - perf pmus: Fixes always false when compare duplicates aliases (git-fixes). - perf record: Lazy load kernel symbols (git-fixes). - perf report: Convert to the global annotation_options (git-fixes). - perf report: Fix condition in sort__sym_cmp() (git-fixes). - perf stat: Fix the hard-coded metrics calculation on the hybrid (git-fixes). - perf test: Make test_arm_callgraph_fp.sh more robust (git-fixes). - perf tool: fix dereferencing NULL al->maps (git-fixes). - perf tools: Add/use PMU reverse lookup from config to name (git-fixes). - perf tools: Use pmus to describe type from attribute (git-fixes). - perf top: Convert to the global annotation_options (git-fixes). - perf/core: Fix missing wakeup when waiting for context reference (git-fixes). - perf/x86/intel/cstate: Add pkg C2 residency counter for Sierra Forest (git-fixes). - perf/x86/intel/cstate: Fix Alderlake/Raptorlake/Meteorlake (git-fixes). - perf/x86/intel/ds: Fix non 0 retire latency on Raptorlake (git-fixes). - perf/x86/intel/pt: Fix a topa_entry base address calculation (git-fixes). - perf/x86/intel/pt: Fix pt_topa_entry_for_page() address calculation (git-fixes). - perf/x86/intel/pt: Fix topa_entry base length (git-fixes). - perf/x86/intel/uncore: Fix the bits of the CHA extended umask for SPR (git-fixes). - perf/x86/intel/uncore: Support HBM and CXL PMON counters (bsc#1230119). - perf/x86/intel: Add a distinct name for Granite Rapids (git-fixes). - perf/x86/intel: Factor out the initialization code for SPR (git fixes). - perf/x86/intel: Limit the period on Haswell (git-fixes). - perf/x86/intel: Use the common uarch name for the shared functions (git fixes). - perf/x86/uncore: Apply the unit control RB tree to MMIO uncore units (bsc#1230119). - perf/x86/uncore: Apply the unit control RB tree to MSR uncore units (bsc#1230119). - perf/x86/uncore: Apply the unit control RB tree to PCI uncore units (bsc#1230119). - perf/x86/uncore: Cleanup unused unit structure (bsc#1230119). - perf/x86/uncore: Retrieve the unit ID from the unit control RB tree (bsc#1230119). - perf/x86/uncore: Save the unit control address of all units (bsc#1230119). - perf/x86/uncore: Support per PMU cpumask (bsc#1230119). - perf/x86: Fix smp_processor_id()-in-preemptible warnings (git-fixes). - perf/x86: Serialize set_attr_rdpmc() (git-fixes). - perf: Fix default aux_watermark calculation (git-fixes). - perf: Fix event leak upon exit (git-fixes). - perf: Fix perf_aux_size() for greater-than 32-bit size (git-fixes). - perf: Prevent passing zero nr_pages to rb_alloc_aux() (git-fixes). - perf: script: add raw|disasm arguments to --insn-trace option (git-fixes). - phy: zynqmp: Take the phy mutex in xlate (stable-fixes). - pinctrl: at91: make it work with current gpiolib (stable-fixes). - pinctrl: meteorlake: Add Arrow Lake-H/U ACPI ID (stable-fixes). - pinctrl: single: fix missing error code in pcs_probe() (git-fixes). - platform/chrome: cros_ec_lpc: MEC access can use an AML mutex (stable-fixes). - platform/surface: aggregator_registry: Add Support for Surface Pro 10 (stable-fixes). - platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes). - platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes). - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes). - platform/x86: x86-android-tablets: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes). - power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). - power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes). - power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). - power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). - powercap/intel_rapl: Add support for AMD family 1Ah (stable-fixes). - powerpc/qspinlock: Fix deadlock in MCS queue (bac#1230295 ltc#206656). - pwm: xilinx: Fix u32 overflow issue in 32-bit width PWM mode (stable-fixes). - r8152: add vendor/device ID pair for D-Link DUB-E250 (git-fixes). - regmap: maple: work around gcc-14.1 false-positive warning (stable-fixes). - regmap: spi: Fix potential off-by-one when calculating reserved size (stable-fixes). - regulator: Return actual error in of_regulator_bulk_get_all() (git-fixes). - regulator: core: Fix regulator_is_supported_voltage() kerneldoc return value (git-fixes). - regulator: core: Fix short description for _regulator_check_status_enabled() (git-fixes). - regulator: core: Stub devm_regulator_bulk_get_const() if !CONFIG_REGULATOR (git-fixes). - regulator: rt5120: Convert comma to semicolon (git-fixes). - regulator: wm831x-isink: Convert comma to semicolon (git-fixes). - remoteproc: imx_rproc: Correct ddr alias for i.MX8M (git-fixes). - remoteproc: imx_rproc: Initialize workqueue earlier (git-fixes). - remoteproc: k3-r5: Fix error handling when power-up failed (git-fixes). - reset: berlin: fix OF node leak in probe() error path (git-fixes). - reset: k210: fix OF node leak in probe() error path (git-fixes). - resource: fix region_intersects() vs add_memory_driver_managed() (git-fixes). - rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY gcc version dependent, at least on ppc - rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). - s390/dasd: Fix redundant /proc/dasd* entries removal (bsc#1227694). - s390/dasd: Remove DMA alignment (LTC#208933 bsc#1230426 git-fixes). - s390/mm: Convert gmap_make_secure to use a folio (git-fixes bsc#1230562). - s390/mm: Convert make_page_secure to use a folio (git-fixes bsc#1230563). - s390: allow pte_offset_map_lock() to fail (git-fixes bsc#1230564). - scripts: kconfig: merge_config: config files: add a trailing newline (stable-fixes). - scripts: sphinx-pre-install: remove unnecessary double check for $cur_version (git-fixes). - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). - scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Fix overflow build issue (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429 jsc#PED-9899). - scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429 jsc#PED-9899). - scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). - selftests: lib: remove strscpy test (git-fixes). - selinux,smack: do not bypass permissions check in inode_setsecctx hook (stable-fixes). - soc: fsl: cpm1: tsa: Fix tsa_write8() (git-fixes). - soc: versatile: integrator: fix OF node leak in probe() error path (git-fixes). - spi: atmel-quadspi: Avoid overwriting delay register settings (git-fixes). - spi: atmel-quadspi: Undo runtime PM changes at driver exit time (git-fixes). - spi: bcm63xx: Enable module autoloading (stable-fixes). - spi: bcm63xx: Fix module autoloading (git-fixes). - spi: meson-spicc: convert comma to semicolon (git-fixes). - spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). - spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes). - spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes). - spi: rockchip: Resolve unbalanced runtime PM / system PM handling (git-fixes). - spi: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes). - spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes). - spi: spidev: Add an entry for elgin,jg10309-01 (stable-fixes). - spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes). - staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes). - supported.conf: mark adiantum and xctr crypto modules as supported (bsc#1231035) - thunderbolt: Fix XDomain rx_lanes_show and tx_lanes_show (git-fixes). - thunderbolt: Fix calculation of consumed USB3 bandwidth on a path (git-fixes). - thunderbolt: Fix rollback in tb_port_lane_bonding_enable() for lane 1 (git-fixes). - thunderbolt: There are only 5 basic router registers in pre-USB4 routers (git-fixes). - tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes). - tools/perf: Fix the string match for '/tmp/perf-$PID.map' files in dso__load (git-fixes). - tpm: Clean up TPM space after command failure (git-fixes). - tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). - tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes). - usb: cdnsp: Fix incorrect usb_request status (git-fixes). - usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). - usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). - usb: dwc3: Avoid waking up gadget during startxfer (git-fixes). - usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes). - usb: dwc3: core: Prevent USB core invalid event buffer address access (stable-fixes). - usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes). - usb: gadget: aspeed_udc: validate endpoint index for ast udc (stable-fixes). - usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes). - usb: typec: ucsi: Wait 20ms before reading CCI after a reset (git-fixes). - usb: uas: set host status byte on data completion error (stable-fixes). - usbip: Do not submit special requests twice (stable-fixes). - usbnet: ipheth: add CDC NCM support (git-fixes). - usbnet: ipheth: do not stop RX on failing RX callback (git-fixes). - usbnet: ipheth: drop RX URBs with no payload (git-fixes). - usbnet: ipheth: fix carrier detection in modes 1 and 4 (git-fixes). - usbnet: ipheth: fix risk of NULL pointer deallocation (git-fixes). - usbnet: ipheth: race between ipheth_close and error handling (stable-fixes). - usbnet: ipheth: remove extraneous rx URB length check (git-fixes). - usbnet: ipheth: transmit URBs without trailing padding (git-fixes). - usbnet: modern method to get random MAC (git-fixes). - virtio-net: synchronize probe with ndo_set_features (git-fixes). - virtio_net: Fix napi_skb_cache_put warning (git-fixes). - virtio_net: fixing XDP for fully checksummed packets handling (git-fixes). - watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). - wifi: ath11k: initialize 'ret' in ath11k_qmi_load_file_target_mem() (stable-fixes). - wifi: ath12k: fix BSS chan info request WMI command (git-fixes). - wifi: ath12k: fix firmware crash due to invalid peer nss (stable-fixes). - wifi: ath12k: fix invalid AMPDU factor calculation in ath12k_peer_assoc_h_he() (git-fixes). - wifi: ath12k: fix uninitialize symbol error on ath12k_peer_assoc_h_he() (stable-fixes). - wifi: ath12k: initialize 'ret' in ath12k_dp_rxdma_ring_sel_config_wcn7850() (stable-fixes). - wifi: ath12k: initialize 'ret' in ath12k_qmi_load_file_target_mem() (stable-fixes). - wifi: ath12k: match WMI BSS chan info structure with firmware definition (git-fixes). - wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes). - wifi: brcmfmac: introducing fwil query functions (git-fixes). - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). - wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). - wifi: cfg80211: fix bug of mapping AF3x to incorrect User Priority (git-fixes). - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes). - wifi: cfg80211: make hash table duplicates more survivable (stable-fixes). - wifi: cfg80211: restrict operation during radar detection (stable-fixes). - wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes). - wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes). - wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (stable-fixes). - wifi: iwlwifi: mvm: fix iwl_mvm_max_scan_ie_fw_cmd_room() (stable-fixes). - wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes). - wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes). - wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (stable-fixes). - wifi: iwlwifi: mvm: use IWL_FW_CHECK for link ID check (stable-fixes). - wifi: mac80211: check ieee80211_bss_info_change_notify() against MLD (stable-fixes). - wifi: mac80211: do not use rate mask for offchannel TX either (git-fixes). - wifi: mac80211: fix the comeback long retry times (git-fixes). - wifi: mac80211: free skb on error path in ieee80211_beacon_get_ap() (stable-fixes). - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git-fixes). - wifi: mt76: connac: fix checksum offload fields of connac3 RXD (git-fixes). - wifi: mt76: mt7603: fix mixed declarations and code (git-fixes). - wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7915: check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7915: fix oops on non-dbdc mt7986 (git-fixes). - wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes). - wifi: mt76: mt7921: Check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change (stable-fixes). - wifi: mt76: mt7921: fix wrong UNII-4 freq range check for the channel usage (git-fixes). - wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc (git-fixes). - wifi: mt76: mt7996: fix EHT beamforming capability check (git-fixes). - wifi: mt76: mt7996: fix HE and EHT beamforming capabilities (git-fixes). - wifi: mt76: mt7996: fix NULL pointer dereference in mt7996_mcu_sta_bfer_he (git-fixes). - wifi: mt76: mt7996: fix traffic delay when switching back to working channel (git-fixes). - wifi: mt76: mt7996: fix uninitialized TLV data (git-fixes). - wifi: mt76: mt7996: fix wmm set of station interface to 3 (git-fixes). - wifi: mt76: mt7996: use hweight16 to get correct tx antenna (git-fixes). - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). - wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). - wifi: rtw88: always wait for both firmware loading attempts (git-fixes). - wifi: rtw88: remove CPT execution branch never used (git-fixes). - wifi: rtw88: usb: schedule rx work after everything is set up (stable-fixes). - wifi: rtw89: ser: avoid multiple deinit on same CAM (stable-fixes). - wifi: rtw89: wow: prevent to send unexpected H2C during download Firmware (stable-fixes). - wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). - x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). - x86/kaslr: Expose and use the end of the physical memory address space (bsc#1229443). - x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). - x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). - x86/mm: Use lookup_address_in_pgd_attr() in show_fault_oops() (bsc#1221527). - x86/pat: Fix W^X violation false-positives when running as Xen PV guest (bsc#1221527). - x86/pat: Introduce lookup_address_in_pgd_attr() (bsc#1221527). - x86/pat: Restructure _lookup_address_cpa() (bsc#1221527). - xen/swiotlb: add alignment check for dma buffers (bsc#1229928). - xen/swiotlb: fix allocated size (git-fixes). - xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). - xen: allow mapping ACPI data using a different physical address (bsc#1226003). - xen: introduce generic helper checking for memory map conflicts (bsc#1226003). - xen: move checks for e820 conflicts further up (bsc#1226003). - xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). - xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). - xen: use correct end address of kernel for conflict checking (bsc#1226003). - xfs: restrict when we try to align cow fork delalloc to cowextsz hints (git-fixes). - xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git-fixes). - xz: cleanup CRC32 edits from 2018 (git-fixes). The following package changes have been done: - kernel-macros-6.4.0-150600.23.25.1 updated - kernel-devel-6.4.0-150600.23.25.1 updated - kernel-default-devel-6.4.0-150600.23.25.1 updated - kernel-syms-6.4.0-150600.23.25.1 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:02:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:02:17 +0200 (CEST) Subject: SUSE-IU-2024:1490-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20241012070217.96863FCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1490-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.200 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.200 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.101 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:02:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:02:31 +0200 (CEST) Subject: SUSE-IU-2024:1491-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20241012070231.966F8FCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1491-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.215 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.215 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.163 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:02:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:02:51 +0200 (CEST) Subject: SUSE-IU-2024:1492-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20241012070251.4786EFCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1492-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.163 , suse/sle-micro/5.5:latest Image Release : 5.5.163 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.101 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:05:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:05:48 +0200 (CEST) Subject: SUSE-CU-2024:4965-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20241012070548.57215FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4965-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.38 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.38 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - bash-sh-4.4-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - libreadline7-7.0-150400.27.3.2 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:08:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:08:09 +0200 (CEST) Subject: SUSE-CU-2024:4967-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20241012070809.D8EEDFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4967-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.39 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.39 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - bash-sh-4.4-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - libreadline7-7.0-150400.27.3.2 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:08:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:08:36 +0200 (CEST) Subject: SUSE-CU-2024:4969-1: Recommended update of suse/ltss/sle15.4/bci-base-fips Message-ID: <20241012070836.12950FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4969-1 Container Tags : suse/ltss/sle15.4/bci-base-fips:15.4 , suse/ltss/sle15.4/bci-base-fips:15.4.4.15 Container Release : 4.15 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/ltss/sle15.4/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:sles15-ltss-image-15.0.0-6.2 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:08:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:08:59 +0200 (CEST) Subject: SUSE-CU-2024:4970-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20241012070859.9B736FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4970-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.6.2 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.6.2 , suse/ltss/sle15.4/sle15:latest Container Release : 6.2 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - bash-sh-4.4-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - libreadline7-7.0-150400.27.3.2 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:11:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:11:42 +0200 (CEST) Subject: SUSE-CU-2024:4972-1: Recommended update of bci/bci-micro Message-ID: <20241012071142.A64B5FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4972-1 Container Tags : bci/bci-micro:15.5 , bci/bci-micro:15.5.32.3 Container Release : 32.3 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - bash-sh-4.4-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - libreadline7-7.0-150400.27.3.2 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:17:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:17:08 +0200 (CEST) Subject: SUSE-CU-2024:4980-1: Recommended update of suse/sle15 Message-ID: <20241012071708.2185BFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4980-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.30 , suse/sle15:15.5 , suse/sle15:15.5.36.14.30 Container Release : 36.14.30 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - bash-sh-4.4-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - libreadline7-7.0-150400.27.3.2 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:18:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:18:38 +0200 (CEST) Subject: SUSE-CU-2024:4988-1: Recommended update of bci/golang Message-ID: <20241012071838.4C305FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4988-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-47.11 , bci/golang:1.20.12.1 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-47.11 Container Release : 47.11 Severity : moderate Type : recommended References : 1230111 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-bcf55c6e4f278a86b7d6958433947223823de81fc4e7f96a50ff0c09ff07c9da-0 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:18:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:18:46 +0200 (CEST) Subject: SUSE-CU-2024:4989-1: Recommended update of bci/golang Message-ID: <20241012071846.A0AAAFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4989-1 Container Tags : bci/golang:1.23 , bci/golang:1.23-1.41.12 , bci/golang:1.23.2 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.41.12 Container Release : 41.12 Severity : moderate Type : recommended References : 1230111 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-bcf55c6e4f278a86b7d6958433947223823de81fc4e7f96a50ff0c09ff07c9da-0 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:18:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:18:57 +0200 (CEST) Subject: SUSE-CU-2024:4990-1: Recommended update of bci/golang Message-ID: <20241012071857.8791BFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4990-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-47.11 , bci/golang:1.21.5.1 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-47.11 Container Release : 47.11 Severity : moderate Type : recommended References : 1230111 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-bcf55c6e4f278a86b7d6958433947223823de81fc4e7f96a50ff0c09ff07c9da-0 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:19:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:19:12 +0200 (CEST) Subject: SUSE-CU-2024:4992-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20241012071912.D7791FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4992-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.51 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.51 Severity : moderate Type : recommended References : 1224465 1227807 1230263 1230840 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3602-1 Released: Fri Oct 11 13:02:10 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1224465,1230263,1230840 This update for grub2 fixes the following issues: - Fix OOM (out of memory) error in loading loopback file (bsc#1230840). - Fix UEFI PXE boot failure on tagged VLAN network (bsc#1230263). - Fix grub screen is filled with artifects from earlier post menu (bsc#1224465). The following package changes have been done: - bash-sh-4.4-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - grub2-i386-pc-2.12-150600.8.9.2 updated - grub2-x86_64-efi-2.12-150600.8.9.2 updated - grub2-2.12-150600.8.9.2 updated - libreadline7-7.0-150400.27.3.2 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:19:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:19:33 +0200 (CEST) Subject: SUSE-CU-2024:4994-1: Recommended update of bci/kiwi Message-ID: <20241012071933.D7032FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4994-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-16.4 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:latest Container Release : 16.4 Severity : moderate Type : recommended References : 1227807 1230111 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - readline-devel-7.0-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-bcf55c6e4f278a86b7d6958433947223823de81fc4e7f96a50ff0c09ff07c9da-0 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:19:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:19:40 +0200 (CEST) Subject: SUSE-CU-2024:4995-1: Recommended update of bci/bci-micro Message-ID: <20241012071940.D9ADEFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4995-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.26.3 , bci/bci-micro:latest Container Release : 26.3 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - bash-sh-4.4-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - libreadline7-7.0-150400.27.3.2 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:20:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:20:11 +0200 (CEST) Subject: SUSE-CU-2024:4998-1: Recommended update of bci/openjdk Message-ID: <20241012072011.23884FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4998-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-26.12 , bci/openjdk:latest Container Release : 26.12 Severity : moderate Type : recommended References : 1230111 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-bcf55c6e4f278a86b7d6958433947223823de81fc4e7f96a50ff0c09ff07c9da-0 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:20:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:20:21 +0200 (CEST) Subject: SUSE-CU-2024:4999-1: Recommended update of bci/php-apache Message-ID: <20241012072021.D417DFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:4999-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-42.12 , bci/php-apache:8.2.20 , bci/php-apache:latest Container Release : 42.12 Severity : moderate Type : recommended References : 1230111 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-bcf55c6e4f278a86b7d6958433947223823de81fc4e7f96a50ff0c09ff07c9da-0 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:20:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:20:31 +0200 (CEST) Subject: SUSE-CU-2024:5000-1: Recommended update of bci/php-fpm Message-ID: <20241012072031.4B832FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5000-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-42.12 , bci/php-fpm:8.2.20 , bci/php-fpm:latest Container Release : 42.12 Severity : moderate Type : recommended References : 1230111 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-bcf55c6e4f278a86b7d6958433947223823de81fc4e7f96a50ff0c09ff07c9da-0 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:20:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:20:41 +0200 (CEST) Subject: SUSE-CU-2024:5001-1: Recommended update of bci/python Message-ID: <20241012072041.DCB0BFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5001-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11-54.11 , bci/python:3.11.10 Container Release : 54.11 Severity : moderate Type : recommended References : 1230111 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-bcf55c6e4f278a86b7d6958433947223823de81fc4e7f96a50ff0c09ff07c9da-0 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:20:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:20:54 +0200 (CEST) Subject: SUSE-CU-2024:5002-1: Recommended update of bci/python Message-ID: <20241012072054.EDFECFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5002-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12-54.11 , bci/python:3.12.6 , bci/python:latest Container Release : 54.11 Severity : moderate Type : recommended References : 1230111 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-bcf55c6e4f278a86b7d6958433947223823de81fc4e7f96a50ff0c09ff07c9da-0 updated From sle-container-updates at lists.suse.com Sat Oct 12 07:21:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 12 Oct 2024 09:21:06 +0200 (CEST) Subject: SUSE-CU-2024:5003-1: Recommended update of bci/python Message-ID: <20241012072106.33C0CFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5003-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-53.12 , bci/python:3.6.15 Container Release : 53.12 Severity : moderate Type : recommended References : 1230111 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-bcf55c6e4f278a86b7d6958433947223823de81fc4e7f96a50ff0c09ff07c9da-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:02:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:02:12 +0200 (CEST) Subject: SUSE-IU-2024:1493-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20241013070212.64D6DFCC1@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1493-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.102 , suse/sle-micro/base-5.5:latest Image Release : 5.8.102 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:suse-sle15-15.5-b365b8fb5775dbb0485f3b3dd3b10c9302005f9fc019426c3f9019b2fc65ce4f-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:04:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:04:04 +0200 (CEST) Subject: SUSE-CU-2024:5004-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20241013070404.451B7FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5004-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.68 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.68 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - bash-sh-4.4-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - libreadline7-7.0-150400.27.3.2 updated - container:suse-sle15-15.5-b365b8fb5775dbb0485f3b3dd3b10c9302005f9fc019426c3f9019b2fc65ce4f-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:06:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:06:57 +0200 (CEST) Subject: SUSE-CU-2024:5005-1: Recommended update of bci/bci-init Message-ID: <20241013070657.D4625FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5005-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.31.9 Container Release : 31.9 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.5-b365b8fb5775dbb0485f3b3dd3b10c9302005f9fc019426c3f9019b2fc65ce4f-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:07:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:07:19 +0200 (CEST) Subject: SUSE-CU-2024:5006-1: Recommended update of bci/bci-minimal Message-ID: <20241013070719.50A5DFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5006-1 Container Tags : bci/bci-minimal:15.5 , bci/bci-minimal:15.5.34.5 Container Release : 34.5 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - bash-sh-4.4-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - libreadline7-7.0-150400.27.3.2 updated - container:bci-bci-micro-15.5-1c92e5321e4e286dd53bf65051335ca2640dcd586b36b52c067dc7af4c4858f8-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:08:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:08:10 +0200 (CEST) Subject: SUSE-CU-2024:5007-1: Recommended update of bci/nodejs Message-ID: <20241013070810.2F358FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5007-1 Container Tags : bci/node:18 , bci/node:18-35.9 , bci/node:18.20.4 , bci/nodejs:18 , bci/nodejs:18-35.9 , bci/nodejs:18.20.4 Container Release : 35.9 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.5-b365b8fb5775dbb0485f3b3dd3b10c9302005f9fc019426c3f9019b2fc65ce4f-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:09:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:09:07 +0200 (CEST) Subject: SUSE-CU-2024:5009-1: Recommended update of bci/openjdk-devel Message-ID: <20241013070907.EB1BBFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5009-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-31.9 Container Release : 31.9 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:bci-openjdk-11-c94f753661acb63f190a85c2b7c143c629fd7c255fd6cb92c1b16e3d35e93348-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:09:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:09:56 +0200 (CEST) Subject: SUSE-CU-2024:5010-1: Recommended update of bci/openjdk Message-ID: <20241013070956.5E6E8FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5010-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-32.9 Container Release : 32.9 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.5-b365b8fb5775dbb0485f3b3dd3b10c9302005f9fc019426c3f9019b2fc65ce4f-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:10:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:10:58 +0200 (CEST) Subject: SUSE-CU-2024:5012-1: Recommended update of bci/openjdk-devel Message-ID: <20241013071058.5D223FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5012-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-33.9 Container Release : 33.9 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:bci-openjdk-17-05536caaa9d6a1167faf516b0f25724738ff3a943dfcff81f15b50cd74b13e82-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:11:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:11:46 +0200 (CEST) Subject: SUSE-CU-2024:5013-1: Recommended update of bci/openjdk Message-ID: <20241013071146.89BBCFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5013-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-34.9 Container Release : 34.9 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.5-b365b8fb5775dbb0485f3b3dd3b10c9302005f9fc019426c3f9019b2fc65ce4f-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:12:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:12:22 +0200 (CEST) Subject: SUSE-CU-2024:5014-1: Recommended update of suse/postgres Message-ID: <20241013071222.19B23FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5014-1 Container Tags : suse/postgres:15 , suse/postgres:15-35.8 , suse/postgres:15.8 , suse/postgres:15.8 Container Release : 35.8 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.5-b365b8fb5775dbb0485f3b3dd3b10c9302005f9fc019426c3f9019b2fc65ce4f-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:13:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:13:00 +0200 (CEST) Subject: SUSE-CU-2024:5015-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20241013071300.69730FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5015-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.26.9 Container Release : 26.9 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.5-b365b8fb5775dbb0485f3b3dd3b10c9302005f9fc019426c3f9019b2fc65ce4f-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:13:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:13:13 +0200 (CEST) Subject: SUSE-CU-2024:5016-1: Recommended update of suse/389-ds Message-ID: <20241013071313.80461FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5016-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-45.12 , suse/389-ds:latest Container Release : 45.12 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:13:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:13:26 +0200 (CEST) Subject: SUSE-CU-2024:5017-1: Recommended update of bci/dotnet-aspnet Message-ID: <20241013071326.F1F89FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5017-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-49.4 , bci/dotnet-aspnet:6.0.35 Container Release : 49.4 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:13:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:13:38 +0200 (CEST) Subject: SUSE-CU-2024:5018-1: Recommended update of bci/dotnet-aspnet Message-ID: <20241013071338.5274FFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5018-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0-37.4 , bci/dotnet-aspnet:8.0.10 , bci/dotnet-aspnet:latest Container Release : 37.4 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:13:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:13:46 +0200 (CEST) Subject: SUSE-CU-2024:5019-1: Recommended update of bci/bci-base-fips Message-ID: <20241013071346.D59D1FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5019-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.15.4 , bci/bci-base-fips:latest Container Release : 15.4 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:13:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:13:57 +0200 (CEST) Subject: SUSE-CU-2024:5020-1: Recommended update of suse/registry Message-ID: <20241013071357.E9FDEFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5020-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-28.4 , suse/registry:latest Container Release : 28.4 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - bash-sh-4.4-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - libreadline7-7.0-150400.27.3.2 updated - container:bci-bci-micro-15.6-a4d895da61dfc5fc2624f1643d8edcaf1e0e2c0118cceb8c14b7bfa4b148c458-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:14:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:14:13 +0200 (CEST) Subject: SUSE-CU-2024:5021-1: Recommended update of bci/dotnet-sdk Message-ID: <20241013071413.0E47EFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5021-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-49.4 , bci/dotnet-sdk:6.0.35 Container Release : 49.4 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:14:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:14:27 +0200 (CEST) Subject: SUSE-CU-2024:5022-1: Recommended update of bci/dotnet-sdk Message-ID: <20241013071427.DAF99FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5022-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0-39.4 , bci/dotnet-sdk:8.0.10 , bci/dotnet-sdk:latest Container Release : 39.4 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:14:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:14:39 +0200 (CEST) Subject: SUSE-CU-2024:5023-1: Recommended update of bci/dotnet-runtime Message-ID: <20241013071439.9F1F5FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5023-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-49.4 , bci/dotnet-runtime:6.0.35 Container Release : 49.4 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:14:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:14:49 +0200 (CEST) Subject: SUSE-CU-2024:5024-1: Recommended update of bci/dotnet-runtime Message-ID: <20241013071449.B7ED6FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5024-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0-37.4 , bci/dotnet-runtime:8.0.10 , bci/dotnet-runtime:latest Container Release : 37.4 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Sun Oct 13 07:15:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 13 Oct 2024 09:15:01 +0200 (CEST) Subject: SUSE-CU-2024:5025-1: Recommended update of suse/git Message-ID: <20241013071501.E237DFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5025-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43-28.4 , suse/git:2.43.0 , suse/git:latest Container Release : 28.4 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - bash-sh-4.4-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - libreadline7-7.0-150400.27.3.2 updated - container:bci-bci-micro-15.6-a4d895da61dfc5fc2624f1643d8edcaf1e0e2c0118cceb8c14b7bfa4b148c458-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:05:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 09:05:51 +0200 (CEST) Subject: SUSE-CU-2024:5025-1: Recommended update of suse/git Message-ID: <20241014070551.12B04FCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5025-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43-28.4 , suse/git:2.43.0 , suse/git:latest Container Release : 28.4 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - bash-sh-4.4-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - libreadline7-7.0-150400.27.3.2 updated - container:bci-bci-micro-15.6-a4d895da61dfc5fc2624f1643d8edcaf1e0e2c0118cceb8c14b7bfa4b148c458-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:06:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 09:06:03 +0200 (CEST) Subject: SUSE-CU-2024:5026-1: Recommended update of bci/golang Message-ID: <20241014070603.C4F4AFCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5026-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-2.41.13 , bci/golang:1.22.8 , bci/golang:oldstable , bci/golang:oldstable-2.41.13 Container Release : 41.13 Severity : moderate Type : recommended References : 1218424 1227807 1230111 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3573-1 Released: Wed Oct 9 15:29:23 2024 Summary: Recommended update for go1.22 Type: recommended Severity: moderate References: 1218424 This update for go1.22 fixes the following issues: - Version update 1.22.8 includes fixes to cgo, and the maps and syscall packages (bsc#1229122) * maps: segmentation violation in maps.Clone * cmd/cgo: alignment issue with int128 inside of a struct * syscall: TestAmbientCapsUserns fails on Ubuntu 24.04/Linux 6.8.0 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - go1.22-doc-1.22.8-150000.1.30.1 updated - go1.22-1.22.8-150000.1.30.1 updated - go1.22-race-1.22.8-150000.1.30.1 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:06:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 09:06:20 +0200 (CEST) Subject: SUSE-CU-2024:5027-1: Recommended update of bci/golang Message-ID: <20241014070620.8E281FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5027-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-47.12 , bci/golang:1.20.12.1 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-47.12 Container Release : 47.12 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:06:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 09:06:32 +0200 (CEST) Subject: SUSE-CU-2024:5028-1: Recommended update of bci/golang Message-ID: <20241014070632.CCD14FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5028-1 Container Tags : bci/golang:1.23 , bci/golang:1.23-1.41.13 , bci/golang:1.23.2 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.41.13 Container Release : 41.13 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:06:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 09:06:47 +0200 (CEST) Subject: SUSE-CU-2024:5029-1: Recommended update of bci/golang Message-ID: <20241014070647.D087BFCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5029-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-47.12 , bci/golang:1.21.5.1 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-47.12 Container Release : 47.12 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:06:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 09:06:58 +0200 (CEST) Subject: SUSE-CU-2024:5030-1: Recommended update of suse/helm Message-ID: <20241014070658.376BEFCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5030-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-26.3 , suse/helm:latest Container Release : 26.3 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - bash-sh-4.4-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - libreadline7-7.0-150400.27.3.2 updated - container:bci-bci-micro-15.6-a4d895da61dfc5fc2624f1643d8edcaf1e0e2c0118cceb8c14b7bfa4b148c458-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:07:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 09:07:16 +0200 (CEST) Subject: SUSE-CU-2024:5031-1: Recommended update of bci/bci-init Message-ID: <20241014070716.E2C39FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5031-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.27.11 , bci/bci-init:latest Container Release : 27.11 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:07:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 09:07:42 +0200 (CEST) Subject: SUSE-CU-2024:5033-1: Recommended update of bci/bci-minimal Message-ID: <20241014070742.177AEFCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5033-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.28.5 , bci/bci-minimal:latest Container Release : 28.5 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - bash-sh-4.4-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - libreadline7-7.0-150400.27.3.2 updated - container:bci-bci-micro-15.6-a4d895da61dfc5fc2624f1643d8edcaf1e0e2c0118cceb8c14b7bfa4b148c458-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:07:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 09:07:56 +0200 (CEST) Subject: SUSE-CU-2024:5034-1: Recommended update of suse/nginx Message-ID: <20241014070756.00DCDFCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5034-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-45.11 , suse/nginx:latest Container Release : 45.11 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:08:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 09:08:11 +0200 (CEST) Subject: SUSE-CU-2024:5035-1: Recommended update of bci/nodejs Message-ID: <20241014070811.7260DFCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5035-1 Container Tags : bci/node:20 , bci/node:20-42.13 , bci/node:20.15.1 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-42.13 , bci/nodejs:20.15.1 , bci/nodejs:latest Container Release : 42.13 Severity : moderate Type : recommended References : 1227807 1230111 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:08:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 09:08:34 +0200 (CEST) Subject: SUSE-CU-2024:5037-1: Recommended update of bci/openjdk-devel Message-ID: <20241014070834.A432AFCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5037-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-26.13 , bci/openjdk-devel:latest Container Release : 26.13 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:bci-openjdk-21-23eb634f7b666d71892b436c1fce6848dec92d427a2da400b8a9dfc223b7f84c-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:08:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 09:08:56 +0200 (CEST) Subject: SUSE-CU-2024:5038-1: Recommended update of bci/openjdk Message-ID: <20241014070856.5AFB7FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5038-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-26.13 , bci/openjdk:latest Container Release : 26.13 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:09:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 09:09:12 +0200 (CEST) Subject: SUSE-CU-2024:5039-1: Recommended update of bci/php-apache Message-ID: <20241014070912.B7FFAFCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5039-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-42.13 , bci/php-apache:8.2.20 , bci/php-apache:latest Container Release : 42.13 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:09:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 09:09:27 +0200 (CEST) Subject: SUSE-CU-2024:5040-1: Recommended update of bci/php-fpm Message-ID: <20241014070927.7C4C8FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5040-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-42.13 , bci/php-fpm:8.2.20 , bci/php-fpm:latest Container Release : 42.13 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:09:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 09:09:41 +0200 (CEST) Subject: SUSE-CU-2024:5041-1: Recommended update of bci/php Message-ID: <20241014070941.1132CFCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5041-1 Container Tags : bci/php:8 , bci/php:8-42.12 , bci/php:8.2.20 , bci/php:latest Container Release : 42.12 Severity : moderate Type : recommended References : 1227807 1230111 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:09:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 09:09:58 +0200 (CEST) Subject: SUSE-CU-2024:5042-1: Recommended update of suse/postgres Message-ID: <20241014070958.27DDBFCC1@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5042-1 Container Tags : suse/postgres:16 , suse/postgres:16-48.12 , suse/postgres:16.4 , suse/postgres:16.4 , suse/postgres:latest Container Release : 48.12 Severity : moderate Type : recommended References : 1227807 1230111 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:10:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 09:10:15 +0200 (CEST) Subject: SUSE-CU-2024:5043-1: Recommended update of bci/python Message-ID: <20241014071015.8DAD2FCC1@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5043-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11-54.12 , bci/python:3.11.10 Container Release : 54.12 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:10:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 09:10:42 +0200 (CEST) Subject: SUSE-CU-2024:5044-1: Recommended update of bci/python Message-ID: <20241014071042.7D180FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5044-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12-54.12 , bci/python:3.12.6 , bci/python:latest Container Release : 54.12 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:12:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:12:14 +0200 (CEST) Subject: SUSE-CU-2024:5044-1: Recommended update of bci/python Message-ID: <20241014091214.2C367FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5044-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12-54.12 , bci/python:3.12.6 , bci/python:latest Container Release : 54.12 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:12:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:12:28 +0200 (CEST) Subject: SUSE-CU-2024:5003-1: Recommended update of bci/python Message-ID: <20241014091228.0681AFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5003-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-53.12 , bci/python:3.6.15 Container Release : 53.12 Severity : moderate Type : recommended References : 1230111 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-bcf55c6e4f278a86b7d6958433947223823de81fc4e7f96a50ff0c09ff07c9da-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:12:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:12:28 +0200 (CEST) Subject: SUSE-CU-2024:5045-1: Recommended update of bci/python Message-ID: <20241014091228.C689BFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5045-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-53.13 , bci/python:3.6.15 Container Release : 53.13 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:12:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:12:40 +0200 (CEST) Subject: SUSE-CU-2024:5047-1: Recommended update of suse/rmt-mariadb-client Message-ID: <20241014091240.C4326FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5047-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11-47.11 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11-47.11 , suse/rmt-mariadb-client:latest Container Release : 47.11 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:12:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:12:52 +0200 (CEST) Subject: SUSE-CU-2024:5048-1: Recommended update of suse/rmt-mariadb Message-ID: <20241014091252.C24A2FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5048-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-50.11 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-50.11 , suse/rmt-mariadb:latest Container Release : 50.11 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:13:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:13:06 +0200 (CEST) Subject: SUSE-CU-2024:5049-1: Recommended update of bci/ruby Message-ID: <20241014091306.63BDCFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5049-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-27.11 , bci/ruby:latest Container Release : 27.11 Severity : moderate Type : recommended References : 1230111 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-bcf55c6e4f278a86b7d6958433947223823de81fc4e7f96a50ff0c09ff07c9da-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:13:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:13:07 +0200 (CEST) Subject: SUSE-CU-2024:5050-1: Recommended update of bci/ruby Message-ID: <20241014091307.2A2E8FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5050-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-27.12 , bci/ruby:latest Container Release : 27.12 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:13:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:13:17 +0200 (CEST) Subject: SUSE-CU-2024:5051-1: Recommended update of bci/rust Message-ID: <20241014091317.D55F8FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5051-1 Container Tags : bci/rust:1.80 , bci/rust:1.80-2.5.10 , bci/rust:1.80.1 , bci/rust:oldstable , bci/rust:oldstable-2.5.10 Container Release : 5.10 Severity : moderate Type : recommended References : 1230111 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-bcf55c6e4f278a86b7d6958433947223823de81fc4e7f96a50ff0c09ff07c9da-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:13:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:13:18 +0200 (CEST) Subject: SUSE-CU-2024:5052-1: Recommended update of bci/rust Message-ID: <20241014091318.97344FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5052-1 Container Tags : bci/rust:1.80 , bci/rust:1.80-2.5.11 , bci/rust:1.80.1 , bci/rust:oldstable , bci/rust:oldstable-2.5.11 Container Release : 5.11 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:13:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:13:30 +0200 (CEST) Subject: SUSE-CU-2024:5053-1: Recommended update of bci/rust Message-ID: <20241014091330.58CC7FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5053-1 Container Tags : bci/rust:1.81 , bci/rust:1.81-1.5.10 , bci/rust:1.81.0 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.5.10 Container Release : 5.10 Severity : moderate Type : recommended References : 1230111 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-bcf55c6e4f278a86b7d6958433947223823de81fc4e7f96a50ff0c09ff07c9da-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:13:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:13:31 +0200 (CEST) Subject: SUSE-CU-2024:5054-1: Recommended update of bci/rust Message-ID: <20241014091331.1F58DFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5054-1 Container Tags : bci/rust:1.81 , bci/rust:1.81-1.5.11 , bci/rust:1.81.0 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.5.11 Container Release : 5.11 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:13:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:13:33 +0200 (CEST) Subject: SUSE-IU-2024:1501-1: Recommended update of containers/apache-tomcat Message-ID: <20241014091333.264E9FCBE@maintenance.suse.de> SUSE Image Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1501-1 Image Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1-openjdk17-5.1 , containers/apache-tomcat:10.1.25-openjdk17 Image Release : 5.1 Severity : moderate Type : recommended References : 1230111 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:13:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:13:39 +0200 (CEST) Subject: SUSE-IU-2024:1505-1: Recommended update of containers/apache-tomcat Message-ID: <20241014091339.934ABFCBE@maintenance.suse.de> SUSE Image Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1505-1 Image Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1-openjdk17-5.2 , containers/apache-tomcat:10.1.25-openjdk17 Image Release : 5.2 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:bci-bci-base-15.6-a4d895da61dfc5fc2624f1643d8edcaf1e0e2c0118cceb8c14b7bfa4b148c458-0 updated - container:registry.suse.com-bci-bci-micro-15.6-a4d895da61dfc5fc2624f1643d8edcaf1e0e2c0118cceb8c14b7bfa4b148c458-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:14:45 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:14:45 +0200 (CEST) Subject: SUSE-CU-2024:5056-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20241014091445.56751FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5056-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.27.11 , bci/bci-sle15-kernel-module-devel:latest Container Release : 27.11 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:15:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:15:00 +0200 (CEST) Subject: SUSE-CU-2024:5057-1: Recommended update of suse/sle15 Message-ID: <20241014091500.D1FB6FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5057-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.24 , suse/sle15:15.6 , suse/sle15:15.6.47.11.24 Container Release : 47.11.24 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - bash-sh-4.4-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - libreadline7-7.0-150400.27.3.2 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:15:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:15:14 +0200 (CEST) Subject: SUSE-CU-2024:5058-1: Recommended update of bci/spack Message-ID: <20241014091514.0D399FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5058-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-12.11 , bci/spack:0.21.2 , bci/spack:latest Container Release : 12.11 Severity : moderate Type : recommended References : 1230111 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. The following package changes have been done: - libsasl2-3-2.1.28-150600.7.