From sle-container-updates at lists.suse.com Sat Jan 4 08:02:26 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:02:26 +0100 (CET)
Subject: SUSE-CU-2025:1-1: Recommended update of containers/milvus
Message-ID: <20250104080226.87FF8FCE7@maintenance.suse.de>
SUSE Container Update Advisory: containers/milvus
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:1-1
Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.9
Container Release : 7.9
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container containers/milvus was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libprotobuf25_5_0-25.5-150600.2.21 updated
- libsystemd0-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:03:06 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:03:06 +0100 (CET)
Subject: SUSE-CU-2025:2-1: Security update of containers/open-webui
Message-ID: <20250104080306.86D66FBA0@maintenance.suse.de>
SUSE Container Update Advisory: containers/open-webui
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:2-1
Container Tags : containers/open-webui:0.3 , containers/open-webui:0.3.32 , containers/open-webui:0.3.32-6.10
Container Release : 6.10
Severity : important
Type : security
References : 1212476 1218701 1219405 1221183 1229868 1232906 1233220 1234808
1234809 CVE-2024-56201 CVE-2024-56326
-----------------------------------------------------------------
The container containers/open-webui was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:4-1
Released: Thu Jan 2 06:27:01 2025
Summary: Recommended update for llvm17
Type: recommended
Severity: important
References: 1212476,1218701,1219405,1221183,1229868,1232906,1233220
This update for llvm17 fixes the following issues:
- Add symbol versions to libclang-cpp.so similar to libLLVM.so. This is required when multiple versions of the library are loaded into the same process (bsc#1219405, bsc#1221183, bsc#1233220)
- Update llvm17.keyring from upstream
- Correct target name for libomptarget in file list
- Enable lldb on s390x and ppc64le (bsc#1232906)
- Add minor version to Python shebangs (bsc#1212476)
- Require 8 GB memory for 64-bit architectures to prevent OOM
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:6-1
Released: Thu Jan 2 09:45:11 2025
Summary: Security update for python-Jinja2
Type: security
Severity: important
References: 1234808,1234809,CVE-2024-56201,CVE-2024-56326
This update for python-Jinja2 fixes the following issues:
- CVE-2024-56201: Fixed sandbox breakout through malicious content and filename of a template (bsc#1234808)
- CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809)
The following package changes have been done:
- libLLVM17-17.0.6-150600.3.5.1 updated
- python311-Jinja2-3.1.2-150400.12.11.1 updated
- python311-open-webui-0.3.32-150600.1.28 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:03:07 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:03:07 +0100 (CET)
Subject: SUSE-CU-2025:3-1: Recommended update of containers/open-webui
Message-ID: <20250104080307.1F7BFFBA0@maintenance.suse.de>
SUSE Container Update Advisory: containers/open-webui
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:3-1
Container Tags : containers/open-webui:0.3 , containers/open-webui:0.3.32 , containers/open-webui:0.3.32-6.11
Container Release : 6.11
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container containers/open-webui was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libprotobuf25_5_0-25.5-150600.2.21 updated
- libsystemd0-254.21-150600.4.21.1 updated
- python311-protobuf-4.25.5-150600.2.21 updated
- python311-open-webui-0.3.32-150600.1.29 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:06:02 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:06:02 +0100 (CET)
Subject: SUSE-CU-2025:6-1: Recommended update of suse/389-ds
Message-ID: <20250104080602.CA874FBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/389-ds
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:6-1
Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-49.2 , suse/389-ds:latest
Container Release : 49.2
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container suse/389-ds was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libsystemd0-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:06:06 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:06:06 +0100 (CET)
Subject: SUSE-CU-2025:8-1: Recommended update of suse/cosign
Message-ID: <20250104080606.12F25FBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/cosign
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:8-1
Container Tags : suse/cosign:2 , suse/cosign:2.4 , suse/cosign:2.4.0 , suse/cosign:2.4.0-8.2 , suse/cosign:latest
Container Release : 8.2
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container suse/cosign was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libudev1-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:06:28 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:06:28 +0100 (CET)
Subject: SUSE-CU-2025:11-1: Recommended update of bci/gcc
Message-ID: <20250104080628.5C351FCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/gcc
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:11-1
Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-8.1 , bci/gcc:latest
Container Release : 8.1
Severity : moderate
Type : recommended
References : 1233520
-----------------------------------------------------------------
The container bci/gcc was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4415-1
Released: Mon Dec 23 20:45:48 2024
Summary: Recommended update for binutils
Type: recommended
Severity: moderate
References: 1233520
This update for binutils fixes the following issues:
Update to current 2.43.1 branch [PED-10254, PED-10306]:
* s390 - Add arch15 instructions
* various fixes from upstream: PR32153, PR32171, PR32189,
PR32196, PR32191, PR32109, PR32372, PR32387
The following package changes have been done:
- libctf-nobfd0-2.43-150100.7.52.1 updated
- libctf0-2.43-150100.7.52.1 updated
- binutils-2.43-150100.7.52.1 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:06:28 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:06:28 +0100 (CET)
Subject: SUSE-CU-2025:12-1: Recommended update of bci/gcc
Message-ID: <20250104080628.DDDC7FD11@maintenance.suse.de>
SUSE Container Update Advisory: bci/gcc
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:12-1
Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-8.2 , bci/gcc:latest
Container Release : 8.2
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container bci/gcc was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libsystemd0-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:06:45 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:06:45 +0100 (CET)
Subject: SUSE-CU-2025:14-1: Recommended update of suse/git
Message-ID: <20250104080645.EA905FCE7@maintenance.suse.de>
SUSE Container Update Advisory: suse/git
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:14-1
Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-35.2 , suse/git:latest
Container Release : 35.2
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container suse/git was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libudev1-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:06:59 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:06:59 +0100 (CET)
Subject: SUSE-CU-2025:15-1: Recommended update of bci/golang
Message-ID: <20250104080659.C9C94FCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:15-1
Container Tags : bci/golang:1.23 , bci/golang:1.23.4 , bci/golang:1.23.4-1.48.2 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.48.2
Container Release : 48.2
Severity : important
Type : recommended
References : 1220338 1232227 1233520 1234015
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4415-1
Released: Mon Dec 23 20:45:48 2024
Summary: Recommended update for binutils
Type: recommended
Severity: moderate
References: 1233520
This update for binutils fixes the following issues:
Update to current 2.43.1 branch [PED-10254, PED-10306]:
* s390 - Add arch15 instructions
* various fixes from upstream: PR32153, PR32171, PR32189,
PR32196, PR32191, PR32109, PR32372, PR32387
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libctf-nobfd0-2.43-150100.7.52.1 updated
- libsystemd0-254.21-150600.4.21.1 updated
- libctf0-2.43-150100.7.52.1 updated
- binutils-2.43-150100.7.52.1 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:07:18 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:07:18 +0100 (CET)
Subject: SUSE-CU-2025:16-1: Recommended update of bci/golang
Message-ID: <20250104080718.95A88FCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:16-1
Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.1 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.1
Container Release : 55.1
Severity : important
Type : recommended
References : 1231048 1232844 1233306 1233520
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4307-1
Released: Fri Dec 13 08:45:49 2024
Summary: Recommended update for go1.23-openssl
Type: recommended
Severity: moderate
References: 1233306
This update for go1.23-openssl fixes the following issues:
- Write three digit version to file VERSION which sets go env
GOVERSION. Fixes bsc#1233306.
* Go toolchain file VERSION sets the immutable value for
go env GOVERSION
* go1.x-openssl toolchains have used a bespoke fourth digit to
represent the upstream patch set release number,
e.g. go1.22.9-1-openssl-fips. This digit has not been needed.
* Some Go applications including helm break when this fourth
digit is present in VERSION, with error:
go.mod requires go >= 1.22.0 (running go 1.22; GOTOOLCHAIN=local)
* Keep the fourth digit in the packaging for now, it will be
dropped in the next toolchain version update.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4337-1
Released: Tue Dec 17 08:17:39 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1231048,1232844
This update for systemd fixes the following issues:
- udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4415-1
Released: Mon Dec 23 20:45:48 2024
Summary: Recommended update for binutils
Type: recommended
Severity: moderate
References: 1233520
This update for binutils fixes the following issues:
Update to current 2.43.1 branch [PED-10254, PED-10306]:
* s390 - Add arch15 instructions
* various fixes from upstream: PR32153, PR32171, PR32189,
PR32196, PR32191, PR32109, PR32372, PR32387
The following package changes have been done:
- go1.23-openssl-doc-1.23.2.2-150600.13.6.1 updated
- libctf-nobfd0-2.43-150100.7.52.1 updated
- libsystemd0-254.20-150600.4.18.2 updated
- libctf0-2.43-150100.7.52.1 updated
- binutils-2.43-150100.7.52.1 updated
- go1.23-openssl-1.23.2.2-150600.13.6.1 updated
- go1.23-openssl-race-1.23.2.2-150600.13.6.1 updated
- container:registry.suse.com-bci-bci-base-15.6-a356b7f7641f2c4a2df18eaf25d24e668359a831a948a3dc5fd7fd9c571a4cd4-0 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:07:19 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:07:19 +0100 (CET)
Subject: SUSE-CU-2025:17-1: Recommended update of bci/golang
Message-ID: <20250104080719.3217EFCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:17-1
Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.2 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.2
Container Release : 55.2
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libsystemd0-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:07:44 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:07:44 +0100 (CET)
Subject: SUSE-CU-2025:19-1: Recommended update of
suse/hpc/warewulf4-x86_64/sle-hpc-node
Message-ID: <20250104080744.A8B5CFCE7@maintenance.suse.de>
SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:19-1
Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.81 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
Container Release : 17.5.81
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libsystemd0-254.21-150600.4.21.1 updated
- libudev1-254.21-150600.4.21.1 updated
- systemd-254.21-150600.4.21.1 updated
- udev-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:08:02 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:08:02 +0100 (CET)
Subject: SUSE-CU-2025:20-1: Recommended update of bci/kiwi
Message-ID: <20250104080802.35C8AFCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/kiwi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:20-1
Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-20.2 , bci/kiwi:latest
Container Release : 20.2
Severity : important
Type : recommended
References : 1220338 1232227 1233520 1234015
-----------------------------------------------------------------
The container bci/kiwi was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4415-1
Released: Mon Dec 23 20:45:48 2024
Summary: Recommended update for binutils
Type: recommended
Severity: moderate
References: 1233520
This update for binutils fixes the following issues:
Update to current 2.43.1 branch [PED-10254, PED-10306]:
* s390 - Add arch15 instructions
* various fixes from upstream: PR32153, PR32171, PR32189,
PR32196, PR32191, PR32109, PR32372, PR32387
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libctf-nobfd0-2.43-150100.7.52.1 updated
- libsystemd0-254.21-150600.4.21.1 updated
- libctf0-2.43-150100.7.52.1 updated
- binutils-2.43-150100.7.52.1 updated
- systemd-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:08:34 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:08:34 +0100 (CET)
Subject: SUSE-CU-2025:23-1: Recommended update of bci/nodejs
Message-ID: <20250104080834.9496AFCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:23-1
Container Tags : bci/node:20 , bci/node:20.18.1 , bci/node:20.18.1-48.2 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.1 , bci/nodejs:20.18.1-48.2 , bci/nodejs:latest
Container Release : 48.2
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libsystemd0-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:08:58 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:08:58 +0100 (CET)
Subject: SUSE-CU-2025:25-1: Recommended update of bci/openjdk
Message-ID: <20250104080858.C342AFCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/openjdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:25-1
Container Tags : bci/openjdk:21 , bci/openjdk:21.0.5.0 , bci/openjdk:21.0.5.0-32.2 , bci/openjdk:latest
Container Release : 32.2
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container bci/openjdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libsystemd0-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:09:17 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:09:17 +0100 (CET)
Subject: SUSE-CU-2025:26-1: Recommended update of bci/php-apache
Message-ID: <20250104080917.DEA5BFCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/php-apache
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:26-1
Container Tags : bci/php-apache:8 , bci/php-apache:8.2.26 , bci/php-apache:8.2.26-48.2 , bci/php-apache:latest
Container Release : 48.2
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container bci/php-apache was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libsystemd0-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:09:33 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:09:33 +0100 (CET)
Subject: SUSE-CU-2025:27-1: Recommended update of bci/php-fpm
Message-ID: <20250104080933.7FC41FCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/php-fpm
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:27-1
Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.26 , bci/php-fpm:8.2.26-48.2 , bci/php-fpm:latest
Container Release : 48.2
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container bci/php-fpm was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libsystemd0-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:09:48 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:09:48 +0100 (CET)
Subject: SUSE-CU-2025:29-1: Recommended update of suse/postgres
Message-ID: <20250104080948.7ABE5FCE7@maintenance.suse.de>
SUSE Container Update Advisory: suse/postgres
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:29-1
Container Tags : suse/postgres:16 , suse/postgres:16.6 , suse/postgres:16.6 , suse/postgres:16.6-57.2
Container Release : 57.2
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container suse/postgres was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libsystemd0-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:09:51 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:09:51 +0100 (CET)
Subject: SUSE-CU-2025:31-1: Recommended update of suse/postgres
Message-ID: <20250104080951.00DA5FCE7@maintenance.suse.de>
SUSE Container Update Advisory: suse/postgres
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:31-1
Container Tags : suse/postgres:17 , suse/postgres:17.2 , suse/postgres:17.2 , suse/postgres:17.2-38.2 , suse/postgres:latest
Container Release : 38.2
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container suse/postgres was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libsystemd0-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:10:17 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:10:17 +0100 (CET)
Subject: SUSE-CU-2025:33-1: Recommended update of bci/python
Message-ID: <20250104081017.33B8DFCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:33-1
Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.10 , bci/python:3.11.10-61.2
Container Release : 61.2
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libsystemd0-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sat Jan 4 08:10:43 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 4 Jan 2025 09:10:43 +0100 (CET)
Subject: SUSE-CU-2025:35-1: Recommended update of bci/python
Message-ID: <20250104081043.3DDA4FCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:35-1
Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.8 , bci/python:3.12.8-61.2 , bci/python:latest
Container Release : 61.2
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libsystemd0-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sun Jan 5 08:05:40 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 5 Jan 2025 09:05:40 +0100 (CET)
Subject: SUSE-CU-2025:35-1: Recommended update of bci/python
Message-ID: <20250105080540.8143FFCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:35-1
Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.8 , bci/python:3.12.8-61.2 , bci/python:latest
Container Release : 61.2
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libsystemd0-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sun Jan 5 08:05:59 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 5 Jan 2025 09:05:59 +0100 (CET)
Subject: SUSE-CU-2025:36-1: Recommended update of bci/python
Message-ID: <20250105080559.17C06FCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:36-1
Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.2
Container Release : 60.2
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libsystemd0-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sun Jan 5 08:06:26 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 5 Jan 2025 09:06:26 +0100 (CET)
Subject: SUSE-CU-2025:39-1: Recommended update of suse/rmt-mariadb
Message-ID: <20250105080626.4C990FCE7@maintenance.suse.de>
SUSE Container Update Advisory: suse/rmt-mariadb
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:39-1
Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-60.2 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11.9 , suse/rmt-mariadb:10.11.9-60.2 , suse/rmt-mariadb:latest
Container Release : 60.2
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container suse/rmt-mariadb was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libsystemd0-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sun Jan 5 08:06:52 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 5 Jan 2025 09:06:52 +0100 (CET)
Subject: SUSE-CU-2025:41-1: Recommended update of bci/ruby
Message-ID: <20250105080652.B7E1FFCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/ruby
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:41-1
Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.2 , bci/ruby:latest
Container Release : 31.2
Severity : important
Type : recommended
References : 1220338 1232227 1233520 1234015
-----------------------------------------------------------------
The container bci/ruby was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4415-1
Released: Mon Dec 23 20:45:48 2024
Summary: Recommended update for binutils
Type: recommended
Severity: moderate
References: 1233520
This update for binutils fixes the following issues:
Update to current 2.43.1 branch [PED-10254, PED-10306]:
* s390 - Add arch15 instructions
* various fixes from upstream: PR32153, PR32171, PR32189,
PR32196, PR32191, PR32109, PR32372, PR32387
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libctf-nobfd0-2.43-150100.7.52.1 updated
- libsystemd0-254.21-150600.4.21.1 updated
- libctf0-2.43-150100.7.52.1 updated
- binutils-2.43-150100.7.52.1 updated
From sle-container-updates at lists.suse.com Sun Jan 5 08:07:37 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 5 Jan 2025 09:07:37 +0100 (CET)
Subject: SUSE-CU-2025:50-1: Recommended update of containers/python
Message-ID: <20250105080737.DA979FCE7@maintenance.suse.de>
SUSE Container Update Advisory: containers/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:50-1
Container Tags : containers/python:3.11 , containers/python:3.11.10 , containers/python:3.11.10-44.2
Container Release : 44.2
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container containers/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libsystemd0-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Sun Jan 5 08:07:40 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 5 Jan 2025 09:07:40 +0100 (CET)
Subject: SUSE-CU-2025:52-1: Recommended update of containers/python
Message-ID: <20250105080740.56DEFFCE7@maintenance.suse.de>
SUSE Container Update Advisory: containers/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:52-1
Container Tags : containers/python:3.9 , containers/python:3.9.20 , containers/python:3.9.20-51.2
Container Release : 51.2
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container containers/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libsystemd0-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Tue Jan 7 08:04:12 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 7 Jan 2025 09:04:12 +0100 (CET)
Subject: SUSE-IU-2025:8-1: Security update of suse/sle-micro/5.5
Message-ID: <20250107080412.BD555FBA0@maintenance.suse.de>
SUSE Image Update Advisory: suse/sle-micro/5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:8-1
Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.214 , suse/sle-micro/5.5:latest
Image Release : 5.5.214
Severity : moderate
Type : security
References : 1180355 1192916 1202473 1205224 1211507 CVE-2022-39377 CVE-2023-33204
-----------------------------------------------------------------
The container suse/sle-micro/5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:8-1
Released: Mon Jan 3 08:50:44 2022
Summary: Recommended update for mailx
Type: recommended
Severity: moderate
References: 1180355,1192916
This update for mailx fixes the following issues:
- To add description how to avoid such mailx does not send mails unless run via strace or in verbose mode. (bsc#1192916)
- Fix name argument when calling '/usr/sbin/sendmail' (bsc#1180355)
- If the openssl RNG is already seeded (on linux it always is) skip snake-oil reeseeding from file. Update man page accordingly.
- Update man page with information that ssl2 and ssl3 are not only deprecated but currently unavailable and that tls1 forces TLS 1.0 but not later versions.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2099-1
Released: Thu May 4 15:00:40 2023
Summary: Recommended update for cronie
Type: recommended
Severity: moderate
References:
This update for cronie fixes the following issue:
- Allow to define the logger info and warning priority.
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2024:3590-1
Released: Thu Oct 10 17:12:48 2024
Summary: Optional update for mailx
Type: optional
Severity: moderate
References:
This update ships mailx to SUSE Linux Enterprise Micro.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:19-1
Released: Mon Jan 6 11:38:52 2025
Summary: Security update for sysstat
Type: security
Severity: moderate
References: 1202473,1205224,1211507,CVE-2022-39377,CVE-2023-33204
This update for sysstat fixes the following issues:
- CVE-2023-33204: Fixed a multiplication integer overflow in check_overflow in common.c (bsc#1211507)
- CVE-2022-39377: Fixed arithmetic overflow in allocate_structures() (bsc#1205224)
The following package changes have been done:
- mailx-12.5-150000.3.5.1 added
- cron-4.2-150400.84.3.1 added
- cronie-1.5.7-150400.84.3.1 added
- sysstat-12.0.2-150000.3.37.1 updated
From sle-container-updates at lists.suse.com Tue Jan 7 08:08:43 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 7 Jan 2025 09:08:43 +0100 (CET)
Subject: SUSE-IU-2025:10-1: Security update of
suse/sl-micro/6.0/kvm-os-container
Message-ID: <20250107080843.7EC00FCE7@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:10-1
Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-4.34 , suse/sl-micro/6.0/kvm-os-container:latest
Image Release : 4.34
Severity : moderate
Type : security
References : 1233078 1234068 CVE-2024-10963 CVE-2024-11053
-----------------------------------------------------------------
The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 164
Released: Mon Jan 6 11:11:02 2025
Summary: Security update for pam
Type: security
Severity: moderate
References: 1233078,CVE-2024-10963
This update for pam fixes the following issues:
- CVE-2024-10963: Fixed improper hostname interpretation in pam_access that could lead to access control bypass (bsc#1233078).
-----------------------------------------------------------------
Advisory ID: 166
Released: Mon Jan 6 11:20:47 2025
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: 168
Released: Mon Jan 6 12:20:58 2025
Summary: Recommended update for liburing
Type: recommended
Severity: moderate
References:
This update for liburing fixes the following issues:
Update to 2.6:
* Add getsockopt and setsockopt socket commands
* Add test cases to test/hardlink
* Man page fixes
* Add futex support, and test cases
* Add waitid support, and test cases
* Add read multishot, and test cases
* Add support for IORING_SETUP_NO_SQARRAY
* Use IORING_SETUP_NO_SQARRAY as the default
* Add support for IORING_OP_FIXED_FD_INSTALL
* Add io_uring_prep_fixed_fd_install() helper
* Support for napi busy polling
* Improve/add test cases
* Man page fixes
* Add sample 'proxy' example
Update to 2.5:
* Add support for io_uring_prep_cmd_sock()
* Add support for application allocated ring memory, for placing rings
in huge mem. Available through io_uring_queue_init_mem().
* Add support for registered ring fds
* Various documentation updates
* Various fixes
The following package changes have been done:
- pam-1.6.0-4.1 updated
- SL-Micro-release-6.0-24.39 updated
- liburing2-2.6-1.1 updated
- libcurl4-8.6.0-5.1 updated
- container:SL-Micro-base-container-2.1.3-4.32 updated
From sle-container-updates at lists.suse.com Tue Jan 7 08:13:33 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 7 Jan 2025 09:13:33 +0100 (CET)
Subject: SUSE-CU-2025:70-1: Recommended update of bci/bci-init
Message-ID: <20250107081333.9A8D8FCFA@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-init
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:70-1
Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.30.2 , bci/bci-init:latest
Container Release : 30.2
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container bci/bci-init was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libsystemd0-254.21-150600.4.21.1 updated
- systemd-254.21-150600.4.21.1 updated
From sle-container-updates at lists.suse.com Tue Jan 7 08:13:51 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 7 Jan 2025 09:13:51 +0100 (CET)
Subject: SUSE-CU-2025:72-1: Recommended update of bci/kiwi
Message-ID: <20250107081351.2738BFCFA@maintenance.suse.de>
SUSE Container Update Advisory: bci/kiwi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:72-1
Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-20.3 , bci/kiwi:latest
Container Release : 20.3
Severity : moderate
Type : recommended
References : 1234749
-----------------------------------------------------------------
The container bci/kiwi was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4402-1
Released: Fri Dec 20 16:41:09 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
The following package changes have been done:
- libudev1-254.21-150600.4.21.1 updated
- libzypp-17.35.16-150600.3.39.1 updated
- container:registry.suse.com-bci-bci-base-15.6-87f48fd389cc295bc5fad5077946c17ccb42760a7a6f580890459aeb6904b346-0 updated
From sle-container-updates at lists.suse.com Tue Jan 7 08:15:05 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 7 Jan 2025 09:15:05 +0100 (CET)
Subject: SUSE-CU-2025:78-1: Recommended update of suse/pcp
Message-ID: <20250107081505.48F7DFCFA@maintenance.suse.de>
SUSE Container Update Advisory: suse/pcp
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:78-1
Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-42.3 , suse/pcp:latest
Container Release : 42.3
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container suse/pcp was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libsystemd0-254.21-150600.4.21.1 updated
- systemd-254.21-150600.4.21.1 updated
- container:bci-bci-init-15.6-ea8a80d234776337196d119ad19509c55972eaa82578911506e9da4b53ab7ea9-0 updated
From sle-container-updates at lists.suse.com Tue Jan 7 08:08:30 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 7 Jan 2025 09:08:30 +0100 (CET)
Subject: SUSE-IU-2025:9-1: Security update of
suse/sl-micro/6.0/base-os-container
Message-ID: <20250107080830.3AE50FBA0@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:9-1
Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-4.32 , suse/sl-micro/6.0/base-os-container:latest
Image Release : 4.32
Severity : moderate
Type : security
References : 1233078 1234068 CVE-2024-10963 CVE-2024-11053
-----------------------------------------------------------------
The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 164
Released: Mon Jan 6 11:11:02 2025
Summary: Security update for pam
Type: security
Severity: moderate
References: 1233078,CVE-2024-10963
This update for pam fixes the following issues:
- CVE-2024-10963: Fixed improper hostname interpretation in pam_access that could lead to access control bypass (bsc#1233078).
-----------------------------------------------------------------
Advisory ID: 166
Released: Mon Jan 6 11:20:47 2025
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
The following package changes have been done:
- pam-1.6.0-4.1 updated
- SL-Micro-release-6.0-24.39 updated
- libcurl4-8.6.0-5.1 updated
- curl-8.6.0-5.1 updated
- container:suse-toolbox-image-1.0.0-6.78 updated
From sle-container-updates at lists.suse.com Tue Jan 7 08:17:05 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 7 Jan 2025 09:17:05 +0100 (CET)
Subject: SUSE-CU-2025:86-1: Recommended update of suse/rmt-server
Message-ID: <20250107081705.A1673FBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/rmt-server
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:86-1
Container Tags : suse/rmt-server:2.20 , suse/rmt-server:2.20-56.3 , suse/rmt-server:latest
Container Release : 56.3
Severity : important
Type : recommended
References : 1220338 1232227 1234015
-----------------------------------------------------------------
The container suse/rmt-server was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libudev1-254.21-150600.4.21.1 updated
- container:registry.suse.com-bci-bci-base-15.6-87f48fd389cc295bc5fad5077946c17ccb42760a7a6f580890459aeb6904b346-0 updated
From sle-container-updates at lists.suse.com Tue Jan 7 08:17:37 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 7 Jan 2025 09:17:37 +0100 (CET)
Subject: SUSE-CU-2025:88-1: Recommended update of bci/rust
Message-ID: <20250107081737.069F0FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:88-1
Container Tags : bci/rust:1.81 , bci/rust:1.81.0 , bci/rust:1.81.0-2.4.2 , bci/rust:oldstable , bci/rust:oldstable-2.4.2
Container Release : 4.2
Severity : moderate
Type : recommended
References : 1233520
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4415-1
Released: Mon Dec 23 20:45:48 2024
Summary: Recommended update for binutils
Type: recommended
Severity: moderate
References: 1233520
This update for binutils fixes the following issues:
Update to current 2.43.1 branch [PED-10254, PED-10306]:
* s390 - Add arch15 instructions
* various fixes from upstream: PR32153, PR32171, PR32189,
PR32196, PR32191, PR32109, PR32372, PR32387
The following package changes have been done:
- libctf-nobfd0-2.43-150100.7.52.1 updated
- libctf0-2.43-150100.7.52.1 updated
- binutils-2.43-150100.7.52.1 updated
- container:registry.suse.com-bci-bci-base-15.6-87f48fd389cc295bc5fad5077946c17ccb42760a7a6f580890459aeb6904b346-0 updated
From sle-container-updates at lists.suse.com Tue Jan 7 08:17:53 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 7 Jan 2025 09:17:53 +0100 (CET)
Subject: SUSE-CU-2025:89-1: Recommended update of bci/rust
Message-ID: <20250107081753.5B9CBFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:89-1
Container Tags : bci/rust:1.82 , bci/rust:1.82.0 , bci/rust:1.82.0-1.4.2 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.4.2
Container Release : 4.2
Severity : moderate
Type : recommended
References : 1233520
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4415-1
Released: Mon Dec 23 20:45:48 2024
Summary: Recommended update for binutils
Type: recommended
Severity: moderate
References: 1233520
This update for binutils fixes the following issues:
Update to current 2.43.1 branch [PED-10254, PED-10306]:
* s390 - Add arch15 instructions
* various fixes from upstream: PR32153, PR32171, PR32189,
PR32196, PR32191, PR32109, PR32372, PR32387
The following package changes have been done:
- libctf-nobfd0-2.43-150100.7.52.1 updated
- libctf0-2.43-150100.7.52.1 updated
- binutils-2.43-150100.7.52.1 updated
- container:registry.suse.com-bci-bci-base-15.6-87f48fd389cc295bc5fad5077946c17ccb42760a7a6f580890459aeb6904b346-0 updated
From sle-container-updates at lists.suse.com Tue Jan 7 08:18:56 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 7 Jan 2025 09:18:56 +0100 (CET)
Subject: SUSE-CU-2025:92-1: Recommended update of
bci/bci-sle15-kernel-module-devel
Message-ID: <20250107081856.C7002FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:92-1
Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.30.1 , bci/bci-sle15-kernel-module-devel:latest
Container Release : 30.1
Severity : moderate
Type : recommended
References : 1233520
-----------------------------------------------------------------
The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4415-1
Released: Mon Dec 23 20:45:48 2024
Summary: Recommended update for binutils
Type: recommended
Severity: moderate
References: 1233520
This update for binutils fixes the following issues:
Update to current 2.43.1 branch [PED-10254, PED-10306]:
* s390 - Add arch15 instructions
* various fixes from upstream: PR32153, PR32171, PR32189,
PR32196, PR32191, PR32109, PR32372, PR32387
The following package changes have been done:
- libctf-nobfd0-2.43-150100.7.52.1 updated
- libctf0-2.43-150100.7.52.1 updated
- binutils-2.43-150100.7.52.1 updated
From sle-container-updates at lists.suse.com Tue Jan 7 08:19:15 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 7 Jan 2025 09:19:15 +0100 (CET)
Subject: SUSE-CU-2025:94-1: Recommended update of suse/sle15
Message-ID: <20250107081915.145D9FBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:94-1
Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.14.9 , suse/sle15:15.6 , suse/sle15:15.6.47.14.9
Container Release : 47.14.9
Severity : important
Type : recommended
References : 1220338 1232227 1234015 1234749
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4402-1
Released: Fri Dec 20 16:41:09 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libudev1-254.21-150600.4.21.1 updated
- libzypp-17.35.16-150600.3.39.1 updated
From sle-container-updates at lists.suse.com Tue Jan 7 08:19:35 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 7 Jan 2025 09:19:35 +0100 (CET)
Subject: SUSE-CU-2025:95-1: Recommended update of bci/spack
Message-ID: <20250107081935.33A7FFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/spack
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:95-1
Container Tags : bci/spack:0.21 , bci/spack:0.21.3 , bci/spack:0.21.3-19.2 , bci/spack:latest
Container Release : 19.2
Severity : important
Type : recommended
References : 1220338 1232227 1233520 1234015
-----------------------------------------------------------------
The container bci/spack was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4415-1
Released: Mon Dec 23 20:45:48 2024
Summary: Recommended update for binutils
Type: recommended
Severity: moderate
References: 1233520
This update for binutils fixes the following issues:
Update to current 2.43.1 branch [PED-10254, PED-10306]:
* s390 - Add arch15 instructions
* various fixes from upstream: PR32153, PR32171, PR32189,
PR32196, PR32191, PR32109, PR32372, PR32387
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- libctf-nobfd0-2.43-150100.7.52.1 updated
- libsystemd0-254.21-150600.4.21.1 updated
- libctf0-2.43-150100.7.52.1 updated
- binutils-2.43-150100.7.52.1 updated
From sle-container-updates at lists.suse.com Tue Jan 7 08:13:14 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 7 Jan 2025 09:13:14 +0100 (CET)
Subject: SUSE-CU-2025:69-1: Security update of
suse/hpc/warewulf4-x86_64/sle-hpc-node
Message-ID: <20250107081314.35921FCE7@maintenance.suse.de>
SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:69-1
Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.82 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
Container Release : 17.5.82
Severity : moderate
Type : security
References : 1202473 1205224 1211507 CVE-2022-39377 CVE-2023-33204
-----------------------------------------------------------------
The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:2099-1
Released: Thu May 4 15:00:40 2023
Summary: Recommended update for cronie
Type: recommended
Severity: moderate
References:
This update for cronie fixes the following issue:
- Allow to define the logger info and warning priority.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:19-1
Released: Mon Jan 6 11:38:52 2025
Summary: Security update for sysstat
Type: security
Severity: moderate
References: 1202473,1205224,1211507,CVE-2022-39377,CVE-2023-33204
This update for sysstat fixes the following issues:
- CVE-2023-33204: Fixed a multiplication integer overflow in check_overflow in common.c (bsc#1211507)
- CVE-2022-39377: Fixed arithmetic overflow in allocate_structures() (bsc#1205224)
The following package changes have been done:
- cronie-1.5.7-150400.84.3.1 added
- cron-4.2-150400.84.3.1 added
- mailx-12.5-150600.16.3 added
- sysstat-12.0.2-150000.3.37.1 updated
From sle-container-updates at lists.suse.com Tue Jan 7 08:19:43 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 7 Jan 2025 09:19:43 +0100 (CET)
Subject: SUSE-CU-2025:97-1: Security update of suse/manager/5.0/x86_64/server
Message-ID: <20250107081943.D3D86FBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/manager/5.0/x86_64/server
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:97-1
Container Tags : suse/manager/5.0/x86_64/server:5.0.2 , suse/manager/5.0/x86_64/server:5.0.2.7.10.2 , suse/manager/5.0/x86_64/server:latest
Container Release : 7.10.2
Severity : critical
Type : security
References : 1177488 1203617 1219340 1219724 1225451 1227261 1229010 1229072
1229128 1229238 1229449 1229684 1230423 1230798 1230951 1231048
1231347 1231373 1231414 1231428 1231463 1231463 1231604 1231771
1231795 1232030 1232573 1232579 1232844 1233014 1233085 1233151
1233282 1233307 1233323 1233325 1233326 1233327 1233420 1233434
1233699 1233774 1234068 1234749 15280 15590 15624 15696 15699
15700 CVE-2020-13956 CVE-2024-10976 CVE-2024-10977 CVE-2024-10978
CVE-2024-10979 CVE-2024-11053 CVE-2024-11168 CVE-2024-24806 CVE-2024-28168
CVE-2024-43374 CVE-2024-47072 CVE-2024-47814 CVE-2024-50602 CVE-2024-52316
CVE-2024-52533 CVE-2024-52616
-----------------------------------------------------------------
The container suse/manager/5.0/x86_64/server was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4035-1
Released: Mon Nov 18 16:22:57 2024
Summary: Security update for expat
Type: security
Severity: moderate
References: 1232579,CVE-2024-50602
This update for expat fixes the following issues:
- CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4036-1
Released: Mon Nov 18 16:23:56 2024
Summary: Security update for httpcomponents-client, httpcomponents-core
Type: security
Severity: moderate
References: 1177488,CVE-2020-13956
This update for httpcomponents-client, httpcomponents-core fixes the following issues:
httpcomponents-client:
- Update to version 4.5.14
* HTTPCLIENT-2206: Corrected resource de-allocation by fluent
response objects.
* HTTPCLIENT-2174: URIBuilder to return a new empty list instead
of unmodifiable Collections#emptyList.
* Don't retry requests in case of NoRouteToHostException.
* HTTPCLIENT-2144: RequestBuilder fails to correctly copy charset
of requests with form url-encoded body.
* PR #269: 4.5.x use array fill and more.
+ Use Arrays.fill().
+ Remove redundant modifiers.
+ Use Collections.addAll() and Collection.addAll() APIs instead of loops.
+ Remove redundant returns.
+ No need to explicitly declare an array when calling a vararg method.
+ Remote extra semicolons (;).
+ Use a 'L' instead of 'l' to make long literals more readable.
* PublicSuffixListParser.parseByType(Reader) allocates but does
not use a 256 char StringBuilder.
* Incorrect handling of malformed authority component by
URIUtils#extractHost (bsc#1177488, CVE-2020-13956).
* Avoid updating Content-Length header in a 304 response.
* Bug fix: BasicExpiresHandler is annotated as immutable but is
not (#239)
* HTTPCLIENT-2076: Fixed NPE in LaxExpiresHandler.
httpcomponents-core:
- Upgraded to version 4.4.14
* PR #231: 4.4.x Use better map apis and more.
+ Remove redundant modifiers.
+ Use Collections.addAll() API instead of loops.
+ Remove redundant returns.
+ No need to explicitly declare an array when calling a vararg method.
+ Remote extra semicolons (;).
* Bug fix: Non-blocking TLSv1.3 connections can end up in an
infinite event spin when closed concurrently by the local and
the remote endpoints.
* HTTPCORE-647: Non-blocking connection terminated due to
'java.io.IOException: Broken pipe' can enter an infinite loop
flushing buffered output data.