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-bcf55c6e4f278a86b7d6958433947223823de81fc4e7f96a50ff0c09ff07c9da-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:15:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:15:14 +0200 (CEST) Subject: SUSE-CU-2024:5059-1: Recommended update of bci/spack Message-ID: <20241014091514.C8324FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5059-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-12.12 , bci/spack:0.21.2 , bci/spack:latest Container Release : 12.12 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:registry.suse.com-bci-bci-base-15.6-aaf16d71b2b4a104d2116edd628c2bbd655f74de543f35fb2625593777fbf718-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:16:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:16:09 +0200 (CEST) Subject: SUSE-CU-2024:5061-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20241014091609.8C3B0FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5061-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.48 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.48 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:sles15-ltss-image-15.0.0-6.2 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:16:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:16:42 +0200 (CEST) Subject: SUSE-CU-2024:5063-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20241014091642.C9E0BFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5063-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.50 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.50 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:sles15-ltss-image-15.0.0-6.2 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:17:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:17:10 +0200 (CEST) Subject: SUSE-CU-2024:5065-1: Recommended update of suse/manager/4.3/proxy-squid Message-ID: <20241014091710.CFCCCFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5065-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.13 , suse/manager/4.3/proxy-squid:4.3.13.9.56.34 , suse/manager/4.3/proxy-squid:latest Container Release : 9.56.34 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:sles15-ltss-image-15.0.0-6.2 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:17:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:17:43 +0200 (CEST) Subject: SUSE-CU-2024:5067-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20241014091743.514CDFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5067-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.13 , suse/manager/4.3/proxy-ssh:4.3.13.9.47.35 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.47.35 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:sles15-ltss-image-15.0.0-6.2 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:25:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:25:47 +0200 (CEST) Subject: SUSE-CU-2024:5067-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20241014092547.3CD8AFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5067-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.13 , suse/manager/4.3/proxy-ssh:4.3.13.9.47.35 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.47.35 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:sles15-ltss-image-15.0.0-6.2 updated From sle-container-updates at lists.suse.com Mon Oct 14 09:26:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 11:26:21 +0200 (CEST) Subject: SUSE-CU-2024:5069-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20241014092621.56894FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5069-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.13 , suse/manager/4.3/proxy-tftpd:4.3.13.9.47.35 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.47.35 Severity : moderate Type : recommended References : 1227807 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). The following package changes have been done: - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - container:sles15-ltss-image-15.0.0-6.2 updated From sle-container-updates at lists.suse.com Tue Oct 15 07:12:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Oct 2024 09:12:08 +0200 (CEST) Subject: SUSE-CU-2024:5087-1: Recommended update of bci/dotnet-aspnet Message-ID: <20241015071208.8043CFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5087-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-50.2 , bci/dotnet-aspnet:6.0.35 Container Release : 50.2 Severity : moderate Type : recommended References : 1227100 1230135 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) The following package changes have been done: - sles-release-15.6-150600.64.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-ce5556b747c37e089b68131ae74c8a93f28052989671dafda9d8f5d7e77c2f90-0 updated From sle-container-updates at lists.suse.com Tue Oct 15 07:12:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Oct 2024 09:12:21 +0200 (CEST) Subject: SUSE-CU-2024:5088-1: Recommended update of bci/dotnet-aspnet Message-ID: <20241015071221.16F52FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5088-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0-38.2 , bci/dotnet-aspnet:8.0.10 , bci/dotnet-aspnet:latest Container Release : 38.2 Severity : moderate Type : recommended References : 1227100 1230135 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) The following package changes have been done: - sles-release-15.6-150600.64.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-ce5556b747c37e089b68131ae74c8a93f28052989671dafda9d8f5d7e77c2f90-0 updated From sle-container-updates at lists.suse.com Tue Oct 15 07:12:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Oct 2024 09:12:27 +0200 (CEST) Subject: SUSE-CU-2024:5089-1: Recommended update of bci/bci-busybox Message-ID: <20241015071227.533CAFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5089-1 Container Tags : bci/bci-busybox:15.6 , bci/bci-busybox:15.6.27.1 , bci/bci-busybox:latest Container Release : 27.1 Severity : moderate Type : recommended References : 1227100 1230135 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) The following package changes have been done: - sles-release-15.6-150600.64.3.1 updated From sle-container-updates at lists.suse.com Tue Oct 15 07:12:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Oct 2024 09:12:50 +0200 (CEST) Subject: SUSE-CU-2024:5091-1: Recommended update of bci/dotnet-sdk Message-ID: <20241015071250.39ABCFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5091-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-50.2 , bci/dotnet-sdk:6.0.35 Container Release : 50.2 Severity : moderate Type : recommended References : 1227100 1230135 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) The following package changes have been done: - sles-release-15.6-150600.64.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-ce5556b747c37e089b68131ae74c8a93f28052989671dafda9d8f5d7e77c2f90-0 updated From sle-container-updates at lists.suse.com Tue Oct 15 07:13:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Oct 2024 09:13:01 +0200 (CEST) Subject: SUSE-CU-2024:5092-1: Recommended update of bci/dotnet-sdk Message-ID: <20241015071301.A15E0FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5092-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0-40.2 , bci/dotnet-sdk:8.0.10 , bci/dotnet-sdk:latest Container Release : 40.2 Severity : moderate Type : recommended References : 1227100 1230135 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) The following package changes have been done: - sles-release-15.6-150600.64.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-ce5556b747c37e089b68131ae74c8a93f28052989671dafda9d8f5d7e77c2f90-0 updated From sle-container-updates at lists.suse.com Tue Oct 15 07:13:14 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Oct 2024 09:13:14 +0200 (CEST) Subject: SUSE-CU-2024:5093-1: Recommended update of bci/dotnet-runtime Message-ID: <20241015071314.72594FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5093-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-50.2 , bci/dotnet-runtime:6.0.35 Container Release : 50.2 Severity : moderate Type : recommended References : 1227100 1230135 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) The following package changes have been done: - sles-release-15.6-150600.64.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-ce5556b747c37e089b68131ae74c8a93f28052989671dafda9d8f5d7e77c2f90-0 updated From sle-container-updates at lists.suse.com Tue Oct 15 07:13:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Oct 2024 09:13:26 +0200 (CEST) Subject: SUSE-CU-2024:5094-1: Recommended update of bci/dotnet-runtime Message-ID: <20241015071326.03837FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5094-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0-38.2 , bci/dotnet-runtime:8.0.10 , bci/dotnet-runtime:latest Container Release : 38.2 Severity : moderate Type : recommended References : 1227100 1230135 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) The following package changes have been done: - sles-release-15.6-150600.64.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-ce5556b747c37e089b68131ae74c8a93f28052989671dafda9d8f5d7e77c2f90-0 updated From sle-container-updates at lists.suse.com Tue Oct 15 07:14:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Oct 2024 09:14:03 +0200 (CEST) Subject: SUSE-CU-2024:5098-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20241015071403.326DEFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5098-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.52 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.52 Severity : moderate Type : recommended References : 1227100 1230135 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) The following package changes have been done: - sles-release-15.6-150600.64.3.1 updated From sle-container-updates at lists.suse.com Tue Oct 15 07:14:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Oct 2024 09:14:16 +0200 (CEST) Subject: SUSE-CU-2024:5099-1: Recommended update of bci/bci-init Message-ID: <20241015071416.4AB98FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5099-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.28.2 , bci/bci-init:latest Container Release : 28.2 Severity : moderate Type : recommended References : 1227100 1230135 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) The following package changes have been done: - sles-release-15.6-150600.64.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-ce5556b747c37e089b68131ae74c8a93f28052989671dafda9d8f5d7e77c2f90-0 updated From sle-container-updates at lists.suse.com Tue Oct 15 07:14:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Oct 2024 09:14:25 +0200 (CEST) Subject: SUSE-CU-2024:5100-1: Recommended update of bci/kiwi Message-ID: <20241015071425.AF8E2FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5100-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-17.2 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:latest Container Release : 17.2 Severity : moderate Type : recommended References : 1221714 1226724 1227100 1230135 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3616-1 Released: Mon Oct 14 13:03:56 2024 Summary: Recommended update for libnettle Type: recommended Severity: moderate References: 1221714,1226724 This update for libnettle fixes the following issue: - FIPS integrity checksums were not correct on s390x (bsc#1221714) The following package changes have been done: - sles-release-15.6-150600.64.3.1 updated - libnettle8-3.9.1-150600.3.2.1 updated - libhogweed6-3.9.1-150600.3.2.1 updated - container:registry.suse.com-bci-bci-base-15.6-ce5556b747c37e089b68131ae74c8a93f28052989671dafda9d8f5d7e77c2f90-0 updated From sle-container-updates at lists.suse.com Tue Oct 15 07:14:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Oct 2024 09:14:33 +0200 (CEST) Subject: SUSE-CU-2024:5101-1: Recommended update of bci/bci-micro Message-ID: <20241015071433.77925FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5101-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.27.1 , bci/bci-micro:latest Container Release : 27.1 Severity : moderate Type : recommended References : 1227100 1230135 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) The following package changes have been done: - sles-release-15.6-150600.64.3.1 updated From sle-container-updates at lists.suse.com Tue Oct 15 07:14:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Oct 2024 09:14:42 +0200 (CEST) Subject: SUSE-CU-2024:5102-1: Recommended update of bci/bci-minimal Message-ID: <20241015071442.981ECFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5102-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.29.1 , bci/bci-minimal:latest Container Release : 29.1 Severity : moderate Type : recommended References : 1227100 1230135 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) The following package changes have been done: - sles-release-15.6-150600.64.3.1 updated From sle-container-updates at lists.suse.com Tue Oct 15 07:15:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Oct 2024 09:15:34 +0200 (CEST) Subject: SUSE-CU-2024:5106-1: Recommended update of bci/php-apache Message-ID: <20241015071534.0AA91FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5106-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-43.2 , bci/php-apache:8.2.20 , bci/php-apache:latest Container Release : 43.2 Severity : moderate Type : recommended References : 1221714 1226724 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3616-1 Released: Mon Oct 14 13:03:56 2024 Summary: Recommended update for libnettle Type: recommended Severity: moderate References: 1221714,1226724 This update for libnettle fixes the following issue: - FIPS integrity checksums were not correct on s390x (bsc#1221714) The following package changes have been done: - libnettle8-3.9.1-150600.3.2.1 updated - libhogweed6-3.9.1-150600.3.2.1 updated - container:registry.suse.com-bci-bci-base-15.6-ce5556b747c37e089b68131ae74c8a93f28052989671dafda9d8f5d7e77c2f90-0 updated From sle-container-updates at lists.suse.com Tue Oct 15 07:15:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Oct 2024 09:15:43 +0200 (CEST) Subject: SUSE-CU-2024:5107-1: Recommended update of bci/php-fpm Message-ID: <20241015071543.75BE0FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5107-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-43.2 , bci/php-fpm:8.2.20 , bci/php-fpm:latest Container Release : 43.2 Severity : moderate Type : recommended References : 1221714 1226724 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3616-1 Released: Mon Oct 14 13:03:56 2024 Summary: Recommended update for libnettle Type: recommended Severity: moderate References: 1221714,1226724 This update for libnettle fixes the following issue: - FIPS integrity checksums were not correct on s390x (bsc#1221714) The following package changes have been done: - libnettle8-3.9.1-150600.3.2.1 updated - libhogweed6-3.9.1-150600.3.2.1 updated - container:registry.suse.com-bci-bci-base-15.6-ce5556b747c37e089b68131ae74c8a93f28052989671dafda9d8f5d7e77c2f90-0 updated From sle-container-updates at lists.suse.com Tue Oct 15 07:15:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Oct 2024 09:15:53 +0200 (CEST) Subject: SUSE-CU-2024:5108-1: Recommended update of bci/php Message-ID: <20241015071553.85651FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5108-1 Container Tags : bci/php:8 , bci/php:8-43.2 , bci/php:8.2.20 , bci/php:latest Container Release : 43.2 Severity : moderate Type : recommended References : 1221714 1226724 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3616-1 Released: Mon Oct 14 13:03:56 2024 Summary: Recommended update for libnettle Type: recommended Severity: moderate References: 1221714,1226724 This update for libnettle fixes the following issue: - FIPS integrity checksums were not correct on s390x (bsc#1221714) The following package changes have been done: - libnettle8-3.9.1-150600.3.2.1 updated - libhogweed6-3.9.1-150600.3.2.1 updated - container:registry.suse.com-bci-bci-base-15.6-ce5556b747c37e089b68131ae74c8a93f28052989671dafda9d8f5d7e77c2f90-0 updated From sle-container-updates at lists.suse.com Tue Oct 15 07:17:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Oct 2024 09:17:26 +0200 (CEST) Subject: SUSE-CU-2024:5115-1: Recommended update of suse/sle15 Message-ID: <20241015071726.122C4FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5115-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.25 , suse/sle15:15.6 , suse/sle15:15.6.47.11.25 Container Release : 47.11.25 Severity : moderate Type : recommended References : 1227100 1230135 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) The following package changes have been done: - sles-release-15.6-150600.64.3.1 updated From sle-container-updates at lists.suse.com Tue Oct 15 07:17:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 15 Oct 2024 09:17:38 +0200 (CEST) Subject: SUSE-CU-2024:5116-1: Recommended update of bci/spack Message-ID: <20241015071738.1207DFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5116-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-13.2 , bci/spack:0.21.2 , bci/spack:latest Container Release : 13.2 Severity : moderate Type : recommended References : 1221714 1226724 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3616-1 Released: Mon Oct 14 13:03:56 2024 Summary: Recommended update for libnettle Type: recommended Severity: moderate References: 1221714,1226724 This update for libnettle fixes the following issue: - FIPS integrity checksums were not correct on s390x (bsc#1221714) The following package changes have been done: - libnettle8-3.9.1-150600.3.2.1 updated - libhogweed6-3.9.1-150600.3.2.1 updated - container:registry.suse.com-bci-bci-base-15.6-ce5556b747c37e089b68131ae74c8a93f28052989671dafda9d8f5d7e77c2f90-0 updated From sle-container-updates at lists.suse.com Wed Oct 16 07:08:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Oct 2024 09:08:30 +0200 (CEST) Subject: SUSE-CU-2024:5134-1: Recommended update of bci/bci-base-fips Message-ID: <20241016070830.9F6DAFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5134-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.16.2 , bci/bci-base-fips:latest Container Release : 16.2 Severity : moderate Type : recommended References : 1227100 1230135 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) The following package changes have been done: - sles-release-15.6-150600.64.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-ce5556b747c37e089b68131ae74c8a93f28052989671dafda9d8f5d7e77c2f90-0 updated From sle-container-updates at lists.suse.com Wed Oct 16 07:09:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Oct 2024 09:09:23 +0200 (CEST) Subject: SUSE-CU-2024:5139-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20241016070923.3D926FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5139-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.53 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.53 Severity : moderate Type : recommended References : 1228084 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3621-1 Released: Mon Oct 14 19:00:38 2024 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1228084 This update for open-iscsi fixes the following issues: - Update to version 2.1.10.suse, code bugfixing and behavior : * Turn off iSCSI NOP-Outs, by default. * Change a discovery function to (void) return type. * grammar nitpicks and improving comments. * Make it visible when memory allocation failure. * Better handle multiple iscsiadm commands and allow hostnames in node-mode commands. * Modify workqueue priority set. * iscsid: Rescan devices on relogin. * Add missing characters in README. * Fix: add missing underline in usr/iscsid_req.h * Fix firmware targets startup to always be 'onboot' (bsc#1228084). * Fix gcc issues. * Fix read specific sysfs value 'off' of session attribute. * Fix bug where abort_tmo read failures were ignored. * Fix memory leak in iscsi_check_session_use_count. * Fix authmethod check by printing a warning message when CHAP used and authmethod=None. - Updated to latest upstream: two small changes, with no known functional changes: * Incorrect documentation for `iscsiadm -m session` print level * Stop using deprecated functions: inet_aton(), inet_ntoa() - Stopped using pre-prepared tarballs for the build, instead now using a service file to get latest SUSE sources directly. which were created by a shell script, and added a service generated file with the form: * open-iscsi-2.1.9.suse+TAG_OFFSET.tar.xz where: * TAG_OFFSET is of the form 'COMMIT_COUNT.HASH' * COMMIT_COUNT is the count of commits since 2.1.9-suse (in this case), and HASH is the git commit hash being used. The following package changes have been done: - libopeniscsiusr0-0.2.0-150600.51.3.2 updated - open-iscsi-2.1.10-150600.51.3.2 updated From sle-container-updates at lists.suse.com Wed Oct 16 07:09:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Oct 2024 09:09:58 +0200 (CEST) Subject: SUSE-CU-2024:5142-1: Recommended update of bci/openjdk-devel Message-ID: <20241016070958.CF181FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5142-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-27.4 , bci/openjdk-devel:latest Container Release : 27.4 Severity : moderate Type : recommended References : 1227100 1230135 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) The following package changes have been done: - sles-release-15.6-150600.64.3.1 updated - container:bci-openjdk-21-4f0ee52f1699db5f28e39a2ef47a69e300d34fe51898f0f2fd6631e07bfb1fc9-0 updated From sle-container-updates at lists.suse.com Wed Oct 16 07:11:08 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 16 Oct 2024 09:11:08 +0200 (CEST) Subject: SUSE-CU-2024:5146-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20241016071108.C6FC6FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5146-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.28.2 , bci/bci-sle15-kernel-module-devel:latest Container Release : 28.2 Severity : moderate Type : recommended References : 1227100 1230135 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) The following package changes have been done: - sles-release-15.6-150600.64.3.1 updated - container:registry.suse.com-bci-bci-base-15.6-ce5556b747c37e089b68131ae74c8a93f28052989671dafda9d8f5d7e77c2f90-0 updated From sle-container-updates at lists.suse.com Thu Oct 17 07:02:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Oct 2024 09:02:10 +0200 (CEST) Subject: SUSE-IU-2024:1561-1: Recommended update of suse/sle-micro/kvm-5.5 Message-ID: <20241017070210.B075FFCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1561-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.203 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.203 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.103 updated From sle-container-updates at lists.suse.com Thu Oct 17 07:02:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Oct 2024 09:02:24 +0200 (CEST) Subject: SUSE-IU-2024:1562-1: Recommended update of suse/sle-micro/rt-5.5 Message-ID: <20241017070224.3B3ECFCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1562-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.219 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.219 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.166 updated From sle-container-updates at lists.suse.com Thu Oct 17 07:02:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Oct 2024 09:02:42 +0200 (CEST) Subject: SUSE-IU-2024:1563-1: Recommended update of suse/sle-micro/5.5 Message-ID: <20241017070242.F3740FCA2@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1563-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.166 , suse/sle-micro/5.5:latest Image Release : 5.5.166 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.103 updated From sle-container-updates at lists.suse.com Thu Oct 17 07:07:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Oct 2024 09:07:28 +0200 (CEST) Subject: SUSE-CU-2024:5162-1: Recommended update of suse/ltss/sle15.4/bci-base-fips Message-ID: <20241017070728.237AFFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5162-1 Container Tags : suse/ltss/sle15.4/bci-base-fips:15.4 , suse/ltss/sle15.4/bci-base-fips:15.4.4.17 Container Release : 4.17 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container suse/ltss/sle15.4/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:sles15-ltss-image-15.4.0-2.2 updated From sle-container-updates at lists.suse.com Thu Oct 17 07:09:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Oct 2024 09:09:26 +0200 (CEST) Subject: SUSE-CU-2024:5163-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20241017070926.C12BCFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5163-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.55 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.55 Severity : important Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1230912 1231043 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3681-1 Released: Wed Oct 16 19:34:35 2024 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1230912,1231043 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libzypp-17.35.12-150600.3.27.1 updated From sle-container-updates at lists.suse.com Thu Oct 17 07:09:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Oct 2024 09:09:36 +0200 (CEST) Subject: SUSE-CU-2024:5164-1: Recommended update of bci/rust Message-ID: <20241017070936.405AFFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5164-1 Container Tags : bci/rust:1.80 , bci/rust:1.80-2.6.3 , bci/rust:1.80.1 , bci/rust:oldstable , bci/rust:oldstable-2.6.3 Container Release : 6.3 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libasan8-14.2.0+git10526-150000.1.3.3 updated - libatomic1-14.2.0+git10526-150000.1.3.3 updated - libgomp1-14.2.0+git10526-150000.1.3.3 updated - libhwasan0-14.2.0+git10526-150000.1.3.3 updated - libitm1-14.2.0+git10526-150000.1.3.3 updated - liblsan0-14.2.0+git10526-150000.1.3.3 updated - libtsan2-14.2.0+git10526-150000.1.3.3 updated - libubsan1-14.2.0+git10526-150000.1.3.3 updated From sle-container-updates at lists.suse.com Thu Oct 17 07:09:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Oct 2024 09:09:46 +0200 (CEST) Subject: SUSE-CU-2024:5165-1: Recommended update of bci/rust Message-ID: <20241017070946.373E5FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5165-1 Container Tags : bci/rust:1.81 , bci/rust:1.81-1.6.3 , bci/rust:1.81.0 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.6.3 Container Release : 6.3 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libasan8-14.2.0+git10526-150000.1.3.3 updated - libatomic1-14.2.0+git10526-150000.1.3.3 updated - libgomp1-14.2.0+git10526-150000.1.3.3 updated - libhwasan0-14.2.0+git10526-150000.1.3.3 updated - libitm1-14.2.0+git10526-150000.1.3.3 updated - liblsan0-14.2.0+git10526-150000.1.3.3 updated - libtsan2-14.2.0+git10526-150000.1.3.3 updated - libubsan1-14.2.0+git10526-150000.1.3.3 updated From sle-container-updates at lists.suse.com Thu Oct 17 07:09:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Thu, 17 Oct 2024 09:09:57 +0200 (CEST) Subject: SUSE-CU-2024:5166-1: Security update of bci/spack Message-ID: <20241017070957.98A50FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5166-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-13.4 , bci/spack:0.21.2 , bci/spack:latest Container Release : 13.4 Severity : important Type : security References : 1188441 1210959 1214915 1219031 1220724 1221601 1231544 CVE-2024-48957 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3675-1 Released: Wed Oct 16 19:33:31 2024 Summary: Security update for libarchive Type: security Severity: important References: 1231544,CVE-2024-48957 This update for libarchive fixes the following issues: - CVE-2024-48957: Fixed out-of-bounds access in execute_filter_audio in archive_read_support_format_rar.c (bsc#1231544). The following package changes have been done: - libatomic1-14.2.0+git10526-150000.1.3.3 updated - libgomp1-14.2.0+git10526-150000.1.3.3 updated - libitm1-14.2.0+git10526-150000.1.3.3 updated - liblsan0-14.2.0+git10526-150000.1.3.3 updated - libquadmath0-14.2.0+git10526-150000.1.3.3 updated - libarchive13-3.7.2-150600.3.6.1 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:04:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:04:40 +0200 (CEST) Subject: SUSE-CU-2024:5168-1: Recommended update of bci/dotnet-aspnet Message-ID: <20241018070440.9DF8FFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5168-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-51.2 , bci/dotnet-aspnet:6.0.35 , bci/dotnet-aspnet:6.0.35-51.2 Container Release : 51.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:04:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:04:56 +0200 (CEST) Subject: SUSE-CU-2024:5169-1: Recommended update of bci/dotnet-aspnet Message-ID: <20241018070456.DFD89FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5169-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0-39.2 , bci/dotnet-aspnet:8.0.10 , bci/dotnet-aspnet:8.0.10-39.2 , bci/dotnet-aspnet:latest Container Release : 39.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:05:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:05:06 +0200 (CEST) Subject: SUSE-CU-2024:5170-1: Recommended update of bci/bci-base-fips Message-ID: <20241018070506.28877FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5170-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.16.4 , bci/bci-base-fips:latest Container Release : 16.4 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:05:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:05:23 +0200 (CEST) Subject: SUSE-CU-2024:5171-1: Recommended update of bci/dotnet-sdk Message-ID: <20241018070523.E9A62FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5171-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-51.2 , bci/dotnet-sdk:6.0.35 , bci/dotnet-sdk:6.0.35-51.2 Container Release : 51.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:05:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:05:36 +0200 (CEST) Subject: SUSE-CU-2024:5172-1: Recommended update of bci/dotnet-sdk Message-ID: <20241018070536.40E7DFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5172-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0-41.2 , bci/dotnet-sdk:8.0.10 , bci/dotnet-sdk:8.0.10-41.2 , bci/dotnet-sdk:latest Container Release : 41.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:05:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:05:48 +0200 (CEST) Subject: SUSE-CU-2024:5173-1: Recommended update of bci/dotnet-runtime Message-ID: <20241018070548.9D6D1FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5173-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-51.2 , bci/dotnet-runtime:6.0.35 , bci/dotnet-runtime:6.0.35-51.2 Container Release : 51.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:06:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:06:02 +0200 (CEST) Subject: SUSE-CU-2024:5174-1: Recommended update of bci/dotnet-runtime Message-ID: <20241018070602.15859FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5174-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0-39.2 , bci/dotnet-runtime:8.0.10 , bci/dotnet-runtime:8.0.10-39.2 , bci/dotnet-runtime:latest Container Release : 39.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:06:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:06:10 +0200 (CEST) Subject: SUSE-CU-2024:5175-1: Recommended update of bci/golang Message-ID: <20241018070610.A2ED3FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5175-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-2.43.2 , bci/golang:1.22.8 , bci/golang:1.22.8-2.43.2 , bci/golang:oldstable , bci/golang:oldstable-2.43.2 Container Release : 43.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libatomic1-14.2.0+git10526-150000.1.3.3 updated - libgomp1-14.2.0+git10526-150000.1.3.3 updated - libitm1-14.2.0+git10526-150000.1.3.3 updated - liblsan0-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:06:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:06:23 +0200 (CEST) Subject: SUSE-CU-2024:5176-1: Recommended update of bci/golang Message-ID: <20241018070623.7A4D5FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5176-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-49.2 , bci/golang:1.20.12.1-openssl , bci/golang:1.20.12.1-openssl-49.2 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-49.2 Container Release : 49.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libatomic1-14.2.0+git10526-150000.1.3.3 updated - libgomp1-14.2.0+git10526-150000.1.3.3 updated - libitm1-14.2.0+git10526-150000.1.3.3 updated - liblsan0-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:06:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:06:31 +0200 (CEST) Subject: SUSE-CU-2024:5177-1: Recommended update of suse/helm Message-ID: <20241018070631.1CF9DFCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5177-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-27.5 , suse/helm:latest Container Release : 27.5 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:bci-bci-micro-15.6-4a7d8715a34c5965bc39e820f4f1e6d90f335b4c102888166d53cde3b99cf033-0 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:06:44 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:06:44 +0200 (CEST) Subject: SUSE-CU-2024:5178-1: Recommended update of bci/bci-init Message-ID: <20241018070644.25CFBFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5178-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.28.4 , bci/bci-init:latest Container Release : 28.4 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:06:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:06:55 +0200 (CEST) Subject: SUSE-CU-2024:5179-1: Recommended update of bci/kiwi Message-ID: <20241018070655.034FBFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5179-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-18.2 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-18.2 , bci/kiwi:latest Container Release : 18.2 Severity : important Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1230912 1231043 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3681-1 Released: Wed Oct 16 19:34:35 2024 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1230912,1231043 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libzypp-17.35.12-150600.3.27.1 updated - libatomic1-14.2.0+git10526-150000.1.3.3 updated - libgomp1-14.2.0+git10526-150000.1.3.3 updated - libitm1-14.2.0+git10526-150000.1.3.3 updated - liblsan0-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:07:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:07:02 +0200 (CEST) Subject: SUSE-CU-2024:5180-1: Recommended update of bci/bci-micro Message-ID: <20241018070702.6C319FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5180-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.27.2 , bci/bci-micro:latest Container Release : 27.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:07:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:07:11 +0200 (CEST) Subject: SUSE-CU-2024:5181-1: Recommended update of suse/nginx Message-ID: <20241018070711.B9337FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5181-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-46.4 , suse/nginx:latest Container Release : 46.4 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:07:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:07:22 +0200 (CEST) Subject: SUSE-CU-2024:5182-1: Recommended update of bci/nodejs Message-ID: <20241018070722.53390FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5182-1 Container Tags : bci/node:20 , bci/node:20-44.2 , bci/node:20.15.1 , bci/node:20.15.1-44.2 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-44.2 , bci/nodejs:20.15.1 , bci/nodejs:20.15.1-44.2 , bci/nodejs:latest Container Release : 44.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:07:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:07:35 +0200 (CEST) Subject: SUSE-CU-2024:5183-1: Recommended update of bci/openjdk Message-ID: <20241018070735.9E01CFCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5183-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-28.2 , bci/openjdk:21.0.4.0 , bci/openjdk:21.0.4.0-28.2 , bci/openjdk:latest Container Release : 28.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:07:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:07:46 +0200 (CEST) Subject: SUSE-CU-2024:5184-1: Recommended update of bci/php-apache Message-ID: <20241018070746.82091FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5184-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-44.2 , bci/php-apache:8.2.20 , bci/php-apache:8.2.20-44.2 , bci/php-apache:latest Container Release : 44.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:07:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:07:56 +0200 (CEST) Subject: SUSE-CU-2024:5185-1: Recommended update of bci/php-fpm Message-ID: <20241018070756.BC887FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5185-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-44.2 , bci/php-fpm:8.2.20 , bci/php-fpm:8.2.20-44.2 , bci/php-fpm:latest Container Release : 44.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:08:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:08:09 +0200 (CEST) Subject: SUSE-CU-2024:5186-1: Recommended update of bci/php Message-ID: <20241018070809.B18D7FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5186-1 Container Tags : bci/php:8 , bci/php:8-44.2 , bci/php:8.2.20 , bci/php:8.2.20-44.2 , bci/php:latest Container Release : 44.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:08:24 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:08:24 +0200 (CEST) Subject: SUSE-CU-2024:5187-1: Recommended update of suse/postgres Message-ID: <20241018070824.50A60FCA2@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5187-1 Container Tags : suse/postgres:16 , suse/postgres:16-50.2 , suse/postgres:16.4 , suse/postgres:16.4 , suse/postgres:16.4-50.2 , suse/postgres:latest Container Release : 50.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Fri Oct 18 07:08:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 18 Oct 2024 09:08:42 +0200 (CEST) Subject: SUSE-CU-2024:5188-1: Recommended update of bci/python Message-ID: <20241018070842.44C05FCA2@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5188-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11-56.2 , bci/python:3.11.10 , bci/python:3.11.10-56.2 Container Release : 56.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:02:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:02:22 +0200 (CEST) Subject: SUSE-IU-2024:1572-1: Recommended update of suse/sle-micro/base-5.5 Message-ID: <20241019070222.3BD29FCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1572-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.105 , suse/sle-micro/base-5.5:latest Image Release : 5.8.105 Severity : important Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1230912 1231043 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3718-1 Released: Fri Oct 18 04:04:26 2024 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1230912,1231043 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libzypp-17.35.12-150500.6.21.1 updated - container:suse-sle15-15.5-8e5799e5b06a60a913097374b7bf213b1099de5fbb99561ca7d905779b5d2295-0 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:07:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:07:17 +0200 (CEST) Subject: SUSE-CU-2024:5192-1: Recommended update of suse/sle-micro/5.3/toolbox Message-ID: <20241019070717.10BECF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5192-1 Container Tags : suse/sle-micro/5.3/toolbox:13.2 , suse/sle-micro/5.3/toolbox:13.2-6.11.41 , suse/sle-micro/5.3/toolbox:latest Container Release : 6.11.41 Severity : important Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1230912 1231043 ----------------------------------------------------------------- The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3727-1 Released: Fri Oct 18 15:04:09 2024 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1230912,1231043 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libzypp-17.35.12-150400.3.93.1 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:10:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:10:27 +0200 (CEST) Subject: SUSE-CU-2024:5194-1: Recommended update of suse/sle-micro/5.4/toolbox Message-ID: <20241019071027.63306F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5194-1 Container Tags : suse/sle-micro/5.4/toolbox:13.2 , suse/sle-micro/5.4/toolbox:13.2-5.19.42 , suse/sle-micro/5.4/toolbox:latest Container Release : 5.19.42 Severity : important Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1230912 1231043 ----------------------------------------------------------------- The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3727-1 Released: Fri Oct 18 15:04:09 2024 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1230912,1231043 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libzypp-17.35.12-150400.3.93.1 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:11:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:11:27 +0200 (CEST) Subject: SUSE-CU-2024:5195-1: Recommended update of suse/sle-micro/5.5/toolbox Message-ID: <20241019071127.8C20FF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5195-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.73 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.73 Severity : important Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1230912 1231043 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3718-1 Released: Fri Oct 18 04:04:26 2024 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1230912,1231043 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libzypp-17.35.12-150500.6.21.1 updated - container:suse-sle15-15.5-8e5799e5b06a60a913097374b7bf213b1099de5fbb99561ca7d905779b5d2295-0 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:14:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:14:02 +0200 (CEST) Subject: SUSE-CU-2024:5200-1: Recommended update of suse/sle15 Message-ID: <20241019071402.32172F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5200-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.8.53 Container Release : 9.8.53 Severity : important Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1230912 1231043 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3730-1 Released: Fri Oct 18 15:34:25 2024 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1230912,1231043 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libzypp-17.35.12-150200.129.1 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:14:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:14:32 +0200 (CEST) Subject: SUSE-CU-2024:5201-1: Recommended update of suse/ltss/sle15.3/sle15 Message-ID: <20241019071432.7E0ABF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.3/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5201-1 Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.4 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.4 , suse/ltss/sle15.3/sle15:latest Container Release : 2.4 Severity : important Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1230912 1231043 ----------------------------------------------------------------- The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3730-1 Released: Fri Oct 18 15:34:25 2024 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1230912,1231043 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libzypp-17.35.12-150200.129.1 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:18:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:18:15 +0200 (CEST) Subject: SUSE-CU-2024:5203-1: Recommended update of bci/bci-init Message-ID: <20241019071815.060BDF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5203-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.32.3 Container Release : 32.3 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.5-8e5799e5b06a60a913097374b7bf213b1099de5fbb99561ca7d905779b5d2295-0 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:19:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:19:26 +0200 (CEST) Subject: SUSE-CU-2024:5204-1: Recommended update of bci/nodejs Message-ID: <20241019071926.253A6F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5204-1 Container Tags : bci/node:18 , bci/node:18-36.3 , bci/node:18.20.4 , bci/nodejs:18 , bci/nodejs:18-36.3 , bci/nodejs:18.20.4 Container Release : 36.3 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.5-8e5799e5b06a60a913097374b7bf213b1099de5fbb99561ca7d905779b5d2295-0 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:20:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:20:20 +0200 (CEST) Subject: SUSE-CU-2024:5205-1: Recommended update of bci/openjdk Message-ID: <20241019072020.58DCEF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5205-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-33.3 Container Release : 33.3 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.5-8e5799e5b06a60a913097374b7bf213b1099de5fbb99561ca7d905779b5d2295-0 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:21:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:21:09 +0200 (CEST) Subject: SUSE-CU-2024:5206-1: Recommended update of bci/openjdk Message-ID: <20241019072109.78D6DF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5206-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-35.3 Container Release : 35.3 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.5-8e5799e5b06a60a913097374b7bf213b1099de5fbb99561ca7d905779b5d2295-0 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:21:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:21:50 +0200 (CEST) Subject: SUSE-CU-2024:5207-1: Recommended update of suse/postgres Message-ID: <20241019072150.6D60FF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5207-1 Container Tags : suse/postgres:15 , suse/postgres:15-36.3 , suse/postgres:15.8 , suse/postgres:15.8 Container Release : 36.3 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.5-8e5799e5b06a60a913097374b7bf213b1099de5fbb99561ca7d905779b5d2295-0 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:22:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:22:26 +0200 (CEST) Subject: SUSE-CU-2024:5208-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20241019072226.15E01F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5208-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.27.3 Container Release : 27.3 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libatomic1-14.2.0+git10526-150000.1.3.3 updated - libgomp1-14.2.0+git10526-150000.1.3.3 updated - libitm1-14.2.0+git10526-150000.1.3.3 updated - liblsan0-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.5-8e5799e5b06a60a913097374b7bf213b1099de5fbb99561ca7d905779b5d2295-0 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:23:02 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:23:02 +0200 (CEST) Subject: SUSE-CU-2024:5209-1: Recommended update of suse/sle15 Message-ID: <20241019072302.9DA48F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5209-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.32 , suse/sle15:15.5 , suse/sle15:15.5.36.14.32 Container Release : 36.14.32 Severity : important Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1230912 1231043 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3718-1 Released: Fri Oct 18 04:04:26 2024 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1230912,1231043 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libzypp-17.35.12-150500.6.21.1 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:23:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:23:16 +0200 (CEST) Subject: SUSE-CU-2024:5210-1: Recommended update of suse/389-ds Message-ID: <20241019072316.6B02BF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5210-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-46.5 , suse/389-ds:latest Container Release : 46.5 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:23:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:23:23 +0200 (CEST) Subject: SUSE-CU-2024:5211-1: Recommended update of bci/bci-busybox Message-ID: <20241019072323.420BBF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-busybox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5211-1 Container Tags : bci/bci-busybox:15.6 , bci/bci-busybox:15.6.27.2 , bci/bci-busybox:latest Container Release : 27.2 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/bci-busybox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:23:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:23:35 +0200 (CEST) Subject: SUSE-CU-2024:5212-1: Recommended update of suse/registry Message-ID: <20241019072335.DC55FF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5212-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-29.4 , suse/registry:latest Container Release : 29.4 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:bci-bci-micro-15.6-4a7d8715a34c5965bc39e820f4f1e6d90f335b4c102888166d53cde3b99cf033-0 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:23:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:23:47 +0200 (CEST) Subject: SUSE-CU-2024:5213-1: Recommended update of suse/git Message-ID: <20241019072347.3B447F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5213-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43-30.3 , suse/git:2.43.0 , suse/git:2.43.0-30.3 , suse/git:latest Container Release : 30.3 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:bci-bci-micro-15.6-4a7d8715a34c5965bc39e820f4f1e6d90f335b4c102888166d53cde3b99cf033-0 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:23:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:23:57 +0200 (CEST) Subject: SUSE-CU-2024:5214-1: Recommended update of bci/golang Message-ID: <20241019072357.8FF47F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5214-1 Container Tags : bci/golang:1.23 , bci/golang:1.23-1.43.3 , bci/golang:1.23.2 , bci/golang:1.23.2-1.43.3 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.43.3 Container Release : 43.3 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1231051 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libatomic1-14.2.0+git10526-150000.1.3.3 updated - libgomp1-14.2.0+git10526-150000.1.3.3 updated - libitm1-14.2.0+git10526-150000.1.3.3 updated - liblsan0-14.2.0+git10526-150000.1.3.3 updated - glibc-devel-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:24:13 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:24:13 +0200 (CEST) Subject: SUSE-CU-2024:5215-1: Recommended update of bci/golang Message-ID: <20241019072413.7D7DDF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5215-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-49.3 , bci/golang:1.21.5.1-openssl , bci/golang:1.21.5.1-openssl-49.3 