* PR #201, HTTPCORE-634: Fix race condition in AbstractConnPool
that can cause internal state corruption when persistent
connections are manually removed from the pool.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4037-1
Released: Tue Nov 19 09:48:41 2024
Summary: Security update for bea-stax, xstream
Type: security
Severity: important
References: 1233085,CVE-2024-47072
This update for bea-stax, xstream fixes the following issues:
- CVE-2024-47072: Fixed possible remote denial-of-service via a stack overflow (bsc#1233085).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4044-1
Released: Mon Nov 25 08:28:17 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update to v0.389:
* Update pci, usb and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4045-1
Released: Mon Nov 25 08:33:05 2024
Summary: Recommended update for patterns-base
Type: recommended
Severity: moderate
References:
This update for patterns-base fixes the following issue:
- Updated patterns-base, removing plymouth recommendation on s390x archs.
Our certification team run into an issue (jsc#PED-10532), when they
run bare metal installation with fully encrypted disk.
If the whole disk is crypted, the prompt for the password is sent to
plymouth, which is obviously showing nothing because for booting bare
metal (LPAR) is used terminal in HMC.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4054-1
Released: Tue Nov 26 06:05:40 2024
Summary: Security update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop
Type: security
Severity: moderate
References: 1231347,1231428,CVE-2024-28168
This update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop fixes the following issues:
xmlgraphics-fop was updated from version 2.8 to 2.10:
- Security issues fixed:
* CVE-2024-28168: Fixed improper restriction of XML External Entity (XXE) reference (bsc#1231428)
- Upstream changes and bugs fixed:
* Version 2.10:
+ footnote-body ignores rl-tb writing mode
+ SVG tspan content is displayed out of place
+ Added new schema to handle pdf/a and pdfa/ua
+ Correct fop version at runtime
+ NoSuchElementException when using font with no family name
+ Resolve classpath for binary distribution
+ Switch to spotbugs
+ Set an automatic module name
+ Rename packages to avoid conflicts with modules
+ Resize table only for multicolumn page
+ Missing jars in servlet
+ Optimise performance of PNG with alpha using raw loader
+ basic-link not navigating to corresponding footnote
+ Added option to sign PDF
+ Added secure processing for XSL input
+ Allow sections which need security permissions to be run when AllPermission denied in caller code
+ Remove unused PDFStructElem
+ Remove space generated by fo:wrapper
+ Reset content length for table changing ipd
+ Added alt text to PDF signature
+ Allow change of resource level for SVG in AFP
+ Exclude shape not in clipping path for AFP
+ Only support 1 column for redo of layout without page pos only
+ Switch to Jakarta servlet API
+ NPE when list item is split alongside an ipd change
+ Added mandatory MODCA triplet to AFP
+ Redo layout for multipage columns
+ Added image mask option for AFP
+ Skip written block ipds inside float
+ Allow curly braces for src url
+ Missing content for last page with change ipd
+ Added warning when different pdf languages are used
+ Only restart line manager when there is a linebreak for blocklayout
* Version 2.9:
+ Values in PDF Number Trees must be indirect references
+ Do not delete files on syntax errors using command line
+ Surrogate pair edge-case causes Exception
+ Reset character spacing
+ SVG text containing certain glyphs isn't rendered
+ Remove duplicate classes from maven classpath
+ Allow use of page position only on redo of layout
+ Failure to render multi-block itemBody alongside float
+ Update to PDFBox 2.0.27
+ NPE if link destination is missing with accessibility
+ Make property cache thread safe
+ Font size was rounded to 0 for AFP TTF
+ Cannot process a SVG using mvn jars
+ Remove serializer jar
+ Allow creating a PDF 2.0 document
+ Text missing after page break inside table inline
+ IllegalArgumentException for list in a table
+ Table width may be too wide when layout width changes
+ NPE when using broken link and PDF 1.5
+ Allow XMP at PDF page level
+ Symbol font was not being mapped to unicode
+ Correct font differences table for Chrome
+ Link against Java 8 API
+ Added support for font-selection-strategy=character-by-character
+ Merge form fields in external PDFs
+ Fixed test for Java 11
xmlgraphics-batik was updated from version 1.17 to 1.18:
- PNG transcoder references nonexistent class
- Set offset to 0 if missing in stop tag
- Validate throws NPE
- Fixed missing arabic characters
- Animated rotate tranform ignores y-origin at exactly 270 degrees
- Set an automatic module name
- Ignore inkscape properties
- Switch to spotbugs
- Allow source and target resolution configuration
xmlgraphics-commons was updated from version 2.8 to 2.10:
- Fixed test for Java 11
- Allow XMP at PDF page level
- Allow source resolution configuration
- Added new schema to handle pdf/a and pdfa/ua
- Set an automatic module name
- Switch to spotbugs
- Do not use a singleton for ImageImplRegistry
javapackages-tools was updated from version 6.3.0 to 6.3.4:
- Version 6.3.4:
* A corner case when which is not present
* Remove dependency on which
* Simplify after the which -> type -p change
* jpackage_script: Remove pointless assignment when %java_home is unset
* Don't export JAVA_HOME (bsc#1231347)
- Version 6.3.2:
* Search for JAVACMD under JAVA_HOME only if it's set
* Obsolete set_jvm and set_jvm_dirs functions
* Drop unneeded _set_java_home function
* Remove JAVA_HOME check from check_java_env function
* Bump codecov/codecov-action from 2.0.2 to 4.6.0
* Bump actions/setup-python from 4 to 5
* Bump actions/checkout from 2 to 4
* Added custom dependabot config
* Remove the test for JAVA_HOME and error if it is not set
* java-functions: Remove unneeded local variables
* Fixed build status shield
- Version 6.3.1:
* Allow missing components with abs2rel
* Fixed tests with python 3.4
* Sync spec file from Fedora
* Drop default JRE/JDK
* Fixed the use of java-functions in scripts
* Test that we don't bomb on
* Test variable expansion in artifactId
* Interpolate properties also in the current artifact
* Rewrite abs2rel in shell
* Use asciidoctor instead of asciidoc
* Fixed incompatibility with RPM 4.20
* Reproducible exclusions order in maven metadata
* Do not bomb on construct
* Make maven_depmap order of aliases reproducible
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4055-1
Released: Tue Nov 26 06:25:26 2024
Summary: Recommended update for Jackson
Type: recommended
Severity: moderate
References:
This update for Jackson fixes the following issues:
jackson-annotations was updated from version 2.16.1 to 2.17.3:
- Allow `@JsonAnySetter` on `ElementType.PARAMETER` (for use on constructor parameters)
- Build the module-info.java source too (with release=9)
jackson-bom was updated from version 2.16.1 to 2.17.3:
- Added `jackson-jr-extension-javatime`
- Added managed dependency to JUnit5
- Removed unused JUnit5 dependency
jackson-core, jackson-databind, jackson-dataformats-binary were updated from version 2.16.1 to 2.17.3:
- Various minor bugs have been fixed
jackson-modules-base was updated from version 2.16.1 to 2.17.3:
- Version update with no changes
jackson-parent was updated from version 2.16 to 2.17:
- Update to oss-parent 58 (plugin version updates)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4056-1
Released: Tue Nov 26 06:38:34 2024
Summary: Recommended update for apache2
Type: recommended
Severity: moderate
References: 1227261
This update for apache2 fixes the following issues:
- Fixed the installation location (bsc#1227261)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4059-1
Released: Tue Nov 26 08:19:49 2024
Summary: Recommended update for httpcomponents-asyncclient
Type: recommended
Severity: moderate
References:
This update for httpcomponents-asyncclient fixes the following issues:
- Fixed build issues with javapackages-tools
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4063-1
Released: Tue Nov 26 10:16:06 2024
Summary: Security update for postgresql, postgresql16, postgresql17
Type: security
Severity: important
References: 1219340,1230423,1233323,1233325,1233326,1233327,CVE-2024-10976,CVE-2024-10977,CVE-2024-10978,CVE-2024-10979
This update for postgresql, postgresql16, postgresql17 fixes the following issues:
This update ships postgresql17 , and fixes security issues with postgresql16:
- bsc#1230423: Relax the dependency of extensions on the server
version from exact major.minor to greater or equal, after Tom
Lane confirmed on the PostgreSQL packagers list that ABI
stability is being taken care of between minor releases.
- bsc#1219340: The last fix was not correct. Improve it by removing
the dependency again and call fillup only if it is installed.
postgresql16 was updated to 16.6:
* Repair ABI break for extensions that work with struct
ResultRelInfo.
* Restore functionality of ALTER {ROLE|DATABASE} SET role.
* Fix cases where a logical replication slot's restart_lsn could
go backwards.
* Avoid deleting still-needed WAL files during pg_rewind.
* Fix race conditions associated with dropping shared statistics
entries.
* Count index scans in contrib/bloom indexes in the statistics
views, such as the pg_stat_user_indexes.idx_scan counter.
* Fix crash when checking to see if an index's opclass options
have changed.
* Avoid assertion failure caused by disconnected NFA sub-graphs
in regular expression parsing.
* https://www.postgresql.org/docs/release/16.6/
postgresql16 was updated to 16.5:
* CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as
dependent on the calling role when RLS applies to a
non-top-level table reference.
* CVE-2024-10977, bsc#1233325: Make libpq discard error messages
received during SSL or GSS protocol negotiation.
* CVE-2024-10978, bsc#1233326: Fix unintended interactions
between SET SESSION AUTHORIZATION and SET ROLE
* CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from
changing environment variables.
* https://www.postgresql.org/about/news/p-2955/
* https://www.postgresql.org/docs/release/16.5/
- Don't build the libs and mini flavor anymore to hand over to
PostgreSQL 17.
* https://www.postgresql.org/about/news/p-2910/
postgresql17 is shipped in version 17.2:
* CVE-2024-10976, bsc#1233323: Ensure cached plans are marked as
dependent on the calling role when RLS applies to a
non-top-level table reference.
* CVE-2024-10977, bsc#1233325: Make libpq discard error messages
received during SSL or GSS protocol negotiation.
* CVE-2024-10978, bsc#1233326: Fix unintended interactions
between SET SESSION AUTHORIZATION and SET ROLE
* CVE-2024-10979, bsc#1233327: Prevent trusted PL/Perl code from
changing environment variables.
* https://www.postgresql.org/about/news/p-2955/
* https://www.postgresql.org/docs/release/17.1/
* https://www.postgresql.org/docs/release/17.2/
Upgrade to 17.2:
* Repair ABI break for extensions that work with struct
ResultRelInfo.
* Restore functionality of ALTER {ROLE|DATABASE} SET role.
* Fix cases where a logical replication slot's restart_lsn could
go backwards.
* Avoid deleting still-needed WAL files during pg_rewind.
* Fix race conditions associated with dropping shared statistics
entries.
* Count index scans in contrib/bloom indexes in the statistics
views, such as the pg_stat_user_indexes.idx_scan counter.
* Fix crash when checking to see if an index's opclass options
have changed.
* Avoid assertion failure caused by disconnected NFA sub-graphs
in regular expression parsing.
Upgrade to 17.0:
* New memory management system for VACUUM, which reduces memory
consumption and can improve overall vacuuming performance.
* New SQL/JSON capabilities, including constructors, identity
functions, and the JSON_TABLE() function, which converts JSON
data into a table representation.
* Various query performance improvements, including for
sequential reads using streaming I/O, write throughput under
high concurrency, and searches over multiple values in a btree
index.
* Logical replication enhancements, including:
+ Failover control
+ pg_createsubscriber, a utility that creates logical replicas
from physical standbys
+ pg_upgrade now preserves replication slots on both publishers
and subscribers
* New client-side connection option, sslnegotiation=direct, that
performs a direct TLS handshake to avoid a round-trip
negotiation.
* pg_basebackup now supports incremental backup.
* COPY adds a new option, ON_ERROR ignore, that allows a copy
operation to continue in the event of an error.
* https://www.postgresql.org/about/news/p-2936/
* https://www.postgresql.org/docs/17/release-17.html
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4067-1
Released: Tue Nov 26 11:33:47 2024
Summary: Recommended update for openssh
Type: recommended
Severity: moderate
References: 1229010,1229072,1229449
This update for openssh fixes the following issues:
- Fixed a regression introduced in 9.6 that makes X11 forwarding very slow. (bsc#1229449)
- Fixed RFC4256 implementation so that keyboard-interactive authentication method can send
instructions and sshd shows them to users even before a prompt
is requested. This fixes MFA push notifications (bsc#1229010).
- Fix a dbus connection leaked in the logind patch that was missing a sd_bus_unref call.
- Fixed a small memory leak when parsing the subsystem configuration option.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4106-1
Released: Thu Nov 28 16:10:20 2024
Summary: Security update for tomcat
Type: security
Severity: critical
References: 1233434,CVE-2024-52316
This update for tomcat fixes the following issues:
- Update to Tomcat 9.0.97
* Fixed CVEs:
+ CVE-2024-52316: If the Jakarta Authentication fails with an exception,
set a 500 status (bsc#1233434)
* Catalina
+ Add: Add support for the new Servlet API method
HttpServletResponse.sendEarlyHints(). (markt)
+ Add: 55470: Add debug logging that reports the class path when a
ClassNotFoundException occurs in the digester or the web application
class loader. Based on a patch by Ralf Hauser. (markt)
+ Update: 69374: Properly separate between table header and body in
DefaultServlet's listing. (michaelo)
+ Update: 69373: Make DefaultServlet's HTML listing file last modified
rendering better (flexible). (michaelo)
+ Update: Improve HTML output of DefaultServlet. (michaelo)
+ Code: Refactor RateLimitFilter to use FilterBase as the base class. The
primary advantage for doing this is less code to process init-param
values. (markt)
+ Update: 69370: DefaultServlet's HTML listing uses incorrect labels.
(michaelo)
+ Fix: Avoid NPE in CrawlerSessionManagerValve for partially mapped
requests. (remm)
+ Fix: Add missing WebDAV Lock-Token header in the response when locking
a folder. (remm)
+ Fix: Invalid WebDAV lock requests should be rejected with 400. (remm)
+ Fix: Fix regression in WebDAV when attempting to unlock a collection.
(remm)
+ Fix: Verify that destination is not locked for a WebDAV copy operation.
(remm)
+ Fix: Send 415 response to WebDAV MKCOL operations that include a
request body since this is optional and unsupported. (remm)
+ Fix: Enforce DAV: namespace on WebDAV XML elements. (remm)
+ Fix: Do not allow a new WebDAV lock on a child resource if a parent
collection is locked (RFC 4918 section 6.1). (remm)
+ Fix: WebDAV Delete should remove any existing lock on successfully
deleted resources. (remm)
+ Update: Remove WebDAV lock null support in accordance with RFC 4918
section 7.3 and annex D. Instead, a lock on a non-existing resource
will create an empty file locked with a regular lock. (remm)
+ Update: Rewrite implementation of WebDAV shared locks to comply with
RFC 4918. (remm)
+ Update: Implement WebDAV If header using code from the Apache Jackrabbit
project. (remm)
+ Add: Add PropertyStore interface in the WebDAV Servlet, to allow
implementation of dead properties storage. The store used can be
configured using the 'propertyStore' init parameter of the WebDAV
servlet. A simple non-persistent implementation is used if no custom
store is configured. (remm)
+ Update: Implement WebDAV PROPPATCH method using the newly added
PropertyStore. (remm)
+ Fix: Cache not found results when searching for web application class
loader resources. This addresses performance problems caused by
components such as java.sql.DriverManager which, in some circumstances,
will search for the same class repeatedly. In a large web application
this can cause performance problems. The size of the cache can be
controlled via the new notFoundClassResourceCacheSize on the
StandardContext. (markt)
+ Fix: Stop after INITIALIZED state should be a noop since it is possible
for subcomponents to be in FAILED after init. (remm)
+ Fix: Fix incorrect web resource cache size calculations when there are
concurrent PUT and DELETE requests for the same resource. (markt)
+ Add: Add debug logging for the web resource cache so the current size
can be tracked as resources are added and removed. (markt)
+ Update: Replace legacy WebDAV opaquelocktoken: scheme for lock tokens
with urn:uuid: as recommended by RFC 4918, and remove secret init
parameter. (remm)
+ Fix: Concurrent reads and writes (e.g. GET and PUT / DELETE) for the
same path caused corruption of the FileResource where some of the
fields were set as if the file exists and some as set as if it does
not. This resulted in inconsistent metadata. (markt)
+ Fix: 69415: Ensure that the ExpiresFilter only sets cache headers on
GET and HEAD requests. Also skip requests where the application has set
Cache-Control: no-store. (markt)
+ Fix: 69419: Improve the performance of ServletRequest.getAttribute()
when there are multiple levels of nested includes. Based on a patch
provided by John Engebretson. (markt)
+ Add: All applications to send an early hints informational response by
calling HttpServletResponse.sendError() with a status code of 103.
(schultz)
+ Fix: Ensure that the Jakarta Authentication CallbackHandler only
creates one GenericPrincipal in the Subject. (markt)
+ Fix: If the Jakarta Authentication process fails with an Exception,
explicitly set the HTTP response status to 500 as the ServerAuthContext
may not have set it. (markt)
+ Fix: When persisting the Jakarta Authentication provider configuration,
create any necessary parent directories that don't already exist.
(markt)
+ Fix: Correct the logic used to detect errors when deleting temporary
files associated with persisting the Jakarta Authentication provider
configuration. (markt)
+ Fix: When processing Jakarta Authentication callbacks, don't overwrite
a Principal obtained from the PasswordValidationCallback with null if
the CallerPrincipalCallback does not provide a Principal. (markt)
+ Fix: Avoid store config backup loss when storing one configuration more
than once per second. (remm)
+ Fix: 69359: WebdavServlet duplicates getRelativePath() method from
super class with incorrect Javadoc. (michaelo)
+ Fix: 69360: Inconsistent DELETE behavior between WebdavServlet and
DefaultServlet. (michaelo)
+ Fix: Make WebdavServlet properly return the Allow header when deletion
of a resource is not allowed. (michaelo)
+ Fix: Add log warning if non wildcard mappings are used with the
WebdavServlet. (remm)
+ Fix: 69361: Ensure that the order of entries in a multi-status response
to a WebDAV is consistent with the order in which resources were
processed. (markt)
+ Fix: 69362: Provide a better multi-status response when deleting a
collection via WebDAV fails. Empty directories that cannot be deleted
will now be included in the response. (markt)
+ Fix: 69363: Use getPathPrefix() consistently in the WebDAV servlet to
ensure that the correct path is used when the WebDAV servlet is mounted
at a sub-path within the web application. (markt)
+ Fix: Improve performance of ApplicationHttpRequest.parseParameters().
Based on sample code and test cases provided by John Engebretson.
(markt)
+ Add: Add support for RFC 8297 (Early Hints). Applications can use
this feature by casting the HttpServletResponse to
org.apache.catalina.connector.Reponse and then calling the method
void sendEarlyHints(). This method will be added to the Servlet API
(removing the need for the cast) in Servlet 6.2 onwards. (markt)
+ Fix: 69214: Do not reject a CORS request that uses POST but does not
include a content-type header. Tomcat now correctly processes this as
a simple CORS request. Based on a patch suggested by thebluemountain.
(markt)
+ Fix: Refactor SpnegoAuthenticator so it uses Subject.callAs() rather
than Subject.doAs() when available. (markt)
* Coyote
+ Fix: Return null SSL session id on zero length byte array returned from
the SSL implementation. (remm)
+ Fix: Skip OpenSSLConf with BoringSSL since it is unsupported. (remm)
+ Fix: Create the HttpParser in Http11Processor if it is not present on
the AbstractHttp11Protocol to provide better lifecycle robustness for
regular HTTP/1.1. The new behavior was introduced on a previous
refactoring to improve HTTP/2 performance. (remm)
+ Fix: OpenSSLContext will now throw a KeyManagementException if something
is known to have gone wrong in the init method, which is the behavior
documented by javax.net.ssl.SSLContext.init. This makes error handling
more consistent. (remm)
+ Fix: 69316: Ensure that FastHttpDateFormat#getCurrentDate() (used to
generate Date headers for HTTP responses) generates the correct string
for the given input. Prior to this change, the output may have been
wrong by one second in some cases. Pull request #751 provided by Chenjp.
(markt)
+ Add: Add server and serverRemoveAppProvidedValues to the list of
attributes the HTTP/2 protocol will inherit from the HTTP/1.1 connector
it is nested within. (markt)
+ Fix: Avoid possible crashes when using Apache Tomcat Native, caused by
destroying SSLContext objects through GC after APR has been terminated.
(remm)
+ Fix: Improve HTTP/2 handling of trailer fields for requests. Trailer
fields no longer need to be received before the headers of the
subsequent stream nor are trailer fields for an in-progress stream
swallowed if the Connector is paused before the trailer fields are
received. (markt)
+ Fix: Ensure the request and response are not recycled too soon for an
HTTP/2 stream when a stream level error is detected during the processing
of incoming HTTP/2 frames. This could lead to incorrect processing times
appearing in the access log. (markt)
+ Fix: Fix 69320, a regression in the fix for 69302 that meant the
HTTP/2 processing was likely to be broken for all clients once any
client sent an HTTP/2 reset frame. (markt)
+ Fix: Correct a regression in the fix for non-blocking reads of chunked
request bodies that caused InputStream.available() to return a non-zero
value when there was no data to read. In some circumstances this could
cause a blocking read to block waiting for more data rather than return
the data it had already received. (markt)
+ Add: Add a new attribute cookiesWithoutEquals to the Rfc6265CookieProcessor.
The default behaviour is unchanged. (markt)
+ Fix: Ensure that Tomcat sends a TLS close_notify message after receiving
one from the client when using the OpenSSLImplementation. (markt)
+ Fix: 69301: Fix trailer headers replacing non-trailer headers when writing
response headers to the access log. Based on a patch and test case
provided by hypnoce. (markt)
+ Fix: 69302: If an HTTP/2 client resets a stream before the request body is
fully written, ensure that any ReadListener is notified via a call to
ReadListener.onErrror(). (markt)
+ Fix: Correct regressions in the refactoring that added recycling of the
coyote request and response to the HTTP/2 processing. (markt)
+ Add: Add OpenSSL integration using the FFM API rather than Tomcat Native.
OpenSSL support may be enabled by adding the
org.apache.catalina.core.OpenSSLLifecycleListener listener on the
Server element when using Java 22 or later. (remm)
+ Fix: Ensure that HTTP/2 stream input buffers are only created when there
is a request body to be read. (markt)
+ Code: Refactor creation of HttpParser instances from the Processor level
to the Protocol level since the parser configuration depends on the
protocol and the parser is, otherwise, stateless. (markt)
+ Add: Align HTTP/2 with HTTP/1.1 and recycle the container internal
request and response processing objects by default. This behaviour can
be controlled via the new discardRequestsAndResponses attribute on the
HTTP/2 upgrade protocol. (markt)
* Jasper
+ Fix: Add back tag release method as deprecated in the runtime for
compatibility with old generated code. (remm)
+ Fix: 69399: Fix regression caused by the improvement 69333 which caused
the tag release to be called when using tag pooling, and to be skipped
when not using it. Patch submitted by Michal Sobkiewicz. (remm)
+ Fix: 69381: Improve method lookup performance in expression language.
When the required method has no arguments there is no need to consider
casting or coercion and the method lookup process can be simplified.
Based on pull request #770 by John Engebretson.
+ Fix: 69382: Improve the performance of the JSP include action by
re-using results of relatively expensive method calls in the generated
code rather than repeating them. Patch provided by John Engebretson.
(markt)
+ Fix: 69398: Avoid unnecessary object allocation in PageContextImpl.
Based on a suggestion by John Engebretson. (markt)
+ Fix: 69406: When using StringInterpreterEnum, do not throw an
IllegalArgumentException when an invalid Enum is encountered. Instead,
resolve the value at runtime. Patch provided by John Engebretson.
(markt)
+ Fix: 69429: Optimise EL evaluation of method parameters for methods
that do not accept any parameters. Patch provided by John Engebretson.
(markt)
+ Fix: 69333: Remove unnecessary code from generated JSPs. (markt)
+ Fix: 69338: Improve the performance of processing expressions that
include AND or OR operations with more than two operands and expressions
that use not empty. (markt)
+ Fix: 69348: Reduce memory consumption in ELContext by using lazy
initialization for the data structure used to track lambda arguments.
(markt)
+ Fix: Switch the TldScanner back to logging detailed scan results at debug
level rather than trace level. (markt)
* Web applications
+ Fix: The manager webapp will now be able to access certificates again
when OpenSSL is used. (remm)
+ Fix: Documentation. Align the logging configuration documentation with
the current defaults. (markt)
* WebSocket
+ Fix: If a blocking message write exceeds the timeout, don't attempt the
write again before throwing the exception. (markt)
+ Fix: An EncodeException being thrown during a message write should not
automatically cause the connection to close. The application should
handle the exception and make the decision whether or not to close the
connection. (markt)
* jdbc-pool
+ Fix: 69255: Correct a regression in the fix for 69206 that meant exceptions
executing statements were wrapped in a java.lang.reflect.UndeclaredThrowableException
rather than the application seeing the original SQLException. Fixed by
pull request #744 provided by Michael Clarke. (markt)
+ Fix: 69279: Correct a regression in the fix for 69206 that meant that
methods that previously returned a null ResultSet were returning a proxy
with a null delegate. Fixed by pull request #745 provided by Huub de Beer.
(markt)
+ Fix: 69206: Ensure statements returned from Statement methods
executeQuery(), getResultSet() and getGeneratedKeys() are correctly
wrapped before being returned to the caller. Based on pull request
#742 provided by Michael Clarke.
* Other
+ Update: Switch from DigiCert ONE to ssl.com eSigner for code signing.
(markt)
+ Update: Update Byte Buddy to 1.15.10. (markt)
+ Update: Update CheckStyle to 10.20.0. (markt)
+ Add: Improvements to German translations. (remm)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Add: Improvements to Chinese translations by Ch_jp. (markt)
+ Add: Exclude the tomcat-coyote-ffm.jar from JAR scanning by default.
(markt)
+ Fix: Change the default log handler level to ALL so log messages are
not dropped by default if a logger is configured to use trace (FINEST)
level logging. (markt)
+ Update: Update Hamcrest to 3.0. (markt)
+ Update: Update EasyMock to 5.4.0. (markt)
+ Update: Update Byte Buddy to 1.15.0. (markt)
+ Update: Update CheckStyle to 10.18.0. (markt)
+ Update: Update the internal fork of Apache Commons BCEL to 6.10.0.
(markt)
+ Add: Improvements to Spanish translations by Fernando. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
+ Fix: Fix packaging regression with missing osgi information following
addition of the test-only build target. (remm)
+ Update: Update Tomcat Native to 1.3.1. (markt)
+ Update: Update Byte Buddy to 1.14.18. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4109-1
Released: Thu Nov 28 17:15:36 2024
Summary: Security update for libuv
Type: security
Severity: moderate
References: 1219724,CVE-2024-24806
This update for libuv fixes the following issues:
- CVE-2024-24806: Fixed improper Domain Lookup that potentially leads to SSRF attacks (bsc#1219724)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4112-1
Released: Fri Nov 29 09:49:59 2024
Summary: Recommended update for sssd
Type: recommended
Severity: moderate
References: 1229128,1230798
This update for sssd fixes the following issues:
- Fix sss_analyze python shebang (bsc#1230798)
- Reschedule periodic tasks if clock shift is detected (bsc#1229128)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4171-1
Released: Wed Dec 4 15:25:41 2024
Summary: Recommended update for ldb, samba
Type: recommended
Severity: moderate
References: 1229684,1231414,15280,15590,15624,15696,15699,15700
This update for ldb, samba fixes the following issues:
ldb:
- Update to 2.8.2
* libldb: fix performance issue with indexes (bso#15590)
samba:
- Update to 4.19.9
* DH reconnect error handling can lead to stale sharemode entries (bso#15624)
* Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated (bso#15699, bsc#1229684)
* irpc_destructor may crash during shutdown (bso#15280)
* Compound SMB2 requests don't return NT_STATUS_NETWORK_SESSION_EXPIRED for
all requests, confuses MacOSX clients (bso#15696)
* Crash when readlinkat fails (bso#15700)
- Adjust spec to split out rpcd_* binaries into a separate sub package
(bsc#1231414, jsc#PED-11015)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4193-1
Released: Thu Dec 5 12:01:40 2024
Summary: Security update for python3
Type: security
Severity: low
References: 1231795,1233307,CVE-2024-11168
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)
Other fixes:
- Remove -IVendor/ from python-config (bsc#1231795)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4196-1
Released: Thu Dec 5 13:56:06 2024
Summary: Security update for avahi
Type: security
Severity: moderate
References: 1233420,CVE-2024-52616
This update for avahi fixes the following issues:
- CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4200-1
Released: Thu Dec 5 14:48:33 2024
Summary: Recommended update for libsolv, libzypp, zypper
Type: recommended
Severity: moderate
References: 1225451
This update for libsolv, libzypp, zypper fixes the following issues:
- Fix replaces_installed_package using the wrong solvable id when checking the noupdate map
- Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
- Add rpm_query_idarray query function
- Support rpm's 'orderwithrequires' dependency
- BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451)
- RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4224-1
Released: Fri Dec 6 10:24:50 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1233699
This update for glibc fixes the following issue:
- Remove nss-systemd from default nsswitch.conf (bsc#1233699).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4244-1
Released: Fri Dec 6 14:04:39 2024
Summary: Recommended update for shared-mime-info
Type: recommended
Severity: moderate
References: 1231463
This update for shared-mime-info fixes the following issue:
- Uninstall silently if update-mime-database is not present (bsc#1231463).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4254-1
Released: Fri Dec 6 18:03:05 2024
Summary: Security update for glib2
Type: security
Severity: important
References: 1231463,1233282,CVE-2024-52533
This update for glib2 fixes the following issues:
Security issues fixed:
- CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282).
Non-security issue fixed:
- Fix error when uninstalling packages (bsc#1231463).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4270-1
Released: Mon Dec 9 17:39:55 2024
Summary: Recommended update for net-snmp
Type: recommended
Severity: moderate
References: 1232030
This update for net-snmp fixes the following issue:
- logrotate should use reload instead of restart (bsc#1232030).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4280-1
Released: Tue Dec 10 16:59:46 2024
Summary: Recommended update for guava
Type: recommended
Severity: moderate
References:
This update for guava, google-errorprone, checker-qual, j2objc-annotations fixes the following issues:
guava was updated from version 33.1.0 to 33.2.1:
- Added some artifact aliases
- Changed how internet addresses are handled to preserve more information. This might require code updates if you were
relying on the old behavior (consult the package changelog for more details).
- Fixed a compilation issue under Gradle.
- Fixed a potential crash when building ImmutableMap.
- Added new constants for HTTP headers (Ad-Auction-Allowed, Permissions-Policy-Report-Only, and Sec-GPC).
google-errorprone, checker-qual, j2objc-annotations:
- google-errorprone-annotations, checker-qual, j2objc-annotations were added to the Development Tools Module as they
are required by this guava update
- google-errorprone-annotations package was updated from version 2.11.0 to 2.26.1 on SUSE Linux Enterprise 15 LTSS
products, as it's required by this guava update:
* Added new checks for common Java coding errors
* Improvement of existing checks
* Performance and infrastructure improvements
* Various bugs were fixed
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released: Wed Dec 11 09:31:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4289-1
Released: Wed Dec 11 10:47:31 2024
Summary: Recommended update for python-rpm-macros
Type: recommended
Severity: moderate
References: 1233151,1233774
This update for python-rpm-macros fixes the following issue:
- Update to version 20241120 (bsc#1233151)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4312-1
Released: Fri Dec 13 15:31:20 2024
Summary: Recommended update for fence-agents
Type: recommended
Severity: moderate
References:
This update for fence-agents fixes the following issue:
- eaton SSH Fence Agent (jsc#PED-11661)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4321-1
Released: Mon Dec 16 09:36:18 2024
Summary: Recommended update for firewalld
Type: recommended
Severity: important
References: 1231771
This update for firewalld fixes the following issues:
- Fix firewalld incorrectly applying oifname and daddr, resulting in incorrect rule generation and filtering (bsc#1231771)
-----------------------------------------------------------------
Advisory ID: SUSE-Manager-5.0-2024-4323
Released: Mon Dec 16 12:13:41 2024
Summary: Recommended update for release-notes-susemanager, release-notes-susemanager-proxy
Type: recommended
Severity: moderate
References: 1230951
This update for release-notes-susemanager, release-notes-susemanager-proxy fixes the following issues:
release-notes-susemanager:
- Update to SUSE Manager 5.0.2.1
* The installation images for SUSE Manager have been updated
* Bugs mentioned:
bsc#1230951
release-notes-susemanager-proxy:
- Update to SUSE Manager 5.0.2.1
* The installation images for SUSE Manager have been updated
* Bugs mentioned:
bsc#1230951
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4330-1
Released: Mon Dec 16 14:17:15 2024
Summary: Security update for vim
Type: security
Severity: low
References: 1229238,1231373,CVE-2024-43374,CVE-2024-47814
This update for vim fixes the following issues:
- CVE-2024-47814: Fixed use-after-free when closing buffers in Vim (bsc#1231373)
- CVE-2024-43374: Fixed use-after-free in alist_add() (bsc#1229238)
Other fixes:
- Updated to version 9.1.0836
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4337-1
Released: Tue Dec 17 08:17:39 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1231048,1232844