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-49.3 Container Release : 49.3 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1231051 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libatomic1-14.2.0+git10526-150000.1.3.3 updated - libgomp1-14.2.0+git10526-150000.1.3.3 updated - libitm1-14.2.0+git10526-150000.1.3.3 updated - liblsan0-14.2.0+git10526-150000.1.3.3 updated - glibc-devel-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:24:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:24:27 +0200 (CEST) Subject: SUSE-CU-2024:5216-1: Recommended update of bci/kiwi Message-ID: <20241019072427.80608F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/kiwi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5216-1 Container Tags : bci/kiwi:9 , bci/kiwi:9-18.3 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-18.3 , bci/kiwi:latest Container Release : 18.3 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/kiwi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-locale-base-2.38-150600.14.14.2 updated - glibc-devel-2.38-150600.14.14.2 updated From sle-container-updates at lists.suse.com Sat Oct 19 07:24:38 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sat, 19 Oct 2024 09:24:38 +0200 (CEST) Subject: SUSE-CU-2024:5217-1: Recommended update of bci/bci-micro Message-ID: <20241019072438.6520EF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5217-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.27.3 , bci/bci-micro:latest Container Release : 27.3 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:05:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:05:36 +0200 (CEST) Subject: SUSE-CU-2024:5219-1: Recommended update of bci/openjdk-devel Message-ID: <20241020070536.281CFFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5219-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-32.7 Container Release : 32.7 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:bci-openjdk-11-605837766de5d52f7fad01099f28089aa8b2f9b4e5ad79fff193fc178a63645d-0 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:06:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:06:32 +0200 (CEST) Subject: SUSE-CU-2024:5220-1: Recommended update of bci/openjdk-devel Message-ID: <20241020070632.8F78DFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5220-1 Container Tags : bci/openjdk-devel:17 , bci/openjdk-devel:17-34.7 Container Release : 34.7 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:bci-openjdk-17-43196290ba6d7f590fddb09576fbe4b457415d28a58f9528e6bcdca62fd625a2-0 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:06:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:06:47 +0200 (CEST) Subject: SUSE-CU-2024:5221-1: Recommended update of suse/389-ds Message-ID: <20241020070647.0152CFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/389-ds ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5221-1 Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-46.7 , suse/389-ds:latest Container Release : 46.7 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container suse/389-ds was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:07:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:07:04 +0200 (CEST) Subject: SUSE-CU-2024:5222-1: Recommended update of bci/dotnet-aspnet Message-ID: <20241020070704.9FC86FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5222-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-51.4 , bci/dotnet-aspnet:6.0.35 , bci/dotnet-aspnet:6.0.35-51.4 Container Release : 51.4 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:07:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:07:17 +0200 (CEST) Subject: SUSE-CU-2024:5223-1: Recommended update of bci/dotnet-aspnet Message-ID: <20241020070717.3AE98FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5223-1 Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0-39.4 , bci/dotnet-aspnet:8.0.10 , bci/dotnet-aspnet:8.0.10-39.4 , bci/dotnet-aspnet:latest Container Release : 39.4 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:07:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:07:25 +0200 (CEST) Subject: SUSE-CU-2024:5224-1: Recommended update of bci/bci-base-fips Message-ID: <20241020070725.B7E9FFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-base-fips ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5224-1 Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.16.7 , bci/bci-base-fips:latest Container Release : 16.7 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/bci-base-fips was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:07:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:07:37 +0200 (CEST) Subject: SUSE-CU-2024:5225-1: Recommended update of suse/registry Message-ID: <20241020070737.34947FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5225-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-29.6 , suse/registry:latest Container Release : 29.6 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:bci-bci-micro-15.6-5e115737ddaf4439a9195f5a529adfaae4b4edd662ad49662a36df1f53ed1642-0 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:07:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:07:50 +0200 (CEST) Subject: SUSE-CU-2024:5226-1: Recommended update of bci/dotnet-sdk Message-ID: <20241020070750.1E591FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5226-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-51.4 , bci/dotnet-sdk:6.0.35 , bci/dotnet-sdk:6.0.35-51.4 Container Release : 51.4 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:08:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:08:03 +0200 (CEST) Subject: SUSE-CU-2024:5227-1: Recommended update of bci/dotnet-sdk Message-ID: <20241020070803.89B4FFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5227-1 Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0-41.4 , bci/dotnet-sdk:8.0.10 , bci/dotnet-sdk:8.0.10-41.4 , bci/dotnet-sdk:latest Container Release : 41.4 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:08:16 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:08:16 +0200 (CEST) Subject: SUSE-CU-2024:5228-1: Recommended update of bci/dotnet-runtime Message-ID: <20241020070816.991EAFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5228-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-51.4 , bci/dotnet-runtime:6.0.35 , bci/dotnet-runtime:6.0.35-51.4 Container Release : 51.4 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:08:27 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:08:27 +0200 (CEST) Subject: SUSE-CU-2024:5229-1: Recommended update of bci/dotnet-runtime Message-ID: <20241020070827.4FAF9FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5229-1 Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0-39.4 , bci/dotnet-runtime:8.0.10 , bci/dotnet-runtime:8.0.10-39.4 , bci/dotnet-runtime:latest Container Release : 39.4 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:08:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:08:37 +0200 (CEST) Subject: SUSE-CU-2024:5230-1: Recommended update of suse/git Message-ID: <20241020070837.EA61CFCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/git ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5230-1 Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43-30.5 , suse/git:2.43.0 , suse/git:2.43.0-30.5 , suse/git:latest Container Release : 30.5 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container suse/git was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:bci-bci-micro-15.6-5e115737ddaf4439a9195f5a529adfaae4b4edd662ad49662a36df1f53ed1642-0 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:08:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:08:49 +0200 (CEST) Subject: SUSE-CU-2024:5231-1: Recommended update of bci/golang Message-ID: <20241020070849.9401DFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5231-1 Container Tags : bci/golang:1.20-openssl , bci/golang:1.20-openssl-49.5 , bci/golang:1.20.12.1-openssl , bci/golang:1.20.12.1-openssl-49.5 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-49.5 Container Release : 49.5 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - glibc-devel-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:09:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:09:21 +0200 (CEST) Subject: SUSE-CU-2024:5234-1: Recommended update of suse/helm Message-ID: <20241020070921.2D1B6FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/helm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5234-1 Container Tags : suse/helm:3.13 , suse/helm:3.13-27.8 , suse/helm:latest Container Release : 27.8 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container suse/helm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:bci-bci-micro-15.6-5e115737ddaf4439a9195f5a529adfaae4b4edd662ad49662a36df1f53ed1642-0 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:09:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:09:35 +0200 (CEST) Subject: SUSE-CU-2024:5235-1: Recommended update of bci/bci-init Message-ID: <20241020070935.7A3B5FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5235-1 Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.28.7 , bci/bci-init:latest Container Release : 28.7 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:09:55 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:09:55 +0200 (CEST) Subject: SUSE-CU-2024:5217-1: Recommended update of bci/bci-micro Message-ID: <20241020070955.1AD2BFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5217-1 Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.27.3 , bci/bci-micro:latest Container Release : 27.3 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:10:04 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:10:04 +0200 (CEST) Subject: SUSE-CU-2024:5237-1: Recommended update of bci/bci-minimal Message-ID: <20241020071004.BBA5AFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5237-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.29.6 , bci/bci-minimal:latest Container Release : 29.6 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:bci-bci-micro-15.6-4a7d8715a34c5965bc39e820f4f1e6d90f335b4c102888166d53cde3b99cf033-0 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:10:05 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:10:05 +0200 (CEST) Subject: SUSE-CU-2024:5238-1: Recommended update of bci/bci-minimal Message-ID: <20241020071005.6B66EFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5238-1 Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.29.8 , bci/bci-minimal:latest Container Release : 29.8 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:bci-bci-micro-15.6-5e115737ddaf4439a9195f5a529adfaae4b4edd662ad49662a36df1f53ed1642-0 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:10:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:10:17 +0200 (CEST) Subject: SUSE-CU-2024:5239-1: Recommended update of suse/nginx Message-ID: <20241020071017.07D68FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/nginx ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5239-1 Container Tags : suse/nginx:1.21 , suse/nginx:1.21-46.7 , suse/nginx:latest Container Release : 46.7 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container suse/nginx was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:10:28 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:10:28 +0200 (CEST) Subject: SUSE-CU-2024:5240-1: Recommended update of bci/nodejs Message-ID: <20241020071028.C05ACFCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5240-1 Container Tags : bci/node:20 , bci/node:20-44.5 , bci/node:20.15.1 , bci/node:20.15.1-44.5 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-44.5 , bci/nodejs:20.15.1 , bci/nodejs:20.15.1-44.5 , bci/nodejs:latest Container Release : 44.5 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Sun Oct 20 07:10:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Sun, 20 Oct 2024 09:10:48 +0200 (CEST) Subject: SUSE-CU-2024:5241-1: Recommended update of bci/openjdk-devel Message-ID: <20241020071048.70C53FCBE@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5241-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-28.3 , bci/openjdk-devel:21.0.4.0 , bci/openjdk-devel:21.0.4.0-28.3 , bci/openjdk-devel:latest Container Release : 28.3 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:bci-openjdk-21-b65c0cf951ddae034aa5e3577204e1c7aa24632c555d5f9544781eb940d4868b-0 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:04:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:04:20 +0200 (CEST) Subject: SUSE-CU-2024:5241-1: Recommended update of bci/openjdk-devel Message-ID: <20241021070420.77A3FF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5241-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-28.3 , bci/openjdk-devel:21.0.4.0 , bci/openjdk-devel:21.0.4.0-28.3 , bci/openjdk-devel:latest Container Release : 28.3 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:bci-openjdk-21-b65c0cf951ddae034aa5e3577204e1c7aa24632c555d5f9544781eb940d4868b-0 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:04:21 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:04:21 +0200 (CEST) Subject: SUSE-CU-2024:5242-1: Recommended update of bci/openjdk-devel Message-ID: <20241021070421.1147CFD57@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5242-1 Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21-28.5 , bci/openjdk-devel:21.0.4.0 , bci/openjdk-devel:21.0.4.0-28.5 , bci/openjdk-devel:latest Container Release : 28.5 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:bci-openjdk-21-a8eee4185193dd3e9e24f770cd4d65d0bd2a537dc8713058f37c58fdad3884ab-0 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:04:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:04:36 +0200 (CEST) Subject: SUSE-CU-2024:5243-1: Recommended update of bci/openjdk Message-ID: <20241021070436.3EFBBF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5243-1 Container Tags : bci/openjdk:21 , bci/openjdk:21-28.5 , bci/openjdk:21.0.4.0 , bci/openjdk:21.0.4.0-28.5 , bci/openjdk:latest Container Release : 28.5 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:04:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:04:47 +0200 (CEST) Subject: SUSE-CU-2024:5244-1: Security update of bci/php-apache Message-ID: <20241021070447.70277F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5244-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-44.6 , bci/php-apache:8.2.24 , bci/php-apache:8.2.24-44.6 , bci/php-apache:latest Container Release : 44.6 Severity : moderate Type : security References : 1231051 1231358 1231360 1231382 CVE-2024-8925 CVE-2024-8927 CVE-2024-9026 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3729-1 Released: Fri Oct 18 15:22:50 2024 Summary: Security update for php8 Type: security Severity: moderate References: 1231358,1231360,1231382,CVE-2024-8925,CVE-2024-8927,CVE-2024-9026 This update for php8 fixes the following issues: Update to php 8.2.24: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed (bsc#1231360) - CVE-2024-8927: Fixed cgi.force_redirect configuration is bypassable due to an environment variable collision (bsc#1231358) - CVE-2024-9026: Fixed pollution of worker output logs in PHP-FPM (bsc#1231382) The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - php8-cli-8.2.24-150600.3.6.1 updated - php8-8.2.24-150600.3.6.1 updated - apache2-mod_php8-8.2.24-150600.3.6.1 updated - php8-openssl-8.2.24-150600.3.6.1 updated - php8-mbstring-8.2.24-150600.3.6.1 updated - php8-zlib-8.2.24-150600.3.6.1 updated - php8-zip-8.2.24-150600.3.6.1 updated - php8-curl-8.2.24-150600.3.6.1 updated - php8-phar-8.2.24-150600.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:04:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:04:59 +0200 (CEST) Subject: SUSE-CU-2024:5245-1: Security update of bci/php-fpm Message-ID: <20241021070459.55DCEF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/php-fpm ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5245-1 Container Tags : bci/php-fpm:8 , bci/php-fpm:8-44.6 , bci/php-fpm:8.2.24 , bci/php-fpm:8.2.24-44.6 , bci/php-fpm:latest Container Release : 44.6 Severity : moderate Type : security References : 1231051 1231358 1231360 1231382 CVE-2024-8925 CVE-2024-8927 CVE-2024-9026 ----------------------------------------------------------------- The container bci/php-fpm was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3729-1 Released: Fri Oct 18 15:22:50 2024 Summary: Security update for php8 Type: security Severity: moderate References: 1231358,1231360,1231382,CVE-2024-8925,CVE-2024-8927,CVE-2024-9026 This update for php8 fixes the following issues: Update to php 8.2.24: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed (bsc#1231360) - CVE-2024-8927: Fixed cgi.force_redirect configuration is bypassable due to an environment variable collision (bsc#1231358) - CVE-2024-9026: Fixed pollution of worker output logs in PHP-FPM (bsc#1231382) The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - php8-cli-8.2.24-150600.3.6.1 updated - php8-8.2.24-150600.3.6.1 updated - php8-fpm-8.2.24-150600.3.6.1 updated - php8-openssl-8.2.24-150600.3.6.1 updated - php8-mbstring-8.2.24-150600.3.6.1 updated - php8-zlib-8.2.24-150600.3.6.1 updated - php8-zip-8.2.24-150600.3.6.1 updated - php8-curl-8.2.24-150600.3.6.1 updated - php8-phar-8.2.24-150600.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:05:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:05:10 +0200 (CEST) Subject: SUSE-CU-2024:5246-1: Security update of bci/php Message-ID: <20241021070510.03A48F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/php ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5246-1 Container Tags : bci/php:8 , bci/php:8-44.6 , bci/php:8.2.24 , bci/php:8.2.24-44.6 , bci/php:latest Container Release : 44.6 Severity : moderate Type : security References : 1231051 1231358 1231360 1231382 CVE-2024-8925 CVE-2024-8927 CVE-2024-9026 ----------------------------------------------------------------- The container bci/php was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3729-1 Released: Fri Oct 18 15:22:50 2024 Summary: Security update for php8 Type: security Severity: moderate References: 1231358,1231360,1231382,CVE-2024-8925,CVE-2024-8927,CVE-2024-9026 This update for php8 fixes the following issues: Update to php 8.2.24: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed (bsc#1231360) - CVE-2024-8927: Fixed cgi.force_redirect configuration is bypassable due to an environment variable collision (bsc#1231358) - CVE-2024-9026: Fixed pollution of worker output logs in PHP-FPM (bsc#1231382) The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - php8-cli-8.2.24-150600.3.6.1 updated - php8-8.2.24-150600.3.6.1 updated - php8-openssl-8.2.24-150600.3.6.1 updated - php8-mbstring-8.2.24-150600.3.6.1 updated - php8-zlib-8.2.24-150600.3.6.1 updated - php8-readline-8.2.24-150600.3.6.1 updated - php8-curl-8.2.24-150600.3.6.1 updated - php8-phar-8.2.24-150600.3.6.1 updated - php8-zip-8.2.24-150600.3.6.1 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:05:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:05:20 +0200 (CEST) Subject: SUSE-CU-2024:5247-1: Recommended update of suse/postgres Message-ID: <20241021070520.344B8F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5247-1 Container Tags : suse/postgres:16 , suse/postgres:16-50.3 , suse/postgres:16.4 , suse/postgres:16.4 , suse/postgres:16.4-50.3 , suse/postgres:latest Container Release : 50.3 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-locale-base-2.38-150600.14.14.2 updated - glibc-locale-2.38-150600.14.14.2 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:05:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:05:32 +0200 (CEST) Subject: SUSE-CU-2024:5188-1: Recommended update of bci/python Message-ID: <20241021070532.605C0F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5188-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11-56.2 , bci/python:3.11.10 , bci/python:3.11.10-56.2 Container Release : 56.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:05:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:05:33 +0200 (CEST) Subject: SUSE-CU-2024:5249-1: Recommended update of bci/python Message-ID: <20241021070533.01F25F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5249-1 Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11-56.5 , bci/python:3.11.10 , bci/python:3.11.10-56.5 Container Release : 56.5 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:05:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:05:47 +0200 (CEST) Subject: SUSE-CU-2024:5250-1: Recommended update of bci/python Message-ID: <20241021070547.B5E26F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5250-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12-56.2 , bci/python:3.12.6 , bci/python:3.12.6-56.2 , bci/python:latest Container Release : 56.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:05:48 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:05:48 +0200 (CEST) Subject: SUSE-CU-2024:5251-1: Recommended update of bci/python Message-ID: <20241021070548.371B0F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5251-1 Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12-56.5 , bci/python:3.12.6 , bci/python:3.12.6-56.5 , bci/python:latest Container Release : 56.5 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:05:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:05:59 +0200 (CEST) Subject: SUSE-CU-2024:5252-1: Recommended update of bci/python Message-ID: <20241021070559.2E5B2F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5252-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-55.2 , bci/python:3.6.15 , bci/python:3.6.15-55.2 Container Release : 55.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:05:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:05:59 +0200 (CEST) Subject: SUSE-CU-2024:5253-1: Recommended update of bci/python Message-ID: <20241021070559.C29F6F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5253-1 Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6-55.5 , bci/python:3.6.15 , bci/python:3.6.15-55.5 Container Release : 55.5 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:06:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:06:09 +0200 (CEST) Subject: SUSE-CU-2024:5255-1: Recommended update of suse/rmt-mariadb-client Message-ID: <20241021070609.9BC03FD57@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5255-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11-49.5 , suse/mariadb-client:10.11.9 , suse/mariadb-client:10.11.9-49.5 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11-49.5 , suse/rmt-mariadb-client:10.11.9 , suse/rmt-mariadb-client:10.11.9-49.5 , suse/rmt-mariadb-client:latest Container Release : 49.5 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:06:09 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:06:09 +0200 (CEST) Subject: SUSE-CU-2024:5254-1: Recommended update of suse/rmt-mariadb-client Message-ID: <20241021070609.134E9F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb-client ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5254-1 Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11-49.2 , suse/mariadb-client:10.11.9 , suse/mariadb-client:10.11.9-49.2 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11-49.2 , suse/rmt-mariadb-client:10.11.9 , suse/rmt-mariadb-client:10.11.9-49.2 , suse/rmt-mariadb-client:latest Container Release : 49.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container suse/rmt-mariadb-client was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:06:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:06:18 +0200 (CEST) Subject: SUSE-CU-2024:5256-1: Recommended update of suse/rmt-mariadb Message-ID: <20241021070618.A2D1EF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5256-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-52.2 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-52.2 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-52.2 , suse/rmt-mariadb:10.11.9 , suse/rmt-mariadb:10.11.9-52.2 , suse/rmt-mariadb:latest Container Release : 52.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:06:19 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:06:19 +0200 (CEST) Subject: SUSE-CU-2024:5257-1: Recommended update of suse/rmt-mariadb Message-ID: <20241021070619.44828F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/rmt-mariadb ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5257-1 Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11-52.5 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-52.5 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11-52.5 , suse/rmt-mariadb:10.11.9 , suse/rmt-mariadb:10.11.9-52.5 , suse/rmt-mariadb:latest Container Release : 52.5 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container suse/rmt-mariadb was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:06:31 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:06:31 +0200 (CEST) Subject: SUSE-CU-2024:5258-1: Recommended update of bci/ruby Message-ID: <20241021070631.AEC4FF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5258-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-28.4 , bci/ruby:latest Container Release : 28.4 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libatomic1-14.2.0+git10526-150000.1.3.3 updated - libgomp1-14.2.0+git10526-150000.1.3.3 updated - libitm1-14.2.0+git10526-150000.1.3.3 updated - liblsan0-14.2.0+git10526-150000.1.3.3 updated - container:registry.suse.com-bci-bci-base-15.6-c77de40f6bc7d15e5d9818e25a9d3f98069064b38cc6ded471e98e48181806ce-0 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:06:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:06:32 +0200 (CEST) Subject: SUSE-CU-2024:5259-1: Recommended update of bci/ruby Message-ID: <20241021070632.51C4CF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5259-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-28.5 , bci/ruby:latest Container Release : 28.5 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-devel-2.38-150600.14.14.2 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:06:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:06:43 +0200 (CEST) Subject: SUSE-CU-2024:5262-1: Recommended update of bci/rust Message-ID: <20241021070643.95DDEF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5262-1 Container Tags : bci/rust:1.80 , bci/rust:1.80-2.7.3 , bci/rust:1.80.1 , bci/rust:1.80.1-2.7.3 , bci/rust:oldstable , bci/rust:oldstable-2.7.3 Container Release : 7.3 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-devel-2.38-150600.14.14.2 updated From sle-container-updates at lists.suse.com Mon Oct 21 07:06:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 21 Oct 2024 09:06:54 +0200 (CEST) Subject: SUSE-CU-2024:5265-1: Recommended update of bci/rust Message-ID: <20241021070654.B628BF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5265-1 Container Tags : bci/rust:1.81 , bci/rust:1.81-1.7.3 , bci/rust:1.81.0 , bci/rust:1.81.0-1.7.3 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.7.3 Container Release : 7.3 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-devel-2.38-150600.14.14.2 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:02:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:02:29 +0200 (CEST) Subject: SUSE-IU-2024:1584-1: Security update of suse/sle-micro/5.5 Message-ID: <20241022070229.5F599FCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1584-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.169 , suse/sle-micro/5.5:latest Image Release : 5.5.169 Severity : moderate Type : security References : 1214612 1231208 1231499 CVE-2024-9407 CVE-2024-9675 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3741-1 Released: Mon Oct 21 14:33:31 2024 Summary: Security update for podman Type: security Severity: moderate References: 1214612,1231208,1231499,CVE-2024-9407,CVE-2024-9675 This update for podman fixes the following issues: - CVE-2024-9675: Fixed cache arbitrary directory mount (bsc#1231499). - CVE-2024-9407: Fixed improper Input Validation in bind-propagation Option of Dockerfile RUN --mount Instruction (bsc#1231208). The following non-security bug was fixed: - rootless ipv6 containers can't be started (bsc#1214612). The following package changes have been done: - podman-4.9.5-150500.3.25.1 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:03:35 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:03:35 +0200 (CEST) Subject: SUSE-CU-2024:5272-1: Recommended update of suse/ltss/sle15.4/sle15 Message-ID: <20241022070335.3F3A3F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle15.4/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5272-1 Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.3 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.3 , suse/ltss/sle15.4/sle15:latest Container Release : 2.3 Severity : important Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1230912 1231043 ----------------------------------------------------------------- The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3727-1 Released: Fri Oct 18 15:04:09 2024 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1230912,1231043 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libzypp-17.35.12-150400.3.93.1 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:05:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:05:29 +0200 (CEST) Subject: SUSE-CU-2024:5273-1: Security update of suse/registry Message-ID: <20241022070529.3DC30F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/registry ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5273-1 Container Tags : suse/registry:2.8 , suse/registry:2.8-29.7 , suse/registry:latest Container Release : 29.7 Severity : important Type : security References : 1228097 CVE-2024-40725 ----------------------------------------------------------------- The container suse/registry was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3742-1 Released: Mon Oct 21 15:58:25 2024 Summary: Security update for apache2 Type: security Severity: important References: 1228097,CVE-2024-40725 This update for apache2 fixes the following issues: - CVE-2024-40725: Fixed source code disclosure of local content (bsc#1228097) The following package changes have been done: - apache2-utils-2.4.58-150600.5.26.1 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:05:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:05:37 +0200 (CEST) Subject: SUSE-CU-2024:5274-1: Recommended update of bci/golang Message-ID: <20241022070537.40315F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5274-1 Container Tags : bci/golang:1.22 , bci/golang:1.22-2.43.5 , bci/golang:1.22.8 , bci/golang:1.22.8-2.43.5 , bci/golang:oldstable , bci/golang:oldstable-2.43.5 Container Release : 43.5 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - glibc-devel-2.38-150600.14.14.2 updated - container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:05:57 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:05:57 +0200 (CEST) Subject: SUSE-CU-2024:5276-1: Security update of bci/php-apache Message-ID: <20241022070557.A8B8BF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/php-apache ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5276-1 Container Tags : bci/php-apache:8 , bci/php-apache:8-44.7 , bci/php-apache:8.2.24 , bci/php-apache:8.2.24-44.7 , bci/php-apache:latest Container Release : 44.7 Severity : important Type : security References : 1228097 CVE-2024-40725 ----------------------------------------------------------------- The container bci/php-apache was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3742-1 Released: Mon Oct 21 15:58:25 2024 Summary: Security update for apache2 Type: security Severity: important References: 1228097,CVE-2024-40725 This update for apache2 fixes the following issues: - CVE-2024-40725: Fixed source code disclosure of local content (bsc#1228097) The following package changes have been done: - apache2-prefork-2.4.58-150600.5.26.1 updated - apache2-2.4.58-150600.5.26.1 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:06:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:06:07 +0200 (CEST) Subject: SUSE-CU-2024:5265-1: Recommended update of bci/rust Message-ID: <20241022070607.432D3F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/rust ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5265-1 Container Tags : bci/rust:1.81 , bci/rust:1.81-1.7.3 , bci/rust:1.81.0 , bci/rust:1.81.0-1.7.3 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.7.3 Container Release : 7.3 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/rust was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-devel-2.38-150600.14.14.2 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:06:20 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:06:20 +0200 (CEST) Subject: SUSE-IU-2024:1589-1: Recommended update of containers/apache-tomcat Message-ID: <20241022070620.54BA3F74A@maintenance.suse.de> SUSE Image Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1589-1 Image Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1-openjdk17-8.2 , containers/apache-tomcat:10.1.25-openjdk17 , containers/apache-tomcat:10.1.25-openjdk17-8.2 Image Release : 8.2 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:bci-bci-base-15.6-4a7d8715a34c5965bc39e820f4f1e6d90f335b4c102888166d53cde3b99cf033-0 updated - container:registry.suse.com-bci-bci-micro-15.6-4a7d8715a34c5965bc39e820f4f1e6d90f335b4c102888166d53cde3b99cf033-0 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:06:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:06:23 +0200 (CEST) Subject: SUSE-IU-2024:1591-1: Recommended update of containers/apache-tomcat Message-ID: <20241022070623.3B8CAF74A@maintenance.suse.de> SUSE Image Update Advisory: containers/apache-tomcat ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1591-1 Image Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1-openjdk17-8.5 , containers/apache-tomcat:10.1.25-openjdk17 , containers/apache-tomcat:10.1.25-openjdk17-8.5 Image Release : 8.5 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container containers/apache-tomcat was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - container:bci-bci-base-15.6-5e115737ddaf4439a9195f5a529adfaae4b4edd662ad49662a36df1f53ed1642-0 updated - container:registry.suse.com-bci-bci-micro-15.6-5e115737ddaf4439a9195f5a529adfaae4b4edd662ad49662a36df1f53ed1642-0 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:06:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:06:41 +0200 (CEST) Subject: SUSE-CU-2024:5278-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20241022070641.B86B1F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5278-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.28.3 , bci/bci-sle15-kernel-module-devel:latest Container Release : 28.3 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libatomic1-14.2.0+git10526-150000.1.3.3 updated - libgomp1-14.2.0+git10526-150000.1.3.3 updated - libitm1-14.2.0+git10526-150000.1.3.3 updated - liblsan0-14.2.0+git10526-150000.1.3.3 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:06:42 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:06:42 +0200 (CEST) Subject: SUSE-CU-2024:5280-1: Recommended update of bci/bci-sle15-kernel-module-devel Message-ID: <20241022070642.B18DBF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5280-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.28.5 , bci/bci-sle15-kernel-module-devel:latest Container Release : 28.5 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-locale-base-2.38-150600.14.14.2 updated - glibc-locale-2.38-150600.14.14.2 updated - glibc-devel-2.38-150600.14.14.2 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:06:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:06:54 +0200 (CEST) Subject: SUSE-CU-2024:5282-1: Recommended update of suse/sle15 Message-ID: <20241022070654.184E9F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5282-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.27 , suse/sle15:15.6 , suse/sle15:15.6.47.11.27 Container Release : 47.11.27 Severity : important Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1230912 1231043 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3681-1 Released: Wed Oct 16 19:34:35 2024 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1230912,1231043 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libzypp-17.35.12-150600.3.27.1 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:06:54 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:06:54 +0200 (CEST) Subject: SUSE-CU-2024:5283-1: Recommended update of suse/sle15 Message-ID: <20241022070654.A2988F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5283-1 Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.11.28 , suse/sle15:15.6 , suse/sle15:15.6.47.11.28 Container Release : 47.11.28 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:07:06 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:07:06 +0200 (CEST) Subject: SUSE-CU-2024:5285-1: Recommended update of bci/spack Message-ID: <20241022070706.073D6F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/spack ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5285-1 Container Tags : bci/spack:0.21 , bci/spack:0.21-14.3 , bci/spack:0.21.2 , bci/spack:0.21.2-14.3 , bci/spack:latest Container Release : 14.3 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container bci/spack was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-devel-2.38-150600.14.14.2 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:07:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:07:46 +0200 (CEST) Subject: SUSE-CU-2024:5287-1: Recommended update of suse/manager/4.3/proxy-httpd Message-ID: <20241022070746.E812BF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5287-1 Container Tags : suse/manager/4.3/proxy-httpd:4.3.13 , suse/manager/4.3/proxy-httpd:4.3.13.9.57.52 , suse/manager/4.3/proxy-httpd:latest Container Release : 9.57.52 Severity : important Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1230912 1231043 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3727-1 Released: Fri Oct 18 15:04:09 2024 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1230912,1231043 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libzypp-17.35.12-150400.3.93.1 updated - container:sles15-ltss-image-15.4.0-2.3 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:08:12 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:08:12 +0200 (CEST) Subject: SUSE-CU-2024:5288-1: Recommended update of suse/manager/4.3/proxy-salt-broker Message-ID: <20241022070812.3E416F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5288-1 Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.13 , suse/manager/4.3/proxy-salt-broker:4.3.13.9.47.54 , suse/manager/4.3/proxy-salt-broker:latest Container Release : 9.47.54 Severity : important Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1230912 1231043 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3727-1 Released: Fri Oct 18 15:04:09 2024 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1230912,1231043 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libzypp-17.35.12-150400.3.93.1 updated - container:sles15-ltss-image-15.4.0-2.3 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:08:34 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:08:34 +0200 (CEST) Subject: SUSE-CU-2024:5289-1: Recommended update of suse/manager/4.3/proxy-squid Message-ID: <20241022070834.BFE75F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-squid ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5289-1 Container Tags : suse/manager/4.3/proxy-squid:4.3.13 , suse/manager/4.3/proxy-squid:4.3.13.9.56.37 , suse/manager/4.3/proxy-squid:latest Container Release : 9.56.37 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-squid was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:sles15-ltss-image-15.4.0-2.3 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:08:59 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:08:59 +0200 (CEST) Subject: SUSE-CU-2024:5290-1: Recommended update of suse/manager/4.3/proxy-ssh Message-ID: <20241022070859.D8240F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-ssh ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5290-1 Container Tags : suse/manager/4.3/proxy-ssh:4.3.13 , suse/manager/4.3/proxy-ssh:4.3.13.9.47.38 , suse/manager/4.3/proxy-ssh:latest Container Release : 9.47.38 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-ssh was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:sles15-ltss-image-15.4.0-2.3 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:09:26 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:09:26 +0200 (CEST) Subject: SUSE-CU-2024:5291-1: Recommended update of suse/manager/4.3/proxy-tftpd Message-ID: <20241022070926.F00C2F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/manager/4.3/proxy-tftpd ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5291-1 Container Tags : suse/manager/4.3/proxy-tftpd:4.3.13 , suse/manager/4.3/proxy-tftpd:4.3.13.9.47.38 , suse/manager/4.3/proxy-tftpd:latest Container Release : 9.47.38 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 ----------------------------------------------------------------- The container suse/manager/4.3/proxy-tftpd was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - container:sles15-ltss-image-15.4.0-2.3 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:10:17 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:10:17 +0200 (CEST) Subject: SUSE-CU-2024:5292-1: Recommended update of suse/sle-micro/5.1/toolbox Message-ID: <20241022071017.88CA6F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5292-1 Container Tags : suse/sle-micro/5.1/toolbox:13.2 , suse/sle-micro/5.1/toolbox:13.2-3.13.38 , suse/sle-micro/5.1/toolbox:latest Container Release : 3.13.38 Severity : important Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1230912 1231043 ----------------------------------------------------------------- The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3730-1 Released: Fri Oct 18 15:34:25 2024 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1230912,1231043 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libzypp-17.35.12-150200.129.1 updated From sle-container-updates at lists.suse.com Tue Oct 22 07:12:46 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 22 Oct 2024 09:12:46 +0200 (CEST) Subject: SUSE-CU-2024:5294-1: Recommended update of suse/sle-micro/5.2/toolbox Message-ID: <20241022071246.F18E1F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5294-1 Container Tags : suse/sle-micro/5.2/toolbox:13.2 , suse/sle-micro/5.2/toolbox:13.2-7.11.40 , suse/sle-micro/5.2/toolbox:latest Container Release : 7.11.40 Severity : important Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1230912 1231043 ----------------------------------------------------------------- The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3730-1 Released: Fri Oct 18 15:34:25 2024 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1230912,1231043 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] The following package changes have been done: - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libzypp-17.35.12-150200.129.1 updated From sle-container-updates at lists.suse.com Wed Oct 23 07:05:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 23 Oct 2024 09:05:50 +0200 (CEST) Subject: SUSE-CU-2024:5299-1: Security update of suse/pcp Message-ID: <20241023070550.62E83F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/pcp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5299-1 Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-37.9 , suse/pcp:latest Container Release : 37.9 Severity : important Type : security References : 1188441 1210959 1214915 1217826 1219031 1220724 1221601 1222121 1222815 1227100 1227807 1230111 1230135 1230145 1230551 1230552 1231051 1231345 CVE-2023-6917 CVE-2024-3019 CVE-2024-45769 CVE-2024-45770 ----------------------------------------------------------------- The container suse/pcp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3528-1 Released: Fri Oct 4 15:31:43 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3533-1 Released: Fri Oct 4 16:40:27 2024 Summary: Security update for pcp Type: security Severity: important References: 1217826,1222121,1222815,1230551,1230552,CVE-2023-6917,CVE-2024-3019,CVE-2024-45769,CVE-2024-45770 This update for pcp fixes the following issues: pcp was updated from version 5.3.7 to version 6.2.0 (jsc#PED-8192, jsc#PED-8389): - Security issues fixed: * CVE-2024-45770: Fixed a symlink attack that allows escalating from the pcp to the root user (bsc#1230552) * CVE-2024-45769: Fixed a heap corruption through metric pmstore operations (bsc#1230551) * CVE-2023-6917: Fixed local privilege escalation from pcp user to root in /usr/libexec/pcp/lib/pmproxy (bsc#1217826) * CVE-2024-3019: Disabled redis proxy by default (bsc#1222121) - Major changes: * Add version 3 PCP archive support: instance domain change-deltas, Y2038-safe timestamps, nanosecond-precision timestamps, arbitrary timezones support, 64-bit file offsets used throughout for larger (beyond 2GB) individual volumes. + Opt-in using the /etc/pcp.conf PCP_ARCHIVE_VERSION setting + Version 2 archives remain the default (for next few years). * Switch to using OpenSSL only throughout PCP (dropped NSS/NSPR); this impacts on libpcp, PMAPI clients and PMCD use of encryption; these are now configured and used consistently with pmproxy HTTPS support and redis-server, which were both already using OpenSSL. * New nanosecond precision timestamp PMAPI calls for PCP library interfaces that make use of timestamps. These are all optional, and full backward compatibility is preserved for existing tools. * For the full list of changes please consult the packaged CHANGELOG file - Other packaging changes: * Moved pmlogger_daily into main package (bsc#1222815) * Change dependency from openssl-devel >= 1.1.1 to openssl-devel >= 1.0.2p. Required for SLE-12. * Introduce 'pmda-resctrl' package, disabled for architectures other than x86_64. * Change the architecture for various subpackages to 'noarch' as they contain no binaries. * Disable 'pmda-mssql', as it fails to build. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3609-1 Released: Mon Oct 14 11:39:13 2024 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1227100,1230135 This update for SLES-release fixes the following issues: - update codestream end date (bsc#1227100) - added weakremover(libsemanage1) (bsc#1230135) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3743-1 Released: Tue Oct 22 14:09:48 2024 Summary: Recommended update for pcp Type: recommended Severity: moderate References: 1231345 This update for pcp fixes the following issues: - Reintroduce libuv support for SLE >= 15 (bsc#1231345). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - libsasl2-3-2.1.28-150600.7.3.1 updated - libcom_err2-1.47.0-150600.4.6.2 updated - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libudev1-254.18-150600.4.15.10 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - sles-release-15.6-150600.64.3.1 updated - pcp-conf-6.2.0-150600.3.9.1 updated - cyrus-sasl-2.1.28-150600.7.3.1 updated - libpcp3-6.2.0-150600.3.9.1 updated - libpcp_trace2-6.2.0-150600.3.9.1 updated - libpcp_mmv1-6.2.0-150600.3.9.1 updated - libpcp_import1-6.2.0-150600.3.9.1 updated - libpcp_gui2-6.2.0-150600.3.9.1 updated - libpcp_web1-6.2.0-150600.3.9.1 updated - pcp-6.2.0-150600.3.9.1 updated - container:bci-bci-init-15.6-1f347c823763d30156dbf4c941c49e670ac0212c484cda0e5853c5158acd957b-0 updated - libfreebl3-3.101.2-150400.3.51.1 removed - libsoftokn3-3.101.2-150400.3.51.1 removed - libsqlite3-0-3.44.0-150000.3.23.1 removed - mozilla-nspr-4.35-150000.3.29.1 removed - mozilla-nss-3.101.2-150400.3.51.1 removed - mozilla-nss-certs-3.101.2-150400.3.51.1 removed From sle-container-updates at lists.suse.com Fri Oct 25 07:02:51 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Oct 2024 09:02:51 +0200 (CEST) Subject: SUSE-IU-2024:1603-1: Security update of suse/sle-micro/5.5 Message-ID: <20241025070251.9C53AF74A@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1603-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.170 , suse/sle-micro/5.5:latest Image Release : 5.5.170 Severity : moderate Type : security References : 1231698 CVE-2024-9676 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3753-1 Released: Thu Oct 24 05:34:09 2024 Summary: Security update for podman Type: security Severity: moderate References: 1231698,CVE-2024-9676 This update for podman fixes the following issues: - CVE-2024-9676: Fixed symlink traversal vulnerability in the containers/storage library that could cause Denial of Service (DoS) (bsc#1231698) The following package changes have been done: - podman-4.9.5-150500.3.28.1 updated From sle-container-updates at lists.suse.com Fri Oct 25 07:07:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Oct 2024 09:07:37 +0200 (CEST) Subject: SUSE-CU-2024:5314-1: Security update of bci/golang Message-ID: <20241025070737.08D9EF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5314-1 Container Tags : bci/golang:1.21-openssl , bci/golang:1.21-openssl-49.6 , bci/golang:1.21.13.1-openssl , bci/golang:1.21.13.1-openssl-49.6 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-49.6 Container Release : 49.6 Severity : important Type : security References : 1212475 1219988 1220999 1221000 1221001 1221002 1221003 1221400 1224017 1225973 1225974 1227314 CVE-2023-45288 CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785 CVE-2024-24787 CVE-2024-24789 CVE-2024-24790 CVE-2024-24791 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3755-1 Released: Thu Oct 24 09:54:02 2024 Summary: Security update for go1.21-openssl Type: security Severity: important References: 1212475,1219988,1220999,1221000,1221001,1221002,1221003,1221400,1224017,1225973,1225974,1227314,CVE-2023-45288,CVE-2023-45289,CVE-2023-45290,CVE-2024-24783,CVE-2024-24784,CVE-2024-24785,CVE-2024-24787,CVE-2024-24789,CVE-2024-24790,CVE-2024-24791 This update for go1.21-openssl fixes the following issues: - CVE-2024-24791: Fixed denial of service due to improper 100-continue handling (bsc#1227314) - CVE-2024-24789: Fixed mishandling of corrupt central directory record in archive/zip (bsc#1225973) - CVE-2024-24790: Fixed unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip (bsc#1225974) - CVE-2024-24787: Fixed arbitrary code execution during build on darwin in cmd/go (bsc#1224017) - CVE-2023-45288: Fixed denial of service due to close connections when receiving too many headers in net/http and x/net/http2 (bsc#1221400) - CVE-2023-45289: Fixed incorrect forwarding of sensitive headers and cookies on HTTP redirect in net/http and net/http/cookiejar (bsc#1221000) - CVE-2023-45290: Fixed memory exhaustion in Request.ParseMultipartForm in net/http (bsc#1221001) - CVE-2024-24783: Fixed denial of service on certificates with an unknown public key algorithm in crypto/x509 (bsc#1220999) - CVE-2024-24784: Fixed comments in display names are incorrectly handled in net/mail (bsc#1221002) - CVE-2024-24785: Fixed errors returned from MarshalJSON methods may break template escaping in html/template (bsc#1221003) Other fixes: - Update to version 1.21.13.1 cut from the go1.21-fips-release (jsc#SLE-18320) - Update to version 1.21.13 (bsc#1212475) - Remove subpackage go1.x-openssl-libstd for compiled shared object libstd.so. (jsc#PED-1962) - Ensure VERSION file is present in GOROOT as required by go tool dist and go tool distpack (bsc#1219988) The following package changes have been done: - go1.21-openssl-doc-1.21.13.1-150600.16.3.1 updated - go1.21-openssl-1.21.13.1-150600.16.3.1 updated - go1.21-openssl-race-1.21.13.1-150600.16.3.1 updated From sle-container-updates at lists.suse.com Fri Oct 25 07:07:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Oct 2024 09:07:49 +0200 (CEST) Subject: SUSE-CU-2024:5315-1: Recommended update of suse/hpc/warewulf4-x86_64/sle-hpc-node Message-ID: <20241025070749.C638AF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5315-1 Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.56 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest Container Release : 17.5.56 Severity : moderate Type : recommended References : 1231051 ----------------------------------------------------------------- The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-locale-base-2.38-150600.14.14.2 updated - glibc-2.38-150600.14.14.2 updated From sle-container-updates at lists.suse.com Fri Oct 25 07:08:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Oct 2024 09:08:15 +0200 (CEST) Subject: SUSE-CU-2024:5316-1: Recommended update of suse/sles/15.7/cdi-apiserver Message-ID: <20241025070815.1A25BF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5316-1 Container Tags : suse/sles/15.7/cdi-apiserver:1.58.0 , suse/sles/15.7/cdi-apiserver:1.58.0-150700.7.15 , suse/sles/15.7/cdi-apiserver:1.58.0.27.34 Container Release : 27.34 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1227807 1231051 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - containerized-data-importer-api-1.58.0-150700.7.15 updated - container:sles15-image-15.0.0-50.34 updated From sle-container-updates at lists.suse.com Fri Oct 25 07:08:18 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Oct 2024 09:08:18 +0200 (CEST) Subject: SUSE-CU-2024:5317-1: Recommended update of suse/sles/15.7/cdi-cloner Message-ID: <20241025070818.8749FF74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5317-1 Container Tags : suse/sles/15.7/cdi-cloner:1.58.0 , suse/sles/15.7/cdi-cloner:1.58.0-150700.7.15 , suse/sles/15.7/cdi-cloner:1.58.0.28.34 Container Release : 28.34 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1227807 1230111 1231051 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - libsasl2-3-2.1.28-150600.7.3.1 updated - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - containerized-data-importer-cloner-1.58.0-150700.7.15 updated - container:sles15-image-15.0.0-50.34 updated From sle-container-updates at lists.suse.com Fri Oct 25 07:08:25 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Oct 2024 09:08:25 +0200 (CEST) Subject: SUSE-CU-2024:5319-1: Recommended update of suse/sles/15.7/cdi-importer Message-ID: <20241025070825.9E7DAFD57@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5319-1 Container Tags : suse/sles/15.7/cdi-importer:1.58.0 , suse/sles/15.7/cdi-importer:1.58.0-150700.7.15 , suse/sles/15.7/cdi-importer:1.58.0.28.37 Container Release : 28.37 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1221714 1226724 1227807 1230111 1231051 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3616-1 Released: Mon Oct 14 13:03:56 2024 Summary: Recommended update for libnettle Type: recommended Severity: moderate References: 1221714,1226724 This update for libnettle fixes the following issue: - FIPS integrity checksums were not correct on s390x (bsc#1221714) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - libsasl2-3-2.1.28-150600.7.3.1 updated - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - libnettle8-3.9.1-150600.3.2.1 updated - libhogweed6-3.9.1-150600.3.2.1 updated - containerized-data-importer-importer-1.58.0-150700.7.15 updated - container:sles15-image-15.0.0-50.34 updated From sle-container-updates at lists.suse.com Fri Oct 25 07:08:29 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Oct 2024 09:08:29 +0200 (CEST) Subject: SUSE-CU-2024:5320-1: Recommended update of suse/sles/15.7/cdi-operator Message-ID: <20241025070829.640FEFD57@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5320-1 Container Tags : suse/sles/15.7/cdi-operator:1.58.0 , suse/sles/15.7/cdi-operator:1.58.0-150700.7.15 , suse/sles/15.7/cdi-operator:1.58.0.27.34 Container Release : 27.34 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1227807 1231051 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - containerized-data-importer-operator-1.58.0-150700.7.15 updated - container:sles15-image-15.0.0-50.34 updated From sle-container-updates at lists.suse.com Fri Oct 25 07:08:33 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Oct 2024 09:08:33 +0200 (CEST) Subject: SUSE-CU-2024:5321-1: Recommended update of suse/sles/15.7/cdi-uploadproxy Message-ID: <20241025070833.2E97FFD57@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5321-1 Container Tags : suse/sles/15.7/cdi-uploadproxy:1.58.0 , suse/sles/15.7/cdi-uploadproxy:1.58.0-150700.7.15 , suse/sles/15.7/cdi-uploadproxy:1.58.0.27.34 Container Release : 27.34 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1227807 1231051 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - containerized-data-importer-uploadproxy-1.58.0-150700.7.15 updated - container:sles15-image-15.0.0-50.34 updated From sle-container-updates at lists.suse.com Fri Oct 25 07:08:36 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Oct 2024 09:08:36 +0200 (CEST) Subject: SUSE-CU-2024:5322-1: Recommended update of suse/sles/15.7/cdi-uploadserver Message-ID: <20241025070836.A81BAFD57@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5322-1 Container Tags : suse/sles/15.7/cdi-uploadserver:1.58.0 , suse/sles/15.7/cdi-uploadserver:1.58.0-150700.7.15 , suse/sles/15.7/cdi-uploadserver:1.58.0.28.37 Container Release : 28.37 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1221714 1226724 1227807 1230111 1231051 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3616-1 Released: Mon Oct 14 13:03:56 2024 Summary: Recommended update for libnettle Type: recommended Severity: moderate References: 1221714,1226724 This update for libnettle fixes the following issue: - FIPS integrity checksums were not correct on s390x (bsc#1221714) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - libsasl2-3-2.1.28-150600.7.3.1 updated - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - libnettle8-3.9.1-150600.3.2.1 updated - libhogweed6-3.9.1-150600.3.2.1 updated - containerized-data-importer-uploadserver-1.58.0-150700.7.15 updated - container:sles15-image-15.0.0-50.34 updated From sle-container-updates at lists.suse.com Fri Oct 25 07:08:39 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Oct 2024 09:08:39 +0200 (CEST) Subject: SUSE-CU-2024:5323-1: Recommended update of suse/sle15 Message-ID: <20241025070839.EA7B1FD57@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5323-1 Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7.50.34 , suse/sle15:15.7 , suse/sle15:15.7.50.34 Container Release : 50.34 Severity : important Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1227807 1230111 1230912 1231043 1231051 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3681-1 Released: Wed Oct 16 19:34:35 2024 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1230912,1231043 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - bash-sh-4.4-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - glibc-2.38-150600.14.14.2 updated - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libreadline7-7.0-150400.27.3.2 updated - libsasl2-3-2.1.28-150600.7.3.1 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libzypp-17.35.12-150600.3.27.1 updated - sle-module-basesystem-release-15.7-150700.9.1 updated - sle-module-python3-release-15.7-150700.9.1 updated - sle-module-server-applications-release-15.7-150700.9.1 updated - sles-release-15.7-150700.9.1 updated From sle-container-updates at lists.suse.com Fri Oct 25 07:08:43 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Oct 2024 09:08:43 +0200 (CEST) Subject: SUSE-CU-2024:5324-1: Recommended update of suse/sles/15.7/virt-api Message-ID: <20241025070843.4BCDAFD85@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5324-1 Container Tags : suse/sles/15.7/virt-api:1.1.1 , suse/sles/15.7/virt-api:1.1.1-150700.9.19 , suse/sles/15.7/virt-api:1.1.1.27.35 Container Release : 27.35 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1227807 1231051 ----------------------------------------------------------------- The container suse/sles/15.7/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - kubevirt-virt-api-1.1.1-150700.9.19 updated - container:sles15-image-15.0.0-50.34 updated From sle-container-updates at lists.suse.com Fri Oct 25 07:08:47 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Oct 2024 09:08:47 +0200 (CEST) Subject: SUSE-CU-2024:5325-1: Recommended update of suse/sles/15.7/virt-controller Message-ID: <20241025070847.037D7FD85@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5325-1 Container Tags : suse/sles/15.7/virt-controller:1.1.1 , suse/sles/15.7/virt-controller:1.1.1-150700.9.19 , suse/sles/15.7/virt-controller:1.1.1.27.35 Container Release : 27.35 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1227807 1231051 ----------------------------------------------------------------- The container suse/sles/15.7/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - kubevirt-virt-controller-1.1.1-150700.9.19 updated - container:sles15-image-15.0.0-50.34 updated From sle-container-updates at lists.suse.com Fri Oct 25 07:08:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Oct 2024 09:08:49 +0200 (CEST) Subject: SUSE-CU-2024:5326-1: Recommended update of suse/sles/15.7/virt-exportproxy Message-ID: <20241025070849.B2714FD85@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5326-1 Container Tags : suse/sles/15.7/virt-exportproxy:1.1.1 , suse/sles/15.7/virt-exportproxy:1.1.1-150700.9.19 , suse/sles/15.7/virt-exportproxy:1.1.1.11.35 Container Release : 11.35 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1227807 1231051 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - kubevirt-virt-exportproxy-1.1.1-150700.9.19 updated - container:sles15-image-15.0.0-50.34 updated From sle-container-updates at lists.suse.com Fri Oct 25 07:08:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Oct 2024 09:08:52 +0200 (CEST) Subject: SUSE-CU-2024:5327-1: Recommended update of suse/sles/15.7/virt-exportserver Message-ID: <20241025070852.87447FD85@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-exportserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5327-1 Container Tags : suse/sles/15.7/virt-exportserver:1.1.1 , suse/sles/15.7/virt-exportserver:1.1.1-150700.9.19 , suse/sles/15.7/virt-exportserver:1.1.1.12.35 Container Release : 12.35 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1227807 1231051 ----------------------------------------------------------------- The container suse/sles/15.7/virt-exportserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - kubevirt-virt-exportserver-1.1.1-150700.9.19 updated - container:sles15-image-15.0.0-50.34 updated From sle-container-updates at lists.suse.com Fri Oct 25 07:08:56 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Oct 2024 09:08:56 +0200 (CEST) Subject: SUSE-CU-2024:5328-1: Recommended update of suse/sles/15.7/virt-handler Message-ID: <20241025070856.34D58FD85@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5328-1 Container Tags : suse/sles/15.7/virt-handler:1.1.1 , suse/sles/15.7/virt-handler:1.1.1-150700.9.19 , suse/sles/15.7/virt-handler:1.1.1.29.41 Container Release : 29.41 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1221714 1226724 1227807 1230111 1231051 ----------------------------------------------------------------- The container suse/sles/15.7/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3616-1 Released: Mon Oct 14 13:03:56 2024 Summary: Recommended update for libnettle Type: recommended Severity: moderate References: 1221714,1226724 This update for libnettle fixes the following issue: - FIPS integrity checksums were not correct on s390x (bsc#1221714) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - libsasl2-3-2.1.28-150600.7.3.1 updated - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - sles-release-15.7-150700.9.1 updated - kubevirt-container-disk-1.1.1-150700.9.19 updated - kubevirt-virt-handler-1.1.1-150700.9.19 updated - libnettle8-3.9.1-150600.3.2.1 updated - libhogweed6-3.9.1-150600.3.2.1 updated - container:sles15-image-15.0.0-50.34 updated From sle-container-updates at lists.suse.com Fri Oct 25 07:09:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Oct 2024 09:09:00 +0200 (CEST) Subject: SUSE-CU-2024:5329-1: Recommended update of suse/sles/15.7/virt-launcher Message-ID: <20241025070900.107CEFD85@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5329-1 Container Tags : suse/sles/15.7/virt-launcher:1.1.1 , suse/sles/15.7/virt-launcher:1.1.1-150700.9.19 , suse/sles/15.7/virt-launcher:1.1.1.34.20 Container Release : 34.20 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1221714 1226724 1227807 1230111 1231051 ----------------------------------------------------------------- The container suse/sles/15.7/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3616-1 Released: Mon Oct 14 13:03:56 2024 Summary: Recommended update for libnettle Type: recommended Severity: moderate References: 1221714,1226724 This update for libnettle fixes the following issue: - FIPS integrity checksums were not correct on s390x (bsc#1221714) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - libsasl2-3-2.1.28-150600.7.3.1 updated - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - sles-release-15.7-150700.9.1 updated - kubevirt-container-disk-1.1.1-150700.9.19 updated - libnettle8-3.9.1-150600.3.2.1 updated - cyrus-sasl-2.1.28-150600.7.3.1 updated - libhogweed6-3.9.1-150600.3.2.1 updated - virtiofsd-1.11.1-150700.1.2 updated - cyrus-sasl-digestmd5-2.1.28-150600.7.3.1 updated - xen-libs-4.19.0_04-150700.1.3 updated - libvirt-libs-10.8.0-150700.1.2 updated - libvirt-daemon-log-10.8.0-150700.1.2 updated - libvirt-client-10.8.0-150700.1.2 updated - kubevirt-virt-launcher-1.1.1-150700.9.19 updated - libvirt-daemon-common-10.8.0-150700.1.2 updated - libvirt-daemon-driver-qemu-10.8.0-150700.1.2 updated - container:sles15-image-15.0.0-50.34 updated From sle-container-updates at lists.suse.com Fri Oct 25 07:09:03 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Oct 2024 09:09:03 +0200 (CEST) Subject: SUSE-CU-2024:5330-1: Recommended update of suse/sles/15.7/libguestfs-tools Message-ID: <20241025070903.E8DD6FD85@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5330-1 Container Tags : suse/sles/15.7/libguestfs-tools:1.1.1 , suse/sles/15.7/libguestfs-tools:1.1.1-150700.9.19 , suse/sles/15.7/libguestfs-tools:1.1.1.28.49 Container Release : 28.49 Severity : important Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1221714 1226724 1227807 1229555 1230111 1230912 1231043 1231051 ----------------------------------------------------------------- The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3583-1 Released: Thu Oct 10 08:56:24 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1229555 This update for wicked fixes the following issues: - compat-suse: fix dummy interfaces configuration with `INTERFACETYPE=dummy` (bsc#1229555). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3589-1 Released: Thu Oct 10 16:39:07 2024 Summary: Recommended update for cyrus-sasl Type: recommended Severity: moderate References: 1230111 This update for cyrus-sasl fixes the following issues: - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3616-1 Released: Mon Oct 14 13:03:56 2024 Summary: Recommended update for libnettle Type: recommended Severity: moderate References: 1221714,1226724 This update for libnettle fixes the following issue: - FIPS integrity checksums were not correct on s390x (bsc#1221714) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3681-1 Released: Wed Oct 16 19:34:35 2024 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1230912,1231043 This update for libzypp fixes the following issues: - Send unescaped colons in header values. According to the STOMP protocol, it would be correct to escape colon here but the practice broke plugin receivers that didn't expect this. The incompatiblity affected customers who were running spacewalk-repo-sync and experienced issues when accessing the cloud URL. [bsc#1231043] - Fix hang in curl code with no network connection. [bsc#1230912] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - libsasl2-3-2.1.28-150600.7.3.1 updated - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - libzypp-17.35.12-150600.3.27.1 updated - sles-release-15.7-150700.9.1 updated - libnettle8-3.9.1-150600.3.2.1 updated - cyrus-sasl-2.1.28-150600.7.3.1 updated - libhogweed6-3.9.1-150600.3.2.1 updated - virtiofsd-1.11.1-150700.1.2 updated - cyrus-sasl-digestmd5-2.1.28-150600.7.3.1 updated - libmpath0-0.10.0+103+suse.0fc97cd-150700.1.3 updated - xen-libs-4.19.0_04-150700.1.3 updated - libvirt-libs-10.8.0-150700.1.2 updated - wicked-0.6.76-150600.11.12.2 updated - wicked-service-0.6.76-150600.11.12.2 updated - container:sles15-image-15.0.0-50.34 updated From sle-container-updates at lists.suse.com Fri Oct 25 07:09:07 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Oct 2024 09:09:07 +0200 (CEST) Subject: SUSE-CU-2024:5331-1: Recommended update of suse/sles/15.7/virt-operator Message-ID: <20241025070907.9E970FD85@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5331-1 Container Tags : suse/sles/15.7/virt-operator:1.1.1 , suse/sles/15.7/virt-operator:1.1.1-150700.9.19 , suse/sles/15.7/virt-operator:1.1.1.27.35 Container Release : 27.35 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1227807 1231051 ----------------------------------------------------------------- The container suse/sles/15.7/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - kubevirt-virt-operator-1.1.1-150700.9.19 updated - container:sles15-image-15.0.0-50.34 updated From sle-container-updates at lists.suse.com Fri Oct 25 07:08:22 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Fri, 25 Oct 2024 09:08:22 +0200 (CEST) Subject: SUSE-CU-2024:5318-1: Recommended update of suse/sles/15.7/cdi-controller Message-ID: <20241025070822.26568F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.7/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5318-1 Container Tags : suse/sles/15.7/cdi-controller:1.58.0 , suse/sles/15.7/cdi-controller:1.58.0-150700.7.15 , suse/sles/15.7/cdi-controller:1.58.0.27.34 Container Release : 27.34 Severity : moderate Type : recommended References : 1188441 1210959 1214915 1219031 1220724 1221601 1227807 1231051 ----------------------------------------------------------------- The container suse/sles/15.7/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3659-1 Released: Wed Oct 16 15:12:47 2024 Summary: Recommended update for gcc14 Type: recommended Severity: moderate References: 1188441,1210959,1214915,1219031,1220724,1221601 This update for gcc14 fixes the following issues: This update ships the GNU Compiler Collection GCC 14.2. (jsc#PED-10474) The compiler runtime libraries are provided for all SUSE Linux Enterprise 15 versions and replace the same named GCC 13 ones. The new compilers for C, C++, and Fortran are provided for SUSE Linux Enterprise 15 SP5 and SP6, and provided in the 'Development Tools' module. The Go, D, Ada and Modula 2 language compiler parts are available unsupported via the PackageHub repositories. To use gcc14 compilers use: - install 'gcc14' or 'gcc14-c++' or one of the other 'gcc14-COMPILER' frontend packages. - override your Makefile to use CC=gcc14, CXX=g++14 and similar overrides for the other languages. For a full changelog with all new GCC14 features, check out https://gcc.gnu.org/gcc-14/changes.html - Add libquadmath0-devel-gcc14 sub-package to allow installing quadmath.h and SO link without installing the fortran frontend - Avoid combine spending too much compile-time and memory doing nothing on s390x. [bsc#1188441] - Remove timezone Recommends from the libstdc++6 package. [bsc#1221601] - Revert libgccjit dependency change. [bsc#1220724] - Fix libgccjit-devel dependency, a newer shared library is OK. - Fix libgccjit dependency, the corresponding compiler isn't required. - Add cross-X-newlib-devel requires to newlib cross compilers. [bsc#1219031] - Re-enable AutoReqProv for cross packages but filter files processed via __requires_exclude_from and __provides_exclude_from. [bsc#1219031] - Package m2rte.so plugin in the gcc14-m2 sub-package rather than in gcc13-devel. [bsc#1210959] - Require libstdc++6-devel-gcc14 from gcc14-m2 as m2 programs are linked against libstdc++6. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3726-1 Released: Fri Oct 18 11:56:40 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1231051 This update for glibc fixes the following issue: - Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051). The following package changes have been done: - glibc-2.38-150600.14.14.2 updated - libgcc_s1-14.2.0+git10526-150000.1.3.3 updated - libstdc++6-14.2.0+git10526-150000.1.3.3 updated - libreadline7-7.0-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - bash-sh-4.4-150400.27.3.2 updated - containerized-data-importer-controller-1.58.0-150700.7.15 updated - container:sles15-image-15.0.0-50.34 updated From sle-container-updates at lists.suse.com Tue Oct 29 08:04:50 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Oct 2024 09:04:50 +0100 (CET) Subject: SUSE-CU-2024:5336-1: Recommended update of suse/sles12sp5 Message-ID: <20241029080450.6DC31F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5336-1 Container Tags : suse/sles12sp5:6.11.16 , suse/sles12sp5:latest Container Release : 6.11.16 Severity : moderate Type : recommended References : 1231833 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3761-1 Released: Mon Oct 28 10:22:23 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1231833 This update for gcc13 fixes the following issues: - Fixed parsing tzdata 2024b [gcc#116657] The following package changes have been done: - libgcc_s1-13.3.0+git8781-1.16.1 updated - libstdc++6-13.3.0+git8781-1.16.1 updated From sle-container-updates at lists.suse.com Tue Oct 29 08:04:53 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Oct 2024 09:04:53 +0100 (CET) Subject: SUSE-CU-2024:5337-1: Recommended update of suse/ltss/sle12.5/sles12sp5 Message-ID: <20241029080453.62307F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5337-1 Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.18 , suse/ltss/sle12.5/sles12sp5:latest Container Release : 8.5.18 Severity : moderate Type : recommended References : 1231833 ----------------------------------------------------------------- The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3761-1 Released: Mon Oct 28 10:22:23 2024 Summary: Recommended update for gcc13 Type: recommended Severity: moderate References: 1231833 This update for gcc13 fixes the following issues: - Fixed parsing tzdata 2024b [gcc#116657] The following package changes have been done: - libgcc_s1-13.3.0+git8781-1.16.1 updated - libstdc++6-13.3.0+git8781-1.16.1 updated From sle-container-updates at lists.suse.com Tue Oct 29 13:24:23 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Oct 2024 14:24:23 +0100 (CET) Subject: SUSE-IU-2024:1622-1: Security update of suse/sle-micro/kvm-5.5 Message-ID: <20241029132423.17F89FCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/kvm-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1622-1 Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.208 , suse/sle-micro/kvm-5.5:latest Image Release : 3.5.208 Severity : moderate Type : security References : 1220262 CVE-2023-50782 ----------------------------------------------------------------- The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3765-1 Released: Tue Oct 29 02:34:05 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-1_1 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.37.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.106 updated From sle-container-updates at lists.suse.com Tue Oct 29 13:24:37 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Oct 2024 14:24:37 +0100 (CET) Subject: SUSE-IU-2024:1623-1: Security update of suse/sle-micro/rt-5.5 Message-ID: <20241029132437.852C4FCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/rt-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1623-1 Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.226 , suse/sle-micro/rt-5.5:latest Image Release : 4.5.226 Severity : moderate Type : security References : 1220262 CVE-2023-50782 ----------------------------------------------------------------- The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3765-1 Released: Tue Oct 29 02:34:05 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-1_1 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.37.1 updated - container:suse-sle-micro-5.5-latest-2.0.4-5.5.172 updated From sle-container-updates at lists.suse.com Tue Oct 29 13:25:00 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Oct 2024 14:25:00 +0100 (CET) Subject: SUSE-IU-2024:1624-1: Security update of suse/sle-micro/5.5 Message-ID: <20241029132500.77EF4FCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1624-1 Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.172 , suse/sle-micro/5.5:latest Image Release : 5.5.172 Severity : moderate Type : security References : 1220262 CVE-2023-50782 ----------------------------------------------------------------- The container suse/sle-micro/5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3765-1 Released: Tue Oct 29 02:34:05 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-1_1 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.37.1 updated - openssl-1_1-1.1.1l-150500.17.37.1 updated - container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.106 updated From sle-container-updates at lists.suse.com Tue Oct 29 13:28:01 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Tue, 29 Oct 2024 14:28:01 +0100 (CET) Subject: SUSE-CU-2024:5340-1: Security update of suse/sle15 Message-ID: <20241029132801.42D75FCBE@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5340-1 Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.33 , suse/sle15:15.5 , suse/sle15:15.5.36.14.33 Container Release : 36.14.33 Severity : moderate Type : security References : 1220262 CVE-2023-50782 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3765-1 Released: Tue Oct 29 02:34:05 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-1_1 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150500.17.37.1 updated - libopenssl1_1-1.1.1l-150500.17.37.1 updated - openssl-1_1-1.1.1l-150500.17.37.1 updated From sle-container-updates at lists.suse.com Wed Oct 30 08:02:10 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 30 Oct 2024 09:02:10 +0100 (CET) Subject: SUSE-IU-2024:1625-1: Security update of suse/sle-micro/base-5.5 Message-ID: <20241030080210.9C9AEFCBE@maintenance.suse.de> SUSE Image Update Advisory: suse/sle-micro/base-5.5 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1625-1 Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.107 , suse/sle-micro/base-5.5:latest Image Release : 5.8.107 Severity : moderate Type : security References : 1220262 CVE-2023-50782 ----------------------------------------------------------------- The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3765-1 Released: Tue Oct 29 02:34:05 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-1_1 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.37.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.37.1 updated - openssl-1_1-1.1.1l-150500.17.37.1 updated - container:suse-sle15-15.5-9589ffc5c7c549b0330e9646041e9ac79fd48b8ad452a47a220087e16ddab886-0 updated From sle-container-updates at lists.suse.com Wed Oct 30 08:03:58 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 30 Oct 2024 09:03:58 +0100 (CET) Subject: SUSE-CU-2024:5341-1: Security update of suse/sle-micro/5.5/toolbox Message-ID: <20241030080358.CEE80F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5341-1 Container Tags : suse/sle-micro/5.5/toolbox:13.2 , suse/sle-micro/5.5/toolbox:13.2-3.5.79 , suse/sle-micro/5.5/toolbox:latest Container Release : 3.5.79 Severity : moderate Type : security References : 1220262 CVE-2023-50782 ----------------------------------------------------------------- The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3765-1 Released: Tue Oct 29 02:34:05 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-1_1 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) The following package changes have been done: - libopenssl1_1-hmac-1.1.1l-150500.17.37.1 updated - libopenssl1_1-1.1.1l-150500.17.37.1 updated - openssl-1_1-1.1.1l-150500.17.37.1 updated - container:suse-sle15-15.5-9589ffc5c7c549b0330e9646041e9ac79fd48b8ad452a47a220087e16ddab886-0 updated From sle-container-updates at lists.suse.com Wed Oct 30 08:06:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 30 Oct 2024 09:06:49 +0100 (CET) Subject: SUSE-CU-2024:5342-1: Security update of bci/bci-init Message-ID: <20241030080649.B87ADF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5342-1 Container Tags : bci/bci-init:15.5 , bci/bci-init:15.5.32.6 Container Release : 32.6 Severity : moderate Type : security References : 1220262 CVE-2023-50782 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3765-1 Released: Tue Oct 29 02:34:05 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-1_1 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.37.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.37.1 updated - container:registry.suse.com-bci-bci-base-15.5-9589ffc5c7c549b0330e9646041e9ac79fd48b8ad452a47a220087e16ddab886-0 updated From sle-container-updates at lists.suse.com Wed Oct 30 08:07:41 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 30 Oct 2024 09:07:41 +0100 (CET) Subject: SUSE-CU-2024:5343-1: Security update of bci/nodejs Message-ID: <20241030080741.BB1FAF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5343-1 Container Tags : bci/node:18 , bci/node:18-36.6 , bci/node:18.20.4 , bci/nodejs:18 , bci/nodejs:18-36.6 , bci/nodejs:18.20.4 Container Release : 36.6 Severity : moderate Type : security References : 1220262 CVE-2023-50782 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3765-1 Released: Tue Oct 29 02:34:05 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-1_1 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.37.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.37.1 updated - container:registry.suse.com-bci-bci-base-15.5-9589ffc5c7c549b0330e9646041e9ac79fd48b8ad452a47a220087e16ddab886-0 updated From sle-container-updates at lists.suse.com Wed Oct 30 08:08:32 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 30 Oct 2024 09:08:32 +0100 (CET) Subject: SUSE-CU-2024:5344-1: Security update of bci/openjdk Message-ID: <20241030080832.E139EF74A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5344-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-33.6 Container Release : 33.6 Severity : moderate Type : security References : 1220262 CVE-2023-50782 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3765-1 Released: Tue Oct 29 02:34:05 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-1_1 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.37.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.37.1 updated - openssl-1_1-1.1.1l-150500.17.37.1 updated - container:registry.suse.com-bci-bci-base-15.5-9589ffc5c7c549b0330e9646041e9ac79fd48b8ad452a47a220087e16ddab886-0 updated From sle-container-updates at lists.suse.com Wed Oct 30 08:09:30 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 30 Oct 2024 09:09:30 +0100 (CET) Subject: SUSE-CU-2024:5345-1: Security update of bci/openjdk Message-ID: <20241030080930.40393F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5345-1 Container Tags : bci/openjdk:17 , bci/openjdk:17-35.6 Container Release : 35.6 Severity : moderate Type : security References : 1220262 CVE-2023-50782 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3765-1 Released: Tue Oct 29 02:34:05 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-1_1 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.37.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.37.1 updated - openssl-1_1-1.1.1l-150500.17.37.1 updated - container:registry.suse.com-bci-bci-base-15.5-9589ffc5c7c549b0330e9646041e9ac79fd48b8ad452a47a220087e16ddab886-0 updated From sle-container-updates at lists.suse.com Wed Oct 30 08:10:11 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 30 Oct 2024 09:10:11 +0100 (CET) Subject: SUSE-CU-2024:5346-1: Security update of suse/postgres Message-ID: <20241030081011.1E7D1F74A@maintenance.suse.de> SUSE Container Update Advisory: suse/postgres ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5346-1 Container Tags : suse/postgres:15 , suse/postgres:15-36.6 , suse/postgres:15.8 , suse/postgres:15.8 Container Release : 36.6 Severity : moderate Type : security References : 1220262 CVE-2023-50782 ----------------------------------------------------------------- The container suse/postgres was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3765-1 Released: Tue Oct 29 02:34:05 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-1_1 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.37.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.37.1 updated - container:registry.suse.com-bci-bci-base-15.5-9589ffc5c7c549b0330e9646041e9ac79fd48b8ad452a47a220087e16ddab886-0 updated From sle-container-updates at lists.suse.com Wed Oct 30 08:10:49 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Wed, 30 Oct 2024 09:10:49 +0100 (CET) Subject: SUSE-CU-2024:5347-1: Security update of bci/bci-sle15-kernel-module-devel Message-ID: <20241030081049.AD4C0F74A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:5347-1 Container Tags : bci/bci-sle15-kernel-module-devel:15.5 , bci/bci-sle15-kernel-module-devel:15.5.27.6 Container Release : 27.6 Severity : moderate Type : security References : 1220262 CVE-2023-50782 ----------------------------------------------------------------- The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3765-1 Released: Tue Oct 29 02:34:05 2024 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1220262,CVE-2023-50782 This update for openssl-1_1 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) The following package changes have been done: - libopenssl1_1-1.1.1l-150500.17.37.1 updated - libopenssl1_1-hmac-1.1.1l-150500.17.37.1 updated - openssl-1_1-1.1.1l-150500.17.37.1 updated - container:registry.suse.com-bci-bci-base-15.5-9589ffc5c7c549b0330e9646041e9ac79fd48b8ad452a47a220087e16ddab886-0 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:01:40 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 07:01:40 -0000 Subject: SUSE-IU-2024:1497-1: Security update of suse-sles-15-sp5-chost-byos-v20241011-x86_64-gen2 Message-ID: <20241014070139.4088BFCC1@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20241011-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1497-1 Image Tags : suse-sles-15-sp5-chost-byos-v20241011-x86_64-gen2:20241011 Image Release : Severity : important Type : security References : 1193629 1194111 1194765 1194869 1196261 1196516 1196894 1198017 1199769 1203329 1203330 1203360 1205462 1206006 1206258 1206843 1207158 1208783 1210644 1213580 1213632 1214285 1216223 1216834 1217761 1220382 1220428 1220877 1220962 1221269 1221326 1221610 1221630 1221645 1221650 1221765 1222335 1222350 1222372 1222387 1222629 1222634 1222808 1222967 1222973 1223074 1223191 1223508 1223600 1223720 1223742 1223777 1223803 1223807 1223848 1224085 1224105 1224415 1224496 1224510 1224542 1224578 1224639 1225162 1225352 1225428 1225524 1225578 1225582 1225773 1225814 1225827 1225832 1225903 1225903 1226003 1226168 1226530 1226606 1226613 1226662 1226666 1226742 1226765 1226798 1226801 1226846 1226860 1226874 1226875 1226885 1226915 1227079 1227216 1227233 1227378 1227487 1227623 1227726 1227761 1227807 1227819 1227830 1227832 1227863 1227867 1227890 1227929 1227937 1227958 1227999 1228020 1228065 1228114 1228410 1228426 1228427 1228429 1228446 1228447 1228449 1228450 1228452 1228456 1228463 1228466 1228467 1228469 1228480 1228481 1228482 1228483 1228484 1228485 1228487 1228489 1228491 1228493 1228494 1228495 1228496 1228501 1228503 1228507 1228509 1228513 1228515 1228516 1228526 1228531 1228563 1228564 1228567 1228576 1228576 1228579 1228584 1228588 1228590 1228615 1228616 1228620 1228635 1228636 1228647 1228654 1228656 1228658 1228660 1228661 1228662 1228667 1228673 1228677 1228687 1228706 1228708 1228710 1228718 1228720 1228721 1228722 1228724 1228726 1228727 1228733 1228748 1228766 1228771 1228779 1228780 1228801 1228850 1228857 1228866 1228959 1228964 1228966 1228967 1228979 1228988 1228989 1228991 1228992 1229014 1229028 1229031 1229034 1229042 1229054 1229086 1229086 1229136 1229154 1229156 1229187 1229188 1229190 1229287 1229289 1229290 1229292 1229296 1229297 1229301 1229303 1229304 1229305 1229307 1229309 1229312 1229314 1229315 1229317 1229318 1229319 1229327 1229334 1229341 1229345 1229346 1229347 1229349 1229350 1229351 1229354 1229356 1229357 1229358 1229359 1229360 1229362 1229363 1229364 1229366 1229370 1229373 1229374 1229381 1229382 1229383 1229386 1229388 1229391 1229392 1229394 1229395 1229398 1229399 1229400 1229407 1229409 1229410 1229411 1229413 1229414 1229417 1229418 1229429 1229444 1229453 1229453 1229454 1229476 1229481 1229482 1229488 1229489 1229490 1229493 1229495 1229497 1229500 1229503 1229506 1229507 1229508 1229509 1229510 1229512 1229516 1229521 1229522 1229523 1229524 1229525 1229526 1229527 1229528 1229529 1229531 1229533 1229535 1229536 1229537 1229540 1229544 1229545 1229546 1229547 1229548 1229554 1229555 1229557 1229558 1229559 1229560 1229562 1229564 1229565 1229566 1229568 1229569 1229572 1229572 1229573 1229573 1229576 1229581 1229585 1229588 1229596 1229598 1229603 1229604 1229605 1229607 1229608 1229611 1229612 1229613 1229614 1229615 1229616 1229617 1229619 1229620 1229622 1229623 1229624 1229625 1229626 1229628 1229629 1229630 1229631 1229632 1229633 1229635 1229636 1229637 1229638 1229639 1229641 1229642 1229643 1229645 1229657 1229658 1229662 1229662 1229664 1229707 1229739 1229743 1229746 1229753 1229754 1229755 1229756 1229759 1229761 1229764 1229767 1229768 1229781 1229784 1229787 1229788 1229789 1229790 1229792 1229810 1229820 1229830 1229899 1229928 1229947 1230015 1230110 1230129 1230130 1230145 1230170 1230171 1230174 1230175 1230176 1230178 1230180 1230185 1230192 1230193 1230194 1230200 1230204 1230209 1230211 1230212 1230217 1230224 1230227 1230229 1230230 1230233 1230244 1230245 1230247 1230248 1230267 1230269 1230330 1230339 1230340 1230366 1230392 1230398 1230413 1230431 1230433 1230434 1230440 1230442 1230444 1230450 1230451 1230454 1230506 1230507 1230511 1230515 1230516 1230517 1230524 1230533 1230535 1230549 1230556 1230582 1230589 1230591 1230592 1230699 1230700 1230701 1230702 1230703 1230705 1230706 1230707 1230709 1230710 1230711 1230712 1230719 1230724 1230725 1230730 1230731 1230732 1230733 1230747 1230748 1230751 1230752 1230756 1230761 1230766 1230767 1230768 1230771 1230772 1230776 1230783 1230786 1230791 1230794 1230796 1230802 1230806 1230808 1230810 1230812 1230813 1230814 1230815 1230821 1230825 1230830 1230840 1230894 1231013 1231017 1231116 1231120 1231146 1231180 1231181 1231229 CVE-2021-4204 CVE-2021-4441 CVE-2021-47106 CVE-2021-47517 CVE-2021-47546 CVE-2022-0500 CVE-2022-23222 CVE-2022-38457 CVE-2022-40133 CVE-2022-4382 CVE-2022-48645 CVE-2022-48706 CVE-2022-48808 CVE-2022-48865 CVE-2022-48868 CVE-2022-48869 CVE-2022-48870 CVE-2022-48871 CVE-2022-48872 CVE-2022-48873 CVE-2022-48875 CVE-2022-48878 CVE-2022-48880 CVE-2022-48881 CVE-2022-48882 CVE-2022-48883 CVE-2022-48884 CVE-2022-48885 CVE-2022-48886 CVE-2022-48887 CVE-2022-48888 CVE-2022-48889 CVE-2022-48890 CVE-2022-48891 CVE-2022-48893 CVE-2022-48896 CVE-2022-48898 CVE-2022-48899 CVE-2022-48901 CVE-2022-48903 CVE-2022-48904 CVE-2022-48905 CVE-2022-48906 CVE-2022-48907 CVE-2022-48909 CVE-2022-48910 CVE-2022-48911 CVE-2022-48912 CVE-2022-48913 CVE-2022-48914 CVE-2022-48915 CVE-2022-48916 CVE-2022-48917 CVE-2022-48918 CVE-2022-48919 CVE-2022-48920 CVE-2022-48921 CVE-2022-48923 CVE-2022-48923 CVE-2022-48924 CVE-2022-48925 CVE-2022-48926 CVE-2022-48927 CVE-2022-48928 CVE-2022-48929 CVE-2022-48930 CVE-2022-48931 CVE-2022-48932 CVE-2022-48934 CVE-2022-48935 CVE-2022-48937 CVE-2022-48938 CVE-2022-48939 CVE-2022-48940 CVE-2022-48941 CVE-2022-48942 CVE-2022-48943 CVE-2022-48944 CVE-2022-48945 CVE-2023-3610 CVE-2023-52458 CVE-2023-52489 CVE-2023-52498 CVE-2023-52581 CVE-2023-52610 CVE-2023-52859 CVE-2023-52887 CVE-2023-52889 CVE-2023-52893 CVE-2023-52894 CVE-2023-52896 CVE-2023-52898 CVE-2023-52899 CVE-2023-52900 CVE-2023-52901 CVE-2023-52904 CVE-2023-52905 CVE-2023-52906 CVE-2023-52907 CVE-2023-52908 CVE-2023-52909 CVE-2023-52910 CVE-2023-52911 CVE-2023-52912 CVE-2023-52913 CVE-2023-52916 CVE-2024-26631 CVE-2024-26640 CVE-2024-26668 CVE-2024-26669 CVE-2024-26677 CVE-2024-26735 CVE-2024-26759 CVE-2024-26767 CVE-2024-26804 CVE-2024-26808 CVE-2024-26812 CVE-2024-26835 CVE-2024-26837 CVE-2024-26851 CVE-2024-27010 CVE-2024-27011 CVE-2024-27016 CVE-2024-27024 CVE-2024-27079 CVE-2024-27403 CVE-2024-31076 CVE-2024-35897 CVE-2024-35902 CVE-2024-35945 CVE-2024-35971 CVE-2024-36009 CVE-2024-36013 CVE-2024-36270 CVE-2024-36286 CVE-2024-36489 CVE-2024-36929 CVE-2024-36933 CVE-2024-36936 CVE-2024-36962 CVE-2024-37353 CVE-2024-38538 CVE-2024-38554 CVE-2024-38596 CVE-2024-38602 CVE-2024-38632 CVE-2024-38662 CVE-2024-39489 CVE-2024-40905 CVE-2024-40910 CVE-2024-40973 CVE-2024-40978 CVE-2024-40980 CVE-2024-40983 CVE-2024-40995 CVE-2024-41000 CVE-2024-41007 CVE-2024-41009 CVE-2024-41011 CVE-2024-41016 CVE-2024-41020 CVE-2024-41022 CVE-2024-41035 CVE-2024-41036 CVE-2024-41038 CVE-2024-41039 CVE-2024-41042 CVE-2024-41045 CVE-2024-41056 CVE-2024-41060 CVE-2024-41062 CVE-2024-41062 CVE-2024-41065 CVE-2024-41068 CVE-2024-41073 CVE-2024-41079 CVE-2024-41080 CVE-2024-41082 CVE-2024-41087 CVE-2024-41088 CVE-2024-41089 CVE-2024-41092 CVE-2024-41093 CVE-2024-41095 CVE-2024-41097 CVE-2024-41098 CVE-2024-42069 CVE-2024-42074 CVE-2024-42076 CVE-2024-42077 CVE-2024-42080 CVE-2024-42082 CVE-2024-42085 CVE-2024-42086 CVE-2024-42087 CVE-2024-42089 CVE-2024-42090 CVE-2024-42092 CVE-2024-42095 CVE-2024-42097 CVE-2024-42098 CVE-2024-42101 CVE-2024-42104 CVE-2024-42106 CVE-2024-42107 CVE-2024-42110 CVE-2024-42114 CVE-2024-42115 CVE-2024-42119 CVE-2024-42120 CVE-2024-42121 CVE-2024-42126 CVE-2024-42127 CVE-2024-42130 CVE-2024-42137 CVE-2024-42139 CVE-2024-42142 CVE-2024-42143 CVE-2024-42148 CVE-2024-42152 CVE-2024-42154 CVE-2024-42155 CVE-2024-42156 CVE-2024-42157 CVE-2024-42158 CVE-2024-42162 CVE-2024-42223 CVE-2024-42225 CVE-2024-42228 CVE-2024-42229 CVE-2024-42230 CVE-2024-42232 CVE-2024-42236 CVE-2024-42237 CVE-2024-42238 CVE-2024-42239 CVE-2024-42240 CVE-2024-42244 CVE-2024-42246 CVE-2024-42247 CVE-2024-42259 CVE-2024-42265 CVE-2024-42268 CVE-2024-42271 CVE-2024-42274 CVE-2024-42276 CVE-2024-42277 CVE-2024-42280 CVE-2024-42281 CVE-2024-42283 CVE-2024-42284 CVE-2024-42285 CVE-2024-42286 CVE-2024-42287 CVE-2024-42288 CVE-2024-42289 CVE-2024-42291 CVE-2024-42292 CVE-2024-42295 CVE-2024-42301 CVE-2024-42302 CVE-2024-42304 CVE-2024-42305 CVE-2024-42306 CVE-2024-42308 CVE-2024-42309 CVE-2024-42310 CVE-2024-42311 CVE-2024-42312 CVE-2024-42313 CVE-2024-42315 CVE-2024-42318 CVE-2024-42319 CVE-2024-42320 CVE-2024-42322 CVE-2024-43816 CVE-2024-43818 CVE-2024-43819 CVE-2024-43821 CVE-2024-43823 CVE-2024-43828 CVE-2024-43829 CVE-2024-43830 CVE-2024-43831 CVE-2024-43834 CVE-2024-43835 CVE-2024-43837 CVE-2024-43839 CVE-2024-43841 CVE-2024-43842 CVE-2024-43846 CVE-2024-43849 CVE-2024-43853 CVE-2024-43854 CVE-2024-43856 CVE-2024-43858 CVE-2024-43860 CVE-2024-43861 CVE-2024-43863 CVE-2024-43866 CVE-2024-43867 CVE-2024-43871 CVE-2024-43872 CVE-2024-43873 CVE-2024-43879 CVE-2024-43880 CVE-2024-43882 CVE-2024-43883 CVE-2024-43884 CVE-2024-43889 CVE-2024-43890 CVE-2024-43892 CVE-2024-43893 CVE-2024-43894 CVE-2024-43895 CVE-2024-43898 CVE-2024-43899 CVE-2024-43900 CVE-2024-43902 CVE-2024-43903 CVE-2024-43904 CVE-2024-43905 CVE-2024-43907 CVE-2024-43908 CVE-2024-43909 CVE-2024-43912 CVE-2024-43914 CVE-2024-44935 CVE-2024-44938 CVE-2024-44939 CVE-2024-44944 CVE-2024-44946 CVE-2024-44947 CVE-2024-44948 CVE-2024-44950 CVE-2024-44952 CVE-2024-44954 CVE-2024-44967 CVE-2024-44969 CVE-2024-44970 CVE-2024-44971 CVE-2024-44972 CVE-2024-44977 CVE-2024-44982 CVE-2024-44986 CVE-2024-44987 CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44998 CVE-2024-44999 CVE-2024-45000 CVE-2024-45001 CVE-2024-45003 CVE-2024-45006 CVE-2024-45007 CVE-2024-45008 CVE-2024-45011 CVE-2024-45013 CVE-2024-45015 CVE-2024-45018 CVE-2024-45020 CVE-2024-45021 CVE-2024-45026 CVE-2024-45028 CVE-2024-45029 CVE-2024-45817 CVE-2024-46673 CVE-2024-46674 CVE-2024-46675 CVE-2024-46676 CVE-2024-46677 CVE-2024-46679 CVE-2024-46685 CVE-2024-46686 CVE-2024-46689 CVE-2024-46694 CVE-2024-46702 CVE-2024-46707 CVE-2024-46714 CVE-2024-46715 CVE-2024-46717 CVE-2024-46720 CVE-2024-46721 CVE-2024-46722 CVE-2024-46723 CVE-2024-46724 CVE-2024-46725 CVE-2024-46726 CVE-2024-46727 CVE-2024-46728 CVE-2024-46730 CVE-2024-46731 CVE-2024-46732 CVE-2024-46737 CVE-2024-46738 CVE-2024-46739 CVE-2024-46743 CVE-2024-46744 CVE-2024-46745 CVE-2024-46746 CVE-2024-46747 CVE-2024-46750 CVE-2024-46751 CVE-2024-46752 CVE-2024-46753 CVE-2024-46755 CVE-2024-46756 CVE-2024-46758 CVE-2024-46759 CVE-2024-46761 CVE-2024-46771 CVE-2024-46772 CVE-2024-46773 CVE-2024-46774 CVE-2024-46778 CVE-2024-46780 CVE-2024-46781 CVE-2024-46783 CVE-2024-46784 CVE-2024-46786 CVE-2024-46787 CVE-2024-46791 CVE-2024-46794 CVE-2024-46798 CVE-2024-46822 CVE-2024-46830 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20241011-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3233-1 Released: Fri Sep 13 08:48:54 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1217761,1228866 This update for grub2 fixes the following issues: - Support powerpc net boot installation when secure boot is enabled (bsc#1217761, bsc#1228866) - Improved check for disk device when looking for PReP partition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3237-1 Released: Fri Sep 13 11:49:56 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3315-1 Released: Wed Sep 18 16:26:56 2024 Summary: Recommended update for cpupower Type: recommended Severity: moderate References: 1221765 This update for cpupower fixes the following issue: - Fix uncore frequency file string (bsc#1221765). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3328-1 Released: Thu Sep 19 09:37:09 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1229014,1230229 This update for suseconnect-ng fixes the following issue: - Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3420-1 Released: Tue Sep 24 16:13:23 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3421-1 Released: Tue Sep 24 17:25:05 2024 Summary: Security update for xen Type: security Severity: moderate References: 1230366,CVE-2024-45817 This update for xen fixes the following issues: - CVE-2024-45817: Fixed a deadlock in vlapic_error (XSA-462, bsc#1230366) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3451-1 Released: Thu Sep 26 09:10:50 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1227216 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3477-1 Released: Fri Sep 27 15:22:22 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3483-1 Released: Fri Sep 27 17:11:54 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1193629,1194111,1194765,1194869,1196261,1196516,1196894,1198017,1203329,1203330,1203360,1205462,1206006,1206258,1206843,1207158,1208783,1210644,1213580,1213632,1214285,1216834,1220428,1220877,1220962,1221269,1221326,1221630,1221645,1222335,1222350,1222372,1222387,1222634,1222808,1222967,1223074,1223191,1223508,1223720,1223742,1223777,1223803,1223807,1224105,1224415,1224496,1224510,1224542,1224578,1224639,1225162,1225352,1225428,1225524,1225578,1225582,1225773,1225814,1225827,1225832,1225903,1226168,1226530,1226613,1226742,1226765,1226798,1226801,1226874,1226885,1227079,1227623,1227761,1227830,1227863,1227867,1227929,1227937,1227958,1228020,1228065,1228114,1228410,1228426,1228427,1228429,1228446,1228447,1228449,1228450,1228452,1228456,1228463,1228466,1228467,1228469,1228480,1228481,1228482,1228483,1228484,1228485,1228487,1228489,1228491,1228493,1228494,1228495,1228496,1228501,1228503,1228509,1228513,1228515,1228516,1228526,1228531,1228563,1228564,1228567,1228576,1228579,1 228584,1228588,1228590,1228615,1228616,1228635,1228636,1228654,1228656,1228658,1228660,1228662,1228667,1228673,1228677,1228687,1228706,1228708,1228710,1228718,1228720,1228721,1228722,1228724,1228726,1228727,1228733,1228748,1228766,1228779,1228801,1228850,1228857,1228959,1228964,1228966,1228967,1228979,1228988,1228989,1228991,1228992,1229042,1229054,1229086,1229136,1229154,1229187,1229188,1229190,1229287,1229290,1229292,1229296,1229297,1229301,1229303,1229304,1229305,1229307,1229309,1229312,1229314,1229315,1229317,1229318,1229319,1229327,1229341,1229345,1229346,1229347,1229349,1229350,1229351,1229354,1229356,1229357,1229358,1229359,1229360,1229366,1229370,1229373,1229374,1229381,1229382,1229383,1229386,1229388,1229391,1229392,1229395,1229398,1229399,1229400,1229407,1229409,1229410,1229411,1229413,1229414,1229417,1229418,1229444,1229453,1229454,1229481,1229482,1229488,1229489,1229490,1229493,1229495,1229497,1229500,1229503,1229506,1229507,1229508,1229509,1229510,1229512,1229516,122952 1,1229522,1229523,1229524,1229525,1229526,1229527,1229528,1229529,1229531,1229533,1229535,1229536,1229537,1229540,1229544,1229545,1229546,1229547,1229548,1229554,1229557,1229558,1229559,1229560,1229562,1229564,1229565,1229566,1229568,1229569,1229572,1229573,1229576,1229581,1229588,1229598,1229603,1229604,1229605,1229608,1229611,1229612,1229613,1229614,1229615,1229616,1229617,1229620,1229622,1229623,1229624,1229625,1229626,1229628,1229629,1229630,1229631,1229632,1229635,1229636,1229637,1229638,1229639,1229641,1229642,1229643,1229645,1229657,1229658,1229662,1229664,1229707,1229739,1229743,1229746,1229754,1229755,1229756,1229759,1229761,1229767,1229768,1229781,1229784,1229787,1229788,1229789,1229792,1229820,1230413,CVE-2021-4204,CVE-2021-4441,CVE-2021-47106,CVE-2021-47517,CVE-2021-47546,CVE-2022-0500,CVE-2022-23222,CVE-2022-38457,CVE-2022-40133,CVE-2022-4382,CVE-2022-48645,CVE-2022-48706,CVE-2022-48808,CVE-2022-48865,CVE-2022-48868,CVE-2022-48869,CVE-2022-48870,CVE-2022-48871,CVE-2022- 48872,CVE-2022-48873,CVE-2022-48875,CVE-2022-48878,CVE-2022-48880,CVE-2022-48881,CVE-2022-48882,CVE-2022-48883,CVE-2022-48884,CVE-2022-48885,CVE-2022-48886,CVE-2022-48887,CVE-2022-48888,CVE-2022-48889,CVE-2022-48890,CVE-2022-48891,CVE-2022-48893,CVE-2022-48896,CVE-2022-48898,CVE-2022-48899,CVE-2022-48903,CVE-2022-48904,CVE-2022-48905,CVE-2022-48906,CVE-2022-48907,CVE-2022-48909,CVE-2022-48910,CVE-2022-48912,CVE-2022-48913,CVE-2022-48914,CVE-2022-48915,CVE-2022-48916,CVE-2022-48917,CVE-2022-48918,CVE-2022-48919,CVE-2022-48920,CVE-2022-48921,CVE-2022-48923,CVE-2022-48924,CVE-2022-48925,CVE-2022-48926,CVE-2022-48927,CVE-2022-48928,CVE-2022-48929,CVE-2022-48930,CVE-2022-48931,CVE-2022-48932,CVE-2022-48934,CVE-2022-48937,CVE-2022-48938,CVE-2022-48939,CVE-2022-48940,CVE-2022-48941,CVE-2022-48942,CVE-2022-48943,CVE-2023-3610,CVE-2023-52458,CVE-2023-52489,CVE-2023-52498,CVE-2023-52581,CVE-2023-52859,CVE-2023-52887,CVE-2023-52889,CVE-2023-52893,CVE-2023-52894,CVE-2023-52896,CVE-2023-52898,CV E-2023-52899,CVE-2023-52900,CVE-2023-52901,CVE-2023-52904,CVE-2023-52905,CVE-2023-52906,CVE-2023-52907,CVE-2023-52908,CVE-2023-52909,CVE-2023-52910,CVE-2023-52911,CVE-2023-52912,CVE-2023-52913,CVE-2024-26631,CVE-2024-26668,CVE-2024-26669,CVE-2024-26677,CVE-2024-26735,CVE-2024-26808,CVE-2024-26812,CVE-2024-26835,CVE-2024-26851,CVE-2024-27010,CVE-2024-27011,CVE-2024-27016,CVE-2024-27024,CVE-2024-27079,CVE-2024-27403,CVE-2024-31076,CVE-2024-35897,CVE-2024-35902,CVE-2024-35945,CVE-2024-35971,CVE-2024-36009,CVE-2024-36013,CVE-2024-36270,CVE-2024-36286,CVE-2024-36489,CVE-2024-36929,CVE-2024-36933,CVE-2024-36936,CVE-2024-36962,CVE-2024-38554,CVE-2024-38602,CVE-2024-38662,CVE-2024-39489,CVE-2024-40905,CVE-2024-40978,CVE-2024-40980,CVE-2024-40995,CVE-2024-41000,CVE-2024-41007,CVE-2024-41009,CVE-2024-41011,CVE-2024-41016,CVE-2024-41020,CVE-2024-41022,CVE-2024-41035,CVE-2024-41036,CVE-2024-41038,CVE-2024-41039,CVE-2024-41042,CVE-2024-41045,CVE-2024-41056,CVE-2024-41060,CVE-2024-41062,CVE-2024- 41065,CVE-2024-41068,CVE-2024-41073,CVE-2024-41079,CVE-2024-41080,CVE-2024-41087,CVE-2024-41088,CVE-2024-41089,CVE-2024-41092,CVE-2024-41093,CVE-2024-41095,CVE-2024-41097,CVE-2024-41098,CVE-2024-42069,CVE-2024-42074,CVE-2024-42076,CVE-2024-42077,CVE-2024-42080,CVE-2024-42082,CVE-2024-42085,CVE-2024-42086,CVE-2024-42087,CVE-2024-42089,CVE-2024-42090,CVE-2024-42092,CVE-2024-42095,CVE-2024-42097,CVE-2024-42098,CVE-2024-42101,CVE-2024-42104,CVE-2024-42106,CVE-2024-42107,CVE-2024-42110,CVE-2024-42114,CVE-2024-42115,CVE-2024-42119,CVE-2024-42120,CVE-2024-42121,CVE-2024-42126,CVE-2024-42127,CVE-2024-42130,CVE-2024-42137,CVE-2024-42139,CVE-2024-42142,CVE-2024-42143,CVE-2024-42148,CVE-2024-42152,CVE-2024-42155,CVE-2024-42156,CVE-2024-42157,CVE-2024-42158,CVE-2024-42162,CVE-2024-42223,CVE-2024-42225,CVE-2024-42228,CVE-2024-42229,CVE-2024-42230,CVE-2024-42232,CVE-2024-42236,CVE-2024-42237,CVE-2024-42238,CVE-2024-42239,CVE-2024-42240,CVE-2024-42244,CVE-2024-42246,CVE-2024-42247,CVE-2024-42268,C VE-2024-42271,CVE-2024-42274,CVE-2024-42276,CVE-2024-42277,CVE-2024-42280,CVE-2024-42281,CVE-2024-42283,CVE-2024-42284,CVE-2024-42285,CVE-2024-42286,CVE-2024-42287,CVE-2024-42288,CVE-2024-42289,CVE-2024-42291,CVE-2024-42292,CVE-2024-42295,CVE-2024-42301,CVE-2024-42302,CVE-2024-42308,CVE-2024-42309,CVE-2024-42310,CVE-2024-42311,CVE-2024-42312,CVE-2024-42313,CVE-2024-42315,CVE-2024-42318,CVE-2024-42319,CVE-2024-42320,CVE-2024-42322,CVE-2024-43816,CVE-2024-43818,CVE-2024-43819,CVE-2024-43821,CVE-2024-43823,CVE-2024-43829,CVE-2024-43830,CVE-2024-43831,CVE-2024-43834,CVE-2024-43837,CVE-2024-43839,CVE-2024-43841,CVE-2024-43842,CVE-2024-43846,CVE-2024-43849,CVE-2024-43853,CVE-2024-43854,CVE-2024-43856,CVE-2024-43858,CVE-2024-43860,CVE-2024-43861,CVE-2024-43863,CVE-2024-43866,CVE-2024-43867,CVE-2024-43871,CVE-2024-43872,CVE-2024-43873,CVE-2024-43879,CVE-2024-43880,CVE-2024-43882,CVE-2024-43883,CVE-2024-43884,CVE-2024-43889,CVE-2024-43892,CVE-2024-43893,CVE-2024-43894,CVE-2024-43895,CVE-2024 -43899,CVE-2024-43900,CVE-2024-43902,CVE-2024-43903,CVE-2024-43904,CVE-2024-43905,CVE-2024-43907,CVE-2024-43908,CVE-2024-43909,CVE-2024-44938,CVE-2024-44939,CVE-2024-44947 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454). - CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773). - CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524). - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707). - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500). - CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (bsc#1226798) - CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326). - CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759). - CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315). - CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756). - CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792). - CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820). - CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466). - CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409). - CVE-2024-43902: Add null checker before passing variables (bsc#1229767). - CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768) - CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481). - CVE-2024-43884: Add error handling to pair_device() (bsc#1229739) - CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754). - CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658). - CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495). - CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808). - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641) - CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720). - CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605) - CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733). - CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722). - CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function (bsc#1229569). - CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720). - CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630). - CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488) - CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761) - CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623) - CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962) - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428). - CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874) - CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427). - CVE-2024-27079: Fix NULL domain on device release (bsc#1223742). - CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510). - CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415). - CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803). - CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes). - CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335). - CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967). - CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-27016: Validate pppoe header (bsc#1223807). - CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639). - CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877). - CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578). - CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297). - CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374). - CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391). - CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314) - CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801) - CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074) - CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes). - CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number') (bsc#1222387) - CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542) - CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582). - CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388) - CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382) - CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383) - CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357) - CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345) - CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347) - CVE-2024-42308: Update DRM patch reference (bsc#1229411) - CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407). - CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351). - CVE-2024-26669: Fix chain template offload (bsc#1222350). - CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,). - CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508). - CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863). - CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832). - CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370). - CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350). - CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319). - CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309). - CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307). - CVE-2024-43841: Do not use strlen() in const context (bsc#1229304). - CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301). - CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469). - CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386). - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400) - CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616). - CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989). - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959) - CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372). - CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493). - CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885). - CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501). - CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988). - CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065). - CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269). - CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579). - CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958). - CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446). - CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929). - CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494). - CVE-2024-42139: Fix improper extts handling (bsc#1228503). - CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487). - CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491). - CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706). - CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482). - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667). - CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830). - CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (git-fixes CVE-2024-38602 bsc#1226613). - CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742). - CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814). - CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777). The following non-security bugs were fixed: - Indicate support for IRQ ResourceSource thru _OSC (git-fixes). - Indicate support for the Generic Event Device thru _OSC (git-fixes). - Rework system-level device notification handling (git-fixes). - Drop nocrt parameter (git-fixes). - x86: s2 Post-increment variables when getting constraints (git-fixes). - Do not cross .backup mountpoint from backup volume (git-fixes). - Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes). - line6: Fix racy access to midibuf (stable-fixes). - Relax start tick time check for slave timer elements (git-fixes). - Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes). - Re-add ScratchAmp quirk entries (git-fixes). - Support Yamaha P-125 quirk entry (stable-fixes). - Fix UBSAN warning in parse_audio_unit() (stable-fixes). - arm64: initialize all values of acpi_early_node_map to (git-fixes) - arm64: initialize all values of acpi_early_node_map to (git-fixes) - arm64: Add Neoverse-V2 part (git-fixes) - arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes) - arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes) - arm64: Restore spec_bar() macro (git-fixes) - arm64: Add missing .field_width for GIC system registers (git-fixes) - arm64: Fix the visibility of compat hwcaps (git-fixes) - arm64: Force HWCAP to be based on the sysreg visible to (git-fixes) - arm64: Add Cortex-A720 definitions (git-fixes) - arm64: Add Cortex-A725 definitions (git-fixes) - arm64: Add Cortex-X1C definitions (git-fixes) - arm64: Add Cortex-X3 definitions (git-fixes) - arm64: Add Cortex-X4 definitions (git-fixes) - arm64: Add Cortex-X925 definitions (git-fixes) - arm64: Add Neoverse-V3 definitions (git-fixes) - arm64: Increase VOP clk rate on RK3328 (git-fixes) - arm64: Increase VOP clk rate on RK3328 (git-fixes) - arm64: Expand speculative SSBS workaround (again) (git-fixes) - arm64: Expand speculative SSBS workaround (git-fixes) - arm64: Unify speculative SSBS errata logic (git-fixes) Also update default configuration. - arm64: Fix KASAN random tag seed initialization (git-fixes) - arm64: Fix KASAN random tag seed initialization (git-fixes) - wcd938 Correct Soundwire ports mask (git-fixes). - wsa881 Correct Soundwire ports mask (git-fixes). - fix irq scheduling issue with PREEMPT_RT (git-fixes). - Introduce async_schedule_dev_nocall() (bsc#1221269). - Split async_schedule_node_domain() (bsc#1221269). - Fix usage of __hci_cmd_sync_status (git-fixes). - hci_ Fix not handling hibernation actions (git-fixes). - l2 always unlock channel in l2cap_conless_channel() (git-fixes). - L2 Fix deadlock (git-fixes). - Fix a kernel verifier crash in stacksafe() (bsc#1225903). - remove unused declaring of bpf_kprobe_override (git-fixes). - fix leak of qgroup extent records after transaction abort (git-fixes). - make btrfs_destroy_delayed_refs() return void (git-fixes). - remove unnecessary prototype declarations at disk-io.c (git-fixes). - update fs features directory asynchronously (bsc#1226168). - propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229418). - issue a cap release immediately if no cap exists (bsc#1225162). - periodically flush the cap releases (bsc#1225162). - Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - cpuidle, Evaluate LPI arch_flags for broadcast timer (git-fixes). - Fix register ID of SPSR_FIQ (git-fixes). - add missing MODULE_DESCRIPTION() macros (stable-fixes). - Add labels for both Valve Steam Deck revisions (stable-fixes). - Add quirk for Aya Neo KUN (stable-fixes). - Add quirk for Lenovo Yoga Tab 3 X90F (stable-fixes). - Add quirk for Nanote UMPC-01 (stable-fixes). - Add quirk for OrangePi Neo (stable-fixes). - drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored (stable-fixes). - Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes). - avoid using null object of framebuffer (git-fixes). - Fix && vs || typos (git-fixes). - Skip Recompute DSC Params if no Stream on Link (stable-fixes). - Validate hw_points_num before using it (stable-fixes). - Fix the null pointer dereference for vega10_hwmgr (stable-fixes). - Actually check flags for all context ops (stable-fixes). - Add lock around VF RLCG interface (stable-fixes). - fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes). - Fix the null pointer dereference to ras_manager (stable-fixes). - Validate TA binary size (stable-fixes). - drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes). - Fix the null pointer dereference for smu7 (stable-fixes). - Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes). - Fix the param type of set_power_profile_mode (stable-fixes). - analogix_ properly handle zero sized AUX transactions (stable-fixes). - tc358768: Attempt to fix DSI horizontal timings (stable-fixes). - fix null pointer dereference in drm_client_modeset_probe (git-fixes). - drm/dp_ Skip CSN if topology probing is not done yet (stable-fixes). - set gp bus_stop bit before hard reset (stable-fixes). - reset the link phy params before link training (git-fixes). - cleanup FB if dpu_format_populate_layout fails (git-fixes). - do not play tricks with debug macros (git-fixes). - Zero-initialize iosys_map (stable-fixes). - fix inode->i_blocks for non-512 byte sector size device (git-fixes). - fix potential deadlock on __exfat_get_dentry_set (git-fixes). - redefine DIR_DELETED as the bad cluster number (git-fixes). - support dynamic allocate bh for exfat_entry_set_cache (git-fixes). - fs/netfs/fscache_ add missing 'n_accesses' check (bsc#1229453). - Initialize beyond-EOF page contents before setting uptodate (bsc#1229454). - Add might_sleep() to disable_irq() (git-fixes). - Always limit the affinity to online CPUs (git-fixes). - Do not return error on missing optional irq_request_resources() (git-fixes). - Take the proposed affinity at face value if force==true (git-fixes). - genirq/cpuhotplug, x86 Prevent vector leak during CPU offline (git-fixes). - genirq/generic_ Make irq_remove_generic_chip() irqdomain aware (git-fixes). - Fix NULL pointer deref in irq_data_get_affinity_mask() (git-fixes). - Do not try to remove non-existing sysfs files (git-fixes). - Exclude managed interrupts in irq_matrix_allocated() (git-fixes). - Shutdown managed interrupts with unsatifiable affinities (git-fixes). - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes). - fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes). - i2 Improve handling of stuck alerts (git-fixes). - i2 Send alert notifications to all devices if source not found (git-fixes). - Convert comma to semicolon (git-fixes). - ip6_ Fix broken GRO (bsc#1229444). - ipv6: fix incorrect unregister order (git-fixes). - Drop bogus fwspec-mapping error handling (git-fixes). - Fix association race (git-fixes). - Fix disassociation race (git-fixes). - Fix domain registration race (git-fixes). - Fix mapping-creation race (git-fixes). - Fixed unbalanced fwnode get and put (git-fixes). - Look for existing mapping only once (git-fixes). - Refactor __irq_domain_alloc_irqs() (git-fixes). - Report irq number for NOMAP domains (git-fixes). - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413). - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413). - kernel/irq/irqdomain. fix memory leak with using debugfs_lookup() (git-fixes). - Fix to check symbol prefixes correctly (git-fixes). - move from strlcpy with unused retval to strscpy (git-fixes). - protect concurrent access to mem_cgroup_idr (git-fixes). - mm, fix infinite recursion due to RCU critical section (git-fixes). - prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - dw_ allow biu and ciu clocks to defer (git-fixes). - mmc_ Fix NULL dereference on allocation failure (git-fixes). - ks8851: Fix another TX stall caused by wrong ISR flag handling (git-fixes). - ks8851: Fix deadlock with the SPI chip variant (git-fixes). - ks8851: Fix potential TX stall after interface reopen (git-fixes). - ks8851: Fix TX stall caused by TX buffer overrun (gix-fixes). - Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530). - Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154). - Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes). - Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086). - remove two BUG() from skb_checksum_help() (bsc#1229312). - qmi_ fix memory leak for not ip packets (git-fixes). - fix possible cp null dereference (git-fixes). - initialize noop_qdisc owner (git-fixes). - pn533: Add poll mod list filling check (git-fixes). - expose /proc/net/sunrpc/nfs in net namespaces (git-fixes). - make the rpc_stat per net namespace (git-fixes). - add posix ACLs to struct nfsd_attrs (git-fixes). - add security label to struct nfsd_attrs (git-fixes). - fix regression with setting ACLs (git-fixes). - Fix strncpy() fortify warning (git-fixes). - Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes). - introduce struct nfsd_attrs (git-fixes). - move from strlcpy with unused retval to strscpy (git-fixes). - Optimize DRC bucket pruning (git-fixes). - return error if nfs4_setacl fails (git-fixes). - set attributes when creating symlinks (git-fixes). - use locks_inode_context helper (git-fixes). - nilfs2: Remove check for PageError (git-fixes). - nvme_ scan namespaces asynchronously (bsc#1224105). - ocfs2: use coarse time for new created files (git-fixes). - Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes). - perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes). - platform/x86 Add support for ACPI based probing (jsc#PED-8779). - platform/x86 Cache pci_dev in struct hsmp_socket (jsc#PED-8779). - platform/x86 Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779). - platform/x86 Check HSMP support on AMD family of processors (jsc#PED-8779). - platform/x86 Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779). - platform/x86 Create static func to handle platdev (jsc#PED-8779). - platform/x86 Define a struct to hold mailbox regs (jsc#PED-8779). - platform/x86 Move dev from platdev to hsmp_socket (jsc#PED-8779). - platform/x86 Move hsmp_test to probe (jsc#PED-8779). - platform/x86 Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779). - platform/x86 Remove extra parenthesis and add a space (jsc#PED-8779). - platform/x86 Restructure sysfs group creation (jsc#PED-8779). - platform/x86 switch to use device_add_groups() (jsc#PED-8779). - axp288_ Fix constant_charge_voltage writes (git-fixes). - axp288_ Round constant_charge_voltage writes down (git-fixes). - Fail build if using recordmcount with binutils v2.37 (bsc#1194869). - Mark .opd section read-only (bsc#1194869). - use generic version of arch_is_kernel_initmem_freed() (bsc#1194869). - xor_ Add '-mhard-float' to CFLAGS (bsc#1194869). - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869). - Avoid clang null pointer arithmetic warnings (bsc#1194869). - powerpc/kexec_ fix cpus node update to FDT (bsc#1194869). - make the update_cpus_node() function public (bsc#1194869). - split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869). - Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869). - Whitelist dtl slub object for copying to userspace (bsc#1194869). - Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869). - Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869). - RDMA/mana_ Use virtual address in dma regions for MRs (git-fixes). - Fix incomplete state save in rxe_requester (git-fixes) - Fix rxe_modify_srq (git-fixes) - Handle zero length rdma (git-fixes) - Move work queue code to subroutines (git-fixes) - s390 get rid of register asm (git-fixes bsc#1227079 bsc#1229187). - s390 Make use of invalid opcode produce a link error (git-fixes bsc#1227079). - s390 Split and rework cpacf query functions (git-fixes bsc#1229187). - s390 fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229190). - s390 fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229573). - s390 Prevent release of buffer in I/O (git-fixes bsc#1229572). - s390 Panic for set and remove shared access UVC errors (git-fixes bsc#1229188). - Fix scldiv calculation (git-fixes). - add a struct rpc_stats arg to rpc_create_args (git-fixes). - Fix a race to wake a sync task (git-fixes). - fix swiotlb_bounce() to do partial sync's correctly (git-fixes). - fix compat_sys_io_pgetevents_time64 usage (git-fixes). - Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes). - add check for crypto_shash_tfm_digest (git-fixes). - dbg_orphan_ Fix missed key type checking (git-fixes). - Fix adding orphan entry twice for the same inode (git-fixes). - Fix unattached xattr inode if powercut happens after deleting (git-fixes). - fix potential memory leak in vfio_intx_enable() (git-fixes). - fix wgds rev 3 exact size (git-fixes). - duplicate static structs used in driver instances (git-fixes). - x86 drop the duplicate APM_MINOR_DEV macro (git-fixes). - x86 Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes). - x86 Fix pti_clone_entry_text() for i386 (git-fixes). - x86 Check if fixed MTRRs exist before saving them (git-fixes). - x86 Work around false positive kmemleak report in msr_build_context() (git-fixes). - Fix missing interval for missing_owner in xfs fsmap (git-fixes). - Fix the owner setting issue for rmap query in xfs fsmap (git-fixes). - use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes). - Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes). - Fix rpcrdma_reqs_reset() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3487-1 Released: Fri Sep 27 19:56:02 2024 Summary: Recommended update for logrotate Type: recommended Severity: moderate References: This update for logrotate fixes the following issues: - Backport 'ignoreduplicates' configuration flag (jsc#PED-10366) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3521-1 Released: Fri Oct 4 09:29:43 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1230110,1230330 This update for dracut fixes the following issue: - Version update, check for presence of legacy rules (bsc#1230330). - Version update, handle all possible options in `rd.dasd` (bsc#1230110). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3530-1 Released: Fri Oct 4 15:43:33 2024 Summary: Recommended update for libpcap Type: recommended Severity: moderate References: 1230894 This update for libpcap fixes the following issue: - enable rdma support (bsc#1230894). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3569-1 Released: Wed Oct 9 13:51:41 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1199769,1216223,1220382,1221610,1221650,1222629,1222973,1223600,1223848,1224085,1225903,1226003,1226606,1226662,1226666,1226846,1226860,1226875,1226915,1227487,1227726,1227819,1227832,1227890,1228507,1228576,1228620,1228771,1229031,1229034,1229086,1229156,1229289,1229334,1229362,1229363,1229364,1229394,1229429,1229453,1229572,1229573,1229585,1229607,1229619,1229633,1229662,1229753,1229764,1229790,1229810,1229830,1229899,1229928,1229947,1230015,1230129,1230130,1230170,1230171,1230174,1230175,1230176,1230178,1230180,1230185,1230192,1230193,1230194,1230200,1230204,1230209,1230211,1230212,1230217,1230224,1230230,1230233,1230244,1230245,1230247,1230248,1230269,1230339,1230340,1230392,1230398,1230431,1230433,1230434,1230440,1230442,1230444,1230450,1230451,1230454,1230506,1230507,1230511,1230515,1230517,1230524,1230533,1230535,1230549,1230556,1230582,1230589,1230591,1230592,1230699,1230700,1230701,1230702,1230703,1230705,1230706,1230707,1230709,1230710,1230711,1230712,1230719,1 230724,1230725,1230730,1230731,1230732,1230733,1230747,1230748,1230751,1230752,1230756,1230761,1230766,1230767,1230768,1230771,1230772,1230776,1230783,1230786,1230791,1230794,1230796,1230802,1230806,1230808,1230810,1230812,1230813,1230814,1230815,1230821,1230825,1230830,1231013,1231017,1231116,1231120,1231146,1231180,1231181,CVE-2022-48901,CVE-2022-48911,CVE-2022-48923,CVE-2022-48935,CVE-2022-48944,CVE-2022-48945,CVE-2023-52610,CVE-2023-52916,CVE-2024-26640,CVE-2024-26759,CVE-2024-26767,CVE-2024-26804,CVE-2024-26837,CVE-2024-37353,CVE-2024-38538,CVE-2024-38596,CVE-2024-38632,CVE-2024-40910,CVE-2024-40973,CVE-2024-40983,CVE-2024-41062,CVE-2024-41082,CVE-2024-42154,CVE-2024-42259,CVE-2024-42265,CVE-2024-42304,CVE-2024-42305,CVE-2024-42306,CVE-2024-43828,CVE-2024-43835,CVE-2024-43890,CVE-2024-43898,CVE-2024-43912,CVE-2024-43914,CVE-2024-44935,CVE-2024-44944,CVE-2024-44946,CVE-2024-44948,CVE-2024-44950,CVE-2024-44952,CVE-2024-44954,CVE-2024-44967,CVE-2024-44969,CVE-2024-44970,CVE-2024-4 4971,CVE-2024-44972,CVE-2024-44977,CVE-2024-44982,CVE-2024-44986,CVE-2024-44987,CVE-2024-44988,CVE-2024-44989,CVE-2024-44990,CVE-2024-44998,CVE-2024-44999,CVE-2024-45000,CVE-2024-45001,CVE-2024-45003,CVE-2024-45006,CVE-2024-45007,CVE-2024-45008,CVE-2024-45011,CVE-2024-45013,CVE-2024-45015,CVE-2024-45018,CVE-2024-45020,CVE-2024-45021,CVE-2024-45026,CVE-2024-45028,CVE-2024-45029,CVE-2024-46673,CVE-2024-46674,CVE-2024-46675,CVE-2024-46676,CVE-2024-46677,CVE-2024-46679,CVE-2024-46685,CVE-2024-46686,CVE-2024-46689,CVE-2024-46694,CVE-2024-46702,CVE-2024-46707,CVE-2024-46714,CVE-2024-46715,CVE-2024-46717,CVE-2024-46720,CVE-2024-46721,CVE-2024-46722,CVE-2024-46723,CVE-2024-46724,CVE-2024-46725,CVE-2024-46726,CVE-2024-46727,CVE-2024-46728,CVE-2024-46730,CVE-2024-46731,CVE-2024-46732,CVE-2024-46737,CVE-2024-46738,CVE-2024-46739,CVE-2024-46743,CVE-2024-46744,CVE-2024-46745,CVE-2024-46746,CVE-2024-46747,CVE-2024-46750,CVE-2024-46751,CVE-2024-46752,CVE-2024-46753,CVE-2024-46755,CVE-2024-46756,CV E-2024-46758,CVE-2024-46759,CVE-2024-46761,CVE-2024-46771,CVE-2024-46772,CVE-2024-46773,CVE-2024-46774,CVE-2024-46778,CVE-2024-46780,CVE-2024-46781,CVE-2024-46783,CVE-2024-46784,CVE-2024-46786,CVE-2024-46787,CVE-2024-46791,CVE-2024-46794,CVE-2024-46798,CVE-2024-46822,CVE-2024-46830 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48901: btrfs: do not start relocation until in progress drops are done (bsc#1229607). - CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). - CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662) - CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619) - CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610). - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). - CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650). - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). - CVE-2024-26767: drm/amd/display: fixed integer types and null check locations (bsc#1230339). - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). - CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973). - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875). - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). - CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832). - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082). - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). - CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156) - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364). - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). - CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394). - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). - CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830) - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). - CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810). - CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). - CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178). - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). - CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230) - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). - CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175). - CVE-2024-45008: Input: MT - limit max slots (bsc#1230248). - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). - CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444) - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). - CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507). - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). - CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515) - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). - CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524) - CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589) - CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (bsc#1230582). - CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700). - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). - CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710) - CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703) - CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701) - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). - CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772). - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). - CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (bsc#1231116). The following non-security bugs were fixed: - ACPI: battery: create alarm sysfs attribute atomically (git-fixes). - ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git-fixes). - ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes). - ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). - ACPI: SBS: manage alarm sysfs attribute through psy core (git-fixes). - ACPI: sysfs: validate return type of _STR method (git-fixes). - af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846). - af_unix: Fix data races around sk->sk_shutdown (bsc#1226846). - af_unix: Fix data-races around sk->sk_shutdown (git-fixes). - ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes). - ALSA: hda/conexant: Mute speakers at suspend / shutdown (stable-fixes). - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (stable-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes). - apparmor: fix possible NULL pointer dereference (stable-fixes). - arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). - arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes). - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes). - arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). - arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) - arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) - arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) - arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) - arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes). - ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). - ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes). - ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes). - ASoC: tegra: Fix CBB error during probe() (git-fixes). - ASoC: topology: Properly initialize soc_enum values (stable-fixes). - ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). - ata: pata_macio: Use WARN instead of BUG (stable-fixes). - blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). - blk-mq: add number of queue calc helper (bsc#1229034). - blk-mq: Build default queue map via group_cpus_evenly() (bsc#1229031). - blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). - blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1229034). - blk-mq: use hk cpus only when isolcpus=io_queue is enabled (bsc#1229034). - Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). - Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). - Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes). - Bluetooth: L2CAP: Fix deadlock (git-fixes). - Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes). - cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231181). - cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231013). - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). - can: bcm: Remove proc entry when dev is unregistered (git-fixes). - can: j1939: use correct function name in comment (git-fixes). - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes). - ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231180). - char: xillybus: Check USB endpoints when probing device (git-fixes). - clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes). - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes). - clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes). - cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). - crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). - crypto: virtio - Handle dataq logic with tasklet (git-fixes). - crypto: virtio - Wait for tasklet to complete on device remove (git-fixes). - crypto: xor - fix template benchmarking (git-fixes). - devres: Initialize an uninitialized struct member (stable-fixes). - driver core: Add debug logs when fwnode links are added/deleted (git-fixes). - driver core: Add missing parameter description to __fwnode_link_add() (git-fixes). - driver core: Create __fwnode_link_del() helper function (git-fixes). - driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle (git-fixes). - driver core: fw_devlink: Consolidate device link flag computation (git-fixes). - driver core: Set deferred probe reason when deferred by driver core (git-fixes). - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). - Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). - drm/amd/amdgpu: Check tbo resource pointer (stable-fixes). - drm/amd/amdgpu: Properly tune the size of struct (git-fixes). - drm/amd/display: Add array index check for hdcp ddc access (stable-fixes). - drm/amd/display: added NULL check at start of dc_validate_stream (stable-fixes). - drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes). - drm/amd/display: Check denominator pbn_div before used (stable-fixes). - drm/amd/display: Check gpio_id before used as array index (stable-fixes). - drm/amd/display: Check HDCP returned status (stable-fixes). - drm/amd/display: Check msg_id before processing transcation (stable-fixes). - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes). - drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes). - drm/amd/display: Ensure index calculation will not overflow (stable-fixes). - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes). - drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes). - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable-fixes). - drm/amd/display: Spinlock before reading event (stable-fixes). - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes). - drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). - drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes). - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). - drm/amdgpu: fix a possible null pointer dereference (git-fixes). - drm/amdgpu: fix dereference after null check (stable-fixes). - drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes). - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes). - drm/amdgpu: Fix out-of-bounds write warning (stable-fixes). - drm/amdgpu: fix overflowed array index read warning (stable-fixes). - drm/amdgpu: Fix smatch static checker warning (stable-fixes). - drm/amdgpu: fix the waring dereferencing hive (stable-fixes). - drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes). - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable-fixes). - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes). - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes). - drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). - drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes). - drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes). - drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes). - drm/amd/pm: check negtive return for table entries (stable-fixes). - drm/amd/pm: check specific index for aldebaran (stable-fixes). - drm/amd/pm: Fix negative array index read (stable-fixes). - drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes). - drm/amd/pm: fix uninitialized variable warning (stable-fixes). - drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable-fixes). - drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). - drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes). - drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes). - drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git-fixes). - drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). - drm/meson: plane: Add error handling (stable-fixes). - drm/msm/a5xx: disable preemption in submits by default (git-fixes). - drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). - drm/msm/a5xx: properly clear preemption records on resume (git-fixes). - drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). - drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). - drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444) - drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). - drm/msm: fix %s null argument error (git-fixes). - drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes). - drm/radeon: fix null pointer dereference in radeon_add_common_modes (git-fixes). - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes). - drm/rockchip: vop: Allow 4096px width scaling (git-fixes). - drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). - exfat: fix memory leak in exfat_load_bitmap() (git-fixes). - fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). - filemap: remove use of wait bookmarks (bsc#1224085). - firmware_loader: Block path traversal (git-fixes). - fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230592). - fuse: update stats for pages in dropped aux writeback list (bsc#1230130). - fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230129). - genirq/affinity: Do not pass irq_affinity_desc array to irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Move group_cpus_evenly() into lib/ (bsc#1229031). - genirq/affinity: Only build SMP-only helper functions on SMP kernels (bsc#1229031). - genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly (bsc#1229031). - genirq/affinity: Replace cpumask_weight() with cpumask_empty() where appropriate (bsc#1229031). - gfs2: setattr_chown: Add missing initialization (git-fixes). - HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable-fixes). - hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). - hwmon: (ntc_thermistor) fix module autoloading (git-fixes). - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). - hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git-fixes). - hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git-fixes). - hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). - i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes). - i2c: Fix conditional for substituting empty ACPI functions (stable-fixes). - i2c: isch: Add missed 'else' (git-fixes). - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes). - i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes). - IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) - IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git-fixes) - iio: adc: ad7124: fix chip ID mismatch (git-fixes). - iio: adc: ad7124: fix config comparison (git-fixes). - iio: adc: ad7606: fix oversampling gpio array (git-fixes). - iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes). - iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes). - iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes). - iio: fix scale application in iio_convert_raw_to_processed_unlocked (git-fixes). - iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). - Input: ilitek_ts_i2c - add report id message validation (git-fixes). - Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). - Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - Input: uinput - reject requests with unreasonable number of slots (stable-fixes). - ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). - ipmi:ssif: Improve detecting during probing (bsc#1228771) - ipmi:ssif: Improve detecting during probing (bsc#1228771) - jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). - kabi: add __nf_queue_get_refs() for kabi compliance. - kABI, crypto: virtio - Handle dataq logic with tasklet (git-fixes). - kthread: Fix task state in kthread worker if being frozen (bsc#1231146). - lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1229031). - lib/group_cpus.c: honor housekeeping config when grouping CPUs (bsc#1229034). - lib/group_cpus: Export group_cpus_evenly() (bsc#1229031). - lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). - mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). - mailbox: rockchip: fix a typo in module autoloading (git-fixes). - media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269) - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). - media: qcom: camss: Fix ordering of pm_runtime_enable (git-fixes). - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes). - media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). - media: uvcvideo: Enforce alignment of frame and interval (stable-fixes). - media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). - media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). - media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). - media: vivid: fix wrong sizeimage value for mplane (stable-fixes). - mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes). - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes). - mmc: sdhci-of-aspeed: fix module autoloading (git-fixes). - mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). - mtd: slram: insert break after errors in parsing the map (git-fixes). - net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes). - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes). - net: missing check virtio (git-fixes). - net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). - nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH (bsc#1199769). - NFSD: Fix frame size warning in svc_export_parse() (git-fixes). - NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes). - NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726). - NFS: Reduce use of uncached readdir (bsc#1226662). - NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). - nilfs2: Constify struct kobj_type (git-fixes). - nilfs2: determine empty node blocks as corrupted (git-fixes). - nilfs2: fix missing cleanup on rollforward recovery error (git-fixes). - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). - nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). - nilfs2: fix state management in error path of log writing function (git-fixes). - nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes). - nilfs2: replace snprintf in show functions with sysfs_emit (git-fixes). - nilfs2: use default_groups in kobj_type (git-fixes). - nvme: move stopping keep-alive into nvme_uninit_ctrl() (git-fixes). - nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). - nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1229034). - nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). - nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). - nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). - nvmet-tcp: do not continue for invalid icreq (git-fixes). - nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). - nvmet-trace: avoid dereferencing pointer too early (git-fixes). - ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). - ocfs2: fix null-ptr-deref when journal load failed (git-fixes). - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). - PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). - PCI: al: Check IORESOURCE_BUS existence during probe (git-fixes). - PCI/ASPM: Move pci_function_0() upward (bsc#1226915) - PCI/ASPM: Remove struct aspm_latency (bsc#1226915) - PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915) - PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915) - PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). - PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). - PCI: dwc: Restore MSI Receiver mask during resume (git-fixes). - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes). - PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). - PCI: Support BAR sizes up to 8TB (bsc#1231017) - PCI: Wait for Link before restoring Downstream Buses (git-fixes). - PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). - PCI: xilinx-nwl: Fix register misspelling (git-fixes). - pcmcia: Use resource_size function on resource object (stable-fixes). - pinctrl: single: fix missing error code in pcs_probe() (git-fixes). - pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes). - PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). - platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes). - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes). - power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes). - power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). - power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). - power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). - RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) - RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) - RDMA/efa: Properly handle unexpected AQ completions (git-fixes) - RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) - RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) - RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) - RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes) - RDMA/hns: Optimize hem allocation performance (git-fixes) - RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes) - RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) - RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes) - RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes) - Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes). - Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (git-fixes). - Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (git-fixes). - Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (stable-fixes). - rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). - scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429). - scsi: lpfc: Copyright updates for 14.4.0.4 patches (bsc#1229429). - scsi: lpfc: Fix overflow build issue (bsc#1229429). - scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429). - scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429). - scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429). - scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429). - scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429). - scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429). - scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034). - scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). - scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). - scsi: use block layer helpers to calculate num of queues (bsc#1229034). - spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). - Squashfs: sanity check symbolic link size (git-fixes). - staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes). - thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes). - tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes). - tools/virtio: fix build (git-fixes). - tpm: Clean up TPM space after command failure (git-fixes). - tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). - tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). - udp: fix receiving fraglist GSO packets (git-fixes). - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes). - usb: cdnsp: Fix incorrect usb_request status (git-fixes). - USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). - usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). - usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). - usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes). - usb: dwc3: core: Skip setting event buffers for host only controllers (git-fixes). - usb: dwc3: core: update LC timer as per USB Spec V3.2 (git-fixes). - usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes). - usb: dwc3: omap: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes). - usbip: Do not submit special requests twice (stable-fixes). - usbnet: fix cyclical race on disconnect with work queue (git-fixes). - usbnet: ipheth: race between ipheth_close and error handling (git-fixes). - usbnet: modern method to get random MAC (git-fixes). - USB: serial: kobil_sct: restore initial terminal settings (git-fixes). - USB: serial: option: add MeiG Smart SRM825L (git-fixes). - usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes). - usb: uas: set host status byte on data completion error (git-fixes). - usb: uas: set host status byte on data completion error (stable-fixes). - USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). - usb: xhci: fix loss of data on Cadence xHC (git-fixes). - vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes). - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes). - virito: add APIs for retrieving vq affinity (bsc#1229034). - virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1229034). - virtio: blk/scs: replace blk_mq_virtio_map_queues with blk_mq_dev_map_queues (bsc#1229034). - virtiofs: forbid newlines in tags (bsc#1230591). - virtio_net: checksum offloading handling fix (git-fixes). - virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (git-fixes). - virtio_net: use u64_stats_t infra to avoid data-races (git-fixes). - virtio: reenable config if freezing device failed (git-fixes). - virtio/vsock: fix logic which reduces credit update messages (git-fixes). - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes). - vsock/virtio: add support for device suspend/resume (git-fixes). - vsock/virtio: factor our the code to initialize and delete VQs (git-fixes). - vsock/virtio: initialize the_virtio_vsock before using VQs (git-fixes). - vsock/virtio: remove socket from connected/bound list on shutdown (git-fixes). - watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes). - wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). - wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes). - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git-fixes). - wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes). - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). - wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). - wifi: rtw88: always wait for both firmware loading attempts (git-fixes). - wifi: rtw88: remove CPT execution branch never used (git-fixes). - wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). - x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). - x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). - x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). - x86/xen: Convert comma to semicolon (git-fixes). - xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). - xen: allow mapping ACPI data using a different physical address (bsc#1226003). - xen: introduce generic helper checking for memory map conflicts (bsc#1226003). - xen: move checks for e820 conflicts further up (bsc#1226003). - xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). - xen/swiotlb: add alignment check for dma buffers (bsc#1229928). - xen/swiotlb: fix allocated size (git-fixes). - xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). - xen: use correct end address of kernel for conflict checking (bsc#1226003). - xfs: do not include bnobt blocks when reserving free block pool (git-fixes). - xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git-fixes). - xz: cleanup CRC32 edits from 2018 (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3584-1 Released: Thu Oct 10 09:13:08 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1229555 This update for wicked fixes the following issue: - compat-suse: fix dummy interfaces configuration with `INTERFACETYPE=dummy` (bsc#1229555). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3593-1 Released: Thu Oct 10 18:43:13 2024 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1231229 This update for rsyslog fixes the following issue: - fix PreserveFQDN option before daemon is restarted (bsc#1231229) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3605-1 Released: Fri Oct 11 17:09:43 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1230840 This update for grub2 fixes the following issue: - Fix out of memory error in loading loopback file (bsc#1230840). The following package changes have been done: - bash-sh-4.4-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - cpupower-5.14-150500.9.6.2 updated - curl-8.0.1-150400.5.53.2 updated - dracut-055+suse.396.g701c6212-150500.3.29.2 updated - e2fsprogs-1.46.4-150400.3.9.2 updated - glibc-locale-base-2.31-150300.89.2 updated - glibc-locale-2.31-150300.89.2 updated - glibc-2.31-150300.89.2 updated - grub2-i386-pc-2.06-150500.29.34.2 updated - grub2-x86_64-efi-2.06-150500.29.34.2 updated - grub2-2.06-150500.29.34.2 updated - kernel-default-5.14.21-150500.55.83.1 updated - libblkid1-2.37.4-150500.9.17.2 updated - libcom_err2-1.46.4-150400.3.9.2 updated - libcpupower0-5.14-150500.9.6.2 updated - libcurl4-8.0.1-150400.5.53.2 updated - libext2fs2-1.46.4-150400.3.9.2 updated - libfdisk1-2.37.4-150500.9.17.2 updated - libmount1-2.37.4-150500.9.17.2 updated - libncurses6-6.1-150000.5.27.1 updated - libpcap1-1.10.1-150400.3.6.2 updated - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - libreadline7-7.0-150400.27.3.2 updated - libsmartcols1-2.37.4-150500.9.17.2 updated - libsolv-tools-base-0.7.30-150500.6.2.2 updated - libsolv-tools-0.7.30-150500.6.2.2 updated - libuuid1-2.37.4-150500.9.17.2 updated - libzypp-17.35.11-150500.6.18.3 updated - logrotate-3.18.1-150400.3.10.