This update for systemd fixes the following issues:
- udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4363-1
Released: Tue Dec 17 16:12:41 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update v0.390
* Update pci and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4375-1
Released: Wed Dec 18 15:11:45 2024
Summary: Recommended update for publicsuffix
Type: recommended
Severity: moderate
References:
This update for publicsuffix fixes the following issues:
- Update to version 20241202:
* remove `upli.io` (#2302)
* added o365 sub domain (#2291)
* tools/internal/parser: enforce suffix ordering in the ICANN section (#2295)
* chore: Fix Alphabetizing for the ICANN section (#2287)
* remove `mcpe.me` (#2294)
* util: gTLD data autopull updates for 2024-11-27T15:18:00 UTC (#2293)
* Update `.EG` Section (#2290)
* Adding RUB domain (#2292)
* Update `.TW` Section (#2289)
* Update `.CV` Section (#2286)
* Update company name and email address (#2285)
* Update `.GE` Section (#2283)
* Update `.BO` (#2276)
* Update `.DM` Block (#2277)
* Update `.MG` Section (#2274)
* chore: Update `.AF` Section link and sorting (#2279)
* chore: Update `.CW` Section comments (#2281)
* update `.tt` section (#2272)
* remove `betainabox.com` (#2259)
* Update `.AZ` comments and fix sorting (#2275)
* alphabetise `.tm` section + add confirmation comment (#2268)
* Update `.RE` Section (#2271)
* Update `.CO` Section (#2269)
* Update `.PL` comments and fix alphabetical sorting (#2270)
* Update `.SG` Section (#2273)
* Update 2nd levels for .JO (Jordan) section (#2264)
* remove `nom.ad` (#2263)
* Update .IS (#2266)
* Update .AU Section (#2267)
* Heyflow GmbHs domains heyflow.page and heyflow.site
* Adding LODMAN regional domains
* Master to main for the remote action in the website remote
* chore(pr_template): remove syntax check (#2252)
* Add pages-research.it.hs-heilbronn.de (#2253)
* Update deploy-site.yml
* remove `corpnet.work`, update contact info (#2247)
* add `co.bz` (#2249)
* move `wdh.app` to new section (#2246)
* remove `bci.dnstrace.pro` (#2245)
* remove `onred.one` (#2244)
* util: gTLD data autopull updates for 2024-10-31T15:17:41 UTC (#2242)
* Add home.arpa (#2220)
* Add `taveusercontent.com` (#2239)
* Add ip-ddns.com and ddns-ip.net (#2234)
* Add grafana-dev.net to public suffix list (#2188)
* chore: remove 2nd level comment for `.sk` (#2238)
* Remove `presse.ci` and `md.ci`, other ccTLD stubs not associated w respective registry (#2198)
* update `.io` section (#2236)
* Remove `gov.cu` (#2233)
* Remove Handshake suffixes (#2222)
* internal/parser: add PublicSuffix and RegisteredDomain methods to List (#2228)
* Add cloud-ip.biz and ip-dynamic.org for ClouDNS (#2202)
* Add co.ss (#2144)
* Add `org.ao`, `edu.ao`, `gov.ao` ccTLD (ICANN section) (#2145)
* util: gTLD data autopull updates for 2024-10-17T15:16:22 UTC (#2226)
* chore: update is-a.dev contact info (#2225)
* Remove bloxcms.com in public suffix list - no longer needed (#2224)
* Remove ddns5.com (#2221)
* Make TXT validation use local git history (#2217)
* Improve psltool PR check (#2218)
* Remove beta.tailscale.net (#2216)
* util: gTLD data autopull updates for 2024-10-15T15:17:29 UTC (#2219)
* Remove `museum.mw` (#2203)
* Update `.NA` entries (#2204)
* Remove `ne.pw` (#2200)
* Remove inactive or expired yombo domains (#2173)
* Remove old Python PR checker
* Add medusajs.app domain to public list (#2211)
* Remove Banzai Cloud (#2215)
* tools/internal/github: correctly handle github's mergeability updates (#2214)
* tools/internal/parser: check TXT records (#2213)
* remove `preview.wdh.app`, `t.hrsn.dev`, `t.hrsn.net` (#2208)
* Update PR Template Requiring Abuse Contact for Subdomain Registry Requestors (#2201)
* remove `paris.eu.org` (#2147)
* remove `blogspot.mr` (#2100)
* Adding ArvanCloud arvanedge.ir Compute Domain to public suffix list (#2205)
* remove `q-a.eu.org` (#2146)
* AWS Submissions to the Public Suffix List - Q3 2024 (#2032)
* Remove `bounty-full.com` to rollback #104 (#2163)
* Add back `cnpy.gdn` to restore #633 (#2194)
* Remove `cnpy.gdn` to rollback #633 (#2174)
* Br 20240930 update (#2192)
* add mittwald product domains (#2171)
* util: gTLD data autopull updates for 2024-09-26T15:17:07 UTC (#2191)
* Remove `certmgr.org` to roll back #225 (#2164)
* Remove dyn53.io to rollback #820 (#2161)
* Remove `forte.id` to rollback #1081 (#2166)
* Remove `daplie.me` to rollback commit a4d8335 (#2162)
* remove exception in CI for duplicate sections (#2180)
* combine duplicate sections (#2168)
* tools/internal/domain: add functions to render a domain as punycode (#2179)
* tools/psltool: allow checking the PSL for an arbitrary commit on github (#2177)
* tools/internal/github: support loading PR diffs for merged PRs (#2176)
* tools/internal: wrap use of collators in mutexes (#2175)
* Add `hf.space` and `static.hf.space` to `public_suffix_list.dat` (#2157)
* Update `prvcy.page` contact email (#2182)
* Add shopware.shop to public suffix list (#2187)
* Remove domain:ktistory.com from PSL (#2181)
* rename `William Harrison` to `Harrison Network` (#2183)
* Remove *.sensiosite.cloud and *.s5y.io (#2167)
* Remove `mycd.eu` to rollback #233 (#2165)
* docs(pr_template): fix grammar error + small changes (#2169)
* add `hrsn.dev` (#2170)
* add `t.hrsn.dev` (#2155)
* docs(pr_template): various fixes and comment updates (#2156)
* util: gTLD data autopull updates for 2024-09-13T15:16:52 UTC (#2154)
* Apply formatting using `psltool fmt` (#2152)
* update contact for dweb.link and libp2p.direct (#2105)
* Automatically run psltool validate (#2151)
* Add v0.build and vusercontent.net (#2121)
* Cleanup (#2150)
* chore: remove 6 domains from Now-DNS section (#2113)
* Remove old Jelastic domains (from #1095) (#2148)
* Add `ctfcloud.net` domain (#2073)
* remove `mc.eu.org` (#2099)
* Add gob.cu nat.cu (#1695) (#2143)
* remove `dapps.earth` section (#2124)
* Remove `autocode.dev` (Rollback #1617) (#2141)
* remove `magnet.page` (#2142)
* Apply formatting using `psltool fmt` (#2140)
* Minor formatting fix (#2139)
* Add psltool fmt check for PRs (#2137)
* Replace Legacy Wikipedia URLs with IANA Page Links in ICANN Section Comments (#2135) (#2138)
* UPDATE HOSTBIP DOMAIN NAMES (2024) +biz.ng +plc.ng -edu.scot -sch.so (#2127)
* Adding oraclecloudapps.com from Oracle Autonomous Database (#2130)
* Remove flap.id (#2132)
* Remove discontinued CentralNic entries (#2136)
* Apply formatting using `psltool fmt` (#2134)
* Add new action to manually run formatter (#2133)
* add `nyat.app` (#2122)
* Remove `publishproxy.com` (#294) (#2131)
* Update public_suffix_list.dat (#2128)
* Remove `fireweb.app` (#2129)
* Update contact information for `nyc.mn` (#2125)
* Fix syntax inconsistency (#2126)
* add `preview.wdh.app` and `t.hrsn.net` (#2119)
* Move Domains Under OpenHost (#2115)
* util: gTLD data autopull updates for 2024-08-25T15:14:38 UTC (#2111)
* remove `bip.sh` (#2063)
* Add routingthecloud.com/.net/.org (#2107)
* remove Revitalised Limited section (#2101)
* chore: update contact info + revert wildcard change for `wdh.app` (#2108)
* remove `blogsite.xyz` (#2098)
* Add additional readthedocs domain: readthedocs-hosted.com (#2110)
* Add MathWorks domains (#1983)
* remove localzone.xyz (#2104)
* add `is-a-good.dev` (#2095)
* util: gTLD data autopull updates for 2024-08-12T15:17:08 UTC (#2103)
* merge `wdh.app` entries together using wildcard (#2094)
* add `is-a-fullstack.dev` under Open Domains (#2096)
* Fix newline handling of automatic ICANN updater (#2093)
* util: gTLD data autopull updates for 2024-08-10T15:15:39 UTC (#2097)
* Add IONOS product domains (#2083)
* add ggff.net and filegear-sg.me from l53.net (#2085)
* add `wdh.app` (#2067)
* add libp2p.direct (#2084)
* add sn.mynetname.net domain (#2090)
* Update public_suffix_list.dat (#2076)
* Run 'psltool fmt' to reformat PSL to canonical form (#2088)
* tools/psltool: support for analyzing a github PR (#2087)
* tools/internal/parser: add more offline, diff-aware validations (#2089)
* Add `mafelo.net` (#2082)
* remove `devcdnaccesso.com` (#2065)
* remove `t3l3p0rt.net` and `tele.amune.org` (#2066)
* remove `bitbridge.net` (#2064)
* remove static.land from public_suffix_list.dat (#2081)
* Remove wedeploy domains (#2077)
* update for .PK ccTLD (#2068)
* Remove `awsmppl.com` (expired domain) (#2070)
* update contact email for `is-a.dev` (#2074)
* remove old domains (#2058)
* Update README.md
* remove cloudcontrol.com (#2072)
* tools/internal/parser: add diff support (#2071)
* remove`graphox.us` (#2062)
* Remove `pagefrontapp.com` (expired domain) (#2059)
* tools/psltool: CLI for editing and validating PSL files (#2069)
* Remove `mozilla-iot.org` (#2050)
* Remove Shift Crypto AG (#2055)
* Remove `backplaneapp.io` to rollback #267 (expired domain) (#2060)
* remove `pcloud.host` (#2052)
* Remove `mintere.site` to rollback #993 (#2056)
* remove `cya.gg` (#2053)
* remove `nid.io` (#2054)
* remove Cyclic Software section (#2051)
* Remove `onflashdrive.app` (related to #1401) (#2048)
* Remove impertrix domains to rollback #1060 (#2047)
* Remove filegear regional domains (#2049)
* remove `c.la` (#2044)
- Update to version 20240722:
* PSL Private Section Domains WHOIS Checker (#2014)
* Add servebolt.cloud to PLS (#2026)
* Add `p.tawk.email` and `p.tawkto.email` domains (#2016)
* Remove domain no longer under Supabase control. (#2037)
* tools/internal/parser: implement automatic reformatting (#2036)
* util: gTLD data autopull updates for 2024-07-12T15:14:39 UTC (#2034)
* Add dhosting.pl Sp. z o.o. shared domains: dfirma.pl, dkonto.pl, you2.pl (#2024)
* tools/internal/parser: rework metadata extraction for more accurate reformatting (#2027)
* AWS Submissions to the Public Suffix List - Q2 2024 (#1954)
* aero: remove extra word between TLD name and URL (#2029)
* tools/internal/parser: rewrite parser to output a syntax tree (#2025)
* Add removal notice to PR template (#2023)
* remove Rakuten Games, Inc related entries (#2022)
* add `hatenablog.com` etc (#1948)
* Add cyber_Folks S.A. shared domain - cfolks.pl (#2017)
* tools/internal/parser: minor parser cleanups (#2021)
* Add Craft Docs Domain (#2006)
* util: gTLD data autopull updates for 2024-06-29T15:13:33 UTC (#2020)
* Merge WebPros domains in the same section (#2013)
* Add `durumis.com` (#1978)
* tools/internal/parser: validate the sort order of the private section (#2012)
* Update comments on aland.fi (#2019)
* Remove instantcloud.cn (#2015)
* tools/internal/parser: detect and report section markers within suffix blocks (#2011)
* tools/internal/parser: remove workarounds for fixed PSL blocks (#2010)
* Add Raidboxes GmbH to the list (#2004)
* Add missing URL schemes to URLs (#2008)
* Add closing chevron to contact email address. (#2007)
* tool/internal/parser: sanitize input to clean, valid UTF-8 (#2005)
* Add `obl.ong` (#1830)
* Salesforce crm dev (#1941)
* Add wpsquared.site and wp2.host to private section (#1957) (#1957)
* Add netfy.app (#1991)
* Remove expired domains: `ro.im`, `cn.vu` (#2003)
* tools/internal/parser: refactor to separate text processing from parser main logic (#1999)
* Replace unicode fullwidth colon with a regular ascii colon. (#2001)
* Add missing spaces after '//' on prequalifyme.today block (#2000)
* Add `as.sh.cn` (#1992)
* tools: add a validating parser for PSL files (#1987)
* Clarify request to list third-party limits in PR template
* util: gTLD data autopull updates for 2024-06-13T15:15:16 UTC (#1994)
* Reattach of.by to the Belarus ccTLD block (#1995)
* add madethis.site (#1979)
* mytuleap.com, tuleap-partners.com: update contact information (#1845)
* Add Strapi domains (#1982)
* Add relay.evervault.app and relay.evervault.dev (#1959)
* add .ind.mom (#1984)
* Add 6 new domains to Lukanet Ltd Private domains (#1977)
* Add heiyu.space (#1980)
- Update to version 20240603:
* Add Cloudflare CNAME setup domains (#1963)
* util: gTLD data autopull updates for 2024-05-31T15:16:08 UTC (#1988)
* Add `hypernode.io` domain (#1970)
* Add `wixstudio.com` (#1971)
* Fix set union (#1986)
* Bump dnspython from 2.5.0 to 2.6.1 in /tools/pr_checker (#1985)
* Add Github workflow to check _psl DNS entries on PRs (#1933)
* Clean up list to fix rule sorting within orgs (#1968)
- Update to version 20240513:
* Add Expo domains (#1975)
* Add `*.hosted.app` (#1947)
* Add Clever Cloud's domains for customers (#1974)
* Add web.val.run and express.val.run to PSL (#1964)
* add notion site to etld (#1958)
* Add `box.ca` (Whatbox) (#1950)
* Add observablehq.cloud (#1934)
* Add 'zeabur.app' (#1865)
* Add `sheezy.games` (#1945)
* util: gTLD data autopull updates for 2024-05-04T15:12:50 UTC (#1973)
* Create a Security Policy (#1856)
* Add examples of limitations to PR template (#1929)
* Update `prvcy.page` (#1859)
* Remove Lightmaker Property Manager, Inc. domain (#1820)
* Adding regional domain bielsko.pl (#1749)
* add xmit.dev (#1972)
* Remove `ghost.io` (#1969)
* Add aaa.vodka (#1795)
* Add ngo.us for the NGO.US Registry (#1821)
* AWS Submissions to the Public Suffix List - Q1 2024 (#1919)
* Add shop.brendly.hr (#1762)
- Update to version 20240419:
* add qnap entries to existing section (`myqnapcloud.cn` , `mycloudnas.com`, `mynascloud.com`) (#1837)
* Update public_suffix_list.dat (#1966)
* drop old domains (#1960)
* Jouwweb public suffixes (#1935)
* Add `us.kg` (#1755)
* Replacement for PR #1741 (#1962)
* Add `rt.ht` (#1860)
* Add cloudscale.ch domains (#1589)
- Update to version 20240410:
* Removing `ravendb.me` (#1841)
* Updating psl: Adding myfritz.link (follow up PR#77) (#1761)
* Add `framer.ai` (#1831)
* chore: add `is-a.dev` (#1949)
* Add StackBlitz (#1939)
* Add `unison-services.cloud` (#1839)
* Add `is-cool.dev`, `is-local.org`, `is-not-a.dev` and `localplayer.dev` (#1672)
* Add grayjayleagues.com (#1742)
* Add `runcontainers.dev` for Libre IT Ltd (#1783)
* Add `heliohost.us`, `helioho.st`(#1825)
* Remove `123sait.ru` (#1844)
* Add MyDNS.JP Dynamic DNS Service (#1937)
* add `scrypted.io` (#1826)
* Add `darklang.io` (#1880)
* Update `cloudns.net` dynamic dns domains listing (#1593)
* Add wildcard to `snowflake.app` and `privatelink.snowflake.app` (#1743)
* Add `preview.csb.app` and `csb.app` (#1648)
* Add `nimsite.uk` (#1797)
* add getlocalcert.net domains (#1798)
* Add wadl.top (#1924)
* ADD: `can.re` (#1651)
* Add cdn77-storage.com and rsc.contentproxy9.cz (#1882)
* add `srv.us`, `xmit.co`
* Add at.emf.camp (#1955)
* util: gTLD data autopull updates for 2024-03-28T15:13:37 UTC (#1952)
- Update to version 20240326:
* Add `*.ir.md` (#1625)
* Update name for info.cx (#1616)
* add `nftstorage.link` (#1548)
* GD - graphic.design (#1940)
* Removing wildcard for cloudapp.azure.com (#1944)
- Update to version 20240306:
* util: gTLD data autopull updates for 2024-03-06T15:14:58 UTC (#1943)
- Update to version 20240303:
* add `*.my.canvasite.cn` and `*.my.canva.site` (#1739)
* Add on.crisp.email (Crisp IM SAS) (#1904)
* add `ngrok.pro` (#1895)
* Add adaptable.app domain (#1824)
* Add STACKIT free customer subdomains (#1785)
* Add `modx.dev` (#1804)
* Add `ewp.live` (EasyWP) (#1773)
* Add convex.site (#1767)
* Add `involve.me` user domains (#1731)
* Add `replit.app` and `replit.dev` (#1679)
* Add f5.si (#1664)
* Add *.c.ts.net. (#1618)
* Add `webflow.io` and `webflowtest.io` (#1722)
* Add 3 Streak domains (#1720)
* add myradweb.net and servername.us to Rad Web Hosting (#1760)
- Update to version 20240212:
* Add cprapid.com suffix to private section (#1892)
* util: gTLD data autopull updates for 2024-02-08T15:13:14 UTC (#1932)
* Added Cyclic Software (#1737)
* Update public_suffix_list.dat for scw.cloud subdomains (#1740)
* Update public_suffix_list.dat (#1926)
* Add ZAP-Hosting cloud domain (#1907)
* Add `flutterflow.app` (#1666)
* Update public_suffix_list.dat (#1614)
* Brave Submissions to the Public Suffix List - Q4 2023 (#1872)
* Add pley.games (#1881)
* Add panel.dev (#1916)
* add 12CHARS to private domains (#1915)
* Azure updates for Microsoft Corporate Domains (#1891)
* Remove blog.kg from private section (#1840)
* AWS Submissions to the Public Suffix List - Q4 2023 (#1876)
* Homebase requested the addition of id.pub kin.one kin.pub (#1768)
* Replace run.app and a.run.app with *.run.app (#1928)
* Add pages.gay (#1920)
* Update Platform.sh domains (#1792)
* fix(adobe): add aem.live and aem.page domains (#1874)
* Update code builder domains with the canary (#1802)
* Add atmeta.com to PSL and consolidate Meta entries (#1736)
* util: gTLD data autopull updates for 2024-01-24T15:14:29 UTC (#1923)
- Update to version 20240123:
* util: gTLD data autopull updates for 2024-01-23T15:14:10 UTC (#1921)
- Update to version 20240107:
* Remove homeoffice.gov.uk (#1909)
* util: gTLD data autopull updates for 2024-01-06T15:12:04 UTC (#1918)
- Update to version 20231213:
* util: gTLD data autopull updates for 2023-12-12T15:13:54 UTC (#1910)
* util: gTLD data autopull updates for 2023-12-06T15:14:08 UTC (#1908)
* Place -v after -C in github actions workflows (#1906)
* Introduce Go Modules to tooling (#1901)
* util: gTLD data autopull updates for 2023-11-21T15:13:46 UTC (#1902)
* Handle EBEROs: Use DelegationDate alongside ContractTerminated (#1894)
* util: gTLD data autopull updates for 2023-11-18T15:11:52 UTC (#1898)
- Update to version 20231108:
* Update public_suffix_list.dat (#1848)
* util: gTLD data autopull updates for 2023-11-03T15:13:18 UTC (#1887)
* Add `torun.pl` (#1684)
- Update to version 20231028:
* util: gTLD data autopull updates for 2023-10-28
* AWS Submissions to the Public Suffix List - Q3 2023
* Add <4-8>.azurestaticapps.net DNS suffix
- Update to version 20230930:
* util: gTLD data autopull updates for 2023-09-30T15:11:25 UTC
* Update .fr list, move some subspaces to PRIVATE section listing of smallregistry.net
* Remove k12.de.us
* Add wix.run
- Update to version 20230826:
* util: gTLD data autopull updates for 2023-08-26T15:11:07 UTC (#1835)
* util: gTLD data autopull updates for 2023-08-23T15:12:41 UTC (#1832)
* Update tld-update.yml (#1827)
* util: gTLD data autopull updates for 2023-08-12T15:10:57 UTC (#1829)
* util: gTLD data autopull updates for 2023-08-09T15:14:39 UTC (#1828)
* tools: include IANA TLD URL in new gtld updates. (#1817)
* util: gTLD data autopull updates for 2023-08-05T15:11:19 UTC (#1822)
* Update tld-update.yml to automatically add labels when autopull catches deltas and generates PR (#1815)
* ci: update test workflow triggers to include PRs. (#1818)
* util: gTLD data autopull updates for 2023-08-02T15:11:59 UTC (#1816)
* unbroke URL assembly
* Add IANA DB URL instead of blanking out contract date
* tools: skip contract date rendering, small CI fixups. (#1812)
* util: gTLD data autopull updates for 2023-07-28T15:13:22 UTC (#1805)
- Update to version 20230717:
* Domains are removed `hidora.com`, `users.scale.virtualcloud.com.br`, `clicketcloud.com` (#1598)
* Add storipress.app (#1583)
- Update to version 20230709:
* util: gTLD data autopull updates for 2023-07-08T15:13:17 UTC (#1796)
* util: gTLD data autopull updates for 2023-07-01T15:13:05 UTC (#1791)
* AWS Submissions to the Public Suffix List - Q1 2023 (#1600)
- Update to version 20230616:
* Add 63 geographical domains for .vn ccTLD (#1776)
* util: gTLD data autopull updates for 2023-06-16T15:12:40 UTC (#1778)
* util: gTLD data autopull updates for 2023-06-14T15:13:06 UTC (#1777)
- Update to version 20230613:
* Add `{id,io,ai}.vn` for .vn ccTLD in ICANN Section (#1771)
* util: gTLD data autopull updates for 2023-06-10T15:11:56 UTC (#1774)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4384-1
Released: Thu Dec 19 09:05:33 2024
Summary: Recommended update for grub2
Type: recommended
Severity: moderate
References: 1231604,1232573
This update for grub2 fixes the following issues:
- xen-debug Subpackage Created: Debug files (with the .module suffix) previously included in the main xen package have
been moved to a separate xen-debug subpackage (bsc#1232573)
- minix Filesystem Misdetection Fixed: Addressed an issue where leftover data on disk could cause a misdetection and
errors (bsc#1231604)
-----------------------------------------------------------------
Advisory ID: SUSE-Manager-5.0-2024-4394
Released: Fri Dec 20 11:34:44 2024
Summary: Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server
Type: recommended
Severity: moderate
References: 1233014
Maintenance update for SUSE Manager 5.0: Server, Proxy and Retail Branch Server
This is a codestream only update
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4402-1
Released: Fri Dec 20 16:41:09 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
The following package changes have been done:
- libsolv-tools-base-0.7.31-150600.8.7.2 updated
- libexpat1-2.4.4-150400.3.25.1 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- libzypp-17.35.16-150600.3.39.1 updated
- glibc-2.38-150600.14.17.2 updated
- libavahi-common3-0.8-150600.15.6.1 updated
- glibc-locale-base-2.38-150600.14.17.2 updated
- javapackages-filesystem-6.3.4-150200.3.15.1 updated
- patterns-base-fips-20200124-150600.32.3.2 updated
- libglib-2_0-0-2.78.6-150600.4.8.1 updated
- zypper-1.14.78-150600.10.16.3 updated
- curl-8.6.0-150600.4.15.1 updated
- libudev1-254.20-150600.4.18.2 updated
- libsystemd0-254.20-150600.4.18.2 updated
- libcurl4-8.6.0-150600.4.15.1 updated
- systemd-254.20-150600.4.18.2 updated
- libgmodule-2_0-0-2.78.6-150600.4.8.1 updated
- libgobject-2_0-0-2.78.6-150600.4.8.1 updated
- libipa_hbac0-2.9.3-150600.3.12.1 updated
- libpq5-17.2-150600.13.5.1 updated
- libsolv-tools-0.7.31-150600.8.7.2 updated
- libsss_idmap0-2.9.3-150600.3.12.1 updated
- libsss_nss_idmap0-2.9.3-150600.3.12.1 updated
- libuv1-1.44.2-150500.3.5.1 updated
- openssh-common-9.6p1-150600.6.12.1 updated
- publicsuffix-20241202-150000.3.18.2 updated
- python-rpm-macros-20241120.6ae645f-150400.3.18.1 updated
- release-notes-susemanager-5.0.2.1-150600.11.21.1 updated
- shared-mime-info-2.4-150600.3.3.2 updated
- snmp-mibs-5.9.4-150600.24.5.2 updated
- vim-data-common-9.1.0836-150500.20.15.1 updated
- glibc-locale-2.38-150600.14.17.2 updated
- javapackages-tools-6.3.4-150200.3.15.1 updated
- libavahi-client3-0.8-150600.15.6.1 updated
- libpython3_6m1_0-3.6.15-150300.10.78.1 updated
- python3-base-3.6.15-150300.10.78.1 updated
- python3-3.6.15-150300.10.78.1 updated
- python3-curses-3.6.15-150300.10.78.1 updated
- postgresql-17-150600.17.6.1 updated
- postgresql16-16.6-150600.16.10.1 updated
- libsss_certmap0-2.9.3-150600.3.12.1 updated
- glibc-devel-2.38-150600.14.17.2 updated
- openssh-fips-9.6p1-150600.6.12.1 updated
- libgio-2_0-0-2.78.6-150600.4.8.1 updated
- glib2-tools-2.78.6-150600.4.8.1 updated
- spacewalk-java-lib-5.0.15-150600.3.11.3 updated
- vim-9.1.0836-150500.20.15.1 updated
- libsnmp40-5.9.4-150600.24.5.2 updated
- hwdata-0.390-150000.3.74.2 updated
- apache2-prefork-2.4.58-150600.5.29.1 updated
- openssh-server-9.6p1-150600.6.12.1 updated
- openssh-clients-9.6p1-150600.6.12.1 updated
- python3-solv-0.7.31-150600.8.7.2 updated
- postgresql-server-17-150600.17.6.1 updated
- postgresql16-server-16.6-150600.16.10.1 updated
- libldb2-2.8.2-150600.3.6.1 updated
- perl-SNMP-5.9.4-150600.24.5.2 updated
- net-snmp-5.9.4-150600.24.5.2 updated
- apache2-2.4.58-150600.5.29.1 updated
- openssh-9.6p1-150600.6.12.1 updated
- grub2-2.12-150600.8.12.1 updated
- grub2-i386-pc-2.12-150600.8.12.1 updated
- postgresql16-contrib-16.6-150600.16.10.1 updated
- postgresql-contrib-17-150600.17.6.1 updated
- sssd-ldap-2.9.3-150600.3.12.1 updated
- sssd-2.9.3-150600.3.12.1 updated
- sssd-krb5-common-2.9.3-150600.3.12.1 updated
- samba-client-libs-4.19.8+git.399.71536ca297e-150600.3.9.6 updated
- grub2-x86_64-efi-2.12-150600.8.12.1 updated
- sssd-krb5-2.9.3-150600.3.12.1 updated
- sssd-dbus-2.9.3-150600.3.12.1 updated
- python3-sssd-config-2.9.3-150600.3.12.1 updated
- sssd-ad-2.9.3-150600.3.12.1 updated
- tomcat-servlet-4_0-api-9.0.97-150200.71.1 updated
- tomcat-el-3_0-api-9.0.97-150200.71.1 updated
- jackson-core-2.17.3-150200.3.19.1 updated
- jackson-annotations-2.17.3-150200.3.19.1 updated
- j2objc-annotations-2.2-150200.5.5.2 updated
- httpcomponents-core-4.4.14-150200.3.9.1 updated
- google-errorprone-annotations-2.26.1-150200.5.8.1 updated
- checker-qual-3.22.0-150200.5.7.2 added
- sssd-tools-2.9.3-150600.3.12.1 updated
- sssd-ipa-2.9.3-150600.3.12.1 updated
- tomcat-jsp-2_3-api-9.0.97-150200.71.1 updated
- jackson-databind-2.17.3-150200.3.23.1 updated
- guava-33.2.1-150200.3.13.2 updated
- python3-firewall-2.0.1-150600.3.5.1 updated
- tomcat-lib-9.0.97-150200.71.1 updated
- jackson-module-jaxb-annotations-2.17.3-150200.5.16.1 updated
- firewalld-2.0.1-150600.3.5.1 updated
- xstream-1.4.21-150200.3.28.1 updated
- httpcomponents-client-4.5.14-150200.3.9.1 updated
- httpcomponents-asyncclient-4.1.4-150400.3.3.1 updated
- fence-agents-4.13.1+git.1704296072.32469f29-150600.3.12.2 updated
- tomcat-9.0.97-150200.71.1 updated
- spacewalk-java-postgresql-5.0.15-150600.3.11.3 updated
- spacewalk-java-config-5.0.15-150600.3.11.3 updated
- spacewalk-taskomatic-5.0.15-150600.3.11.3 updated
- spacewalk-java-5.0.15-150600.3.11.3 updated
- supportutils-plugin-susemanager-5.0.4-150600.3.3.2 updated
From sle-container-updates at lists.suse.com Wed Jan 8 08:03:13 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 8 Jan 2025 09:03:13 +0100 (CET)
Subject: SUSE-IU-2025:11-1: Security update of
suse/sl-micro/6.0/baremetal-os-container
Message-ID: <20250108080313.A46DAFBA0@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:11-1
Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-4.34 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release : 4.34
Severity : moderate
Type : security
References : 1233078 1234068 CVE-2024-10963 CVE-2024-11053
-----------------------------------------------------------------
The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 164
Released: Mon Jan 6 11:11:02 2025
Summary: Security update for pam
Type: security
Severity: moderate
References: 1233078,CVE-2024-10963
This update for pam fixes the following issues:
- CVE-2024-10963: Fixed improper hostname interpretation in pam_access that could lead to access control bypass (bsc#1233078).
-----------------------------------------------------------------
Advisory ID: 166
Released: Mon Jan 6 11:20:47 2025
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: 170
Released: Mon Jan 6 14:09:01 2025
Summary: Recommended update for catatonit
Type: recommended
Severity: moderate
References:
This update for catatonit fixes the following issues:
Update to catatonit v0.2.0.
* Change license to GPL-2.0-or-later.
The following package changes have been done:
- pam-1.6.0-4.1 updated
- SL-Micro-release-6.0-24.39 updated
- libcurl4-8.6.0-5.1 updated
- catatonit-0.2.0-1.1 updated
- container:SL-Micro-base-container-2.1.3-4.32 updated
From sle-container-updates at lists.suse.com Wed Jan 8 08:03:29 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 8 Jan 2025 09:03:29 +0100 (CET)
Subject: SUSE-IU-2025:12-1: Security update of
suse/sl-micro/6.0/rt-os-container
Message-ID: <20250108080329.BB9F8FBA0@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:12-1
Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-5.33 , suse/sl-micro/6.0/rt-os-container:latest
Image Release : 5.33
Severity : moderate
Type : security
References : 1233078 1234068 CVE-2024-10963 CVE-2024-11053
-----------------------------------------------------------------
The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 164
Released: Mon Jan 6 11:11:02 2025
Summary: Security update for pam
Type: security
Severity: moderate
References: 1233078,CVE-2024-10963
This update for pam fixes the following issues:
- CVE-2024-10963: Fixed improper hostname interpretation in pam_access that could lead to access control bypass (bsc#1233078).
-----------------------------------------------------------------
Advisory ID: 166
Released: Mon Jan 6 11:20:47 2025
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
The following package changes have been done:
- pam-1.6.0-4.1 updated
- SL-Micro-release-6.0-24.39 updated
- libcurl4-8.6.0-5.1 updated
- container:SL-Micro-container-2.1.3-4.34 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:02:29 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:02:29 +0100 (CET)
Subject: SUSE-CU-2025:105-1: Recommended update of containers/milvus
Message-ID: <20250110080229.19B74FCE7@maintenance.suse.de>
SUSE Container Update Advisory: containers/milvus
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:105-1
Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.12
Container Release : 7.12
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container containers/milvus was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:registry.suse.com-bci-bci-base-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:03:24 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:03:24 +0100 (CET)
Subject: SUSE-IU-2025:69-1: Recommended update of
suse/sl-micro/6.0/baremetal-os-container
Message-ID: <20250110080324.25F4DFBA0@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:69-1
Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-4.37 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release : 4.37
Severity : moderate
Type : recommended
References : 1232753
-----------------------------------------------------------------
The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 175
Released: Thu Jan 9 12:31:10 2025
Summary: Recommended update for selinux-policy
Type: recommended
Severity: moderate
References: 1232753
This update for selinux-policy fixes the following issues:
- Trigger a full relabel on transactional systems upon module
installation.
This is rather expensive and will hopefully be replaced
by a more fine grained solution later on (bsc#1232753)
The following package changes have been done:
- SL-Micro-release-6.0-24.41 updated
- selinux-policy-20230523+git25.ad22dd7f-2.1 updated
- selinux-policy-targeted-20230523+git25.ad22dd7f-2.1 updated
- container-selinux-2.211.0-2.101 updated
- container:SL-Micro-base-container-2.1.3-4.34 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:08:58 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:08:58 +0100 (CET)
Subject: SUSE-CU-2025:115-1: Security update of bci/golang
Message-ID: <20250110080858.D0BCEFCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:115-1
Container Tags : bci/golang:1.22 , bci/golang:1.22.10 , bci/golang:1.22.10-2.48.4 , bci/golang:oldstable , bci/golang:oldstable-2.48.4
Container Release : 48.4
Severity : important
Type : security
References : 1218424 1218424 1220262 1220338 1231048 1231833 1232227 1232528
1232579 1232844 1233520 1233699 1234015 1234068 CVE-2023-50782
CVE-2024-11053 CVE-2024-50602 CVE-2024-9681
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3865-1
Released: Fri Nov 1 16:10:37 2024
Summary: Recommended update for gcc14
Type: recommended
Severity: moderate
References: 1231833
This update for gcc14 fixes the following issues:
- Fixed parsing timezone tzdata 2024b [gcc#116657 bsc#1231833]
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3925-1
Released: Wed Nov 6 11:14:28 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1232528,CVE-2024-9681
This update for curl fixes the following issues:
- CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3943-1
Released: Thu Nov 7 11:12:00 2024
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1220262,CVE-2023-50782
This update for openssl-3 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4003-1
Released: Mon Nov 18 10:47:33 2024
Summary: Recommended update for go1.22
Type: recommended
Severity: moderate
References: 1218424
This update for go1.22 fixes the following issues:
- Update to version go1.22.9 (bsc#1218424)
* runtime: TestGdbAutotmpTypes failures
* cmd/link: LC_UUID not generated by go linker, resulting in failure to access local network on macOS 15
* cmd/cgo/internal/testcarchive: TestManyCalls failures
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4035-1
Released: Mon Nov 18 16:22:57 2024
Summary: Security update for expat
Type: security
Severity: moderate
References: 1232579,CVE-2024-50602
This update for expat fixes the following issues:
- CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4045-1
Released: Mon Nov 25 08:33:05 2024
Summary: Recommended update for patterns-base
Type: recommended
Severity: moderate
References:
This update for patterns-base fixes the following issue:
- Updated patterns-base, removing plymouth recommendation on s390x archs.
Our certification team run into an issue (jsc#PED-10532), when they
run bare metal installation with fully encrypted disk.
If the whole disk is crypted, the prompt for the password is sent to
plymouth, which is obviously showing nothing because for booting bare
metal (LPAR) is used terminal in HMC.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4066-1
Released: Tue Nov 26 11:11:21 2024
Summary: Recommended update for lifecycle-data-sle-module-development-tools
Type: recommended
Severity: moderate
References:
This update for lifecycle-data-sle-module-development-tools fixes the following issues:
- mark past EOL dates for go1.20, go1.21, as now we have go1.22 and go1.23
- mark EOL date for gcc13 (2025-04-30).