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - pam-config-1.1-150200.3.9.1 updated - python3-base-3.6.15-150300.10.72.1 updated - python3-3.6.15-150300.10.72.1 updated - rsyslog-module-relp-8.2306.0-150400.5.30.2 updated - rsyslog-8.2306.0-150400.5.30.2 updated - suseconnect-ng-1.12.0-150500.3.29.2 updated - terminfo-base-6.1-150000.5.27.1 updated - terminfo-6.1-150000.5.27.1 updated - util-linux-systemd-2.37.4-150500.9.17.2 updated - util-linux-2.37.4-150500.9.17.2 updated - wicked-service-0.6.76-150500.3.36.2 updated - wicked-0.6.76-150500.3.36.2 updated - xen-libs-4.17.5_04-150500.3.39.1 updated - zypper-1.14.77-150500.6.11.3 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:01:52 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 07:01:52 -0000 Subject: SUSE-IU-2024:1498-1: Security update of suse-sles-15-sp5-chost-byos-v20241011-hvm-ssd-x86_64 Message-ID: <20241014070151.0B02CFCC1@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20241011-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1498-1 Image Tags : suse-sles-15-sp5-chost-byos-v20241011-hvm-ssd-x86_64:20241011 Image Release : Severity : important Type : security References : 1193629 1194111 1194765 1194869 1196261 1196516 1196894 1198017 1199769 1203329 1203330 1203360 1205462 1206006 1206258 1206843 1207158 1208783 1210644 1213580 1213632 1214285 1216223 1216834 1217761 1220382 1220428 1220877 1220962 1221269 1221326 1221610 1221630 1221645 1221650 1221765 1222335 1222350 1222372 1222387 1222629 1222634 1222808 1222967 1222973 1223074 1223191 1223508 1223600 1223720 1223742 1223777 1223803 1223807 1223848 1224085 1224105 1224415 1224496 1224510 1224542 1224578 1224639 1225162 1225352 1225428 1225524 1225578 1225582 1225773 1225814 1225827 1225832 1225903 1225903 1226003 1226168 1226530 1226606 1226613 1226662 1226666 1226742 1226765 1226798 1226801 1226846 1226860 1226874 1226875 1226885 1226915 1227079 1227216 1227233 1227378 1227487 1227623 1227726 1227761 1227807 1227819 1227830 1227832 1227863 1227867 1227890 1227929 1227937 1227958 1227999 1228020 1228065 1228114 1228410 1228426 1228427 1228429 1228446 1228447 1228449 1228450 1228452 1228456 1228463 1228466 1228467 1228469 1228480 1228481 1228482 1228483 1228484 1228485 1228487 1228489 1228491 1228493 1228494 1228495 1228496 1228501 1228503 1228507 1228509 1228513 1228515 1228516 1228526 1228531 1228563 1228564 1228567 1228576 1228576 1228579 1228584 1228588 1228590 1228615 1228616 1228620 1228635 1228636 1228647 1228654 1228656 1228658 1228660 1228661 1228662 1228667 1228673 1228677 1228687 1228706 1228708 1228710 1228718 1228720 1228721 1228722 1228724 1228726 1228727 1228733 1228748 1228766 1228771 1228779 1228780 1228801 1228850 1228857 1228866 1228959 1228964 1228966 1228967 1228979 1228988 1228989 1228991 1228992 1229014 1229028 1229031 1229034 1229042 1229054 1229086 1229086 1229136 1229154 1229156 1229187 1229188 1229190 1229287 1229289 1229290 1229292 1229296 1229297 1229301 1229303 1229304 1229305 1229307 1229309 1229312 1229314 1229315 1229317 1229318 1229319 1229327 1229334 1229341 1229345 1229346 1229347 1229349 1229350 1229351 1229354 1229356 1229357 1229358 1229359 1229360 1229362 1229363 1229364 1229366 1229370 1229373 1229374 1229381 1229382 1229383 1229386 1229388 1229391 1229392 1229394 1229395 1229398 1229399 1229400 1229407 1229409 1229410 1229411 1229413 1229414 1229417 1229418 1229429 1229444 1229453 1229453 1229454 1229476 1229481 1229482 1229488 1229489 1229490 1229493 1229495 1229497 1229500 1229503 1229506 1229507 1229508 1229509 1229510 1229512 1229516 1229521 1229522 1229523 1229524 1229525 1229526 1229527 1229528 1229529 1229531 1229533 1229535 1229536 1229537 1229540 1229544 1229545 1229546 1229547 1229548 1229554 1229555 1229557 1229558 1229559 1229560 1229562 1229564 1229565 1229566 1229568 1229569 1229572 1229572 1229573 1229573 1229576 1229581 1229585 1229588 1229596 1229598 1229603 1229604 1229605 1229607 1229608 1229611 1229612 1229613 1229614 1229615 1229616 1229617 1229619 1229620 1229622 1229623 1229624 1229625 1229626 1229628 1229629 1229630 1229631 1229632 1229633 1229635 1229636 1229637 1229638 1229639 1229641 1229642 1229643 1229645 1229657 1229658 1229662 1229662 1229664 1229707 1229739 1229743 1229746 1229753 1229754 1229755 1229756 1229759 1229761 1229764 1229767 1229768 1229781 1229784 1229787 1229788 1229789 1229790 1229792 1229810 1229820 1229830 1229899 1229928 1229947 1230015 1230110 1230129 1230130 1230145 1230170 1230171 1230174 1230175 1230176 1230178 1230180 1230185 1230192 1230193 1230194 1230200 1230204 1230209 1230211 1230212 1230217 1230224 1230227 1230229 1230230 1230233 1230244 1230245 1230247 1230248 1230267 1230269 1230330 1230339 1230340 1230366 1230392 1230398 1230413 1230431 1230433 1230434 1230440 1230442 1230444 1230450 1230451 1230454 1230506 1230507 1230511 1230515 1230516 1230517 1230524 1230533 1230535 1230549 1230556 1230582 1230589 1230591 1230592 1230699 1230700 1230701 1230702 1230703 1230705 1230706 1230707 1230709 1230710 1230711 1230712 1230719 1230724 1230725 1230730 1230731 1230732 1230733 1230747 1230748 1230751 1230752 1230756 1230761 1230766 1230767 1230768 1230771 1230772 1230776 1230783 1230786 1230791 1230794 1230796 1230802 1230806 1230808 1230810 1230812 1230813 1230814 1230815 1230821 1230825 1230830 1230840 1230894 1231013 1231017 1231116 1231120 1231146 1231180 1231181 1231229 CVE-2021-4204 CVE-2021-4441 CVE-2021-47106 CVE-2021-47517 CVE-2021-47546 CVE-2022-0500 CVE-2022-23222 CVE-2022-38457 CVE-2022-40133 CVE-2022-4382 CVE-2022-48645 CVE-2022-48706 CVE-2022-48808 CVE-2022-48865 CVE-2022-48868 CVE-2022-48869 CVE-2022-48870 CVE-2022-48871 CVE-2022-48872 CVE-2022-48873 CVE-2022-48875 CVE-2022-48878 CVE-2022-48880 CVE-2022-48881 CVE-2022-48882 CVE-2022-48883 CVE-2022-48884 CVE-2022-48885 CVE-2022-48886 CVE-2022-48887 CVE-2022-48888 CVE-2022-48889 CVE-2022-48890 CVE-2022-48891 CVE-2022-48893 CVE-2022-48896 CVE-2022-48898 CVE-2022-48899 CVE-2022-48901 CVE-2022-48903 CVE-2022-48904 CVE-2022-48905 CVE-2022-48906 CVE-2022-48907 CVE-2022-48909 CVE-2022-48910 CVE-2022-48911 CVE-2022-48912 CVE-2022-48913 CVE-2022-48914 CVE-2022-48915 CVE-2022-48916 CVE-2022-48917 CVE-2022-48918 CVE-2022-48919 CVE-2022-48920 CVE-2022-48921 CVE-2022-48923 CVE-2022-48923 CVE-2022-48924 CVE-2022-48925 CVE-2022-48926 CVE-2022-48927 CVE-2022-48928 CVE-2022-48929 CVE-2022-48930 CVE-2022-48931 CVE-2022-48932 CVE-2022-48934 CVE-2022-48935 CVE-2022-48937 CVE-2022-48938 CVE-2022-48939 CVE-2022-48940 CVE-2022-48941 CVE-2022-48942 CVE-2022-48943 CVE-2022-48944 CVE-2022-48945 CVE-2023-3610 CVE-2023-52458 CVE-2023-52489 CVE-2023-52498 CVE-2023-52581 CVE-2023-52610 CVE-2023-52859 CVE-2023-52887 CVE-2023-52889 CVE-2023-52893 CVE-2023-52894 CVE-2023-52896 CVE-2023-52898 CVE-2023-52899 CVE-2023-52900 CVE-2023-52901 CVE-2023-52904 CVE-2023-52905 CVE-2023-52906 CVE-2023-52907 CVE-2023-52908 CVE-2023-52909 CVE-2023-52910 CVE-2023-52911 CVE-2023-52912 CVE-2023-52913 CVE-2023-52916 CVE-2024-26631 CVE-2024-26640 CVE-2024-26668 CVE-2024-26669 CVE-2024-26677 CVE-2024-26735 CVE-2024-26759 CVE-2024-26767 CVE-2024-26804 CVE-2024-26808 CVE-2024-26812 CVE-2024-26835 CVE-2024-26837 CVE-2024-26851 CVE-2024-27010 CVE-2024-27011 CVE-2024-27016 CVE-2024-27024 CVE-2024-27079 CVE-2024-27403 CVE-2024-31076 CVE-2024-35897 CVE-2024-35902 CVE-2024-35945 CVE-2024-35971 CVE-2024-36009 CVE-2024-36013 CVE-2024-36270 CVE-2024-36286 CVE-2024-36489 CVE-2024-36929 CVE-2024-36933 CVE-2024-36936 CVE-2024-36962 CVE-2024-37353 CVE-2024-38538 CVE-2024-38554 CVE-2024-38596 CVE-2024-38602 CVE-2024-38632 CVE-2024-38662 CVE-2024-39489 CVE-2024-40905 CVE-2024-40910 CVE-2024-40973 CVE-2024-40978 CVE-2024-40980 CVE-2024-40983 CVE-2024-40995 CVE-2024-41000 CVE-2024-41007 CVE-2024-41009 CVE-2024-41011 CVE-2024-41016 CVE-2024-41020 CVE-2024-41022 CVE-2024-41035 CVE-2024-41036 CVE-2024-41038 CVE-2024-41039 CVE-2024-41042 CVE-2024-41045 CVE-2024-41056 CVE-2024-41060 CVE-2024-41062 CVE-2024-41062 CVE-2024-41065 CVE-2024-41068 CVE-2024-41073 CVE-2024-41079 CVE-2024-41080 CVE-2024-41082 CVE-2024-41087 CVE-2024-41088 CVE-2024-41089 CVE-2024-41092 CVE-2024-41093 CVE-2024-41095 CVE-2024-41097 CVE-2024-41098 CVE-2024-42069 CVE-2024-42074 CVE-2024-42076 CVE-2024-42077 CVE-2024-42080 CVE-2024-42082 CVE-2024-42085 CVE-2024-42086 CVE-2024-42087 CVE-2024-42089 CVE-2024-42090 CVE-2024-42092 CVE-2024-42095 CVE-2024-42097 CVE-2024-42098 CVE-2024-42101 CVE-2024-42104 CVE-2024-42106 CVE-2024-42107 CVE-2024-42110 CVE-2024-42114 CVE-2024-42115 CVE-2024-42119 CVE-2024-42120 CVE-2024-42121 CVE-2024-42126 CVE-2024-42127 CVE-2024-42130 CVE-2024-42137 CVE-2024-42139 CVE-2024-42142 CVE-2024-42143 CVE-2024-42148 CVE-2024-42152 CVE-2024-42154 CVE-2024-42155 CVE-2024-42156 CVE-2024-42157 CVE-2024-42158 CVE-2024-42162 CVE-2024-42223 CVE-2024-42225 CVE-2024-42228 CVE-2024-42229 CVE-2024-42230 CVE-2024-42232 CVE-2024-42236 CVE-2024-42237 CVE-2024-42238 CVE-2024-42239 CVE-2024-42240 CVE-2024-42244 CVE-2024-42246 CVE-2024-42247 CVE-2024-42259 CVE-2024-42265 CVE-2024-42268 CVE-2024-42271 CVE-2024-42274 CVE-2024-42276 CVE-2024-42277 CVE-2024-42280 CVE-2024-42281 CVE-2024-42283 CVE-2024-42284 CVE-2024-42285 CVE-2024-42286 CVE-2024-42287 CVE-2024-42288 CVE-2024-42289 CVE-2024-42291 CVE-2024-42292 CVE-2024-42295 CVE-2024-42301 CVE-2024-42302 CVE-2024-42304 CVE-2024-42305 CVE-2024-42306 CVE-2024-42308 CVE-2024-42309 CVE-2024-42310 CVE-2024-42311 CVE-2024-42312 CVE-2024-42313 CVE-2024-42315 CVE-2024-42318 CVE-2024-42319 CVE-2024-42320 CVE-2024-42322 CVE-2024-43816 CVE-2024-43818 CVE-2024-43819 CVE-2024-43821 CVE-2024-43823 CVE-2024-43828 CVE-2024-43829 CVE-2024-43830 CVE-2024-43831 CVE-2024-43834 CVE-2024-43835 CVE-2024-43837 CVE-2024-43839 CVE-2024-43841 CVE-2024-43842 CVE-2024-43846 CVE-2024-43849 CVE-2024-43853 CVE-2024-43854 CVE-2024-43856 CVE-2024-43858 CVE-2024-43860 CVE-2024-43861 CVE-2024-43863 CVE-2024-43866 CVE-2024-43867 CVE-2024-43871 CVE-2024-43872 CVE-2024-43873 CVE-2024-43879 CVE-2024-43880 CVE-2024-43882 CVE-2024-43883 CVE-2024-43884 CVE-2024-43889 CVE-2024-43890 CVE-2024-43892 CVE-2024-43893 CVE-2024-43894 CVE-2024-43895 CVE-2024-43898 CVE-2024-43899 CVE-2024-43900 CVE-2024-43902 CVE-2024-43903 CVE-2024-43904 CVE-2024-43905 CVE-2024-43907 CVE-2024-43908 CVE-2024-43909 CVE-2024-43912 CVE-2024-43914 CVE-2024-44935 CVE-2024-44938 CVE-2024-44939 CVE-2024-44944 CVE-2024-44946 CVE-2024-44947 CVE-2024-44948 CVE-2024-44950 CVE-2024-44952 CVE-2024-44954 CVE-2024-44967 CVE-2024-44969 CVE-2024-44970 CVE-2024-44971 CVE-2024-44972 CVE-2024-44977 CVE-2024-44982 CVE-2024-44986 CVE-2024-44987 CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44998 CVE-2024-44999 CVE-2024-45000 CVE-2024-45001 CVE-2024-45003 CVE-2024-45006 CVE-2024-45007 CVE-2024-45008 CVE-2024-45011 CVE-2024-45013 CVE-2024-45015 CVE-2024-45018 CVE-2024-45020 CVE-2024-45021 CVE-2024-45026 CVE-2024-45028 CVE-2024-45029 CVE-2024-45817 CVE-2024-46673 CVE-2024-46674 CVE-2024-46675 CVE-2024-46676 CVE-2024-46677 CVE-2024-46679 CVE-2024-46685 CVE-2024-46686 CVE-2024-46689 CVE-2024-46694 CVE-2024-46702 CVE-2024-46707 CVE-2024-46714 CVE-2024-46715 CVE-2024-46717 CVE-2024-46720 CVE-2024-46721 CVE-2024-46722 CVE-2024-46723 CVE-2024-46724 CVE-2024-46725 CVE-2024-46726 CVE-2024-46727 CVE-2024-46728 CVE-2024-46730 CVE-2024-46731 CVE-2024-46732 CVE-2024-46737 CVE-2024-46738 CVE-2024-46739 CVE-2024-46743 CVE-2024-46744 CVE-2024-46745 CVE-2024-46746 CVE-2024-46747 CVE-2024-46750 CVE-2024-46751 CVE-2024-46752 CVE-2024-46753 CVE-2024-46755 CVE-2024-46756 CVE-2024-46758 CVE-2024-46759 CVE-2024-46761 CVE-2024-46771 CVE-2024-46772 CVE-2024-46773 CVE-2024-46774 CVE-2024-46778 CVE-2024-46780 CVE-2024-46781 CVE-2024-46783 CVE-2024-46784 CVE-2024-46786 CVE-2024-46787 CVE-2024-46791 CVE-2024-46794 CVE-2024-46798 CVE-2024-46822 CVE-2024-46830 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container suse-sles-15-sp5-chost-byos-v20241011-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3233-1 Released: Fri Sep 13 08:48:54 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1217761,1228866 This update for grub2 fixes the following issues: - Support powerpc net boot installation when secure boot is enabled (bsc#1217761, bsc#1228866) - Improved check for disk device when looking for PReP partition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3237-1 Released: Fri Sep 13 11:49:56 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3315-1 Released: Wed Sep 18 16:26:56 2024 Summary: Recommended update for cpupower Type: recommended Severity: moderate References: 1221765 This update for cpupower fixes the following issue: - Fix uncore frequency file string (bsc#1221765). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3328-1 Released: Thu Sep 19 09:37:09 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1229014,1230229 This update for suseconnect-ng fixes the following issue: - Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3420-1 Released: Tue Sep 24 16:13:23 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3421-1 Released: Tue Sep 24 17:25:05 2024 Summary: Security update for xen Type: security Severity: moderate References: 1230366,CVE-2024-45817 This update for xen fixes the following issues: - CVE-2024-45817: Fixed a deadlock in vlapic_error (XSA-462, bsc#1230366) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3451-1 Released: Thu Sep 26 09:10:50 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1227216 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3477-1 Released: Fri Sep 27 15:22:22 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3483-1 Released: Fri Sep 27 17:11:54 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1193629,1194111,1194765,1194869,1196261,1196516,1196894,1198017,1203329,1203330,1203360,1205462,1206006,1206258,1206843,1207158,1208783,1210644,1213580,1213632,1214285,1216834,1220428,1220877,1220962,1221269,1221326,1221630,1221645,1222335,1222350,1222372,1222387,1222634,1222808,1222967,1223074,1223191,1223508,1223720,1223742,1223777,1223803,1223807,1224105,1224415,1224496,1224510,1224542,1224578,1224639,1225162,1225352,1225428,1225524,1225578,1225582,1225773,1225814,1225827,1225832,1225903,1226168,1226530,1226613,1226742,1226765,1226798,1226801,1226874,1226885,1227079,1227623,1227761,1227830,1227863,1227867,1227929,1227937,1227958,1228020,1228065,1228114,1228410,1228426,1228427,1228429,1228446,1228447,1228449,1228450,1228452,1228456,1228463,1228466,1228467,1228469,1228480,1228481,1228482,1228483,1228484,1228485,1228487,1228489,1228491,1228493,1228494,1228495,1228496,1228501,1228503,1228509,1228513,1228515,1228516,1228526,1228531,1228563,1228564,1228567,1228576,1228579,1 228584,1228588,1228590,1228615,1228616,1228635,1228636,1228654,1228656,1228658,1228660,1228662,1228667,1228673,1228677,1228687,1228706,1228708,1228710,1228718,1228720,1228721,1228722,1228724,1228726,1228727,1228733,1228748,1228766,1228779,1228801,1228850,1228857,1228959,1228964,1228966,1228967,1228979,1228988,1228989,1228991,1228992,1229042,1229054,1229086,1229136,1229154,1229187,1229188,1229190,1229287,1229290,1229292,1229296,1229297,1229301,1229303,1229304,1229305,1229307,1229309,1229312,1229314,1229315,1229317,1229318,1229319,1229327,1229341,1229345,1229346,1229347,1229349,1229350,1229351,1229354,1229356,1229357,1229358,1229359,1229360,1229366,1229370,1229373,1229374,1229381,1229382,1229383,1229386,1229388,1229391,1229392,1229395,1229398,1229399,1229400,1229407,1229409,1229410,1229411,1229413,1229414,1229417,1229418,1229444,1229453,1229454,1229481,1229482,1229488,1229489,1229490,1229493,1229495,1229497,1229500,1229503,1229506,1229507,1229508,1229509,1229510,1229512,1229516,122952 1,1229522,1229523,1229524,1229525,1229526,1229527,1229528,1229529,1229531,1229533,1229535,1229536,1229537,1229540,1229544,1229545,1229546,1229547,1229548,1229554,1229557,1229558,1229559,1229560,1229562,1229564,1229565,1229566,1229568,1229569,1229572,1229573,1229576,1229581,1229588,1229598,1229603,1229604,1229605,1229608,1229611,1229612,1229613,1229614,1229615,1229616,1229617,1229620,1229622,1229623,1229624,1229625,1229626,1229628,1229629,1229630,1229631,1229632,1229635,1229636,1229637,1229638,1229639,1229641,1229642,1229643,1229645,1229657,1229658,1229662,1229664,1229707,1229739,1229743,1229746,1229754,1229755,1229756,1229759,1229761,1229767,1229768,1229781,1229784,1229787,1229788,1229789,1229792,1229820,1230413,CVE-2021-4204,CVE-2021-4441,CVE-2021-47106,CVE-2021-47517,CVE-2021-47546,CVE-2022-0500,CVE-2022-23222,CVE-2022-38457,CVE-2022-40133,CVE-2022-4382,CVE-2022-48645,CVE-2022-48706,CVE-2022-48808,CVE-2022-48865,CVE-2022-48868,CVE-2022-48869,CVE-2022-48870,CVE-2022-48871,CVE-2022- 48872,CVE-2022-48873,CVE-2022-48875,CVE-2022-48878,CVE-2022-48880,CVE-2022-48881,CVE-2022-48882,CVE-2022-48883,CVE-2022-48884,CVE-2022-48885,CVE-2022-48886,CVE-2022-48887,CVE-2022-48888,CVE-2022-48889,CVE-2022-48890,CVE-2022-48891,CVE-2022-48893,CVE-2022-48896,CVE-2022-48898,CVE-2022-48899,CVE-2022-48903,CVE-2022-48904,CVE-2022-48905,CVE-2022-48906,CVE-2022-48907,CVE-2022-48909,CVE-2022-48910,CVE-2022-48912,CVE-2022-48913,CVE-2022-48914,CVE-2022-48915,CVE-2022-48916,CVE-2022-48917,CVE-2022-48918,CVE-2022-48919,CVE-2022-48920,CVE-2022-48921,CVE-2022-48923,CVE-2022-48924,CVE-2022-48925,CVE-2022-48926,CVE-2022-48927,CVE-2022-48928,CVE-2022-48929,CVE-2022-48930,CVE-2022-48931,CVE-2022-48932,CVE-2022-48934,CVE-2022-48937,CVE-2022-48938,CVE-2022-48939,CVE-2022-48940,CVE-2022-48941,CVE-2022-48942,CVE-2022-48943,CVE-2023-3610,CVE-2023-52458,CVE-2023-52489,CVE-2023-52498,CVE-2023-52581,CVE-2023-52859,CVE-2023-52887,CVE-2023-52889,CVE-2023-52893,CVE-2023-52894,CVE-2023-52896,CVE-2023-52898,CV E-2023-52899,CVE-2023-52900,CVE-2023-52901,CVE-2023-52904,CVE-2023-52905,CVE-2023-52906,CVE-2023-52907,CVE-2023-52908,CVE-2023-52909,CVE-2023-52910,CVE-2023-52911,CVE-2023-52912,CVE-2023-52913,CVE-2024-26631,CVE-2024-26668,CVE-2024-26669,CVE-2024-26677,CVE-2024-26735,CVE-2024-26808,CVE-2024-26812,CVE-2024-26835,CVE-2024-26851,CVE-2024-27010,CVE-2024-27011,CVE-2024-27016,CVE-2024-27024,CVE-2024-27079,CVE-2024-27403,CVE-2024-31076,CVE-2024-35897,CVE-2024-35902,CVE-2024-35945,CVE-2024-35971,CVE-2024-36009,CVE-2024-36013,CVE-2024-36270,CVE-2024-36286,CVE-2024-36489,CVE-2024-36929,CVE-2024-36933,CVE-2024-36936,CVE-2024-36962,CVE-2024-38554,CVE-2024-38602,CVE-2024-38662,CVE-2024-39489,CVE-2024-40905,CVE-2024-40978,CVE-2024-40980,CVE-2024-40995,CVE-2024-41000,CVE-2024-41007,CVE-2024-41009,CVE-2024-41011,CVE-2024-41016,CVE-2024-41020,CVE-2024-41022,CVE-2024-41035,CVE-2024-41036,CVE-2024-41038,CVE-2024-41039,CVE-2024-41042,CVE-2024-41045,CVE-2024-41056,CVE-2024-41060,CVE-2024-41062,CVE-2024- 41065,CVE-2024-41068,CVE-2024-41073,CVE-2024-41079,CVE-2024-41080,CVE-2024-41087,CVE-2024-41088,CVE-2024-41089,CVE-2024-41092,CVE-2024-41093,CVE-2024-41095,CVE-2024-41097,CVE-2024-41098,CVE-2024-42069,CVE-2024-42074,CVE-2024-42076,CVE-2024-42077,CVE-2024-42080,CVE-2024-42082,CVE-2024-42085,CVE-2024-42086,CVE-2024-42087,CVE-2024-42089,CVE-2024-42090,CVE-2024-42092,CVE-2024-42095,CVE-2024-42097,CVE-2024-42098,CVE-2024-42101,CVE-2024-42104,CVE-2024-42106,CVE-2024-42107,CVE-2024-42110,CVE-2024-42114,CVE-2024-42115,CVE-2024-42119,CVE-2024-42120,CVE-2024-42121,CVE-2024-42126,CVE-2024-42127,CVE-2024-42130,CVE-2024-42137,CVE-2024-42139,CVE-2024-42142,CVE-2024-42143,CVE-2024-42148,CVE-2024-42152,CVE-2024-42155,CVE-2024-42156,CVE-2024-42157,CVE-2024-42158,CVE-2024-42162,CVE-2024-42223,CVE-2024-42225,CVE-2024-42228,CVE-2024-42229,CVE-2024-42230,CVE-2024-42232,CVE-2024-42236,CVE-2024-42237,CVE-2024-42238,CVE-2024-42239,CVE-2024-42240,CVE-2024-42244,CVE-2024-42246,CVE-2024-42247,CVE-2024-42268,C VE-2024-42271,CVE-2024-42274,CVE-2024-42276,CVE-2024-42277,CVE-2024-42280,CVE-2024-42281,CVE-2024-42283,CVE-2024-42284,CVE-2024-42285,CVE-2024-42286,CVE-2024-42287,CVE-2024-42288,CVE-2024-42289,CVE-2024-42291,CVE-2024-42292,CVE-2024-42295,CVE-2024-42301,CVE-2024-42302,CVE-2024-42308,CVE-2024-42309,CVE-2024-42310,CVE-2024-42311,CVE-2024-42312,CVE-2024-42313,CVE-2024-42315,CVE-2024-42318,CVE-2024-42319,CVE-2024-42320,CVE-2024-42322,CVE-2024-43816,CVE-2024-43818,CVE-2024-43819,CVE-2024-43821,CVE-2024-43823,CVE-2024-43829,CVE-2024-43830,CVE-2024-43831,CVE-2024-43834,CVE-2024-43837,CVE-2024-43839,CVE-2024-43841,CVE-2024-43842,CVE-2024-43846,CVE-2024-43849,CVE-2024-43853,CVE-2024-43854,CVE-2024-43856,CVE-2024-43858,CVE-2024-43860,CVE-2024-43861,CVE-2024-43863,CVE-2024-43866,CVE-2024-43867,CVE-2024-43871,CVE-2024-43872,CVE-2024-43873,CVE-2024-43879,CVE-2024-43880,CVE-2024-43882,CVE-2024-43883,CVE-2024-43884,CVE-2024-43889,CVE-2024-43892,CVE-2024-43893,CVE-2024-43894,CVE-2024-43895,CVE-2024 -43899,CVE-2024-43900,CVE-2024-43902,CVE-2024-43903,CVE-2024-43904,CVE-2024-43905,CVE-2024-43907,CVE-2024-43908,CVE-2024-43909,CVE-2024-44938,CVE-2024-44939,CVE-2024-44947 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454). - CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773). - CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524). - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707). - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500). - CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (bsc#1226798) - CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326). - CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759). - CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315). - CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756). - CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792). - CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820). - CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466). - CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409). - CVE-2024-43902: Add null checker before passing variables (bsc#1229767). - CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768) - CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481). - CVE-2024-43884: Add error handling to pair_device() (bsc#1229739) - CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754). - CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658). - CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495). - CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808). - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641) - CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720). - CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605) - CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733). - CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722). - CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function (bsc#1229569). - CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720). - CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630). - CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488) - CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761) - CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623) - CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962) - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428). - CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874) - CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427). - CVE-2024-27079: Fix NULL domain on device release (bsc#1223742). - CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510). - CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415). - CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803). - CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes). - CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335). - CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967). - CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-27016: Validate pppoe header (bsc#1223807). - CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639). - CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877). - CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578). - CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297). - CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374). - CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391). - CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314) - CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801) - CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074) - CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes). - CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number') (bsc#1222387) - CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542) - CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582). - CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388) - CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382) - CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383) - CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357) - CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345) - CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347) - CVE-2024-42308: Update DRM patch reference (bsc#1229411) - CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407). - CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351). - CVE-2024-26669: Fix chain template offload (bsc#1222350). - CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,). - CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508). - CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863). - CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832). - CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370). - CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350). - CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319). - CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309). - CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307). - CVE-2024-43841: Do not use strlen() in const context (bsc#1229304). - CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301). - CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469). - CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386). - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400) - CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616). - CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989). - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959) - CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372). - CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493). - CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885). - CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501). - CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988). - CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065). - CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269). - CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579). - CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958). - CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446). - CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929). - CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494). - CVE-2024-42139: Fix improper extts handling (bsc#1228503). - CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487). - CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491). - CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706). - CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482). - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667). - CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830). - CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (git-fixes CVE-2024-38602 bsc#1226613). - CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742). - CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814). - CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777). The following non-security bugs were fixed: - Indicate support for IRQ ResourceSource thru _OSC (git-fixes). - Indicate support for the Generic Event Device thru _OSC (git-fixes). - Rework system-level device notification handling (git-fixes). - Drop nocrt parameter (git-fixes). - x86: s2 Post-increment variables when getting constraints (git-fixes). - Do not cross .backup mountpoint from backup volume (git-fixes). - Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes). - line6: Fix racy access to midibuf (stable-fixes). - Relax start tick time check for slave timer elements (git-fixes). - Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes). - Re-add ScratchAmp quirk entries (git-fixes). - Support Yamaha P-125 quirk entry (stable-fixes). - Fix UBSAN warning in parse_audio_unit() (stable-fixes). - arm64: initialize all values of acpi_early_node_map to (git-fixes) - arm64: initialize all values of acpi_early_node_map to (git-fixes) - arm64: Add Neoverse-V2 part (git-fixes) - arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes) - arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes) - arm64: Restore spec_bar() macro (git-fixes) - arm64: Add missing .field_width for GIC system registers (git-fixes) - arm64: Fix the visibility of compat hwcaps (git-fixes) - arm64: Force HWCAP to be based on the sysreg visible to (git-fixes) - arm64: Add Cortex-A720 definitions (git-fixes) - arm64: Add Cortex-A725 definitions (git-fixes) - arm64: Add Cortex-X1C definitions (git-fixes) - arm64: Add Cortex-X3 definitions (git-fixes) - arm64: Add Cortex-X4 definitions (git-fixes) - arm64: Add Cortex-X925 definitions (git-fixes) - arm64: Add Neoverse-V3 definitions (git-fixes) - arm64: Increase VOP clk rate on RK3328 (git-fixes) - arm64: Increase VOP clk rate on RK3328 (git-fixes) - arm64: Expand speculative SSBS workaround (again) (git-fixes) - arm64: Expand speculative SSBS workaround (git-fixes) - arm64: Unify speculative SSBS errata logic (git-fixes) Also update default configuration. - arm64: Fix KASAN random tag seed initialization (git-fixes) - arm64: Fix KASAN random tag seed initialization (git-fixes) - wcd938 Correct Soundwire ports mask (git-fixes). - wsa881 Correct Soundwire ports mask (git-fixes). - fix irq scheduling issue with PREEMPT_RT (git-fixes). - Introduce async_schedule_dev_nocall() (bsc#1221269). - Split async_schedule_node_domain() (bsc#1221269). - Fix usage of __hci_cmd_sync_status (git-fixes). - hci_ Fix not handling hibernation actions (git-fixes). - l2 always unlock channel in l2cap_conless_channel() (git-fixes). - L2 Fix deadlock (git-fixes). - Fix a kernel verifier crash in stacksafe() (bsc#1225903). - remove unused declaring of bpf_kprobe_override (git-fixes). - fix leak of qgroup extent records after transaction abort (git-fixes). - make btrfs_destroy_delayed_refs() return void (git-fixes). - remove unnecessary prototype declarations at disk-io.c (git-fixes). - update fs features directory asynchronously (bsc#1226168). - propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229418). - issue a cap release immediately if no cap exists (bsc#1225162). - periodically flush the cap releases (bsc#1225162). - Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - cpuidle, Evaluate LPI arch_flags for broadcast timer (git-fixes). - Fix register ID of SPSR_FIQ (git-fixes). - add missing MODULE_DESCRIPTION() macros (stable-fixes). - Add labels for both Valve Steam Deck revisions (stable-fixes). - Add quirk for Aya Neo KUN (stable-fixes). - Add quirk for Lenovo Yoga Tab 3 X90F (stable-fixes). - Add quirk for Nanote UMPC-01 (stable-fixes). - Add quirk for OrangePi Neo (stable-fixes). - drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored (stable-fixes). - Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes). - avoid using null object of framebuffer (git-fixes). - Fix && vs || typos (git-fixes). - Skip Recompute DSC Params if no Stream on Link (stable-fixes). - Validate hw_points_num before using it (stable-fixes). - Fix the null pointer dereference for vega10_hwmgr (stable-fixes). - Actually check flags for all context ops (stable-fixes). - Add lock around VF RLCG interface (stable-fixes). - fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes). - Fix the null pointer dereference to ras_manager (stable-fixes). - Validate TA binary size (stable-fixes). - drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes). - Fix the null pointer dereference for smu7 (stable-fixes). - Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes). - Fix the param type of set_power_profile_mode (stable-fixes). - analogix_ properly handle zero sized AUX transactions (stable-fixes). - tc358768: Attempt to fix DSI horizontal timings (stable-fixes). - fix null pointer dereference in drm_client_modeset_probe (git-fixes). - drm/dp_ Skip CSN if topology probing is not done yet (stable-fixes). - set gp bus_stop bit before hard reset (stable-fixes). - reset the link phy params before link training (git-fixes). - cleanup FB if dpu_format_populate_layout fails (git-fixes). - do not play tricks with debug macros (git-fixes). - Zero-initialize iosys_map (stable-fixes). - fix inode->i_blocks for non-512 byte sector size device (git-fixes). - fix potential deadlock on __exfat_get_dentry_set (git-fixes). - redefine DIR_DELETED as the bad cluster number (git-fixes). - support dynamic allocate bh for exfat_entry_set_cache (git-fixes). - fs/netfs/fscache_ add missing 'n_accesses' check (bsc#1229453). - Initialize beyond-EOF page contents before setting uptodate (bsc#1229454). - Add might_sleep() to disable_irq() (git-fixes). - Always limit the affinity to online CPUs (git-fixes). - Do not return error on missing optional irq_request_resources() (git-fixes). - Take the proposed affinity at face value if force==true (git-fixes). - genirq/cpuhotplug, x86 Prevent vector leak during CPU offline (git-fixes). - genirq/generic_ Make irq_remove_generic_chip() irqdomain aware (git-fixes). - Fix NULL pointer deref in irq_data_get_affinity_mask() (git-fixes). - Do not try to remove non-existing sysfs files (git-fixes). - Exclude managed interrupts in irq_matrix_allocated() (git-fixes). - Shutdown managed interrupts with unsatifiable affinities (git-fixes). - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes). - fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes). - i2 Improve handling of stuck alerts (git-fixes). - i2 Send alert notifications to all devices if source not found (git-fixes). - Convert comma to semicolon (git-fixes). - ip6_ Fix broken GRO (bsc#1229444). - ipv6: fix incorrect unregister order (git-fixes). - Drop bogus fwspec-mapping error handling (git-fixes). - Fix association race (git-fixes). - Fix disassociation race (git-fixes). - Fix domain registration race (git-fixes). - Fix mapping-creation race (git-fixes). - Fixed unbalanced fwnode get and put (git-fixes). - Look for existing mapping only once (git-fixes). - Refactor __irq_domain_alloc_irqs() (git-fixes). - Report irq number for NOMAP domains (git-fixes). - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413). - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413). - kernel/irq/irqdomain. fix memory leak with using debugfs_lookup() (git-fixes). - Fix to check symbol prefixes correctly (git-fixes). - move from strlcpy with unused retval to strscpy (git-fixes). - protect concurrent access to mem_cgroup_idr (git-fixes). - mm, fix infinite recursion due to RCU critical section (git-fixes). - prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - dw_ allow biu and ciu clocks to defer (git-fixes). - mmc_ Fix NULL dereference on allocation failure (git-fixes). - ks8851: Fix another TX stall caused by wrong ISR flag handling (git-fixes). - ks8851: Fix deadlock with the SPI chip variant (git-fixes). - ks8851: Fix potential TX stall after interface reopen (git-fixes). - ks8851: Fix TX stall caused by TX buffer overrun (gix-fixes). - Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530). - Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154). - Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes). - Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086). - remove two BUG() from skb_checksum_help() (bsc#1229312). - qmi_ fix memory leak for not ip packets (git-fixes). - fix possible cp null dereference (git-fixes). - initialize noop_qdisc owner (git-fixes). - pn533: Add poll mod list filling check (git-fixes). - expose /proc/net/sunrpc/nfs in net namespaces (git-fixes). - make the rpc_stat per net namespace (git-fixes). - add posix ACLs to struct nfsd_attrs (git-fixes). - add security label to struct nfsd_attrs (git-fixes). - fix regression with setting ACLs (git-fixes). - Fix strncpy() fortify warning (git-fixes). - Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes). - introduce struct nfsd_attrs (git-fixes). - move from strlcpy with unused retval to strscpy (git-fixes). - Optimize DRC bucket pruning (git-fixes). - return error if nfs4_setacl fails (git-fixes). - set attributes when creating symlinks (git-fixes). - use locks_inode_context helper (git-fixes). - nilfs2: Remove check for PageError (git-fixes). - nvme_ scan namespaces asynchronously (bsc#1224105). - ocfs2: use coarse time for new created files (git-fixes). - Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes). - perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes). - platform/x86 Add support for ACPI based probing (jsc#PED-8779). - platform/x86 Cache pci_dev in struct hsmp_socket (jsc#PED-8779). - platform/x86 Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779). - platform/x86 Check HSMP support on AMD family of processors (jsc#PED-8779). - platform/x86 Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779). - platform/x86 Create static func to handle platdev (jsc#PED-8779). - platform/x86 Define a struct to hold mailbox regs (jsc#PED-8779). - platform/x86 Move dev from platdev to hsmp_socket (jsc#PED-8779). - platform/x86 Move hsmp_test to probe (jsc#PED-8779). - platform/x86 Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779). - platform/x86 Remove extra parenthesis and add a space (jsc#PED-8779). - platform/x86 Restructure sysfs group creation (jsc#PED-8779). - platform/x86 switch to use device_add_groups() (jsc#PED-8779). - axp288_ Fix constant_charge_voltage writes (git-fixes). - axp288_ Round constant_charge_voltage writes down (git-fixes). - Fail build if using recordmcount with binutils v2.37 (bsc#1194869). - Mark .opd section read-only (bsc#1194869). - use generic version of arch_is_kernel_initmem_freed() (bsc#1194869). - xor_ Add '-mhard-float' to CFLAGS (bsc#1194869). - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869). - Avoid clang null pointer arithmetic warnings (bsc#1194869). - powerpc/kexec_ fix cpus node update to FDT (bsc#1194869). - make the update_cpus_node() function public (bsc#1194869). - split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869). - Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869). - Whitelist dtl slub object for copying to userspace (bsc#1194869). - Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869). - Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869). - RDMA/mana_ Use virtual address in dma regions for MRs (git-fixes). - Fix incomplete state save in rxe_requester (git-fixes) - Fix rxe_modify_srq (git-fixes) - Handle zero length rdma (git-fixes) - Move work queue code to subroutines (git-fixes) - s390 get rid of register asm (git-fixes bsc#1227079 bsc#1229187). - s390 Make use of invalid opcode produce a link error (git-fixes bsc#1227079). - s390 Split and rework cpacf query functions (git-fixes bsc#1229187). - s390 fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229190). - s390 fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229573). - s390 Prevent release of buffer in I/O (git-fixes bsc#1229572). - s390 Panic for set and remove shared access UVC errors (git-fixes bsc#1229188). - Fix scldiv calculation (git-fixes). - add a struct rpc_stats arg to rpc_create_args (git-fixes). - Fix a race to wake a sync task (git-fixes). - fix swiotlb_bounce() to do partial sync's correctly (git-fixes). - fix compat_sys_io_pgetevents_time64 usage (git-fixes). - Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes). - add check for crypto_shash_tfm_digest (git-fixes). - dbg_orphan_ Fix missed key type checking (git-fixes). - Fix adding orphan entry twice for the same inode (git-fixes). - Fix unattached xattr inode if powercut happens after deleting (git-fixes). - fix potential memory leak in vfio_intx_enable() (git-fixes). - fix wgds rev 3 exact size (git-fixes). - duplicate static structs used in driver instances (git-fixes). - x86 drop the duplicate APM_MINOR_DEV macro (git-fixes). - x86 Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes). - x86 Fix pti_clone_entry_text() for i386 (git-fixes). - x86 Check if fixed MTRRs exist before saving them (git-fixes). - x86 Work around false positive kmemleak report in msr_build_context() (git-fixes). - Fix missing interval for missing_owner in xfs fsmap (git-fixes). - Fix the owner setting issue for rmap query in xfs fsmap (git-fixes). - use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes). - Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes). - Fix rpcrdma_reqs_reset() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3487-1 Released: Fri Sep 27 19:56:02 2024 Summary: Recommended update for logrotate Type: recommended Severity: moderate References: This update for logrotate fixes the following issues: - Backport 'ignoreduplicates' configuration flag (jsc#PED-10366) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3521-1 Released: Fri Oct 4 09:29:43 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1230110,1230330 This update for dracut fixes the following issue: - Version update, check for presence of legacy rules (bsc#1230330). - Version update, handle all possible options in `rd.dasd` (bsc#1230110). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3530-1 Released: Fri Oct 4 15:43:33 2024 Summary: Recommended update for libpcap Type: recommended Severity: moderate References: 1230894 This update for libpcap fixes the following issue: - enable rdma support (bsc#1230894). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3569-1 Released: Wed Oct 9 13:51:41 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1199769,1216223,1220382,1221610,1221650,1222629,1222973,1223600,1223848,1224085,1225903,1226003,1226606,1226662,1226666,1226846,1226860,1226875,1226915,1227487,1227726,1227819,1227832,1227890,1228507,1228576,1228620,1228771,1229031,1229034,1229086,1229156,1229289,1229334,1229362,1229363,1229364,1229394,1229429,1229453,1229572,1229573,1229585,1229607,1229619,1229633,1229662,1229753,1229764,1229790,1229810,1229830,1229899,1229928,1229947,1230015,1230129,1230130,1230170,1230171,1230174,1230175,1230176,1230178,1230180,1230185,1230192,1230193,1230194,1230200,1230204,1230209,1230211,1230212,1230217,1230224,1230230,1230233,1230244,1230245,1230247,1230248,1230269,1230339,1230340,1230392,1230398,1230431,1230433,1230434,1230440,1230442,1230444,1230450,1230451,1230454,1230506,1230507,1230511,1230515,1230517,1230524,1230533,1230535,1230549,1230556,1230582,1230589,1230591,1230592,1230699,1230700,1230701,1230702,1230703,1230705,1230706,1230707,1230709,1230710,1230711,1230712,1230719,1 230724,1230725,1230730,1230731,1230732,1230733,1230747,1230748,1230751,1230752,1230756,1230761,1230766,1230767,1230768,1230771,1230772,1230776,1230783,1230786,1230791,1230794,1230796,1230802,1230806,1230808,1230810,1230812,1230813,1230814,1230815,1230821,1230825,1230830,1231013,1231017,1231116,1231120,1231146,1231180,1231181,CVE-2022-48901,CVE-2022-48911,CVE-2022-48923,CVE-2022-48935,CVE-2022-48944,CVE-2022-48945,CVE-2023-52610,CVE-2023-52916,CVE-2024-26640,CVE-2024-26759,CVE-2024-26767,CVE-2024-26804,CVE-2024-26837,CVE-2024-37353,CVE-2024-38538,CVE-2024-38596,CVE-2024-38632,CVE-2024-40910,CVE-2024-40973,CVE-2024-40983,CVE-2024-41062,CVE-2024-41082,CVE-2024-42154,CVE-2024-42259,CVE-2024-42265,CVE-2024-42304,CVE-2024-42305,CVE-2024-42306,CVE-2024-43828,CVE-2024-43835,CVE-2024-43890,CVE-2024-43898,CVE-2024-43912,CVE-2024-43914,CVE-2024-44935,CVE-2024-44944,CVE-2024-44946,CVE-2024-44948,CVE-2024-44950,CVE-2024-44952,CVE-2024-44954,CVE-2024-44967,CVE-2024-44969,CVE-2024-44970,CVE-2024-4 4971,CVE-2024-44972,CVE-2024-44977,CVE-2024-44982,CVE-2024-44986,CVE-2024-44987,CVE-2024-44988,CVE-2024-44989,CVE-2024-44990,CVE-2024-44998,CVE-2024-44999,CVE-2024-45000,CVE-2024-45001,CVE-2024-45003,CVE-2024-45006,CVE-2024-45007,CVE-2024-45008,CVE-2024-45011,CVE-2024-45013,CVE-2024-45015,CVE-2024-45018,CVE-2024-45020,CVE-2024-45021,CVE-2024-45026,CVE-2024-45028,CVE-2024-45029,CVE-2024-46673,CVE-2024-46674,CVE-2024-46675,CVE-2024-46676,CVE-2024-46677,CVE-2024-46679,CVE-2024-46685,CVE-2024-46686,CVE-2024-46689,CVE-2024-46694,CVE-2024-46702,CVE-2024-46707,CVE-2024-46714,CVE-2024-46715,CVE-2024-46717,CVE-2024-46720,CVE-2024-46721,CVE-2024-46722,CVE-2024-46723,CVE-2024-46724,CVE-2024-46725,CVE-2024-46726,CVE-2024-46727,CVE-2024-46728,CVE-2024-46730,CVE-2024-46731,CVE-2024-46732,CVE-2024-46737,CVE-2024-46738,CVE-2024-46739,CVE-2024-46743,CVE-2024-46744,CVE-2024-46745,CVE-2024-46746,CVE-2024-46747,CVE-2024-46750,CVE-2024-46751,CVE-2024-46752,CVE-2024-46753,CVE-2024-46755,CVE-2024-46756,CV E-2024-46758,CVE-2024-46759,CVE-2024-46761,CVE-2024-46771,CVE-2024-46772,CVE-2024-46773,CVE-2024-46774,CVE-2024-46778,CVE-2024-46780,CVE-2024-46781,CVE-2024-46783,CVE-2024-46784,CVE-2024-46786,CVE-2024-46787,CVE-2024-46791,CVE-2024-46794,CVE-2024-46798,CVE-2024-46822,CVE-2024-46830 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48901: btrfs: do not start relocation until in progress drops are done (bsc#1229607). - CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). - CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662) - CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619) - CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610). - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). - CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650). - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). - CVE-2024-26767: drm/amd/display: fixed integer types and null check locations (bsc#1230339). - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). - CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973). - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875). - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). - CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832). - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082). - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). - CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156) - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364). - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). - CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394). - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). - CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830) - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). - CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810). - CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). - CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178). - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). - CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230) - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). - CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175). - CVE-2024-45008: Input: MT - limit max slots (bsc#1230248). - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). - CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444) - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). - CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507). - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). - CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515) - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). - CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524) - CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589) - CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (bsc#1230582). - CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700). - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). - CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710) - CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703) - CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701) - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). - CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772). - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). - CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (bsc#1231116). The following non-security bugs were fixed: - ACPI: battery: create alarm sysfs attribute atomically (git-fixes). - ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git-fixes). - ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes). - ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). - ACPI: SBS: manage alarm sysfs attribute through psy core (git-fixes). - ACPI: sysfs: validate return type of _STR method (git-fixes). - af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846). - af_unix: Fix data races around sk->sk_shutdown (bsc#1226846). - af_unix: Fix data-races around sk->sk_shutdown (git-fixes). - ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes). - ALSA: hda/conexant: Mute speakers at suspend / shutdown (stable-fixes). - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (stable-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes). - apparmor: fix possible NULL pointer dereference (stable-fixes). - arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). - arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes). - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes). - arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). - arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) - arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) - arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) - arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) - arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes). - ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). - ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes). - ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes). - ASoC: tegra: Fix CBB error during probe() (git-fixes). - ASoC: topology: Properly initialize soc_enum values (stable-fixes). - ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). - ata: pata_macio: Use WARN instead of BUG (stable-fixes). - blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). - blk-mq: add number of queue calc helper (bsc#1229034). - blk-mq: Build default queue map via group_cpus_evenly() (bsc#1229031). - blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). - blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1229034). - blk-mq: use hk cpus only when isolcpus=io_queue is enabled (bsc#1229034). - Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). - Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). - Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes). - Bluetooth: L2CAP: Fix deadlock (git-fixes). - Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes). - cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231181). - cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231013). - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). - can: bcm: Remove proc entry when dev is unregistered (git-fixes). - can: j1939: use correct function name in comment (git-fixes). - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes). - ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231180). - char: xillybus: Check USB endpoints when probing device (git-fixes). - clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes). - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes). - clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes). - cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). - crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). - crypto: virtio - Handle dataq logic with tasklet (git-fixes). - crypto: virtio - Wait for tasklet to complete on device remove (git-fixes). - crypto: xor - fix template benchmarking (git-fixes). - devres: Initialize an uninitialized struct member (stable-fixes). - driver core: Add debug logs when fwnode links are added/deleted (git-fixes). - driver core: Add missing parameter description to __fwnode_link_add() (git-fixes). - driver core: Create __fwnode_link_del() helper function (git-fixes). - driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle (git-fixes). - driver core: fw_devlink: Consolidate device link flag computation (git-fixes). - driver core: Set deferred probe reason when deferred by driver core (git-fixes). - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). - Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). - drm/amd/amdgpu: Check tbo resource pointer (stable-fixes). - drm/amd/amdgpu: Properly tune the size of struct (git-fixes). - drm/amd/display: Add array index check for hdcp ddc access (stable-fixes). - drm/amd/display: added NULL check at start of dc_validate_stream (stable-fixes). - drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes). - drm/amd/display: Check denominator pbn_div before used (stable-fixes). - drm/amd/display: Check gpio_id before used as array index (stable-fixes). - drm/amd/display: Check HDCP returned status (stable-fixes). - drm/amd/display: Check msg_id before processing transcation (stable-fixes). - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes). - drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes). - drm/amd/display: Ensure index calculation will not overflow (stable-fixes). - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes). - drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes). - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable-fixes). - drm/amd/display: Spinlock before reading event (stable-fixes). - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes). - drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). - drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes). - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). - drm/amdgpu: fix a possible null pointer dereference (git-fixes). - drm/amdgpu: fix dereference after null check (stable-fixes). - drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes). - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes). - drm/amdgpu: Fix out-of-bounds write warning (stable-fixes). - drm/amdgpu: fix overflowed array index read warning (stable-fixes). - drm/amdgpu: Fix smatch static checker warning (stable-fixes). - drm/amdgpu: fix the waring dereferencing hive (stable-fixes). - drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes). - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable-fixes). - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes). - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes). - drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). - drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes). - drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes). - drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes). - drm/amd/pm: check negtive return for table entries (stable-fixes). - drm/amd/pm: check specific index for aldebaran (stable-fixes). - drm/amd/pm: Fix negative array index read (stable-fixes). - drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes). - drm/amd/pm: fix uninitialized variable warning (stable-fixes). - drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable-fixes). - drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). - drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes). - drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes). - drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git-fixes). - drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). - drm/meson: plane: Add error handling (stable-fixes). - drm/msm/a5xx: disable preemption in submits by default (git-fixes). - drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). - drm/msm/a5xx: properly clear preemption records on resume (git-fixes). - drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). - drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). - drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444) - drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). - drm/msm: fix %s null argument error (git-fixes). - drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes). - drm/radeon: fix null pointer dereference in radeon_add_common_modes (git-fixes). - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes). - drm/rockchip: vop: Allow 4096px width scaling (git-fixes). - drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). - exfat: fix memory leak in exfat_load_bitmap() (git-fixes). - fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). - filemap: remove use of wait bookmarks (bsc#1224085). - firmware_loader: Block path traversal (git-fixes). - fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230592). - fuse: update stats for pages in dropped aux writeback list (bsc#1230130). - fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230129). - genirq/affinity: Do not pass irq_affinity_desc array to irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Move group_cpus_evenly() into lib/ (bsc#1229031). - genirq/affinity: Only build SMP-only helper functions on SMP kernels (bsc#1229031). - genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly (bsc#1229031). - genirq/affinity: Replace cpumask_weight() with cpumask_empty() where appropriate (bsc#1229031). - gfs2: setattr_chown: Add missing initialization (git-fixes). - HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable-fixes). - hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). - hwmon: (ntc_thermistor) fix module autoloading (git-fixes). - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). - hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git-fixes). - hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git-fixes). - hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). - i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes). - i2c: Fix conditional for substituting empty ACPI functions (stable-fixes). - i2c: isch: Add missed 'else' (git-fixes). - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes). - i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes). - IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) - IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git-fixes) - iio: adc: ad7124: fix chip ID mismatch (git-fixes). - iio: adc: ad7124: fix config comparison (git-fixes). - iio: adc: ad7606: fix oversampling gpio array (git-fixes). - iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes). - iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes). - iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes). - iio: fix scale application in iio_convert_raw_to_processed_unlocked (git-fixes). - iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). - Input: ilitek_ts_i2c - add report id message validation (git-fixes). - Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). - Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - Input: uinput - reject requests with unreasonable number of slots (stable-fixes). - ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). - ipmi:ssif: Improve detecting during probing (bsc#1228771) - ipmi:ssif: Improve detecting during probing (bsc#1228771) - jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). - kabi: add __nf_queue_get_refs() for kabi compliance. - kABI, crypto: virtio - Handle dataq logic with tasklet (git-fixes). - kthread: Fix task state in kthread worker if being frozen (bsc#1231146). - lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1229031). - lib/group_cpus.c: honor housekeeping config when grouping CPUs (bsc#1229034). - lib/group_cpus: Export group_cpus_evenly() (bsc#1229031). - lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). - mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). - mailbox: rockchip: fix a typo in module autoloading (git-fixes). - media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269) - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). - media: qcom: camss: Fix ordering of pm_runtime_enable (git-fixes). - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes). - media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). - media: uvcvideo: Enforce alignment of frame and interval (stable-fixes). - media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). - media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). - media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). - media: vivid: fix wrong sizeimage value for mplane (stable-fixes). - mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes). - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes). - mmc: sdhci-of-aspeed: fix module autoloading (git-fixes). - mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). - mtd: slram: insert break after errors in parsing the map (git-fixes). - net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes). - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes). - net: missing check virtio (git-fixes). - net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). - nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH (bsc#1199769). - NFSD: Fix frame size warning in svc_export_parse() (git-fixes). - NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes). - NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726). - NFS: Reduce use of uncached readdir (bsc#1226662). - NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). - nilfs2: Constify struct kobj_type (git-fixes). - nilfs2: determine empty node blocks as corrupted (git-fixes). - nilfs2: fix missing cleanup on rollforward recovery error (git-fixes). - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). - nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). - nilfs2: fix state management in error path of log writing function (git-fixes). - nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes). - nilfs2: replace snprintf in show functions with sysfs_emit (git-fixes). - nilfs2: use default_groups in kobj_type (git-fixes). - nvme: move stopping keep-alive into nvme_uninit_ctrl() (git-fixes). - nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). - nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1229034). - nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). - nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). - nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). - nvmet-tcp: do not continue for invalid icreq (git-fixes). - nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). - nvmet-trace: avoid dereferencing pointer too early (git-fixes). - ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). - ocfs2: fix null-ptr-deref when journal load failed (git-fixes). - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). - PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). - PCI: al: Check IORESOURCE_BUS existence during probe (git-fixes). - PCI/ASPM: Move pci_function_0() upward (bsc#1226915) - PCI/ASPM: Remove struct aspm_latency (bsc#1226915) - PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915) - PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915) - PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). - PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). - PCI: dwc: Restore MSI Receiver mask during resume (git-fixes). - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes). - PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). - PCI: Support BAR sizes up to 8TB (bsc#1231017) - PCI: Wait for Link before restoring Downstream Buses (git-fixes). - PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). - PCI: xilinx-nwl: Fix register misspelling (git-fixes). - pcmcia: Use resource_size function on resource object (stable-fixes). - pinctrl: single: fix missing error code in pcs_probe() (git-fixes). - pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes). - PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). - platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes). - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes). - power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes). - power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). - power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). - power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). - RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) - RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) - RDMA/efa: Properly handle unexpected AQ completions (git-fixes) - RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) - RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) - RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) - RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes) - RDMA/hns: Optimize hem allocation performance (git-fixes) - RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes) - RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) - RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes) - RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes) - Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes). - Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (git-fixes). - Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (git-fixes). - Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (stable-fixes). - rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). - scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429). - scsi: lpfc: Copyright updates for 14.4.0.4 patches (bsc#1229429). - scsi: lpfc: Fix overflow build issue (bsc#1229429). - scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429). - scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429). - scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429). - scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429). - scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429). - scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429). - scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034). - scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). - scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). - scsi: use block layer helpers to calculate num of queues (bsc#1229034). - spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). - Squashfs: sanity check symbolic link size (git-fixes). - staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes). - thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes). - tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes). - tools/virtio: fix build (git-fixes). - tpm: Clean up TPM space after command failure (git-fixes). - tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). - tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). - udp: fix receiving fraglist GSO packets (git-fixes). - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes). - usb: cdnsp: Fix incorrect usb_request status (git-fixes). - USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). - usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). - usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). - usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes). - usb: dwc3: core: Skip setting event buffers for host only controllers (git-fixes). - usb: dwc3: core: update LC timer as per USB Spec V3.2 (git-fixes). - usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes). - usb: dwc3: omap: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes). - usbip: Do not submit special requests twice (stable-fixes). - usbnet: fix cyclical race on disconnect with work queue (git-fixes). - usbnet: ipheth: race between ipheth_close and error handling (git-fixes). - usbnet: modern method to get random MAC (git-fixes). - USB: serial: kobil_sct: restore initial terminal settings (git-fixes). - USB: serial: option: add MeiG Smart SRM825L (git-fixes). - usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes). - usb: uas: set host status byte on data completion error (git-fixes). - usb: uas: set host status byte on data completion error (stable-fixes). - USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). - usb: xhci: fix loss of data on Cadence xHC (git-fixes). - vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes). - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes). - virito: add APIs for retrieving vq affinity (bsc#1229034). - virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1229034). - virtio: blk/scs: replace blk_mq_virtio_map_queues with blk_mq_dev_map_queues (bsc#1229034). - virtiofs: forbid newlines in tags (bsc#1230591). - virtio_net: checksum offloading handling fix (git-fixes). - virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (git-fixes). - virtio_net: use u64_stats_t infra to avoid data-races (git-fixes). - virtio: reenable config if freezing device failed (git-fixes). - virtio/vsock: fix logic which reduces credit update messages (git-fixes). - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes). - vsock/virtio: add support for device suspend/resume (git-fixes). - vsock/virtio: factor our the code to initialize and delete VQs (git-fixes). - vsock/virtio: initialize the_virtio_vsock before using VQs (git-fixes). - vsock/virtio: remove socket from connected/bound list on shutdown (git-fixes). - watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes). - wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). - wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes). - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git-fixes). - wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes). - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). - wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). - wifi: rtw88: always wait for both firmware loading attempts (git-fixes). - wifi: rtw88: remove CPT execution branch never used (git-fixes). - wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). - x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). - x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). - x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). - x86/xen: Convert comma to semicolon (git-fixes). - xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). - xen: allow mapping ACPI data using a different physical address (bsc#1226003). - xen: introduce generic helper checking for memory map conflicts (bsc#1226003). - xen: move checks for e820 conflicts further up (bsc#1226003). - xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). - xen/swiotlb: add alignment check for dma buffers (bsc#1229928). - xen/swiotlb: fix allocated size (git-fixes). - xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). - xen: use correct end address of kernel for conflict checking (bsc#1226003). - xfs: do not include bnobt blocks when reserving free block pool (git-fixes). - xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git-fixes). - xz: cleanup CRC32 edits from 2018 (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3584-1 Released: Thu Oct 10 09:13:08 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1229555 This update for wicked fixes the following issue: - compat-suse: fix dummy interfaces configuration with `INTERFACETYPE=dummy` (bsc#1229555). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3593-1 Released: Thu Oct 10 18:43:13 2024 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1231229 This update for rsyslog fixes the following issue: - fix PreserveFQDN option before daemon is restarted (bsc#1231229) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3605-1 Released: Fri Oct 11 17:09:43 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1230840 This update for grub2 fixes the following issue: - Fix out of memory error in loading loopback file (bsc#1230840). The following package changes have been done: - bash-sh-4.4-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - cpupower-5.14-150500.9.6.2 updated - curl-8.0.1-150400.5.53.2 updated - dracut-055+suse.396.g701c6212-150500.3.29.2 updated - e2fsprogs-1.46.4-150400.3.9.2 updated - glibc-locale-base-2.31-150300.89.2 updated - glibc-locale-2.31-150300.89.2 updated - glibc-2.31-150300.89.2 updated - grub2-i386-pc-2.06-150500.29.34.2 updated - grub2-x86_64-efi-2.06-150500.29.34.2 updated - grub2-x86_64-xen-2.06-150500.29.34.2 updated - grub2-2.06-150500.29.34.2 updated - kernel-default-5.14.21-150500.55.83.1 updated - libblkid1-2.37.4-150500.9.17.2 updated - libcom_err2-1.46.4-150400.3.9.2 updated - libcpupower0-5.14-150500.9.6.2 updated - libcurl4-8.0.1-150400.5.53.2 updated - libext2fs2-1.46.4-150400.3.9.2 updated - libfdisk1-2.37.4-150500.9.17.2 updated - libmount1-2.37.4-150500.9.17.2 updated - libncurses6-6.1-150000.5.27.1 updated - libpcap1-1.10.1-150400.3.6.2 updated - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - libreadline7-7.0-150400.27.3.2 updated - libsmartcols1-2.37.4-150500.9.17.2 updated - libsolv-tools-base-0.7.30-150500.6.2.2 updated - libsolv-tools-0.7.30-150500.6.2.2 updated - libuuid1-2.37.4-150500.9.17.2 updated - libzypp-17.35.11-150500.6.18.3 updated - logrotate-3.18.1-150400.3.10.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - pam-config-1.1-150200.3.9.1 updated - python3-base-3.6.15-150300.10.72.1 updated - python3-3.6.15-150300.10.72.1 updated - rsyslog-module-relp-8.2306.0-150400.5.30.2 updated - rsyslog-8.2306.0-150400.5.30.2 updated - suseconnect-ng-1.12.0-150500.3.29.2 updated - terminfo-base-6.1-150000.5.27.1 updated - terminfo-6.1-150000.5.27.1 updated - util-linux-systemd-2.37.4-150500.9.17.2 updated - util-linux-2.37.4-150500.9.17.2 updated - wicked-service-0.6.76-150500.3.36.2 updated - wicked-0.6.76-150500.3.36.2 updated - xen-libs-4.17.5_04-150500.3.39.1 updated - xen-tools-domU-4.17.5_04-150500.3.39.1 updated - zypper-1.14.77-150500.6.11.3 updated From sle-container-updates at lists.suse.com Mon Oct 14 07:02:15 2024 From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com) Date: Mon, 14 Oct 2024 07:02:15 -0000 Subject: SUSE-IU-2024:1499-1: Security update of sles-15-sp5-chost-byos-v20241011-arm64 Message-ID: <20241014070213.902ADFCC1@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20241011-arm64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2024:1499-1 Image Tags : sles-15-sp5-chost-byos-v20241011-arm64:20241011 Image Release : Severity : important Type : security References : 1193629 1194111 1194765 1194869 1196261 1196516 1196894 1198017 1199769 1203329 1203330 1203360 1205462 1206006 1206258 1206843 1207158 1208783 1210644 1213580 1213632 1214285 1216223 1216834 1217761 1220382 1220428 1220877 1220962 1221269 1221326 1221610 1221630 1221645 1221650 1221765 1222335 1222350 1222372 1222387 1222629 1222634 1222808 1222967 1222973 1223074 1223191 1223508 1223600 1223720 1223742 1223777 1223803 1223807 1223848 1224085 1224105 1224415 1224496 1224510 1224542 1224578 1224639 1225162 1225352 1225428 1225524 1225578 1225582 1225773 1225814 1225827 1225832 1225903 1225903 1226003 1226168 1226530 1226606 1226613 1226662 1226666 1226742 1226765 1226798 1226801 1226846 1226860 1226874 1226875 1226885 1226915 1227079 1227216 1227233 1227378 1227487 1227623 1227726 1227761 1227807 1227819 1227830 1227832 1227863 1227867 1227890 1227929 1227937 1227958 1227999 1228020 1228065 1228114 1228410 1228426 1228427 1228429 1228446 1228447 1228449 1228450 1228452 1228456 1228463 1228466 1228467 1228469 1228480 1228481 1228482 1228483 1228484 1228485 1228487 1228489 1228491 1228493 1228494 1228495 1228496 1228501 1228503 1228507 1228509 1228513 1228515 1228516 1228526 1228531 1228563 1228564 1228567 1228576 1228576 1228579 1228584 1228588 1228590 1228615 1228616 1228620 1228635 1228636 1228647 1228654 1228656 1228658 1228660 1228661 1228662 1228667 1228673 1228677 1228687 1228706 1228708 1228710 1228718 1228720 1228721 1228722 1228724 1228726 1228727 1228733 1228748 1228766 1228771 1228779 1228780 1228801 1228850 1228857 1228866 1228959 1228964 1228966 1228967 1228979 1228988 1228989 1228991 1228992 1229014 1229028 1229031 1229034 1229042 1229054 1229086 1229086 1229136 1229154 1229156 1229187 1229188 1229190 1229287 1229289 1229290 1229292 1229296 1229297 1229301 1229303 1229304 1229305 1229307 1229309 1229312 1229314 1229315 1229317 1229318 1229319 1229327 1229334 1229341 1229345 1229346 1229347 1229349 1229350 1229351 1229354 1229356 1229357 1229358 1229359 1229360 1229362 1229363 1229364 1229366 1229370 1229373 1229374 1229381 1229382 1229383 1229386 1229388 1229391 1229392 1229394 1229395 1229398 1229399 1229400 1229407 1229409 1229410 1229411 1229413 1229414 1229417 1229418 1229429 1229444 1229453 1229453 1229454 1229476 1229481 1229482 1229488 1229489 1229490 1229493 1229495 1229497 1229500 1229503 1229506 1229507 1229508 1229509 1229510 1229512 1229516 1229521 1229522 1229523 1229524 1229525 1229526 1229527 1229528 1229529 1229531 1229533 1229535 1229536 1229537 1229540 1229544 1229545 1229546 1229547 1229548 1229554 1229555 1229557 1229558 1229559 1229560 1229562 1229564 1229565 1229566 1229568 1229569 1229572 1229572 1229573 1229573 1229576 1229581 1229585 1229588 1229596 1229598 1229603 1229604 1229605 1229607 1229608 1229611 1229612 1229613 1229614 1229615 1229616 1229617 1229619 1229620 1229622 1229623 1229624 1229625 1229626 1229628 1229629 1229630 1229631 1229632 1229633 1229635 1229636 1229637 1229638 1229639 1229641 1229642 1229643 1229645 1229657 1229658 1229662 1229662 1229664 1229707 1229739 1229743 1229746 1229753 1229754 1229755 1229756 1229759 1229761 1229764 1229767 1229768 1229781 1229784 1229787 1229788 1229789 1229790 1229792 1229810 1229820 1229830 1229899 1229928 1229947 1230015 1230110 1230129 1230130 1230145 1230170 1230171 1230174 1230175 1230176 1230178 1230180 1230185 1230192 1230193 1230194 1230200 1230204 1230209 1230211 1230212 1230217 1230224 1230227 1230229 1230230 1230233 1230244 1230245 1230247 1230248 1230267 1230269 1230330 1230339 1230340 1230366 1230392 1230398 1230413 1230431 1230433 1230434 1230440 1230442 1230444 1230450 1230451 1230454 1230506 1230507 1230511 1230515 1230516 1230517 1230524 1230533 1230535 1230549 1230556 1230582 1230589 1230591 1230592 1230699 1230700 1230701 1230702 1230703 1230705 1230706 1230707 1230709 1230710 1230711 1230712 1230719 1230724 1230725 1230730 1230731 1230732 1230733 1230747 1230748 1230751 1230752 1230756 1230761 1230766 1230767 1230768 1230771 1230772 1230776 1230783 1230786 1230791 1230794 1230796 1230802 1230806 1230808 1230810 1230812 1230813 1230814 1230815 1230821 1230825 1230830 1230840 1230894 1231013 1231017 1231116 1231120 1231146 1231180 1231181 1231229 CVE-2021-4204 CVE-2021-4441 CVE-2021-47106 CVE-2021-47517 CVE-2021-47546 CVE-2022-0500 CVE-2022-23222 CVE-2022-38457 CVE-2022-40133 CVE-2022-4382 CVE-2022-48645 CVE-2022-48706 CVE-2022-48808 CVE-2022-48865 CVE-2022-48868 CVE-2022-48869 CVE-2022-48870 CVE-2022-48871 CVE-2022-48872 CVE-2022-48873 CVE-2022-48875 CVE-2022-48878 CVE-2022-48880 CVE-2022-48881 CVE-2022-48882 CVE-2022-48883 CVE-2022-48884 CVE-2022-48885 CVE-2022-48886 CVE-2022-48887 CVE-2022-48888 CVE-2022-48889 CVE-2022-48890 CVE-2022-48891 CVE-2022-48893 CVE-2022-48896 CVE-2022-48898 CVE-2022-48899 CVE-2022-48901 CVE-2022-48903 CVE-2022-48904 CVE-2022-48905 CVE-2022-48906 CVE-2022-48907 CVE-2022-48909 CVE-2022-48910 CVE-2022-48911 CVE-2022-48912 CVE-2022-48913 CVE-2022-48914 CVE-2022-48915 CVE-2022-48916 CVE-2022-48917 CVE-2022-48918 CVE-2022-48919 CVE-2022-48920 CVE-2022-48921 CVE-2022-48923 CVE-2022-48923 CVE-2022-48924 CVE-2022-48925 CVE-2022-48926 CVE-2022-48927 CVE-2022-48928 CVE-2022-48929 CVE-2022-48930 CVE-2022-48931 CVE-2022-48932 CVE-2022-48934 CVE-2022-48935 CVE-2022-48937 CVE-2022-48938 CVE-2022-48939 CVE-2022-48940 CVE-2022-48941 CVE-2022-48942 CVE-2022-48943 CVE-2022-48944 CVE-2022-48945 CVE-2023-3610 CVE-2023-52458 CVE-2023-52489 CVE-2023-52498 CVE-2023-52581 CVE-2023-52610 CVE-2023-52859 CVE-2023-52887 CVE-2023-52889 CVE-2023-52893 CVE-2023-52894 CVE-2023-52896 CVE-2023-52898 CVE-2023-52899 CVE-2023-52900 CVE-2023-52901 CVE-2023-52904 CVE-2023-52905 CVE-2023-52906 CVE-2023-52907 CVE-2023-52908 CVE-2023-52909 CVE-2023-52910 CVE-2023-52911 CVE-2023-52912 CVE-2023-52913 CVE-2023-52916 CVE-2024-26631 CVE-2024-26640 CVE-2024-26668 CVE-2024-26669 CVE-2024-26677 CVE-2024-26735 CVE-2024-26759 CVE-2024-26767 CVE-2024-26804 CVE-2024-26808 CVE-2024-26812 CVE-2024-26835 CVE-2024-26837 CVE-2024-26851 CVE-2024-27010 CVE-2024-27011 CVE-2024-27016 CVE-2024-27024 CVE-2024-27079 CVE-2024-27403 CVE-2024-31076 CVE-2024-35897 CVE-2024-35902 CVE-2024-35945 CVE-2024-35971 CVE-2024-36009 CVE-2024-36013 CVE-2024-36270 CVE-2024-36286 CVE-2024-36489 CVE-2024-36929 CVE-2024-36933 CVE-2024-36936 CVE-2024-36962 CVE-2024-37353 CVE-2024-38538 CVE-2024-38554 CVE-2024-38596 CVE-2024-38602 CVE-2024-38632 CVE-2024-38662 CVE-2024-39489 CVE-2024-40905 CVE-2024-40910 CVE-2024-40973 CVE-2024-40978 CVE-2024-40980 CVE-2024-40983 CVE-2024-40995 CVE-2024-41000 CVE-2024-41007 CVE-2024-41009 CVE-2024-41011 CVE-2024-41016 CVE-2024-41020 CVE-2024-41022 CVE-2024-41035 CVE-2024-41036 CVE-2024-41038 CVE-2024-41039 CVE-2024-41042 CVE-2024-41045 CVE-2024-41056 CVE-2024-41060 CVE-2024-41062 CVE-2024-41062 CVE-2024-41065 CVE-2024-41068 CVE-2024-41073 CVE-2024-41079 CVE-2024-41080 CVE-2024-41082 CVE-2024-41087 CVE-2024-41088 CVE-2024-41089 CVE-2024-41092 CVE-2024-41093 CVE-2024-41095 CVE-2024-41097 CVE-2024-41098 CVE-2024-42069 CVE-2024-42074 CVE-2024-42076 CVE-2024-42077 CVE-2024-42080 CVE-2024-42082 CVE-2024-42085 CVE-2024-42086 CVE-2024-42087 CVE-2024-42089 CVE-2024-42090 CVE-2024-42092 CVE-2024-42095 CVE-2024-42097 CVE-2024-42098 CVE-2024-42101 CVE-2024-42104 CVE-2024-42106 CVE-2024-42107 CVE-2024-42110 CVE-2024-42114 CVE-2024-42115 CVE-2024-42119 CVE-2024-42120 CVE-2024-42121 CVE-2024-42126 CVE-2024-42127 CVE-2024-42130 CVE-2024-42137 CVE-2024-42139 CVE-2024-42142 CVE-2024-42143 CVE-2024-42148 CVE-2024-42152 CVE-2024-42154 CVE-2024-42155 CVE-2024-42156 CVE-2024-42157 CVE-2024-42158 CVE-2024-42162 CVE-2024-42223 CVE-2024-42225 CVE-2024-42228 CVE-2024-42229 CVE-2024-42230 CVE-2024-42232 CVE-2024-42236 CVE-2024-42237 CVE-2024-42238 CVE-2024-42239 CVE-2024-42240 CVE-2024-42244 CVE-2024-42246 CVE-2024-42247 CVE-2024-42259 CVE-2024-42265 CVE-2024-42268 CVE-2024-42271 CVE-2024-42274 CVE-2024-42276 CVE-2024-42277 CVE-2024-42280 CVE-2024-42281 CVE-2024-42283 CVE-2024-42284 CVE-2024-42285 CVE-2024-42286 CVE-2024-42287 CVE-2024-42288 CVE-2024-42289 CVE-2024-42291 CVE-2024-42292 CVE-2024-42295 CVE-2024-42301 CVE-2024-42302 CVE-2024-42304 CVE-2024-42305 CVE-2024-42306 CVE-2024-42308 CVE-2024-42309 CVE-2024-42310 CVE-2024-42311 CVE-2024-42312 CVE-2024-42313 CVE-2024-42315 CVE-2024-42318 CVE-2024-42319 CVE-2024-42320 CVE-2024-42322 CVE-2024-43816 CVE-2024-43818 CVE-2024-43819 CVE-2024-43821 CVE-2024-43823 CVE-2024-43828 CVE-2024-43829 CVE-2024-43830 CVE-2024-43831 CVE-2024-43834 CVE-2024-43835 CVE-2024-43837 CVE-2024-43839 CVE-2024-43841 CVE-2024-43842 CVE-2024-43846 CVE-2024-43849 CVE-2024-43853 CVE-2024-43854 CVE-2024-43856 CVE-2024-43858 CVE-2024-43860 CVE-2024-43861 CVE-2024-43863 CVE-2024-43866 CVE-2024-43867 CVE-2024-43871 CVE-2024-43872 CVE-2024-43873 CVE-2024-43879 CVE-2024-43880 CVE-2024-43882 CVE-2024-43883 CVE-2024-43884 CVE-2024-43889 CVE-2024-43890 CVE-2024-43892 CVE-2024-43893 CVE-2024-43894 CVE-2024-43895 CVE-2024-43898 CVE-2024-43899 CVE-2024-43900 CVE-2024-43902 CVE-2024-43903 CVE-2024-43904 CVE-2024-43905 CVE-2024-43907 CVE-2024-43908 CVE-2024-43909 CVE-2024-43912 CVE-2024-43914 CVE-2024-44935 CVE-2024-44938 CVE-2024-44939 CVE-2024-44944 CVE-2024-44946 CVE-2024-44947 CVE-2024-44948 CVE-2024-44950 CVE-2024-44952 CVE-2024-44954 CVE-2024-44967 CVE-2024-44969 CVE-2024-44970 CVE-2024-44971 CVE-2024-44972 CVE-2024-44977 CVE-2024-44982 CVE-2024-44986 CVE-2024-44987 CVE-2024-44988 CVE-2024-44989 CVE-2024-44990 CVE-2024-44998 CVE-2024-44999 CVE-2024-45000 CVE-2024-45001 CVE-2024-45003 CVE-2024-45006 CVE-2024-45007 CVE-2024-45008 CVE-2024-45011 CVE-2024-45013 CVE-2024-45015 CVE-2024-45018 CVE-2024-45020 CVE-2024-45021 CVE-2024-45026 CVE-2024-45028 CVE-2024-45029 CVE-2024-45817 CVE-2024-46673 CVE-2024-46674 CVE-2024-46675 CVE-2024-46676 CVE-2024-46677 CVE-2024-46679 CVE-2024-46685 CVE-2024-46686 CVE-2024-46689 CVE-2024-46694 CVE-2024-46702 CVE-2024-46707 CVE-2024-46714 CVE-2024-46715 CVE-2024-46717 CVE-2024-46720 CVE-2024-46721 CVE-2024-46722 CVE-2024-46723 CVE-2024-46724 CVE-2024-46725 CVE-2024-46726 CVE-2024-46727 CVE-2024-46728 CVE-2024-46730 CVE-2024-46731 CVE-2024-46732 CVE-2024-46737 CVE-2024-46738 CVE-2024-46739 CVE-2024-46743 CVE-2024-46744 CVE-2024-46745 CVE-2024-46746 CVE-2024-46747 CVE-2024-46750 CVE-2024-46751 CVE-2024-46752 CVE-2024-46753 CVE-2024-46755 CVE-2024-46756 CVE-2024-46758 CVE-2024-46759 CVE-2024-46761 CVE-2024-46771 CVE-2024-46772 CVE-2024-46773 CVE-2024-46774 CVE-2024-46778 CVE-2024-46780 CVE-2024-46781 CVE-2024-46783 CVE-2024-46784 CVE-2024-46786 CVE-2024-46787 CVE-2024-46791 CVE-2024-46794 CVE-2024-46798 CVE-2024-46822 CVE-2024-46830 CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 ----------------------------------------------------------------- The container sles-15-sp5-chost-byos-v20241011-arm64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3233-1 Released: Fri Sep 13 08:48:54 2024 Summary: Recommended update for grub2 Type: recommended Severity: important References: 1217761,1228866 This update for grub2 fixes the following issues: - Support powerpc net boot installation when secure boot is enabled (bsc#1217761, bsc#1228866) - Improved check for disk device when looking for PReP partition ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3237-1 Released: Fri Sep 13 11:49:56 2024 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1229476 This update for util-linux fixes the following issue: - Skip aarch64 decode path for rest of the architectures (bsc#1229476). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3300-1 Released: Wed Sep 18 14:27:53 2024 Summary: Recommended update for ncurses Type: recommended Severity: moderate References: 1229028 This update for ncurses fixes the following issues: - Allow the terminal description based on static fallback entries to be freed (bsc#1229028) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3315-1 Released: Wed Sep 18 16:26:56 2024 Summary: Recommended update for cpupower Type: recommended Severity: moderate References: 1221765 This update for cpupower fixes the following issue: - Fix uncore frequency file string (bsc#1221765). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3328-1 Released: Thu Sep 19 09:37:09 2024 Summary: Recommended update for suseconnect-ng Type: recommended Severity: important References: 1229014,1230229 This update for suseconnect-ng fixes the following issue: - Set the filesystem root on zypper when given (bsc#1230229,bsc#1229014) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3420-1 Released: Tue Sep 24 16:13:23 2024 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1228647,1230267 This update for libzypp, zypper fixes the following issues: - API refactoring. Prevent zypper from using now private libzypp symbols (bsc#1230267) - single_rpmtrans: fix installation of .src.rpms (bsc#1228647) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3421-1 Released: Tue Sep 24 17:25:05 2024 Summary: Security update for xen Type: security Severity: moderate References: 1230366,CVE-2024-45817 This update for xen fixes the following issues: - CVE-2024-45817: Fixed a deadlock in vlapic_error (XSA-462, bsc#1230366) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3451-1 Released: Thu Sep 26 09:10:50 2024 Summary: Recommended update for pam-config Type: recommended Severity: moderate References: 1227216 This update for pam-config fixes the following issues: - Improved check for existence of modules (bsc#1227216) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3470-1 Released: Fri Sep 27 14:34:46 2024 Summary: Security update for python3 Type: security Severity: important References: 1227233,1227378,1227999,1228780,1229596,1230227,CVE-2024-5642,CVE-2024-6232,CVE-2024-6923,CVE-2024-7592 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3477-1 Released: Fri Sep 27 15:22:22 2024 Summary: Recommended update for curl Type: recommended Severity: moderate References: 1230516 This update for curl fixes the following issue: - Make special characters in URL work with aws-sigv4 (bsc#1230516). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3483-1 Released: Fri Sep 27 17:11:54 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1193629,1194111,1194765,1194869,1196261,1196516,1196894,1198017,1203329,1203330,1203360,1205462,1206006,1206258,1206843,1207158,1208783,1210644,1213580,1213632,1214285,1216834,1220428,1220877,1220962,1221269,1221326,1221630,1221645,1222335,1222350,1222372,1222387,1222634,1222808,1222967,1223074,1223191,1223508,1223720,1223742,1223777,1223803,1223807,1224105,1224415,1224496,1224510,1224542,1224578,1224639,1225162,1225352,1225428,1225524,1225578,1225582,1225773,1225814,1225827,1225832,1225903,1226168,1226530,1226613,1226742,1226765,1226798,1226801,1226874,1226885,1227079,1227623,1227761,1227830,1227863,1227867,1227929,1227937,1227958,1228020,1228065,1228114,1228410,1228426,1228427,1228429,1228446,1228447,1228449,1228450,1228452,1228456,1228463,1228466,1228467,1228469,1228480,1228481,1228482,1228483,1228484,1228485,1228487,1228489,1228491,1228493,1228494,1228495,1228496,1228501,1228503,1228509,1228513,1228515,1228516,1228526,1228531,1228563,1228564,1228567,1228576,1228579,1 228584,1228588,1228590,1228615,1228616,1228635,1228636,1228654,1228656,1228658,1228660,1228662,1228667,1228673,1228677,1228687,1228706,1228708,1228710,1228718,1228720,1228721,1228722,1228724,1228726,1228727,1228733,1228748,1228766,1228779,1228801,1228850,1228857,1228959,1228964,1228966,1228967,1228979,1228988,1228989,1228991,1228992,1229042,1229054,1229086,1229136,1229154,1229187,1229188,1229190,1229287,1229290,1229292,1229296,1229297,1229301,1229303,1229304,1229305,1229307,1229309,1229312,1229314,1229315,1229317,1229318,1229319,1229327,1229341,1229345,1229346,1229347,1229349,1229350,1229351,1229354,1229356,1229357,1229358,1229359,1229360,1229366,1229370,1229373,1229374,1229381,1229382,1229383,1229386,1229388,1229391,1229392,1229395,1229398,1229399,1229400,1229407,1229409,1229410,1229411,1229413,1229414,1229417,1229418,1229444,1229453,1229454,1229481,1229482,1229488,1229489,1229490,1229493,1229495,1229497,1229500,1229503,1229506,1229507,1229508,1229509,1229510,1229512,1229516,122952 1,1229522,1229523,1229524,1229525,1229526,1229527,1229528,1229529,1229531,1229533,1229535,1229536,1229537,1229540,1229544,1229545,1229546,1229547,1229548,1229554,1229557,1229558,1229559,1229560,1229562,1229564,1229565,1229566,1229568,1229569,1229572,1229573,1229576,1229581,1229588,1229598,1229603,1229604,1229605,1229608,1229611,1229612,1229613,1229614,1229615,1229616,1229617,1229620,1229622,1229623,1229624,1229625,1229626,1229628,1229629,1229630,1229631,1229632,1229635,1229636,1229637,1229638,1229639,1229641,1229642,1229643,1229645,1229657,1229658,1229662,1229664,1229707,1229739,1229743,1229746,1229754,1229755,1229756,1229759,1229761,1229767,1229768,1229781,1229784,1229787,1229788,1229789,1229792,1229820,1230413,CVE-2021-4204,CVE-2021-4441,CVE-2021-47106,CVE-2021-47517,CVE-2021-47546,CVE-2022-0500,CVE-2022-23222,CVE-2022-38457,CVE-2022-40133,CVE-2022-4382,CVE-2022-48645,CVE-2022-48706,CVE-2022-48808,CVE-2022-48865,CVE-2022-48868,CVE-2022-48869,CVE-2022-48870,CVE-2022-48871,CVE-2022- 48872,CVE-2022-48873,CVE-2022-48875,CVE-2022-48878,CVE-2022-48880,CVE-2022-48881,CVE-2022-48882,CVE-2022-48883,CVE-2022-48884,CVE-2022-48885,CVE-2022-48886,CVE-2022-48887,CVE-2022-48888,CVE-2022-48889,CVE-2022-48890,CVE-2022-48891,CVE-2022-48893,CVE-2022-48896,CVE-2022-48898,CVE-2022-48899,CVE-2022-48903,CVE-2022-48904,CVE-2022-48905,CVE-2022-48906,CVE-2022-48907,CVE-2022-48909,CVE-2022-48910,CVE-2022-48912,CVE-2022-48913,CVE-2022-48914,CVE-2022-48915,CVE-2022-48916,CVE-2022-48917,CVE-2022-48918,CVE-2022-48919,CVE-2022-48920,CVE-2022-48921,CVE-2022-48923,CVE-2022-48924,CVE-2022-48925,CVE-2022-48926,CVE-2022-48927,CVE-2022-48928,CVE-2022-48929,CVE-2022-48930,CVE-2022-48931,CVE-2022-48932,CVE-2022-48934,CVE-2022-48937,CVE-2022-48938,CVE-2022-48939,CVE-2022-48940,CVE-2022-48941,CVE-2022-48942,CVE-2022-48943,CVE-2023-3610,CVE-2023-52458,CVE-2023-52489,CVE-2023-52498,CVE-2023-52581,CVE-2023-52859,CVE-2023-52887,CVE-2023-52889,CVE-2023-52893,CVE-2023-52894,CVE-2023-52896,CVE-2023-52898,CV E-2023-52899,CVE-2023-52900,CVE-2023-52901,CVE-2023-52904,CVE-2023-52905,CVE-2023-52906,CVE-2023-52907,CVE-2023-52908,CVE-2023-52909,CVE-2023-52910,CVE-2023-52911,CVE-2023-52912,CVE-2023-52913,CVE-2024-26631,CVE-2024-26668,CVE-2024-26669,CVE-2024-26677,CVE-2024-26735,CVE-2024-26808,CVE-2024-26812,CVE-2024-26835,CVE-2024-26851,CVE-2024-27010,CVE-2024-27011,CVE-2024-27016,CVE-2024-27024,CVE-2024-27079,CVE-2024-27403,CVE-2024-31076,CVE-2024-35897,CVE-2024-35902,CVE-2024-35945,CVE-2024-35971,CVE-2024-36009,CVE-2024-36013,CVE-2024-36270,CVE-2024-36286,CVE-2024-36489,CVE-2024-36929,CVE-2024-36933,CVE-2024-36936,CVE-2024-36962,CVE-2024-38554,CVE-2024-38602,CVE-2024-38662,CVE-2024-39489,CVE-2024-40905,CVE-2024-40978,CVE-2024-40980,CVE-2024-40995,CVE-2024-41000,CVE-2024-41007,CVE-2024-41009,CVE-2024-41011,CVE-2024-41016,CVE-2024-41020,CVE-2024-41022,CVE-2024-41035,CVE-2024-41036,CVE-2024-41038,CVE-2024-41039,CVE-2024-41042,CVE-2024-41045,CVE-2024-41056,CVE-2024-41060,CVE-2024-41062,CVE-2024- 41065,CVE-2024-41068,CVE-2024-41073,CVE-2024-41079,CVE-2024-41080,CVE-2024-41087,CVE-2024-41088,CVE-2024-41089,CVE-2024-41092,CVE-2024-41093,CVE-2024-41095,CVE-2024-41097,CVE-2024-41098,CVE-2024-42069,CVE-2024-42074,CVE-2024-42076,CVE-2024-42077,CVE-2024-42080,CVE-2024-42082,CVE-2024-42085,CVE-2024-42086,CVE-2024-42087,CVE-2024-42089,CVE-2024-42090,CVE-2024-42092,CVE-2024-42095,CVE-2024-42097,CVE-2024-42098,CVE-2024-42101,CVE-2024-42104,CVE-2024-42106,CVE-2024-42107,CVE-2024-42110,CVE-2024-42114,CVE-2024-42115,CVE-2024-42119,CVE-2024-42120,CVE-2024-42121,CVE-2024-42126,CVE-2024-42127,CVE-2024-42130,CVE-2024-42137,CVE-2024-42139,CVE-2024-42142,CVE-2024-42143,CVE-2024-42148,CVE-2024-42152,CVE-2024-42155,CVE-2024-42156,CVE-2024-42157,CVE-2024-42158,CVE-2024-42162,CVE-2024-42223,CVE-2024-42225,CVE-2024-42228,CVE-2024-42229,CVE-2024-42230,CVE-2024-42232,CVE-2024-42236,CVE-2024-42237,CVE-2024-42238,CVE-2024-42239,CVE-2024-42240,CVE-2024-42244,CVE-2024-42246,CVE-2024-42247,CVE-2024-42268,C VE-2024-42271,CVE-2024-42274,CVE-2024-42276,CVE-2024-42277,CVE-2024-42280,CVE-2024-42281,CVE-2024-42283,CVE-2024-42284,CVE-2024-42285,CVE-2024-42286,CVE-2024-42287,CVE-2024-42288,CVE-2024-42289,CVE-2024-42291,CVE-2024-42292,CVE-2024-42295,CVE-2024-42301,CVE-2024-42302,CVE-2024-42308,CVE-2024-42309,CVE-2024-42310,CVE-2024-42311,CVE-2024-42312,CVE-2024-42313,CVE-2024-42315,CVE-2024-42318,CVE-2024-42319,CVE-2024-42320,CVE-2024-42322,CVE-2024-43816,CVE-2024-43818,CVE-2024-43819,CVE-2024-43821,CVE-2024-43823,CVE-2024-43829,CVE-2024-43830,CVE-2024-43831,CVE-2024-43834,CVE-2024-43837,CVE-2024-43839,CVE-2024-43841,CVE-2024-43842,CVE-2024-43846,CVE-2024-43849,CVE-2024-43853,CVE-2024-43854,CVE-2024-43856,CVE-2024-43858,CVE-2024-43860,CVE-2024-43861,CVE-2024-43863,CVE-2024-43866,CVE-2024-43867,CVE-2024-43871,CVE-2024-43872,CVE-2024-43873,CVE-2024-43879,CVE-2024-43880,CVE-2024-43882,CVE-2024-43883,CVE-2024-43884,CVE-2024-43889,CVE-2024-43892,CVE-2024-43893,CVE-2024-43894,CVE-2024-43895,CVE-2024 -43899,CVE-2024-43900,CVE-2024-43902,CVE-2024-43903,CVE-2024-43904,CVE-2024-43905,CVE-2024-43907,CVE-2024-43908,CVE-2024-43909,CVE-2024-44938,CVE-2024-44939,CVE-2024-44947 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-44947: Initialize beyond-EOF page contents before setting uptodate (bsc#1229454). - CVE-2024-36936: Touch soft lockup during memory accept (bsc#1225773). - CVE-2022-48706: Do proper cleanup if IFCVF init fails (bsc#1225524). - CVE-2024-43883: Do not drop references before new references are gained (bsc#1229707). - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2024-43861: Fix memory leak for not ip packets (bsc#1229500). - CVE-2024-36270: Fix reference in patches.suse/netfilter-tproxy-bail-out-if-IP-has-been-disabled-on.patch (bsc#1226798) - CVE-2023-52489: Fix race in accessing memory_section->usage (bsc#1221326). - CVE-2024-43893: Check uartclk for zero to avoid divide by zero (bsc#1229759). - CVE-2024-43821: Fix a possible null pointer dereference (bsc#1229315). - CVE-2024-43900: Avoid use-after-free in load_firmware_cb() (bsc#1229756). - CVE-2024-44938: Fix shift-out-of-bounds in dbDiscardAG (bsc#1229792). - CVE-2024-44939: Fix null ptr deref in dtInsertEntry (bsc#1229820). - CVE-2024-41087: Fix double free on error (CVE-2024-41087,bsc#1228466). - CVE-2024-42277: Avoid NULL deref in sprd_iommu_hw_en (bsc#1229409). - CVE-2024-43902: Add null checker before passing variables (bsc#1229767). - CVE-2024-43904: Add null checks for 'stream' and 'plane' before dereferencing (bsc#1229768) - CVE-2024-43880: Put back removed metod in struct objagg_ops (bsc#1229481). - CVE-2024-43884: Add error handling to pair_device() (bsc#1229739) - CVE-2024-43899: Fix null pointer deref in dcn20_resource.c (bsc#1229754). - CVE-2022-48920: Get rid of warning on transaction commit when using flushoncommit (bsc#1229658). - CVE-2023-52906: Fix warning during failed attribute validation (bsc#1229527). - CVE-2024-43882: Fixed ToCToU between perm check and set-uid/gid usage. (bsc#1229503) - CVE-2024-43866: Always drain health in shutdown callback (bsc#1229495). - CVE-2024-26812: Struct virqfd kABI workaround (bsc#1222808). - CVE-2022-48912: Fix use-after-free in __nf_register_net_hook() (bsc#1229641) - CVE-2024-27010: Fix mirred deadlock on device recursion (bsc#1223720). - CVE-2022-48906: Correctly set DATA_FIN timeout when number of retransmits is large (bsc#1229605) - CVE-2024-42155: Wipe copies of protected- and secure-keys (bsc#1228733). - CVE-2024-42156: Wipe copies of clear-key structures on failure (bsc#1228722). - CVE-2023-52899: Add exception protection processing for vd in axi_chan_handle_err function (bsc#1229569). - CVE-2024-42158: Use kfree_sensitive() to fix Coccinelle warnings (bsc#1228720). - CVE-2024-26631: Fix data-race in ipv6_mc_down / mld_ifc_work (bsc#1221630). - CVE-2024-43873: Always initialize seqpacket_allow (bsc#1229488) - CVE-2024-40905: Fix possible race in __fib6_drop_pcpu_from() (bsc#1227761) - CVE-2024-39489: Fix memleak in seg6_hmac_init_algo (bsc#1227623) - CVE-2021-47106: Fix use-after-free in nft_set_catchall_destroy() (bsc#1220962) - CVE-2021-47517: Fix panic when interrupt coaleceing is set via ethtool (bsc#1225428). - CVE-2024-36489: Fix missing memory barrier in tls_init (bsc#1226874) - CVE-2024-41020: Fix fcntl/close race recovery compat path (bsc#1228427). - CVE-2024-27079: Fix NULL domain on device release (bsc#1223742). - CVE-2024-35897: Discard table flag update with pending basechain deletion (bsc#1224510). - CVE-2024-27403: Restore const specifier in flow_offload_route_init() (bsc#1224415). - CVE-2024-27011: Fix memleak in map from abort path (bsc#1223803). - CVE-2024-43819: Reject memory region operations for ucontrol VMs (bsc#1229290 git-fixes). - CVE-2024-26668: Reject configurations that cause integer overflow (bsc#1222335). - CVE-2024-26835: Set dormant flag on hook register failure (bsc#1222967). - CVE-2024-26808: Handle NETDEV_UNREGISTER for inet/ingress basechain (bsc#1222634). - CVE-2024-27016: Validate pppoe header (bsc#1223807). - CVE-2024-35945: Prevent nullptr exceptions on ISR (bsc#1224639). - CVE-2023-52581: Fix memleak when more than 255 elements expired (bsc#1220877). - CVE-2024-36013: Fix slab-use-after-free in l2cap_connect() (bsc#1225578). - CVE-2024-43837: Fix updating attached freplace prog in prog_array map (bsc#1229297). - CVE-2024-42291: Add a per-VF limit on number of FDIR filters (bsc#1229374). - CVE-2024-42268: Fix missing lock on sync reset reload (bsc#1229391). - CVE-2024-43834: Fix invalid wait context of page_pool_destroy() (bsc#1229314) - CVE-2024-36286: Acquire rcu_read_lock() in instance_destroy_rcu() (bsc#1226801) - CVE-2024-26851: Add protection for bmp length out of range (bsc#1223074) - CVE-2024-42157: Wipe sensitive data on failure (bsc#1228727 CVE-2024-42157 git-fixes). - CVE-2024-26677: Blacklist e7870cf13d20 (' Fix delayed ACKs to not set the reference serial number') (bsc#1222387) - CVE-2024-36009: Blacklist 467324bcfe1a ('ax25: Fix netdev refcount issue') (bsc#1224542) - CVE-2023-52859: Fix use-after-free when register pmu fails (bsc#1225582). - CVE-2024-42280: Fix a use after free in hfcmulti_tx() (bsc#1229388) - CVE-2024-42284: Return non-zero value from tipc_udp_addr2str() on error (bsc#1229382) - CVE-2024-42283: Initialize all fields in dumped nexthops (bsc#1229383) - CVE-2024-42312: Always initialize i_uid/i_gid (bsc#1229357) - CVE-2024-43854: Initialize integrity buffer to zero before writing it to media (bsc#1229345) - CVE-2024-42322: Properly dereference pe in ip_vs_add_service (bsc#1229347) - CVE-2024-42308: Update DRM patch reference (bsc#1229411) - CVE-2024-42301: Fix the array out-of-bounds risk (bsc#1229407). - CVE-2024-42318: Do not lose track of restrictions on cred_transfer (bsc#1229351). - CVE-2024-26669: Fix chain template offload (bsc#1222350). - CVE-2023-52889: Fix null pointer deref when receiving skb during sock creation (bsc#1229287,). - CVE-2022-48645: Move enetc_set_psfp() out of the common enetc_set_features() (bsc#1223508). - CVE-2024-41007: Use signed arithmetic in tcp_rtx_probe0_timed_out() (bsc#1227863). - CVE-2024-36933: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (bsc#1225832). - CVE-2024-42295: Handle inconsistent state in nilfs_btnode_create_block() (bsc#1229370). - CVE-2024-42319: Move devm_mbox_controller_register() after devm_pm_runtime_enable() (bsc#1229350). - CVE-2024-43860: Skip over memory region when node value is NULL (bsc#1229319). - CVE-2024-43831: Handle invalid decoder vsi (bsc#1229309). - CVE-2024-43849: Protect locator_addr with the main mutex (bsc#1229307). - CVE-2024-43841: Do not use strlen() in const context (bsc#1229304). - CVE-2024-43839: Adjust 'name' buf size of bna_tcb and bna_ccb structures (bsc#1229301). - CVE-2024-41088: Fix infinite loop when xmit fails (bsc#1228469). - CVE-2024-42281: Fix a segment issue when downgrading gso_size (bsc#1229386). - CVE-2024-42271: Fixed a use after free in iucv_sock_close(). (bsc#1229400) - CVE-2024-41080: Fix possible deadlock in io_register_iowq_max_workers() (bsc#1228616). - CVE-2024-42246: Remap EPERM in case of connection failure in xs_tcp_setup_socket (bsc#1228989). - CVE-2024-42232: Fixed a race between delayed_work() and ceph_monc_stop(). (bsc#1228959) - CVE-2024-26735: Fix possible use-after-free and null-ptr-deref (bsc#1222372). - CVE-2024-42106: Initialize pad field in struct inet_diag_req_v2 (bsc#1228493). - CVE-2024-38662: Cover verifier checks for mutating sockmap/sockhash (bsc#1226885). - CVE-2024-42110: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() (bsc#1228501). - CVE-2024-42247: Avoid unaligned 64-bit memory accesses (bsc#1228988). - CVE-2022-48865: Fix kernel panic when enabling bearer (bsc#1228065). - CVE-2023-52498: Fix possible deadlocks in core system-wide PM code (bsc#1221269). - CVE-2024-41068: Fix sclp_init() cleanup on failure (bsc#1228579). - CVE-2022-48808: Fix panic when DSA master device unbinds on shutdown (bsc#1227958). - CVE-2024-42095: Fix Errata i2310 with RX FIFO level check (bsc#1228446). - CVE-2024-40978: Fix crash while reading debugfs attribute (bsc#1227929). - CVE-2024-42107: Do not process extts if PTP is disabled (bsc#1228494). - CVE-2024-42139: Fix improper extts handling (bsc#1228503). - CVE-2024-42148: Fix multiple UBSAN array-index-out-of-bounds (bsc#1228487). - CVE-2024-42142: E-switch, Create ingress ACL when needed (bsc#1228491). - CVE-2024-42162: Account for stopped queues when reading NIC stats (bsc#1228706). - CVE-2024-42082: Remove WARN() from __xdp_reg_mem_model() (bsc#1228482). - CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526). - CVE-2023-3610: Fixed use-after-free vulnerability in nf_tables can be exploited to achieve local privilege escalation (bsc#1213580). - CVE-2024-42228: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (bsc#1228667). - CVE-2024-40995: Fix possible infinite loop in tcf_idr_check_alloc() (bsc#1227830). - CVE-2024-38602: Merge repeat codes in ax25_dev_device_down() (git-fixes CVE-2024-38602 bsc#1226613). - CVE-2024-38554: Fix reference count leak issue of net_device (bsc#1226742). - CVE-2024-36929: Reject skb_copy(_expand) for fraglist GSO skbs (bsc#1225814). - CVE-2024-41009: Fix overrunning reservations in ringbuf (bsc#1228020). - CVE-2024-27024: Fix WARNING in rds_conn_connect_if_down (bsc#1223777). The following non-security bugs were fixed: - Indicate support for IRQ ResourceSource thru _OSC (git-fixes). - Indicate support for the Generic Event Device thru _OSC (git-fixes). - Rework system-level device notification handling (git-fixes). - Drop nocrt parameter (git-fixes). - x86: s2 Post-increment variables when getting constraints (git-fixes). - Do not cross .backup mountpoint from backup volume (git-fixes). - Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes). - Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes). - Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes). - Fix noise from speakers on Lenovo IdeaPad 3 15IAU7 (git-fixes). - line6: Fix racy access to midibuf (stable-fixes). - Relax start tick time check for slave timer elements (git-fixes). - Add delay quirk for VIVO USB-C-XE710 HEADSET (stable-fixes). - Re-add ScratchAmp quirk entries (git-fixes). - Support Yamaha P-125 quirk entry (stable-fixes). - Fix UBSAN warning in parse_audio_unit() (stable-fixes). - arm64: initialize all values of acpi_early_node_map to (git-fixes) - arm64: initialize all values of acpi_early_node_map to (git-fixes) - arm64: Add Neoverse-V2 part (git-fixes) - arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes) - arm64: armv8_ Fix warning in isndep cpuhp starting process (git-fixes) - arm64: Restore spec_bar() macro (git-fixes) - arm64: Add missing .field_width for GIC system registers (git-fixes) - arm64: Fix the visibility of compat hwcaps (git-fixes) - arm64: Force HWCAP to be based on the sysreg visible to (git-fixes) - arm64: Add Cortex-A720 definitions (git-fixes) - arm64: Add Cortex-A725 definitions (git-fixes) - arm64: Add Cortex-X1C definitions (git-fixes) - arm64: Add Cortex-X3 definitions (git-fixes) - arm64: Add Cortex-X4 definitions (git-fixes) - arm64: Add Cortex-X925 definitions (git-fixes) - arm64: Add Neoverse-V3 definitions (git-fixes) - arm64: Increase VOP clk rate on RK3328 (git-fixes) - arm64: Increase VOP clk rate on RK3328 (git-fixes) - arm64: Expand speculative SSBS workaround (again) (git-fixes) - arm64: Expand speculative SSBS workaround (git-fixes) - arm64: Unify speculative SSBS errata logic (git-fixes) Also update default configuration. - arm64: Fix KASAN random tag seed initialization (git-fixes) - arm64: Fix KASAN random tag seed initialization (git-fixes) - wcd938 Correct Soundwire ports mask (git-fixes). - wsa881 Correct Soundwire ports mask (git-fixes). - fix irq scheduling issue with PREEMPT_RT (git-fixes). - Introduce async_schedule_dev_nocall() (bsc#1221269). - Split async_schedule_node_domain() (bsc#1221269). - Fix usage of __hci_cmd_sync_status (git-fixes). - hci_ Fix not handling hibernation actions (git-fixes). - l2 always unlock channel in l2cap_conless_channel() (git-fixes). - L2 Fix deadlock (git-fixes). - Fix a kernel verifier crash in stacksafe() (bsc#1225903). - remove unused declaring of bpf_kprobe_override (git-fixes). - fix leak of qgroup extent records after transaction abort (git-fixes). - make btrfs_destroy_delayed_refs() return void (git-fixes). - remove unnecessary prototype declarations at disk-io.c (git-fixes). - update fs features directory asynchronously (bsc#1226168). - propagate errors from vfs_getxattr() to avoid infinite loop (bsc#1229418). - issue a cap release immediately if no cap exists (bsc#1225162). - periodically flush the cap releases (bsc#1225162). - Enable SMT only if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - cpuidle, Evaluate LPI arch_flags for broadcast timer (git-fixes). - Fix register ID of SPSR_FIQ (git-fixes). - add missing MODULE_DESCRIPTION() macros (stable-fixes). - Add labels for both Valve Steam Deck revisions (stable-fixes). - Add quirk for Aya Neo KUN (stable-fixes). - Add quirk for Lenovo Yoga Tab 3 X90F (stable-fixes). - Add quirk for Nanote UMPC-01 (stable-fixes). - Add quirk for OrangePi Neo (stable-fixes). - drm/amd/amdgpu/imu_v11_0: Increase buffer size to ensure all possible values can be stored (stable-fixes). - Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update (stable-fixes). - avoid using null object of framebuffer (git-fixes). - Fix && vs || typos (git-fixes). - Skip Recompute DSC Params if no Stream on Link (stable-fixes). - Validate hw_points_num before using it (stable-fixes). - Fix the null pointer dereference for vega10_hwmgr (stable-fixes). - Actually check flags for all context ops (stable-fixes). - Add lock around VF RLCG interface (stable-fixes). - fix dereference null return value for the function amdgpu_vm_pt_parent (stable-fixes). - Fix the null pointer dereference to ras_manager (stable-fixes). - Validate TA binary size (stable-fixes). - drm/amdgpu/jpeg2: properly set atomics vmid field (stable-fixes). - Fix the null pointer dereference for smu7 (stable-fixes). - Fix the null pointer dereference in apply_state_adjust_rules (stable-fixes). - Fix the param type of set_power_profile_mode (stable-fixes). - analogix_ properly handle zero sized AUX transactions (stable-fixes). - tc358768: Attempt to fix DSI horizontal timings (stable-fixes). - fix null pointer dereference in drm_client_modeset_probe (git-fixes). - drm/dp_ Skip CSN if topology probing is not done yet (stable-fixes). - set gp bus_stop bit before hard reset (stable-fixes). - reset the link phy params before link training (git-fixes). - cleanup FB if dpu_format_populate_layout fails (git-fixes). - do not play tricks with debug macros (git-fixes). - Zero-initialize iosys_map (stable-fixes). - fix inode->i_blocks for non-512 byte sector size device (git-fixes). - fix potential deadlock on __exfat_get_dentry_set (git-fixes). - redefine DIR_DELETED as the bad cluster number (git-fixes). - support dynamic allocate bh for exfat_entry_set_cache (git-fixes). - fs/netfs/fscache_ add missing 'n_accesses' check (bsc#1229453). - Initialize beyond-EOF page contents before setting uptodate (bsc#1229454). - Add might_sleep() to disable_irq() (git-fixes). - Always limit the affinity to online CPUs (git-fixes). - Do not return error on missing optional irq_request_resources() (git-fixes). - Take the proposed affinity at face value if force==true (git-fixes). - genirq/cpuhotplug, x86 Prevent vector leak during CPU offline (git-fixes). - genirq/generic_ Make irq_remove_generic_chip() irqdomain aware (git-fixes). - Fix NULL pointer deref in irq_data_get_affinity_mask() (git-fixes). - Do not try to remove non-existing sysfs files (git-fixes). - Exclude managed interrupts in irq_matrix_allocated() (git-fixes). - Shutdown managed interrupts with unsatifiable affinities (git-fixes). - gss_krb5: Fix the error handling path for crypto_sync_skcipher_setkey (git-fixes). - fix to initialize fields of hfs_inode_info after hfs_alloc_inode() (git-fixes). - i2 Improve handling of stuck alerts (git-fixes). - i2 Send alert notifications to all devices if source not found (git-fixes). - Convert comma to semicolon (git-fixes). - ip6_ Fix broken GRO (bsc#1229444). - ipv6: fix incorrect unregister order (git-fixes). - Drop bogus fwspec-mapping error handling (git-fixes). - Fix association race (git-fixes). - Fix disassociation race (git-fixes). - Fix domain registration race (git-fixes). - Fix mapping-creation race (git-fixes). - Fixed unbalanced fwnode get and put (git-fixes). - Look for existing mapping only once (git-fixes). - Refactor __irq_domain_alloc_irqs() (git-fixes). - Report irq number for NOMAP domains (git-fixes). - Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413). - Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413). - Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413). - kernel/irq/irqdomain. fix memory leak with using debugfs_lookup() (git-fixes). - Fix to check symbol prefixes correctly (git-fixes). - move from strlcpy with unused retval to strscpy (git-fixes). - protect concurrent access to mem_cgroup_idr (git-fixes). - mm, fix infinite recursion due to RCU critical section (git-fixes). - prevent derefencing NULL ptr in pfn_section_valid() (git-fixes). - dw_ allow biu and ciu clocks to defer (git-fixes). - mmc_ Fix NULL dereference on allocation failure (git-fixes). - ks8851: Fix another TX stall caused by wrong ISR flag handling (git-fixes). - ks8851: Fix deadlock with the SPI chip variant (git-fixes). - ks8851: Fix potential TX stall after interface reopen (git-fixes). - ks8851: Fix TX stall caused by TX buffer overrun (gix-fixes). - Add support for page sizes other than 4KB on ARM64 (jsc#PED-8491 bsc#1226530). - Fix doorbell out of order violation and avoid unnecessary doorbell rings (bsc#1229154). - Fix race of mana_hwc_post_rx_wqe and new hwc response (git-fixes). - Fix RX buf alloc_size alignment and atomic op panic (bsc#1229086). - remove two BUG() from skb_checksum_help() (bsc#1229312). - qmi_ fix memory leak for not ip packets (git-fixes). - fix possible cp null dereference (git-fixes). - initialize noop_qdisc owner (git-fixes). - pn533: Add poll mod list filling check (git-fixes). - expose /proc/net/sunrpc/nfs in net namespaces (git-fixes). - make the rpc_stat per net namespace (git-fixes). - add posix ACLs to struct nfsd_attrs (git-fixes). - add security label to struct nfsd_attrs (git-fixes). - fix regression with setting ACLs (git-fixes). - Fix strncpy() fortify warning (git-fixes). - Increase NFSD_MAX_OPS_PER_COMPOUND (git-fixes). - introduce struct nfsd_attrs (git-fixes). - move from strlcpy with unused retval to strscpy (git-fixes). - Optimize DRC bucket pruning (git-fixes). - return error if nfs4_setacl fails (git-fixes). - set attributes when creating symlinks (git-fixes). - use locks_inode_context helper (git-fixes). - nilfs2: Remove check for PageError (git-fixes). - nvme_ scan namespaces asynchronously (bsc#1224105). - ocfs2: use coarse time for new created files (git-fixes). - Fix possible divide-by-0 panic in padata_mt_helper() (git-fixes). - perf/smmuv3: Enable HiSilicon Erratum 162001900 quirk for HIP08/09 (git-fixes). - platform/x86 Add support for ACPI based probing (jsc#PED-8779). - platform/x86 Cache pci_dev in struct hsmp_socket (jsc#PED-8779). - platform/x86 Change devm_kzalloc() to devm_kcalloc() (jsc#PED-8779). - platform/x86 Check HSMP support on AMD family of processors (jsc#PED-8779). - platform/x86 Check num_sockets against MAX_AMD_SOCKETS (jsc#PED-8779). - platform/x86 Create static func to handle platdev (jsc#PED-8779). - platform/x86 Define a struct to hold mailbox regs (jsc#PED-8779). - platform/x86 Move dev from platdev to hsmp_socket (jsc#PED-8779). - platform/x86 Move hsmp_test to probe (jsc#PED-8779). - platform/x86 Non-ACPI support for AMD F1A_M00~0Fh (jsc#PED-8779). - platform/x86 Remove extra parenthesis and add a space (jsc#PED-8779). - platform/x86 Restructure sysfs group creation (jsc#PED-8779). - platform/x86 switch to use device_add_groups() (jsc#PED-8779). - axp288_ Fix constant_charge_voltage writes (git-fixes). - axp288_ Round constant_charge_voltage writes down (git-fixes). - Fail build if using recordmcount with binutils v2.37 (bsc#1194869). - Mark .opd section read-only (bsc#1194869). - use generic version of arch_is_kernel_initmem_freed() (bsc#1194869). - xor_ Add '-mhard-float' to CFLAGS (bsc#1194869). - powerpc/64: Set _IO_BASE to POISON_POINTER_DELTA not 0 for CONFIG_PCI=n (bsc#1194869). - Avoid clang null pointer arithmetic warnings (bsc#1194869). - powerpc/kexec_ fix cpus node update to FDT (bsc#1194869). - make the update_cpus_node() function public (bsc#1194869). - split CONFIG_KEXEC_FILE and CONFIG_CRASH_DUMP (bsc#1194869). - Add failure related checks for h_get_mpp and h_get_ppp (bsc#1194869). - Whitelist dtl slub object for copying to userspace (bsc#1194869). - Move some functions into #ifdef CONFIG_KVM_BOOK3S_HV_POSSIBLE (bsc#1194869). - Check if a core is online (bsc#1214285 bsc#1205462 ltc#200161 ltc#200588 git-fixes). - Check cpu id in commands 'c#', 'dp#' and 'dx#' (bsc#1194869). - RDMA/mana_ Use virtual address in dma regions for MRs (git-fixes). - Fix incomplete state save in rxe_requester (git-fixes) - Fix rxe_modify_srq (git-fixes) - Handle zero length rdma (git-fixes) - Move work queue code to subroutines (git-fixes) - s390 get rid of register asm (git-fixes bsc#1227079 bsc#1229187). - s390 Make use of invalid opcode produce a link error (git-fixes bsc#1227079). - s390 Split and rework cpacf query functions (git-fixes bsc#1229187). - s390 fix error checks in dasd_copy_pair_store() (git-fixes bsc#1229190). - s390 fix error recovery leading to data corruption on ESE devices (git-fixes bsc#1229573). - s390 Prevent release of buffer in I/O (git-fixes bsc#1229572). - s390 Panic for set and remove shared access UVC errors (git-fixes bsc#1229188). - Fix scldiv calculation (git-fixes). - add a struct rpc_stats arg to rpc_create_args (git-fixes). - Fix a race to wake a sync task (git-fixes). - fix swiotlb_bounce() to do partial sync's correctly (git-fixes). - fix compat_sys_io_pgetevents_time64 usage (git-fixes). - Return from tracing_buffers_read() if the file has been closed (bsc#1229136 git-fixes). - add check for crypto_shash_tfm_digest (git-fixes). - dbg_orphan_ Fix missed key type checking (git-fixes). - Fix adding orphan entry twice for the same inode (git-fixes). - Fix unattached xattr inode if powercut happens after deleting (git-fixes). - fix potential memory leak in vfio_intx_enable() (git-fixes). - fix wgds rev 3 exact size (git-fixes). - duplicate static structs used in driver instances (git-fixes). - x86 drop the duplicate APM_MINOR_DEV macro (git-fixes). - x86 Fix PUSH instruction in x86 instruction decoder opcode map (git-fixes). - x86 Fix pti_clone_entry_text() for i386 (git-fixes). - x86 Check if fixed MTRRs exist before saving them (git-fixes). - x86 Work around false positive kmemleak report in msr_build_context() (git-fixes). - Fix missing interval for missing_owner in xfs fsmap (git-fixes). - Fix the owner setting issue for rmap query in xfs fsmap (git-fixes). - use XFS_BUF_DADDR_NULL for daddrs in getfsmap code (git-fixes). - Fix Panther point NULL pointer deref at full-speed re-enumeration (git-fixes). - Fix rpcrdma_reqs_reset() (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3487-1 Released: Fri Sep 27 19:56:02 2024 Summary: Recommended update for logrotate Type: recommended Severity: moderate References: This update for logrotate fixes the following issues: - Backport 'ignoreduplicates' configuration flag (jsc#PED-10366) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3503-1 Released: Tue Oct 1 16:13:07 2024 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1228661 This update for glibc fixes the following issue: - fix memory malloc problem: Initiate tcache shutdown even without allocations (bsc#1228661). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3521-1 Released: Fri Oct 4 09:29:43 2024 Summary: Recommended update for dracut Type: recommended Severity: moderate References: 1230110,1230330 This update for dracut fixes the following issue: - Version update, check for presence of legacy rules (bsc#1230330). - Version update, handle all possible options in `rd.dasd` (bsc#1230110). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3527-1 Released: Fri Oct 4 15:27:07 2024 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1230145 This update for e2fsprogs fixes the following issue: - resize2fs: Check number of group descriptors only if meta_bg is disabled (bsc#1230145). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3530-1 Released: Fri Oct 4 15:43:33 2024 Summary: Recommended update for libpcap Type: recommended Severity: moderate References: 1230894 This update for libpcap fixes the following issue: - enable rdma support (bsc#1230894). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:3569-1 Released: Wed Oct 9 13:51:41 2024 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1199769,1216223,1220382,1221610,1221650,1222629,1222973,1223600,1223848,1224085,1225903,1226003,1226606,1226662,1226666,1226846,1226860,1226875,1226915,1227487,1227726,1227819,1227832,1227890,1228507,1228576,1228620,1228771,1229031,1229034,1229086,1229156,1229289,1229334,1229362,1229363,1229364,1229394,1229429,1229453,1229572,1229573,1229585,1229607,1229619,1229633,1229662,1229753,1229764,1229790,1229810,1229830,1229899,1229928,1229947,1230015,1230129,1230130,1230170,1230171,1230174,1230175,1230176,1230178,1230180,1230185,1230192,1230193,1230194,1230200,1230204,1230209,1230211,1230212,1230217,1230224,1230230,1230233,1230244,1230245,1230247,1230248,1230269,1230339,1230340,1230392,1230398,1230431,1230433,1230434,1230440,1230442,1230444,1230450,1230451,1230454,1230506,1230507,1230511,1230515,1230517,1230524,1230533,1230535,1230549,1230556,1230582,1230589,1230591,1230592,1230699,1230700,1230701,1230702,1230703,1230705,1230706,1230707,1230709,1230710,1230711,1230712,1230719,1 230724,1230725,1230730,1230731,1230732,1230733,1230747,1230748,1230751,1230752,1230756,1230761,1230766,1230767,1230768,1230771,1230772,1230776,1230783,1230786,1230791,1230794,1230796,1230802,1230806,1230808,1230810,1230812,1230813,1230814,1230815,1230821,1230825,1230830,1231013,1231017,1231116,1231120,1231146,1231180,1231181,CVE-2022-48901,CVE-2022-48911,CVE-2022-48923,CVE-2022-48935,CVE-2022-48944,CVE-2022-48945,CVE-2023-52610,CVE-2023-52916,CVE-2024-26640,CVE-2024-26759,CVE-2024-26767,CVE-2024-26804,CVE-2024-26837,CVE-2024-37353,CVE-2024-38538,CVE-2024-38596,CVE-2024-38632,CVE-2024-40910,CVE-2024-40973,CVE-2024-40983,CVE-2024-41062,CVE-2024-41082,CVE-2024-42154,CVE-2024-42259,CVE-2024-42265,CVE-2024-42304,CVE-2024-42305,CVE-2024-42306,CVE-2024-43828,CVE-2024-43835,CVE-2024-43890,CVE-2024-43898,CVE-2024-43912,CVE-2024-43914,CVE-2024-44935,CVE-2024-44944,CVE-2024-44946,CVE-2024-44948,CVE-2024-44950,CVE-2024-44952,CVE-2024-44954,CVE-2024-44967,CVE-2024-44969,CVE-2024-44970,CVE-2024-4 4971,CVE-2024-44972,CVE-2024-44977,CVE-2024-44982,CVE-2024-44986,CVE-2024-44987,CVE-2024-44988,CVE-2024-44989,CVE-2024-44990,CVE-2024-44998,CVE-2024-44999,CVE-2024-45000,CVE-2024-45001,CVE-2024-45003,CVE-2024-45006,CVE-2024-45007,CVE-2024-45008,CVE-2024-45011,CVE-2024-45013,CVE-2024-45015,CVE-2024-45018,CVE-2024-45020,CVE-2024-45021,CVE-2024-45026,CVE-2024-45028,CVE-2024-45029,CVE-2024-46673,CVE-2024-46674,CVE-2024-46675,CVE-2024-46676,CVE-2024-46677,CVE-2024-46679,CVE-2024-46685,CVE-2024-46686,CVE-2024-46689,CVE-2024-46694,CVE-2024-46702,CVE-2024-46707,CVE-2024-46714,CVE-2024-46715,CVE-2024-46717,CVE-2024-46720,CVE-2024-46721,CVE-2024-46722,CVE-2024-46723,CVE-2024-46724,CVE-2024-46725,CVE-2024-46726,CVE-2024-46727,CVE-2024-46728,CVE-2024-46730,CVE-2024-46731,CVE-2024-46732,CVE-2024-46737,CVE-2024-46738,CVE-2024-46739,CVE-2024-46743,CVE-2024-46744,CVE-2024-46745,CVE-2024-46746,CVE-2024-46747,CVE-2024-46750,CVE-2024-46751,CVE-2024-46752,CVE-2024-46753,CVE-2024-46755,CVE-2024-46756,CV E-2024-46758,CVE-2024-46759,CVE-2024-46761,CVE-2024-46771,CVE-2024-46772,CVE-2024-46773,CVE-2024-46774,CVE-2024-46778,CVE-2024-46780,CVE-2024-46781,CVE-2024-46783,CVE-2024-46784,CVE-2024-46786,CVE-2024-46787,CVE-2024-46791,CVE-2024-46794,CVE-2024-46798,CVE-2024-46822,CVE-2024-46830 The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-48901: btrfs: do not start relocation until in progress drops are done (bsc#1229607). - CVE-2022-48911: kabi: add __nf_queue_get_refs() for kabi compliance. (bsc#1229633). - CVE-2022-48923: btrfs: prevent copying too big compressed lzo segment (bsc#1229662) - CVE-2022-48935: Fixed an unregister flowtable hooks on netns exit (bsc#1229619) - CVE-2023-52610: net/sched: act_ct: fix skb leak and crash on ooo frags (bsc#1221610). - CVE-2023-52916: media: aspeed: Fix memory overwrite if timing is 1600x900 (bsc#1230269). - CVE-2024-26640: tcp: add sanity checks to rx zerocopy (bsc#1221650). - CVE-2024-26759: mm/swap: fix race when skipping swapcache (bsc#1230340). - CVE-2024-26767: drm/amd/display: fixed integer types and null check locations (bsc#1230339). - CVE-2024-26804: net: ip_tunnel: prevent perpetual headroom growth (bsc#1222629). - CVE-2024-26837: net: bridge: switchdev: race between creation of new group memberships and generation of the list of MDB events to replay (bsc#1222973). - CVE-2024-37353: virtio: fixed a double free in vp_del_vqs() (bsc#1226875). - CVE-2024-38538: net: bridge: xmit: make sure we have at least eth header len bytes (bsc#1226606). - CVE-2024-38596: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (bsc#1226846). - CVE-2024-40910: Fix refcount imbalance on inbound connections (bsc#1227832). - CVE-2024-40973: media: mtk-vcodec: potential null pointer deference in SCP (bsc#1227890). - CVE-2024-40983: tipc: force a dst refcount before doing decryption (bsc#1227819). - CVE-2024-41062: Sync sock recv cb and release (bsc#1228576). - CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620 CVE-2024-41082). - CVE-2024-42154: tcp_metrics: validate source addr length (bsc#1228507). - CVE-2024-42259: Fix Virtual Memory mapping boundaries calculation (bsc#1229156) - CVE-2024-42265: protect the fetch of ->fd[fd] in do_dup2() from mispredictions (bsc#1229334). - CVE-2024-42304: ext4: make sure the first directory block is not a hole (bsc#1229364). - CVE-2024-42305: ext4: check dot and dotdot of dx_root before making dir indexed (bsc#1229363). - CVE-2024-42306: udf: Avoid using corrupted block bitmap buffer (bsc#1229362). - CVE-2024-43828: ext4: fix infinite loop when replaying fast_commit (bsc#1229394). - CVE-2024-43890: tracing: Fix overflow in get_free_elt() (bsc#1229764). - CVE-2024-43898: ext4: sanity check for NULL pointer after ext4_force_shutdown (bsc#1229753). - CVE-2024-43912: wifi: nl80211: disallow setting special AP channel widths (bsc#1229830) - CVE-2024-43914: md/raid5: avoid BUG_ON() while continue reshape after reassembling (bsc#1229790). - CVE-2024-44935: sctp: Fix null-ptr-deref in reuseport_add_sock() (bsc#1229810). - CVE-2024-44944: netfilter: ctnetlink: use helper function to calculate expect ID (bsc#1229899). - CVE-2024-44946: kcm: Serialise kcm_sendmsg() for the same socket (bsc#1230015). - CVE-2024-44950: serial: sc16is7xx: fix invalid FIFO access with special register set (bsc#1230180). - CVE-2024-44952: driver core: Fix uevent_show() vs driver detach race (bsc#1230178). - CVE-2024-44970: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (bsc#1230209). - CVE-2024-44971: net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register() (bsc#1230211). - CVE-2024-44986: ipv6: fix possible UAF in ip6_finish_output2() (bsc#1230230) - CVE-2024-44987: ipv6: prevent UAF in ip6_send_skb() (bsc#1230185). - CVE-2024-44988: net: dsa: mv88e6xxx: Fix out-of-bound access (bsc#1230192). - CVE-2024-44989: bonding: fix xfrm real_dev null pointer dereference (bsc#1230193). - CVE-2024-44990: bonding: fix null pointer deref in bond_ipsec_offload_ok (bsc#1230194). - CVE-2024-44998: atm: idt77252: prevent use after free in dequeue_rx() (bsc#1230171). - CVE-2024-44999: gtp: pull network headers in gtp_dev_xmit() (bsc#1230233). - CVE-2024-45003: Don't evict inode under the inode lru traversing context (bsc#1230245). - CVE-2024-45007: char: xillybus: Refine workqueue handling (bsc#1230175). - CVE-2024-45008: Input: MT - limit max slots (bsc#1230248). - CVE-2024-45013: nvme: move stopping keep-alive into nvme_uninit_ctrl() (bsc#1230442). - CVE-2024-45015: drm/msm/dpu: move dpu_encoder's connector assignment to (bsc#1230444) - CVE-2024-45018: netfilter: flowtable: initialise extack before use (bsc#1230431). - CVE-2024-45021: memcg_write_event_control(): fix a user-triggerable oops (bsc#1230434). - CVE-2024-45029: i2c: tegra: Do not mark ACPI devices as irq safe (bsc#1230451). - CVE-2024-46673: scsi: aacraid: Fix double-free on probe failure (bsc#1230506). - CVE-2024-46674: usb: dwc3: st: fix probed platform device ref count on probe error path (bsc#1230507). - CVE-2024-46677: gtp: fix a potential NULL pointer dereference (bsc#1230549). - CVE-2024-46679: ethtool: check device is present when getting link settings (bsc#1230556). - CVE-2024-46685: pinctrl: single: fix potential NULL dereference in pcs_get_function() (bsc#1230515) - CVE-2024-46686: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() (bsc#1230517). - CVE-2024-46689: soc: qcom: cmd-db: Map shared memory as WC, not WB (bsc#1230524) - CVE-2024-46702: thunderbolt: Mark XDomain as unplugged when router is removed (bsc#1230589) - CVE-2024-46707: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 (bsc#1230582). - CVE-2024-46715: driver: iio: add missing checks on iio_info's callback access (bsc#1230700). - CVE-2024-46717: net/mlx5e: SHAMPO, Fix incorrect page release (bsc#1230719). - CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710) - CVE-2024-46728: drm/amd/display: Check index for aux_rd_interval before using (bsc#1230703) - CVE-2024-46730: drm/amd/display: Ensure array index tg_inst won't be -1 (bsc#1230701) - CVE-2024-46743: of/irq: Prevent device address out-of-bounds read in interrupt map walk (bsc#1230756). - CVE-2024-46751: btrfs: do not BUG_ON() when 0 reference count at btrfs_lookup_extent_info() (bsc#1230786). - CVE-2024-46752: btrfs: reduce nesting for extent processing at btrfs_lookup_extent_info() (bsc#1230794). - CVE-2024-46753: btrfs: handle errors from btrfs_dec_ref() properly (bsc#1230796). - CVE-2024-46772: drm/amd/display: Check denominator crb_pipes before used (bsc#1230772). - CVE-2024-46783: tcp_bpf: fix return value of tcp_bpf_sendmsg() (bsc#1230810). - CVE-2024-46787: userfaultfd: fix checks for huge PMDs (bsc#1230815). - CVE-2024-46794: x86/tdx: Fix data leak in mmio_read() (bsc#1230825). - CVE-2024-46822: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry (bsc#1231120). - CVE-2024-46830: KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS (bsc#1231116). The following non-security bugs were fixed: - ACPI: battery: create alarm sysfs attribute atomically (git-fixes). - ACPI: CPPC: Fix MASK_VAL() usage (git-fixes). - ACPI: PMIC: Remove unneeded check in tps68470_pmic_opregion_probe() (git-fixes). - ACPI: processor: Fix memory leaks in error paths of processor_add() (stable-fixes). - ACPI: processor: Return an error if acpi_processor_get_info() fails in processor_add() (stable-fixes). - ACPI: SBS: manage alarm sysfs attribute through psy core (git-fixes). - ACPI: sysfs: validate return type of _STR method (git-fixes). - af_unix: annotate lockless accesses to sk->sk_err (bsc#1226846). - af_unix: Fix data races around sk->sk_shutdown (bsc#1226846). - af_unix: Fix data-races around sk->sk_shutdown (git-fixes). - ALSA: hda: Add input value sanity checks to HDMI channel map controls (stable-fixes). - ALSA: hda/conexant: Add pincfg quirk to enable top speakers on Sirius devices (stable-fixes). - ALSA: hda/conexant: Mute speakers at suspend / shutdown (stable-fixes). - ALSA: hda/generic: Add a helper to mute speakers at suspend/shutdown (stable-fixes). - ALSA: hda/realtek: Support mute LED on HP Laptop 14-dq2xxx (stable-fixes). - apparmor: fix possible NULL pointer dereference (stable-fixes). - arm64: acpi: Move get_cpu_for_acpi_id() to a header (git-fixes). - arm64: dts: rockchip: Correct the Pinebook Pro battery design capacity (git-fixes). - arm64: dts: rockchip: fix PMIC interrupt pin in pinctrl for ROCK Pi E (git-fixes). - arm64: dts: rockchip: Raise Pinebook Pro's panel backlight PWM frequency (git-fixes). - arm64/mm: Modify range-based tlbi to decrement scale (bsc#1229585) - arm64/mm: Update tlb invalidation routines for FEAT_LPA2 (bsc#1229585) - arm64: tlb: Allow range operation for MAX_TLBI_RANGE_PAGES (bsc#1229585) - arm64: tlb: Fix TLBI RANGE operand (bsc#1229585) - arm64: tlb: Improve __TLBI_VADDR_RANGE() (bsc#1229585) - ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object (git-fixes). - ASoC: meson: axg-card: fix 'use-after-free' (git-fixes). - ASoc: SOF: topology: Clear SOF link platform name upon unload (git-fixes). - ASoC: sunxi: sun4i-i2s: fix LRCLK polarity in i2s mode (git-fixes). - ASoC: tegra: Fix CBB error during probe() (git-fixes). - ASoC: topology: Properly initialize soc_enum values (stable-fixes). - ata: libata: Fix memory leak for error path in ata_host_alloc() (git-fixes). - ata: pata_macio: Use WARN instead of BUG (stable-fixes). - blk-mq: add helper for checking if one CPU is mapped to specified hctx (bsc#1223600). - blk-mq: add number of queue calc helper (bsc#1229034). - blk-mq: Build default queue map via group_cpus_evenly() (bsc#1229031). - blk-mq: do not schedule block kworker on isolated CPUs (bsc#1223600). - blk-mq: introduce blk_mq_dev_map_queues (bsc#1229034). - blk-mq: issue warning when offlining hctx with online isolcpus (bsc#1229034). - blk-mq: use hk cpus only when isolcpus=io_queue is enabled (bsc#1229034). - Bluetooth: btusb: Fix not handling ZPL/short-transfer (git-fixes). - Bluetooth: hci_core: Fix sending MGMT_EV_CONNECT_FAILED (git-fixes). - Bluetooth: hci_sync: Ignore errors from HCI_OP_REMOTE_NAME_REQ_CANCEL (git-fixes). - Bluetooth: L2CAP: Fix deadlock (git-fixes). - Bluetooth: MGMT: Ignore keys being loaded with invalid type (git-fixes). - cachefiles: fix dentry leak in cachefiles_open_file() (bsc#1231181). - cachefiles: Fix non-taking of sb_writers around set/removexattr (bsc#1231013). - can: bcm: Clear bo->bcm_proc_read after remove_proc_entry() (git-fixes). - can: bcm: Remove proc entry when dev is unregistered (git-fixes). - can: j1939: use correct function name in comment (git-fixes). - can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open (git-fixes). - cdc-acm: Add DISABLE_ECHO quirk for GE HealthCare UI Controller (git-fixes). - ceph: remove the incorrect Fw reference check when dirtying pages (bsc#1231180). - char: xillybus: Check USB endpoints when probing device (git-fixes). - clk: qcom: clk-alpha-pll: Fix the pll post div mask (git-fixes). - clk: qcom: clk-alpha-pll: Fix the trion pll postdiv set rate API (git-fixes). - clk: qcom: clk-alpha-pll: Fix zonda set_rate failure when PLL is disabled (git-fixes). - cpufreq: ti-cpufreq: Introduce quirks to handle syscon fails appropriately (git-fixes). - crypto: ccp - Properly unregister /dev/sev on sev PLATFORM_STATUS failure (git-fixes). - crypto: virtio - Handle dataq logic with tasklet (git-fixes). - crypto: virtio - Wait for tasklet to complete on device remove (git-fixes). - crypto: xor - fix template benchmarking (git-fixes). - devres: Initialize an uninitialized struct member (stable-fixes). - driver core: Add debug logs when fwnode links are added/deleted (git-fixes). - driver core: Add missing parameter description to __fwnode_link_add() (git-fixes). - driver core: Create __fwnode_link_del() helper function (git-fixes). - driver core: fw_devlink: Allow marking a fwnode link as being part of a cycle (git-fixes). - driver core: fw_devlink: Consolidate device link flag computation (git-fixes). - driver core: Set deferred probe reason when deferred by driver core (git-fixes). - drivers:drm:exynos_drm_gsc:Fix wrong assignment in gsc_bind() (git-fixes). - Drivers: hv: vmbus: Fix rescind handling in uio_hv_generic (git-fixes). - Drivers: hv: vmbus: Fix the misplaced function description (git-fixes). - drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error (git-fixes). - drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error (git-fixes). - drm/amd/amdgpu: Check tbo resource pointer (stable-fixes). - drm/amd/amdgpu: Properly tune the size of struct (git-fixes). - drm/amd/display: Add array index check for hdcp ddc access (stable-fixes). - drm/amd/display: added NULL check at start of dc_validate_stream (stable-fixes). - drm/amd/display: Assign linear_pitch_alignment even for VM (stable-fixes). - drm/amd/display: Check denominator pbn_div before used (stable-fixes). - drm/amd/display: Check gpio_id before used as array index (stable-fixes). - drm/amd/display: Check HDCP returned status (stable-fixes). - drm/amd/display: Check msg_id before processing transcation (stable-fixes). - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] (stable-fixes). - drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX (stable-fixes). - drm/amd/display: Ensure index calculation will not overflow (stable-fixes). - drm/amd/display: Fix Coverity INTEGER_OVERFLOW within dal_gpio_service_create (stable-fixes). - drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration (stable-fixes). - drm/amd/display: Skip wbscl_set_scaler_filter if filter is null (stable-fixes). - drm/amd/display: Spinlock before reading event (stable-fixes). - drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (stable-fixes). - drm/amdgpu/atomfirmware: Silence UBSAN warning (stable-fixes). - drm/amdgpu: avoid reading vf2pf info size from FB (stable-fixes). - drm/amdgpu: check for LINEAR_ALIGNED correctly in check_tiling_flags_gfx6 (stable-fixes). - drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts (stable-fixes). - drm/amdgpu: fix a possible null pointer dereference (git-fixes). - drm/amdgpu: fix dereference after null check (stable-fixes). - drm/amdgpu: fix mc_data out-of-bounds read warning (stable-fixes). - drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number (stable-fixes). - drm/amdgpu: Fix out-of-bounds write warning (stable-fixes). - drm/amdgpu: fix overflowed array index read warning (stable-fixes). - drm/amdgpu: Fix smatch static checker warning (stable-fixes). - drm/amdgpu: fix the waring dereferencing hive (stable-fixes). - drm/amdgpu: fix ucode out-of-bounds read warning (stable-fixes). - drm/amdgpu: Fix uninitialized variable warning in amdgpu_afmt_acr (stable-fixes). - drm/amdgpu/pm: Check input value for CUSTOM profile mode setting on legacy SOCs (stable-fixes). - drm/amdgpu/pm: Check the return value of smum_send_msg_to_smc (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable agc_btc_response (stable-fixes). - drm/amdgpu/pm: Fix uninitialized variable warning for smu10 (stable-fixes). - drm/amdgpu: Set no_hw_access when VF request full GPU fails (stable-fixes). - drm/amdgpu: the warning dereferencing obj for nbio_v7_4 (stable-fixes). - drm/amdgpu: update type of buf size to u32 for eeprom functions (stable-fixes). - drm/amdkfd: Reconcile the definition and use of oem_id in struct kfd_topology_device (stable-fixes). - drm/amd/pm: check negtive return for table entries (stable-fixes). - drm/amd/pm: check specific index for aldebaran (stable-fixes). - drm/amd/pm: Fix negative array index read (stable-fixes). - drm/amd/pm: fix the Out-of-bounds read warning (stable-fixes). - drm/amd/pm: fix uninitialized variable warning for smu8_hwmgr (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vangogh_ppt (stable-fixes). - drm/amd/pm: fix uninitialized variable warnings for vega10_hwmgr (stable-fixes). - drm/amd/pm: fix uninitialized variable warning (stable-fixes). - drm/amd/pm: fix warning using uninitialized value of max_vid_step (stable-fixes). - drm/bridge: lontium-lt8912b: Validate mode in drm_bridge_funcs::mode_valid() (git-fixes). - drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ (stable-fixes). - drm/i915/fence: Mark debug_fence_free() with __maybe_unused (git-fixes). - drm/i915/fence: Mark debug_fence_init_onstack() with __maybe_unused (git-fixes). - drm/i915/guc: prevent a possible int overflow in wq offsets (git-fixes). - drm/meson: plane: Add error handling (stable-fixes). - drm/msm/a5xx: disable preemption in submits by default (git-fixes). - drm/msm/a5xx: fix races in preemption evaluation stage (git-fixes). - drm/msm/a5xx: properly clear preemption records on resume (git-fixes). - drm/msm/a5xx: workaround early ring-buffer emptiness check (git-fixes). - drm/msm/adreno: Fix error return if missing firmware-name (stable-fixes). - drm/msm/disp/dpu: use atomic enable/disable callbacks for encoder (bsc#1230444) - drm/msm: Fix incorrect file name output in adreno_request_fw() (git-fixes). - drm/msm: fix %s null argument error (git-fixes). - drm: omapdrm: Add missing check for alloc_ordered_workqueue (git-fixes). - drm/radeon/evergreen_cs: fix int overflow errors in cs track offsets (git-fixes). - drm/radeon: fix null pointer dereference in radeon_add_common_modes (git-fixes). - drm/rockchip: dw_hdmi: Fix reading EDID when using a forced mode (git-fixes). - drm/rockchip: vop: Allow 4096px width scaling (git-fixes). - drm/stm: ltdc: check memory returned by devm_kzalloc() (git-fixes). - exfat: fix memory leak in exfat_load_bitmap() (git-fixes). - fbdev: hpfb: Fix an error handling path in hpfb_dio_probe() (git-fixes). - filemap: remove use of wait bookmarks (bsc#1224085). - firmware_loader: Block path traversal (git-fixes). - fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF (bsc#1230592). - fuse: update stats for pages in dropped aux writeback list (bsc#1230130). - fuse: use unsigned type for getxattr/listxattr size truncation (bsc#1230129). - genirq/affinity: Do not pass irq_affinity_desc array to irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Move group_cpus_evenly() into lib/ (bsc#1229031). - genirq/affinity: Only build SMP-only helper functions on SMP kernels (bsc#1229031). - genirq/affinity: Pass affinity managed mask array to irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Remove the 'firstvec' parameter from irq_build_affinity_masks (bsc#1229031). - genirq/affinity: Rename irq_build_affinity_masks as group_cpus_evenly (bsc#1229031). - genirq/affinity: Replace cpumask_weight() with cpumask_empty() where appropriate (bsc#1229031). - gfs2: setattr_chown: Add missing initialization (git-fixes). - HID: amd_sfh: free driver_data after destroying hid device (stable-fixes). - HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup (stable-fixes). - hwmon: (adc128d818) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (lm95234) Fix underflows seen when writing limit attributes (stable-fixes). - hwmon: (max16065) Fix overflows seen when writing limits (git-fixes). - hwmon: (ntc_thermistor) fix module autoloading (git-fixes). - hwmon: (w83627ehf) Fix underflows seen when writing limit attributes (stable-fixes). - hwrng: bcm2835 - Add missing clk_disable_unprepare in bcm2835_rng_init (git-fixes). - hwrng: cctrng - Add missing clk_disable_unprepare in cctrng_resume (git-fixes). - hwrng: mtk - Use devm_pm_runtime_enable (git-fixes). - i2c: aspeed: Update the stop sw state when the bus recovery occurs (git-fixes). - i2c: Fix conditional for substituting empty ACPI functions (stable-fixes). - i2c: isch: Add missed 'else' (git-fixes). - i2c: qcom-geni: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - i2c: Use IS_REACHABLE() for substituting empty ACPI functions (git-fixes). - i2c: xiic: Wait for TX empty to avoid missed TX NAKs (git-fixes). - i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup (stable-fixes). - IB/core: Fix ib_cache_setup_one error flow cleanup (git-fixes) - IB/hfi1: Fix potential deadlock on &irq_src_lock and &dd->uctxt_lock (git-fixes) - iio: adc: ad7124: fix chip ID mismatch (git-fixes). - iio: adc: ad7124: fix config comparison (git-fixes). - iio: adc: ad7606: fix oversampling gpio array (git-fixes). - iio: adc: ad7606: fix standby gpio state to match the documentation (git-fixes). - iio: buffer-dmaengine: fix releasing dma channel on error (git-fixes). - iio: chemical: bme680: Fix read/write ops to device by adding mutexes (git-fixes). - iio: fix scale application in iio_convert_raw_to_processed_unlocked (git-fixes). - iio: magnetometer: ak8975: Fix reading for ak099xx sensors (git-fixes). - Input: ilitek_ts_i2c - add report id message validation (git-fixes). - Input: ilitek_ts_i2c - avoid wrong input subsystem sync (git-fixes). - Input: ps2-gpio - use IRQF_NO_AUTOEN flag in request_irq() (git-fixes). - Input: uinput - reject requests with unreasonable number of slots (stable-fixes). - ipmi: docs: do not advertise deprecated sysfs entries (git-fixes). - ipmi:ssif: Improve detecting during probing (bsc#1228771) - ipmi:ssif: Improve detecting during probing (bsc#1228771) - jfs: fix out-of-bounds in dbNextAG() and diAlloc() (git-fixes). - kabi: add __nf_queue_get_refs() for kabi compliance. - kABI, crypto: virtio - Handle dataq logic with tasklet (git-fixes). - kthread: Fix task state in kthread worker if being frozen (bsc#1231146). - lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (bsc#1229031). - lib/group_cpus.c: honor housekeeping config when grouping CPUs (bsc#1229034). - lib/group_cpus: Export group_cpus_evenly() (bsc#1229031). - lirc: rc_dev_get_from_fd(): fix file leak (git-fixes). - mailbox: bcm2835: Fix timeout during suspend mode (git-fixes). - mailbox: rockchip: fix a typo in module autoloading (git-fixes). - media: aspeed: Fix no complete irq for non-64-aligned width (bsc#1230269) - media: qcom: camss: Add check for v4l2_fwnode_endpoint_parse (stable-fixes). - media: qcom: camss: Fix ordering of pm_runtime_enable (git-fixes). - media: Revert 'media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()' (git-fixes). - media: sun4i_csi: Implement link validate for sun4i_csi subdev (git-fixes). - media: uapi/linux/cec.h: cec_msg_set_reply_to: zero flags (git-fixes). - media: uvcvideo: Enforce alignment of frame and interval (stable-fixes). - media: venus: fix use after free bug in venus_remove due to race condition (git-fixes). - media: vicodec: allow en/decoder cmd w/o CAPTURE (git-fixes). - media: vivid: do not set HDMI TX controls if there are no HDMI outputs (stable-fixes). - media: vivid: fix wrong sizeimage value for mplane (stable-fixes). - mmc: cqhci: Fix checking of CQHCI_HALT state (git-fixes). - mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K (git-fixes). - mmc: sdhci-of-aspeed: fix module autoloading (git-fixes). - mtd: powernv: Add check devm_kasprintf() returned value (git-fixes). - mtd: slram: insert break after errors in parsing the map (git-fixes). - net: drop bad gso csum_start and offset in virtio_net_hdr (git-fixes). - net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup (git-fixes). - net: missing check virtio (git-fixes). - net: tighten bad gso csum offset check in virtio_net_hdr (git-fixes). - nf_conntrack_proto_udp: do not accept packets with IPS_NAT_CLASH (bsc#1199769). - NFSD: Fix frame size warning in svc_export_parse() (git-fixes). - NFS: Do not re-read the entire page cache to find the next cookie (bsc#1226662). - NFSD: Rewrite synopsis of nfsd_percpu_counters_init() (git-fixes). - NFS: never reuse a NFSv4.0 lock-owner (bsc#1227726). - NFS: Reduce use of uncached readdir (bsc#1226662). - NFSv4: Add missing rescheduling points in nfs_client_return_marked_delegations (git-fixes). - nilfs2: Constify struct kobj_type (git-fixes). - nilfs2: determine empty node blocks as corrupted (git-fixes). - nilfs2: fix missing cleanup on rollforward recovery error (git-fixes). - nilfs2: fix potential null-ptr-deref in nilfs_btree_insert() (git-fixes). - nilfs2: fix potential oob read in nilfs_btree_check_delete() (git-fixes). - nilfs2: fix state management in error path of log writing function (git-fixes). - nilfs2: protect references to superblock parameters exposed in sysfs (git-fixes). - nilfs2: replace snprintf in show functions with sysfs_emit (git-fixes). - nilfs2: use default_groups in kobj_type (git-fixes). - nvme: move stopping keep-alive into nvme_uninit_ctrl() (git-fixes). - nvme/pci: Add APST quirk for Lenovo N60z laptop (git-fixes). - nvme-pci: Add sleep quirk for Samsung 990 Evo (git-fixes). - nvme-pci: use block layer helpers to calculate num of queues (bsc#1229034). - nvme: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). - nvmet: Identify-Active Namespace ID List command should reject invalid nsid (git-fixes). - nvmet-rdma: fix possible bad dereference when freeing rsps (git-fixes). - nvmet-tcp: do not continue for invalid icreq (git-fixes). - nvmet-tcp: fix kernel crash if commands allocation fails (git-fixes). - nvmet-trace: avoid dereferencing pointer too early (git-fixes). - ocfs2: cancel dqi_sync_work before freeing oinfo (git-fixes). - ocfs2: fix null-ptr-deref when journal load failed (git-fixes). - ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate (git-fixes). - ocfs2: remove unreasonable unlock in ocfs2_read_blocks (git-fixes). - PCI: Add missing bridge lock to pci_bus_lock() (stable-fixes). - PCI: al: Check IORESOURCE_BUS existence during probe (git-fixes). - PCI/ASPM: Move pci_function_0() upward (bsc#1226915) - PCI/ASPM: Remove struct aspm_latency (bsc#1226915) - PCI/ASPM: Stop caching device L0s, L1 acceptable exit latencies (bsc#1226915) - PCI/ASPM: Stop caching link L0s, L1 exit latencies (bsc#1226915) - PCI: dra7xx: Fix error handling when IRQ request fails in probe (git-fixes). - PCI: dwc: Expose dw_pcie_ep_exit() to module (git-fixes). - PCI: dwc: Restore MSI Receiver mask during resume (git-fixes). - pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv (stable-fixes). - PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0) (stable-fixes). - PCI: keystone: Fix if-statement expression in ks_pcie_quirk() (git-fixes). - PCI: Support BAR sizes up to 8TB (bsc#1231017) - PCI: Wait for Link before restoring Downstream Buses (git-fixes). - PCI: xilinx-nwl: Clean up clock on probe failure/removal (git-fixes). - PCI: xilinx-nwl: Fix off-by-one in INTx IRQ handler (git-fixes). - PCI: xilinx-nwl: Fix register misspelling (git-fixes). - pcmcia: Use resource_size function on resource object (stable-fixes). - pinctrl: single: fix missing error code in pcs_probe() (git-fixes). - pinctrl: single: fix potential NULL dereference in pcs_get_function() (git-fixes). - PKCS#7: Check codeSigning EKU of certificates in PKCS#7 (bsc#1226666). - platform/x86: dell-smbios: Fix error path in dell_smbios_init() (git-fixes). - platform/x86: panasonic-laptop: Allocate 1 entry extra in the sinf array (git-fixes). - platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses (git-fixes). - power: supply: axp20x_battery: Remove design from min and max voltage (git-fixes). - power: supply: Drop use_cnt check from power_supply_property_is_writeable() (git-fixes). - power: supply: hwmon: Fix missing temp1_max_alarm attribute (git-fixes). - power: supply: max17042_battery: Fix SOC threshold calc w/ no current sense (git-fixes). - RDMA/core: Remove unused declaration rdma_resolve_ip_route() (git-fixes) - RDMA/cxgb4: Added NULL check for lookup_atid (git-fixes) - RDMA/efa: Properly handle unexpected AQ completions (git-fixes) - RDMA/hns: Do not modify rq next block addr in HIP09 QPC (git-fixes) - RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled (git-fixes) - RDMA/hns: Fix the overflow risk of hem_list_calc_ba_range() (git-fixes) - RDMA/hns: Fix VF triggering PF reset in abnormal interrupt handler (git-fixes) - RDMA/hns: Optimize hem allocation performance (git-fixes) - RDMA/irdma: fix error message in irdma_modify_qp_roce() (git-fixes) - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency (git-fixes) - RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds (git-fixes) - RDMA/rtrs: Fix the problem of variable not initialized fully (git-fixes) - RDMA/rtrs: Reset hb_missed_cnt after receiving other traffic from peer (git-fixes) - Restore dropped fields for bluetooth MGMT/SMP structs (git-fixes). - Revert 'Bluetooth: MGMT/SMP: Fix address type when using SMP over BREDR/LE' (git-fixes). - Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (git-fixes). - Revert 'media: tuners: fix error return code of hybrid_tuner_request_state()' (stable-fixes). - rtc: at91sam9: fix OF node leak in probe() error path (git-fixes). - scsi: ibmvfc: Add max_sectors module parameter (bsc#1216223). - scsi: lpfc: Change diagnostic log flag during receipt of unknown ELS cmds (bsc#1229429). - scsi: lpfc: Copyright updates for 14.4.0.4 patches (bsc#1229429). - scsi: lpfc: Fix overflow build issue (bsc#1229429). - scsi: lpfc: Fix unintentional double clearing of vmid_flag (bsc#1229429). - scsi: lpfc: Fix unsolicited FLOGI kref imbalance when in direct attached topology (bsc#1229429). - scsi: lpfc: Remove redundant vport assignment when building an abort request (bsc#1229429). - scsi: lpfc: Update lpfc version to 14.4.0.4 (bsc#1229429). - scsi: lpfc: Update PRLO handling in direct attached topology (bsc#1229429). - scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (bsc#1229429). - scsi: pm8001: do not overwrite PCI queue mapping (bsc#1229034). - scsi: replace blk_mq_pci_map_queues with blk_mq_dev_map_queues (bsc#1229034). - scsi: sd: Fix off-by-one error in sd_read_block_characteristics() (bsc#1223848). - scsi: use block layer helpers to calculate num of queues (bsc#1229034). - spi: nxp-fspi: fix the KASAN report out-of-bounds bug (git-fixes). - Squashfs: sanity check symbolic link size (git-fixes). - staging: iio: frequency: ad9834: Validate frequency parameter value (git-fixes). - thunderbolt: Mark XDomain as unplugged when router is removed (stable-fixes). - tomoyo: fallback to realpath if symlink's pathname does not exist (git-fixes). - tools/virtio: fix build (git-fixes). - tpm: Clean up TPM space after command failure (git-fixes). - tracing: Avoid possible softlockup in tracing_iter_reset() (git-fixes). - tty: rp2: Fix reset with non forgiving PCIe host bridges (git-fixes). - udp: fix receiving fraglist GSO packets (git-fixes). - uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind (git-fixes). - usb: cdnsp: Fix incorrect usb_request status (git-fixes). - USB: class: CDC-ACM: fix race between get_serial and set_serial (git-fixes). - usb: dwc2: drd: fix clock gating on USB role switch (git-fixes). - usb: dwc2: Skip clock gating on Broadcom SoCs (git-fixes). - usb: dwc3: core: Prevent USB core invalid event buffer address access (git-fixes). - usb: dwc3: core: Skip setting event buffers for host only controllers (git-fixes). - usb: dwc3: core: update LC timer as per USB Spec V3.2 (git-fixes). - usb: dwc3: core: update LC timer as per USB Spec V3.2 (stable-fixes). - usb: dwc3: omap: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: add missing depopulate in probe error path (git-fixes). - usb: dwc3: st: fix probed platform device ref count on probe error path (git-fixes). - usbip: Do not submit special requests twice (stable-fixes). - usbnet: fix cyclical race on disconnect with work queue (git-fixes). - usbnet: ipheth: race between ipheth_close and error handling (git-fixes). - usbnet: modern method to get random MAC (git-fixes). - USB: serial: kobil_sct: restore initial terminal settings (git-fixes). - USB: serial: option: add MeiG Smart SRM825L (git-fixes). - usb: typec: ucsi: Fix null pointer dereference in trace (stable-fixes). - usb: uas: set host status byte on data completion error (git-fixes). - usb: uas: set host status byte on data completion error (stable-fixes). - USB: usbtmc: prevent kernel-usb-infoleak (git-fixes). - usb: xhci: fix loss of data on Cadence xHC (git-fixes). - vhost: Add smp_rmb() in vhost_vq_avail_empty() (git-fixes). - vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler (git-fixes). - virito: add APIs for retrieving vq affinity (bsc#1229034). - virtio-blk: Ensure no requests in virtqueues before deleting vqs (git-fixes). - virtio: blk/scsi: use block layer helpers to calculate num of queues (bsc#1229034). - virtio: blk/scs: replace blk_mq_virtio_map_queues with blk_mq_dev_map_queues (bsc#1229034). - virtiofs: forbid newlines in tags (bsc#1230591). - virtio_net: checksum offloading handling fix (git-fixes). - virtio_net: Fix ''%d' directive writing between 1 and 11 bytes into a region of size 10' warnings (git-fixes). - virtio_net: use u64_stats_t infra to avoid data-races (git-fixes). - virtio: reenable config if freezing device failed (git-fixes). - virtio/vsock: fix logic which reduces credit update messages (git-fixes). - VMCI: Fix use-after-free when removing resource in vmci_resource_remove() (git-fixes). - vsock/virtio: add support for device suspend/resume (git-fixes). - vsock/virtio: factor our the code to initialize and delete VQs (git-fixes). - vsock/virtio: initialize the_virtio_vsock before using VQs (git-fixes). - vsock/virtio: remove socket from connected/bound list on shutdown (git-fixes). - watchdog: imx_sc_wdt: Do not disable WDT in suspend (git-fixes). - wifi: brcmsmac: advertise MFP_CAPABLE to enable WPA3 (stable-fixes). - wifi: cfg80211: fix two more possible UBSAN-detected off-by-one errors (git-fixes). - wifi: cfg80211: fix UBSAN noise in cfg80211_wext_siwscan() (git-fixes). - wifi: iwlwifi: mvm: increase the time between ranging measurements (git-fixes). - wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() (git-fixes). - wifi: mt76: mt7615: check devm_kasprintf() returned value (git-fixes). - wifi: mt76: mt7915: fix rx filter setting for bfee functionality (git-fixes). - wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() (stable-fixes). - wifi: rtw88: 8822c: Fix reported RX band width (git-fixes). - wifi: rtw88: always wait for both firmware loading attempts (git-fixes). - wifi: rtw88: remove CPT execution branch never used (git-fixes). - wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param (git-fixes). - x86/hyperv: fix kexec crash due to VP assist page corruption (git-fixes). - x86/kexec: Add EFI config table identity mapping for kexec kernel (bsc#1220382). - x86/mm/ident_map: Use gbpages only where full GB page should be mapped (bsc#1220382). - x86/xen: Convert comma to semicolon (git-fixes). - xen: add capability to remap non-RAM pages to different PFNs (bsc#1226003). - xen: allow mapping ACPI data using a different physical address (bsc#1226003). - xen: introduce generic helper checking for memory map conflicts (bsc#1226003). - xen: move checks for e820 conflicts further up (bsc#1226003). - xen: move max_pfn in xen_memory_setup() out of function scope (bsc#1226003). - xen/swiotlb: add alignment check for dma buffers (bsc#1229928). - xen/swiotlb: fix allocated size (git-fixes). - xen: tolerate ACPI NVS memory overlapping with Xen allocated memory (bsc#1226003). - xen: use correct end address of kernel for conflict checking (bsc#1226003). - xfs: do not include bnobt blocks when reserving free block pool (git-fixes). - xhci: Set quirky xHC PCI hosts to D3 _after_ stopping and freeing them (git-fixes). - xz: cleanup CRC32 edits from 2018 (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3584-1 Released: Thu Oct 10 09:13:08 2024 Summary: Recommended update for wicked Type: recommended Severity: moderate References: 1229555 This update for wicked fixes the following issue: - compat-suse: fix dummy interfaces configuration with `INTERFACETYPE=dummy` (bsc#1229555). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3593-1 Released: Thu Oct 10 18:43:13 2024 Summary: Recommended update for rsyslog Type: recommended Severity: moderate References: 1231229 This update for rsyslog fixes the following issue: - fix PreserveFQDN option before daemon is restarted (bsc#1231229) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3597-1 Released: Fri Oct 11 10:39:52 2024 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1227807 This update for bash fixes the following issues: - Load completion file eveh if a brace expansion is in the command line included (bsc#1227807). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2024:3605-1 Released: Fri Oct 11 17:09:43 2024 Summary: Recommended update for grub2 Type: recommended Severity: moderate References: 1230840 This update for grub2 fixes the following issue: - Fix out of memory error in loading loopback file (bsc#1230840). The following package changes have been done: - bash-sh-4.4-150400.27.3.2 updated - bash-4.4-150400.27.3.2 updated - cpupower-5.14-150500.9.6.2 updated - curl-8.0.1-150400.5.53.2 updated - dracut-055+suse.396.g701c6212-150500.3.29.2 updated - e2fsprogs-1.46.4-150400.3.9.2 updated - glibc-locale-base-2.31-150300.89.2 updated - glibc-locale-2.31-150300.89.2 updated - glibc-2.31-150300.89.2 updated - grub2-i386-pc-2.06-150500.29.34.2 updated - grub2-x86_64-efi-2.06-150500.29.34.2 updated - grub2-2.06-150500.29.34.2 updated - kernel-default-5.14.21-150500.55.83.1 updated - libblkid1-2.37.4-150500.9.17.2 updated - libcom_err2-1.46.4-150400.3.9.2 updated - libcpupower0-5.14-150500.9.6.2 updated - libcurl4-8.0.1-150400.5.53.2 updated - libext2fs2-1.46.4-150400.3.9.2 updated - libfdisk1-2.37.4-150500.9.17.2 updated - libmount1-2.37.4-150500.9.17.2 updated - libncurses6-6.1-150000.5.27.1 updated - libpcap1-1.10.1-150400.3.6.2 updated - libpython3_6m1_0-3.6.15-150300.10.72.1 updated - libreadline7-7.0-150400.27.3.2 updated - libsmartcols1-2.37.4-150500.9.17.2 updated - libsolv-tools-base-0.7.30-150500.6.2.2 updated - libsolv-tools-0.7.30-150500.6.2.2 updated - libuuid1-2.37.4-150500.9.17.2 updated - libzypp-17.35.11-150500.6.18.3 updated - logrotate-3.18.1-150400.3.10.1 updated - ncurses-utils-6.1-150000.5.27.1 updated - pam-config-1.1-150200.3.9.1 updated - python3-base-3.6.15-150300.10.72.1 updated - python3-3.6.15-150300.10.72.1 updated - rsyslog-module-relp-8.2306.0-150400.5.30.2 updated - rsyslog-8.2306.0-150400.5.30.2 updated - suseconnect-ng-1.12.0-150500.3.29.2 updated - terminfo-base-6.1-150000.5.27.1 updated - terminfo-6.1-150000.5.27.1 updated - util-linux-systemd-2.37.4-150500.9.17.2 updated - util-linux-2.37.4-150500.9.17.2 updated - wicked-service-0.6.76-150500.3.36.2 updated - wicked-0.6.76-150500.3.36.2 updated - xen-libs-4.17.5_04-150500.3.39.1 updated - zypper-1.14.77-150500.6.11.3 updated