- added missing EOLs for rust 1.xx (release date of N+2 , +7 days )
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4104-1
Released: Thu Nov 28 16:06:00 2024
Summary: Recommended update for lifecycle-data-sle-module-development-tools
Type: recommended
Severity: moderate
References:
This update for lifecycle-data-sle-module-development-tools fixes the following issues:
- fixed cpp13 lifecycle entry with incorrect year
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4224-1
Released: Fri Dec 6 10:24:50 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1233699
This update for glibc fixes the following issue:
- Remove nss-systemd from default nsswitch.conf (bsc#1233699).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4260-1
Released: Mon Dec 9 10:07:36 2024
Summary: Recommended update for go1.22
Type: recommended
Severity: moderate
References: 1218424
This update for go1.22 fixes the following issues:
- go1.22.10 (released 2024-12-03) includes fixes to the runtime and
the syscall package. (bsc#1218424)
* go#70201 syscall: SyscallN always escapes the variadic argument
* go#70238 time: TestLoadFixed failures
* go#70474 sync/atomic: TestNilDeref flaky failure on windows-386 with runtime fatal error
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released: Wed Dec 11 09:31:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4337-1
Released: Tue Dec 17 08:17:39 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1231048,1232844
This update for systemd fixes the following issues:
- udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4415-1
Released: Mon Dec 23 20:45:48 2024
Summary: Recommended update for binutils
Type: recommended
Severity: moderate
References: 1233520
This update for binutils fixes the following issues:
Update to current 2.43.1 branch [PED-10254, PED-10306]:
* s390 - Add arch15 instructions
* various fixes from upstream: PR32153, PR32171, PR32189,
PR32196, PR32191, PR32109, PR32372, PR32387
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
The following package changes have been done:
- glibc-2.38-150600.14.17.2 updated
- libgcc_s1-14.2.0+git10526-150000.1.6.1 updated
- libstdc++6-14.2.0+git10526-150000.1.6.1 updated
- libopenssl3-3.1.4-150600.5.21.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated
- patterns-base-fips-20200124-150600.32.3.2 updated
- libcurl4-8.6.0-150600.4.15.1 updated
- curl-8.6.0-150600.4.15.1 updated
- go1.22-doc-1.22.10-150000.1.36.1 updated
- libatomic1-14.2.0+git10526-150000.1.6.1 updated
- libctf-nobfd0-2.43-150100.7.52.1 updated
- libexpat1-2.4.4-150400.3.25.1 updated
- libgomp1-14.2.0+git10526-150000.1.6.1 updated
- libitm1-14.2.0+git10526-150000.1.6.1 updated
- liblsan0-14.2.0+git10526-150000.1.6.1 updated
- lifecycle-data-sle-module-development-tools-1-150200.3.33.1 updated
- libsystemd0-254.21-150600.4.21.1 updated
- libctf0-2.43-150100.7.52.1 updated
- binutils-2.43-150100.7.52.1 updated
- glibc-devel-2.38-150600.14.17.2 updated
- go1.22-1.22.10-150000.1.36.1 updated
- go1.22-race-1.22.10-150000.1.36.1 updated
- container:registry.suse.com-bci-bci-base-15.6-5eec4a1777d05deeeb4e305812d7686e5db266f4813fb015d59ac5c4524afd6e-0 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:09:57 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:09:57 +0100 (CET)
Subject: SUSE-CU-2025:120-1: Recommended update of bci/bci-init
Message-ID: <20250110080957.3F076FCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-init
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:120-1
Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.30.6 , bci/bci-init:latest
Container Release : 30.6
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container bci/bci-init was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:registry.suse.com-bci-bci-base-15.6-f3cf52285b7e934feb5ce6756e7ad2517c1a4863047039f9e2b2bf5bd208a1c4-0 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:10:18 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:10:18 +0100 (CET)
Subject: SUSE-CU-2025:121-1: Recommended update of bci/kiwi
Message-ID: <20250110081018.63DA1FCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/kiwi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:121-1
Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-20.6 , bci/kiwi:latest
Container Release : 20.6
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container bci/kiwi was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:registry.suse.com-bci-bci-base-15.6-f3cf52285b7e934feb5ce6756e7ad2517c1a4863047039f9e2b2bf5bd208a1c4-0 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:10:40 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:10:40 +0100 (CET)
Subject: SUSE-CU-2025:123-1: Recommended update of bci/nodejs
Message-ID: <20250110081040.063E3FCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:123-1
Container Tags : bci/node:20 , bci/node:20.18.1 , bci/node:20.18.1-48.6 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.1 , bci/nodejs:20.18.1-48.6 , bci/nodejs:latest
Container Release : 48.6
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:registry.suse.com-bci-bci-base-15.6-f3cf52285b7e934feb5ce6756e7ad2517c1a4863047039f9e2b2bf5bd208a1c4-0 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:11:08 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:11:08 +0100 (CET)
Subject: SUSE-CU-2025:124-1: Recommended update of bci/openjdk-devel
Message-ID: <20250110081108.85322FCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/openjdk-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:124-1
Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.5.0 , bci/openjdk-devel:21.0.5.0-32.4 , bci/openjdk-devel:latest
Container Release : 32.4
Severity : moderate
Type : recommended
References : 1203617
-----------------------------------------------------------------
The container bci/openjdk-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- container:bci-openjdk-21-5abb0d506cdc70f41be7be75d24cacebbb3aac6101c937a43ebf777456677cdd-0 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:11:10 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:11:10 +0100 (CET)
Subject: SUSE-CU-2025:125-1: Recommended update of bci/openjdk-devel
Message-ID: <20250110081110.CF2C5FCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/openjdk-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:125-1
Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.5.0 , bci/openjdk-devel:21.0.5.0-32.6 , bci/openjdk-devel:latest
Container Release : 32.6
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container bci/openjdk-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:bci-openjdk-21-9e8f833d5c3e5a3bc8e6af9dcc07eb943ec6005a68bf7ee1794bd2c257e72174-0 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:11:59 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:11:59 +0100 (CET)
Subject: SUSE-CU-2025:127-1: Recommended update of bci/php-apache
Message-ID: <20250110081159.78AB4FCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/php-apache
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:127-1
Container Tags : bci/php-apache:8 , bci/php-apache:8.2.26 , bci/php-apache:8.2.26-48.6 , bci/php-apache:latest
Container Release : 48.6
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container bci/php-apache was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:registry.suse.com-bci-bci-base-15.6-f3cf52285b7e934feb5ce6756e7ad2517c1a4863047039f9e2b2bf5bd208a1c4-0 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:12:18 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:12:18 +0100 (CET)
Subject: SUSE-CU-2025:128-1: Recommended update of bci/php-fpm
Message-ID: <20250110081218.52C6AFCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/php-fpm
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:128-1
Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.26 , bci/php-fpm:8.2.26-48.6 , bci/php-fpm:latest
Container Release : 48.6
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container bci/php-fpm was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:registry.suse.com-bci-bci-base-15.6-f3cf52285b7e934feb5ce6756e7ad2517c1a4863047039f9e2b2bf5bd208a1c4-0 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:13:34 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:13:34 +0100 (CET)
Subject: SUSE-CU-2025:131-1: Security update of bci/python
Message-ID: <20250110081334.49EEEFCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:131-1
Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.8 , bci/python:3.12.8-61.5 , bci/python:latest
Container Release : 61.5
Severity : moderate
Type : security
References : 1232241 CVE-2024-9287
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:48-1
Released: Thu Jan 9 16:36:50 2025
Summary: Security update for python312
Type: security
Severity: moderate
References: 1232241,CVE-2024-9287
This update for python312 fixes the following issues:
- Properly quote path names provided when creating a virtual environment (bsc#1232241, CVE-2024-9287)
The following package changes have been done:
- libpython3_12-1_0-3.12.8-150600.3.15.1 updated
- python312-base-3.12.8-150600.3.15.1 updated
- python312-3.12.8-150600.3.15.1 updated
- python312-devel-3.12.8-150600.3.15.1 updated
- container:registry.suse.com-bci-bci-base-15.6-5eec4a1777d05deeeb4e305812d7686e5db266f4813fb015d59ac5c4524afd6e-0 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:14:12 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:14:12 +0100 (CET)
Subject: SUSE-CU-2025:134-1: Recommended update of suse/rmt-mariadb-client
Message-ID: <20250110081412.2D378FCE7@maintenance.suse.de>
SUSE Container Update Advisory: suse/rmt-mariadb-client
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:134-1
Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.9 , suse/mariadb-client:10.11.9-54.4 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11.9 , suse/rmt-mariadb-client:10.11.9-54.4 , suse/rmt-mariadb-client:latest
Container Release : 54.4
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/rmt-mariadb-client was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:suse-sle15-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:14:23 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:14:23 +0100 (CET)
Subject: SUSE-CU-2025:135-1: Recommended update of suse/rmt-server
Message-ID: <20250110081423.31A81FCE7@maintenance.suse.de>
SUSE Container Update Advisory: suse/rmt-server
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:135-1
Container Tags : suse/rmt-server:2.20 , suse/rmt-server:2.20-56.6 , suse/rmt-server:latest
Container Release : 56.6
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/rmt-server was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:registry.suse.com-bci-bci-base-15.6-f3cf52285b7e934feb5ce6756e7ad2517c1a4863047039f9e2b2bf5bd208a1c4-0 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:14:45 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:14:45 +0100 (CET)
Subject: SUSE-CU-2025:136-1: Recommended update of bci/ruby
Message-ID: <20250110081445.979C7FCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/ruby
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:136-1
Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.6 , bci/ruby:latest
Container Release : 31.6
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container bci/ruby was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:registry.suse.com-bci-bci-base-15.6-f3cf52285b7e934feb5ce6756e7ad2517c1a4863047039f9e2b2bf5bd208a1c4-0 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:15:01 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:15:01 +0100 (CET)
Subject: SUSE-CU-2025:137-1: Recommended update of bci/rust
Message-ID: <20250110081501.757E0FCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:137-1
Container Tags : bci/rust:1.82 , bci/rust:1.82.0 , bci/rust:1.82.0-2.2.2 , bci/rust:oldstable , bci/rust:oldstable-2.2.2
Container Release : 2.2
Severity : moderate
Type : recommended
References :
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3903-1
Released: Mon Nov 4 13:37:35 2024
Summary: Recommended update for rust
Type: recommended
Severity: moderate
References:
This update for rust fixes the following issues:
Version 1.82.0 (2024-10-17)
==========================
Language
--------
- Don't make statement nonterminals match pattern nonterminals
- Patterns matching empty types can now be omitted in common cases
- Enforce supertrait outlives obligations when using trait impls
- `addr_of(_mut)!` macros and the newly stabilized `&raw (const|mut)` are now safe to use with all static items
- size_of_val_raw: for length 0 this is safe to call
- Reorder trait bound modifiers *after* `for<...>` binder in trait bounds
- Stabilize opaque type precise capturing (RFC 3617)
- Stabilize `&raw const` and `&raw mut` operators (RFC 2582)
- Stabilize unsafe extern blocks (RFC 3484)
- Stabilize nested field access in `offset_of!`
- Do not require `T` to be live when dropping `[T; 0]`
- Stabilize `const` operands in inline assembly
- Stabilize floating-point arithmetic in `const fn`
- Stabilize explicit opt-in to unsafe attributes
- Document NaN bit patterns guarantees
Compiler
--------
- Promote riscv64gc-unknown-linux-musl to tier 2
- Promote Mac Catalyst targets `aarch64-apple-ios-macabi` and `x86_64-apple-ios-macabi` to Tier 2, and ship them with rustup
- Add tier 3 NuttX based targets for RISC-V and ARM
- Add tier 3 powerpc-unknown-linux-muslspe target
- Improved diagnostics to explain why a pattern is unreachable
- The compiler now triggers the unreachable code warning properly for async functions that don't return/are `-> !`
- Promote `aarch64-apple-darwin` to Tier 1
- Add Trusty OS target `aarch64-unknown-trusty` and `armv7-unknown-trusty` as tier 3 targets
- Promote `wasm32-wasip2` to Tier 2.
Libraries
---------
- Generalize `{Rc,Arc}::make_mut()` to `Path`, `OsStr`, and `CStr`.
Stabilized APIs
---------------
- `std::thread::Builder::spawn_unchecked` https://doc.rust-lang.org/stable/std/thread/struct.Builder.html#method.spawn_unchecked
- `std::str::CharIndices::offset` https://doc.rust-lang.org/nightly/std/str/struct.CharIndices.html#method.offset
- `std::option::Option::is_none_or` https://doc.rust-lang.org/nightly/std/option/enum.Option.html#method.is_none_or
- `[T]::is_sorted` https://doc.rust-lang.org/nightly/std/primitive.slice.html#method.is_sorted
- `[T]::is_sorted_by` https://doc.rust-lang.org/nightly/std/primitive.slice.html#method.is_sorted_by
- `[T]::is_sorted_by_key` https://doc.rust-lang.org/nightly/std/primitive.slice.html#method.is_sorted_by_key
- `Iterator::is_sorted` https://doc.rust-lang.org/nightly/std/iter/trait.Iterator.html#method.is_sorted
- `Iterator::is_sorted_by` https://doc.rust-lang.org/nightly/std/iter/trait.Iterator.html#method.is_sorted_by
- `Iterator::is_sorted_by_key` https://doc.rust-lang.org/nightly/std/iter/trait.Iterator.html#method.is_sorted_by_key
- `std::future::Ready::into_inner` https://doc.rust-lang.org/nightly/std/future/struct.Ready.html#method.into_inner
- `std::iter::repeat_n` https://doc.rust-lang.org/nightly/std/iter/fn.repeat_n.html
- `impl DoubleEndedIterator for Take>` https://doc.rust-lang.org/nightly/std/iter/struct.Take.html#impl-DoubleEndedIterator-for-Take%3CRepeat%3CT%3E%3E
- `impl ExactSizeIterator for Take>` https://doc.rust-lang.org/nightly/std/iter/struct.Take.html#impl-ExactSizeIterator-for-Take%3CRepeat%3CT%3E%3E
- `impl ExactSizeIterator for Take>` https://doc.rust-lang.org/nightly/std/iter/struct.Take.html#impl-ExactSizeIterator-for-Take%3CRepeatWith%3CF%3E%3E
- `impl Default for std::collections::binary_heap::Iter` https://doc.rust-lang.org/nightly/std/collections/binary_heap/struct.Iter.html#impl-Default-for-Iter%3C'_,+T%3E
- `impl Default for std::collections::btree_map::RangeMut` https://doc.rust-lang.org/nightly/std/collections/btree_map/struct.RangeMut.html#impl-Default-for-RangeMut%3C'_,+K,+V%3E
- `impl Default for std::collections::btree_map::ValuesMut` https://doc.rust-lang.org/nightly/std/collections/btree_map/struct.ValuesMut.html#impl-Default-for-ValuesMut%3C'_,+K,+V%3E
- `impl Default for std::collections::vec_deque::Iter` https://doc.rust-lang.org/nightly/std/collections/vec_deque/struct.Iter.html#impl-Default-for-Iter%3C'_,+T%3E
- `impl Default for std::collections::vec_deque::IterMut` https://doc.rust-lang.org/nightly/std/collections/vec_deque/struct.IterMut.html#impl-Default-for-IterMut%3C'_,+T%3E
- `Rc::new_uninit` https://doc.rust-lang.org/nightly/std/rc/struct.Rc.html#method.new_uninit
- `Rc::assume_init` https://doc.rust-lang.org/nightly/std/rc/struct.Rc.html#method.assume_init
- `Rc<[T]>::new_uninit_slice` https://doc.rust-lang.org/nightly/std/rc/struct.Rc.html#method.new_uninit_slice
- `Rc<[MaybeUninit]>::assume_init` https://doc.rust-lang.org/nightly/std/rc/struct.Rc.html#method.assume_init-1
- `Arc::new_uninit` https://doc.rust-lang.org/nightly/std/sync/struct.Arc.html#method.new_uninit
- `Arc::assume_init` https://doc.rust-lang.org/nightly/std/sync/struct.Arc.html#method.assume_init
- `Arc<[T]>::new_uninit_slice` https://doc.rust-lang.org/nightly/std/sync/struct.Arc.html#method.new_uninit_slice
- `Arc<[MaybeUninit]>::assume_init` https://doc.rust-lang.org/nightly/std/sync/struct.Arc.html#method.assume_init-1
- `Box::new_uninit` https://doc.rust-lang.org/nightly/std/boxed/struct.Box.html#method.new_uninit
- `Box::assume_init` https://doc.rust-lang.org/nightly/std/boxed/struct.Box.html#method.assume_init
- `Box<[T]>::new_uninit_slice` https://doc.rust-lang.org/nightly/std/boxed/struct.Box.html#method.new_uninit_slice
- `Box<[MaybeUninit]>::assume_init` https://doc.rust-lang.org/nightly/std/boxed/struct.Box.html#method.assume_init-1
- `core::arch::x86_64::_bextri_u64` https://doc.rust-lang.org/stable/core/arch/x86_64/fn._bextri_u64.html
- `core::arch::x86_64::_bextri_u32` https://doc.rust-lang.org/stable/core/arch/x86_64/fn._bextri_u32.html
- `core::arch::x86::_mm_broadcastsi128_si256` https://doc.rust-lang.org/stable/core/arch/x86/fn._mm_broadcastsi128_si256.html
- `core::arch::x86::_mm256_stream_load_si256` https://doc.rust-lang.org/stable/core/arch/x86/fn._mm256_stream_load_si256.html
- `core::arch::x86::_tzcnt_u16` https://doc.rust-lang.org/stable/core/arch/x86/fn._tzcnt_u16.html
- `core::arch::x86::_mm_extracti_si64` https://doc.rust-lang.org/stable/core/arch/x86/fn._mm_extracti_si64.html
- `core::arch::x86::_mm_inserti_si64` https://doc.rust-lang.org/stable/core/arch/x86/fn._mm_inserti_si64.html
- `core::arch::x86::_mm_storeu_si16` https://doc.rust-lang.org/stable/core/arch/x86/fn._mm_storeu_si16.html
- `core::arch::x86::_mm_storeu_si32` https://doc.rust-lang.org/stable/core/arch/x86/fn._mm_storeu_si32.html
- `core::arch::x86::_mm_storeu_si64` https://doc.rust-lang.org/stable/core/arch/x86/fn._mm_storeu_si64.html
- `core::arch::x86::_mm_loadu_si16` https://doc.rust-lang.org/stable/core/arch/x86/fn._mm_loadu_si16.html
- `core::arch::x86::_mm_loadu_si32` https://doc.rust-lang.org/stable/core/arch/x86/fn._mm_loadu_si32.html
- `core::arch::wasm32::u8x16_relaxed_swizzle` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u8x16_relaxed_swizzle.html
- `core::arch::wasm32::i8x16_relaxed_swizzle` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i8x16_relaxed_swizzle.html
- `core::arch::wasm32::i32x4_relaxed_trunc_f32x4` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i32x4_relaxed_trunc_f32x4.html
- `core::arch::wasm32::u32x4_relaxed_trunc_f32x4` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u32x4_relaxed_trunc_f32x4.html
- `core::arch::wasm32::i32x4_relaxed_trunc_f64x2_zero` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i32x4_relaxed_trunc_f64x2_zero.html
- `core::arch::wasm32::u32x4_relaxed_trunc_f64x2_zero` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u32x4_relaxed_trunc_f64x2_zero.html
- `core::arch::wasm32::f32x4_relaxed_madd` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.f32x4_relaxed_madd.html
- `core::arch::wasm32::f32x4_relaxed_nmadd` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.f32x4_relaxed_nmadd.html
- `core::arch::wasm32::f64x2_relaxed_madd` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.f64x2_relaxed_madd.html
- `core::arch::wasm32::f64x2_relaxed_nmadd` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.f64x2_relaxed_nmadd.html
- `core::arch::wasm32::i8x16_relaxed_laneselect` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i8x16_relaxed_laneselect.html
- `core::arch::wasm32::u8x16_relaxed_laneselect` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u8x16_relaxed_laneselect.html
- `core::arch::wasm32::i16x8_relaxed_laneselect` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i16x8_relaxed_laneselect.html
- `core::arch::wasm32::u16x8_relaxed_laneselect` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u16x8_relaxed_laneselect.html
- `core::arch::wasm32::i32x4_relaxed_laneselect` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i32x4_relaxed_laneselect.html
- `core::arch::wasm32::u32x4_relaxed_laneselect` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u32x4_relaxed_laneselect.html
- `core::arch::wasm32::i64x2_relaxed_laneselect` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i64x2_relaxed_laneselect.html
- `core::arch::wasm32::u64x2_relaxed_laneselect` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u64x2_relaxed_laneselect.html
- `core::arch::wasm32::f32x4_relaxed_min` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.f32x4_relaxed_min.html
- `core::arch::wasm32::f32x4_relaxed_max` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.f32x4_relaxed_max.html
- `core::arch::wasm32::f64x2_relaxed_min` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.f64x2_relaxed_min.html
- `core::arch::wasm32::f64x2_relaxed_max` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.f64x2_relaxed_max.html
- `core::arch::wasm32::i16x8_relaxed_q15mulr` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i16x8_relaxed_q15mulr.html
- `core::arch::wasm32::u16x8_relaxed_q15mulr` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u16x8_relaxed_q15mulr.html
- `core::arch::wasm32::i16x8_relaxed_dot_i8x16_i7x16` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i16x8_relaxed_dot_i8x16_i7x16.html
- `core::arch::wasm32::u16x8_relaxed_dot_i8x16_i7x16` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u16x8_relaxed_dot_i8x16_i7x16.html
- `core::arch::wasm32::i32x4_relaxed_dot_i8x16_i7x16_add` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.i32x4_relaxed_dot_i8x16_i7x16_add.html
- `core::arch::wasm32::u32x4_relaxed_dot_i8x16_i7x16_add` https://doc.rust-lang.org/nightly/core/arch/wasm32/fn.u32x4_relaxed_dot_i8x16_i7x16_add.html
These APIs are now stable in const contexts:
- `std::task::Waker::from_raw` https://doc.rust-lang.org/nightly/std/task/struct.Waker.html#method.from_raw
- `std::task::Context::from_waker` https://doc.rust-lang.org/nightly/std/task/struct.Context.html#method.from_waker
- `std::task::Context::waker` https://doc.rust-lang.org/nightly/std/task/struct.Context.html#method.waker
- `$integer::from_str_radix` https://doc.rust-lang.org/nightly/std/primitive.u32.html#method.from_str_radix
- `std::num::ParseIntError::kind` https://doc.rust-lang.org/nightly/std/num/struct.ParseIntError.html#method.kind
Cargo
-----
- feat: Add `info` cargo subcommand
Compatibility Notes
-------------------
- We now [disallow setting some built-in cfgs via the command-line with the newly added `explicit_builtin_cfgs_in_flags` https://doc.rust-lang.org/rustc/lints/listing/deny-by-default.html#explicit-builtin-cfgs-in-flags lint in order to prevent incoherent state, eg. `windows` cfg active but target is Linux based. The appropriate `rustc` flag https://doc.rust-lang.org/rustc/command-line-arguments.html should be used instead.
- The standard library has a new implementation of `binary_search` which is significantly improves performance. However when a sorted slice has multiple values which compare equal, the new implementation may select a different value among the equal ones than the old implementation.
- Removes a problematic hack that always passed the --whole-archive linker flag for tests, which may cause linker errors for code accidentally relying on it.
- The WebAssembly target features `multivalue` and `reference-types` are now
both enabled by default. These two features both have subtle changes implied
for generated WebAssembly binaries. For the `multivalue` feature, WebAssembly
target support has changed when upgrading to LLVM 19. Support for generating
functions with multiple returns no longer works and
`-Ctarget-feature=+multivalue` has a different meaning than it did in LLVM 18
and prior. There is no longer any supported means to generate a module that has
a function with multiple returns in WebAssembly from Rust source code. For the
`reference-types` feature the encoding of immediates in the `call_indirect`, a
commonly used instruction by the WebAssembly backend, has changed. Validators
and parsers which don't understand the `reference-types` proposal will no
longer accept modules produced by LLVM due to this change in encoding of
immediates. Additionally these features being enabled are encoded in the
`target_features` custom section and may affect downstream tooling such as
`wasm-opt` consuming the module. Generating a WebAssembly module that disables
default features requires `-Zbuild-std` support from Cargo and more information
can be found at [rust-lang/rust#128511]
- Rust now raises unsafety errors for union patterns in parameter-position
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4004-1
Released: Mon Nov 18 11:52:02 2024
Summary: Recommended update for rust1.82
Type: recommended
Severity: moderate
References:
This update for rust1.82 fixes the following issues:
- Resolve build failure on PPC64LE due to invalid float cast
The following package changes have been done:
- rust1.82-1.82.0-150500.11.6.1 added
- cargo1.82-1.82.0-150500.11.6.1 added
- container:registry.suse.com-bci-bci-base-15.6-5eec4a1777d05deeeb4e305812d7686e5db266f4813fb015d59ac5c4524afd6e-0 updated
- cargo1.81-1.81.0-150500.11.3.1 removed
- rust1.81-1.81.0-150500.11.3.1 removed
From sle-container-updates at lists.suse.com Fri Jan 10 08:15:48 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:15:48 +0100 (CET)
Subject: SUSE-CU-2025:140-1: Security update of containers/python
Message-ID: <20250110081548.33136FCE7@maintenance.suse.de>
SUSE Container Update Advisory: containers/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:140-1
Container Tags : containers/python:3.9 , containers/python:3.9.21 , containers/python:3.9.21-51.5
Container Release : 51.5
Severity : moderate
Type : security
References : 1232241 1233307 CVE-2024-11168 CVE-2024-9287
-----------------------------------------------------------------
The container containers/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:47-1
Released: Thu Jan 9 16:36:37 2025
Summary: Security update for python39
Type: security
Severity: moderate
References: 1232241,1233307,CVE-2024-11168,CVE-2024-9287
This update for python39 fixes the following issue:
- Update to 3.9.21
The following package changes have been done:
- libpython3_9-1_0-3.9.21-150300.4.61.1 updated
- python39-base-3.9.21-150300.4.61.1 updated
- python39-3.9.21-150300.4.61.1 updated
- python39-devel-3.9.21-150300.4.61.1 updated
- container:registry.suse.com-bci-bci-base-15.6-5eec4a1777d05deeeb4e305812d7686e5db266f4813fb015d59ac5c4524afd6e-0 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:16:15 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:16:15 +0100 (CET)
Subject: SUSE-CU-2025:142-1: Recommended update of
bci/bci-sle15-kernel-module-devel
Message-ID: <20250110081615.34010FCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:142-1
Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.30.5 , bci/bci-sle15-kernel-module-devel:latest
Container Release : 30.5
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:registry.suse.com-bci-bci-base-15.6-f3cf52285b7e934feb5ce6756e7ad2517c1a4863047039f9e2b2bf5bd208a1c4-0 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:07:05 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:07:05 +0100 (CET)
Subject: SUSE-CU-2025:106-1: Recommended update of suse/389-ds
Message-ID: <20250110080705.E7194FBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/389-ds
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:106-1
Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-49.6 , suse/389-ds:latest
Container Release : 49.6
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/389-ds was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:registry.suse.com-bci-bci-base-15.6-f3cf52285b7e934feb5ce6756e7ad2517c1a4863047039f9e2b2bf5bd208a1c4-0 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:16:33 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:16:33 +0100 (CET)
Subject: SUSE-CU-2025:144-1: Recommended update of suse/sle15
Message-ID: <20250110081633.3FF15FBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:144-1
Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.17.2 , suse/sle15:15.6 , suse/sle15:15.6.47.17.2
Container Release : 47.17.2
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:16:55 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 09:16:55 +0100 (CET)
Subject: SUSE-CU-2025:145-1: Recommended update of bci/spack
Message-ID: <20250110081655.E071CFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/spack
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:145-1
Container Tags : bci/spack:0.21 , bci/spack:0.21.3 , bci/spack:0.21.3-19.5 , bci/spack:latest
Container Release : 19.5
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container bci/spack was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:registry.suse.com-bci-bci-base-15.6-f3cf52285b7e934feb5ce6756e7ad2517c1a4863047039f9e2b2bf5bd208a1c4-0 updated
From sle-container-updates at lists.suse.com Sun Jan 12 08:07:46 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 12 Jan 2025 09:07:46 +0100 (CET)
Subject: SUSE-CU-2025:145-1: Recommended update of bci/spack
Message-ID: <20250112080746.2B2A7FD11@maintenance.suse.de>
SUSE Container Update Advisory: bci/spack
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:145-1
Container Tags : bci/spack:0.21 , bci/spack:0.21.3 , bci/spack:0.21.3-19.5 , bci/spack:latest
Container Release : 19.5
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container bci/spack was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:registry.suse.com-bci-bci-base-15.6-f3cf52285b7e934feb5ce6756e7ad2517c1a4863047039f9e2b2bf5bd208a1c4-0 updated
From sle-container-updates at lists.suse.com Sun Jan 12 08:03:54 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 12 Jan 2025 09:03:54 +0100 (CET)
Subject: SUSE-IU-2025:80-1: Recommended update of
suse/sl-micro/6.1/base-os-container
Message-ID: <20250112080354.5E595FCE8@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:80-1
Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-3.19 , suse/sl-micro/6.1/base-os-container:latest
Image Release : 3.19
Severity : moderate
Type : recommended
References : 1225451 1233393 1234304
-----------------------------------------------------------------
The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 3
Released: Fri Jan 10 16:40:26 2025
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1225451,1233393,1234304
This update for libzypp fixes the following issues:
Version 17.35.16:
- Url: queryparams without value should not have a trailing '='.
- Url query part: `=` is a safe char in value (bsc#1234304)
- RpmDb: Recognize rpmdb.sqlite as database file (#593)
- cmake: check location of fcgi header and adjust include
accordingly. On Debian and derivatives the fcgi headers
are not stored in a fastcgi/ subdirectory.(#590)
- The 20MB download limit must not apply to non-metadata files like
package URLs provided via the CLI (bsc#1233393).
- BuildCache: Don't try to retrieve missing raw metadata if no
permission to write the cache (bsc#1225451)
- RepoManager: throw RepoNoPermissionException if the user has no
permission to update(write) the caches (bsc#1225451)
The following package changes have been done:
- libzypp-17.35.16-slfo.1.1_1.1 updated
- container:suse-toolbox-image-1.0.0-3.22 updated
From sle-container-updates at lists.suse.com Mon Jan 13 08:06:11 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 13 Jan 2025 09:06:11 +0100 (CET)
Subject: SUSE-CU-2025:148-1: Recommended update of suse/registry
Message-ID: <20250113080611.8314AFCE7@maintenance.suse.de>
SUSE Container Update Advisory: suse/registry
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:148-1
Container Tags : suse/registry:2.8 , suse/registry:2.8-33.3 , suse/registry:latest
Container Release : 33.3
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/registry was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
From sle-container-updates at lists.suse.com Mon Jan 13 08:06:31 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 13 Jan 2025 09:06:31 +0100 (CET)
Subject: SUSE-CU-2025:149-1: Recommended update of suse/postgres
Message-ID: <20250113080631.2F841FCE7@maintenance.suse.de>
SUSE Container Update Advisory: suse/postgres
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:149-1
Container Tags : suse/postgres:16 , suse/postgres:16.6 , suse/postgres:16.6 , suse/postgres:16.6-57.6
Container Release : 57.6
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/postgres was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:suse-sle15-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
From sle-container-updates at lists.suse.com Mon Jan 13 08:06:34 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 13 Jan 2025 09:06:34 +0100 (CET)
Subject: SUSE-CU-2025:150-1: Recommended update of suse/postgres
Message-ID: <20250113080634.F024EFCE7@maintenance.suse.de>
SUSE Container Update Advisory: suse/postgres
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:150-1
Container Tags : suse/postgres:17 , suse/postgres:17.2 , suse/postgres:17.2 , suse/postgres:17.2-38.6 , suse/postgres:latest
Container Release : 38.6
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/postgres was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:suse-sle15-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
From sle-container-updates at lists.suse.com Mon Jan 13 08:06:45 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 13 Jan 2025 09:06:45 +0100 (CET)
Subject: SUSE-CU-2025:151-1: Security update of containers/apache-tomcat
Message-ID: <20250113080645.2CC6DFCE7@maintenance.suse.de>
SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:151-1
Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11-62.5
Container Release : 62.5
Severity : important
Type : security
References : 1219736 1233435 1234663 1234664 CVE-2024-50379 CVE-2024-52317
CVE-2024-54677
-----------------------------------------------------------------
The container containers/apache-tomcat was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:33-1
Released: Tue Jan 7 23:47:13 2025
Summary: Security update for tomcat10
Type: security
Severity: important
References: 1233435,1234663,1234664,CVE-2024-50379,CVE-2024-52317,CVE-2024-54677
This update for tomcat10 fixes the following issues:
Update to Tomcat 10.1.34
- Fixed CVEs:
+ CVE-2024-54677: DoS in examples web application (bsc#1234664)
+ CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663)
+ CVE-2024-52317: Request/response mix-up with HTTP/2 (bsc#1233435)
- Catalina
+ Add: Add option to serve resources from subpath only with WebDAV Servlet
like with DefaultServlet. (michaelo)
+ Fix: Add special handling for the protocols attribute of SSLHostConfig in
storeconfig. (remm)
+ Fix: 69442: Fix case sensitive check on content-type when parsing request
parameters. (remm)
+ Code: Refactor duplicate code for extracting media type and subtype from
content-type into a single method. (markt)
+ Fix: Compatibility of generated embedded code with components where
constructors or property related methods throw a checked exception. (remm)
+ Fix: The previous fix for inconsistent resource metadata during concurrent
reads and writes was incomplete. (markt)
+ Fix: #780: Fix content-range header length. Submitted by Chenjp. (remm)
+ Fix: 69444: Ensure that the jakarta.servlet.error.message request
attribute is set when an application defined error page is called. (markt)
+ Fix: Avoid quotes for numeric values in the JSON generated by the status
servlet. (remm)
+ Add: Add strong ETag support for the WebDAV and default servlet, which can
be enabled by using the useStrongETags init parameter with a value set to
true. The ETag generated will be a SHA-1 checksum of the resource content.
(remm)
+ Fix: Use client locale for directory listings. (remm)
+ Fix: 69439: Improve the handling of multiple Cache-Control headers in the
ExpiresFilter. Based on pull request #777 by Chenjp. (markt)
+ Fix: 69447: Update the support for caching classes the web application
class loader cannot find to take account of classes loaded from external
repositories. Prior to this fix, these classes could be incorrectly marked
as not found. (markt)
+ Fix: 69466: Rework handling of HEAD requests. Headers explicitly set by
users will not be removed and any header present in a HEAD request will
also be present in the equivalent GET request. There may be some headers,
as per RFC 9110, section 9.3.2, that are present in a GET request that are
not present in the equivalent HEAD request. (markt)
+ Fix: 69471: Log instances of CloseNowException caught by
ApplicationDispatcher.invoke() at debug level rather than error level as
they are very likely to have been caused by a client disconnection or
similar I/O issue. (markt)
+ Add: Add a test case for the fix for 69442. Also refactor references to
application/x-www-form-urlencoded. Based on pull request #779 by Chenjp.
(markt)
+ Fix: 69476: Catch possible ISE when trying to report PUT failure in the
DefaultServlet. (remm)
+ Add: Add support for RateLimit header fields for HTTP (draft) in the
RateLimitFilter. Based on pull request #775 provided by Chenjp. (markt)
+ Add: #787: Add regression tests for 69478. Pull request provided by Thomas
Krisch. (markt)
+ Fix: The default servlet now rejects HTTP range requests when two or more
of the requested ranges overlap. Based on pull request #782 provided by
Chenjp. (markt)
+ Fix: Enhance Content-Range verification for partial PUT requests handled
by the default servlet. Provided by Chenjp in pull request #778. (markt)
+ Fix: Harmonize DataSourceStore lookup in the global resources to
optionally avoid the comp/env prefix which is usually not used there.
(remm)
+ Fix: As required by RFC 9110, the HTTP Range header will now only be
processed for GET requests. Based on pull request #790 provided by Chenjp.
(markt)
+ Fix: Deprecate the useAcceptRanges initialisation parameter for the
default servlet. It will be removed in Tomcat 12 onwards where it will
effectively be hard coded to true. (markt)
+ Add: Add DataSource based property storage for the WebdavServlet. (remm)
- Coyote
+ Fix: Align encodedSolidusHandling with the Servlet specification. If the
pass-through mode is used, any %25 sequences will now also be passed
through to avoid errors and/or corruption when the application decodes the
path. (markt)
- Jasper
+ Fix: Follow-up to the fix for 69381. Apply the optimisation for method
lookup performance in expression language to an additional location.
(markt)
- Web applications
+ Fix: Documentation. Remove references to the ResourceParams element.
Support for ResourceParams was removed in Tomcat 5.5.x. (markt)
+ Fix: Documentation. 69477: Correct name of attribute for RemoteIPFilter.
The attribute is internalProxies rather than allowedInternalProxies. Pull
request #786 (markt)
+ Fix: Examples. Fix broken links when Servlet Request Info example is
called via a URL that includes a pathInfo component. (markt)
+ Fix: Examples. Expand the obfuscation of session cookie values in the
request header example to JSON responses. (markt)
+ Add: Examples. Add the ability to delete session attributes in the servlet
session example. (markt)
+ Add: Examples. Add a hard coded limit of 10 attributes per session for the
servlet session example. (markt)
+ Add: Examples. Add the ability to delete session attributes and add a hard
coded limit of 10 attributes per session for the JSP form authentication
example. (markt)
+ Add: Examples. Limit the shopping cart example to only allow adding the
pre-defined items to the cart. (markt)
+ Fix: Examples. Remove JSP calendar example. (markt)
- Other
+ Fix: 69465: Fix warnings during native image compilation using the Tomcat
embedded JARs. (markt)
+ Update: Update Tomcat's fork of Commons DBCP to 2.13.0. (markt)
+ Update: Update EasyMock to 5.5.0. (markt)
+ Update: Update Checkstyle to 10.20.2. (markt)
+ Update: Update BND to 7.1.0. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Korean translations. (markt)
+ Add: Improvements to Chinese translations. (markt)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1 updated
- tomcat10-el-5_0-api-10.1.34-150200.5.31.1 updated
- tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1 updated
- tomcat10-lib-10.1.34-150200.5.31.1 updated
- tomcat10-10.1.34-150200.5.31.1 updated
- container:bci-bci-base-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
From sle-container-updates at lists.suse.com Mon Jan 13 08:06:57 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 13 Jan 2025 09:06:57 +0100 (CET)
Subject: SUSE-CU-2025:152-1: Security update of containers/apache-tomcat
Message-ID: <20250113080657.6A6F5FCE7@maintenance.suse.de>
SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:152-1
Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17-62.5
Container Release : 62.5
Severity : important
Type : security
References : 1219736 1233435 1234663 1234664 CVE-2024-50379 CVE-2024-52317
CVE-2024-54677
-----------------------------------------------------------------
The container containers/apache-tomcat was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:33-1
Released: Tue Jan 7 23:47:13 2025
Summary: Security update for tomcat10
Type: security
Severity: important
References: 1233435,1234663,1234664,CVE-2024-50379,CVE-2024-52317,CVE-2024-54677
This update for tomcat10 fixes the following issues:
Update to Tomcat 10.1.34
- Fixed CVEs:
+ CVE-2024-54677: DoS in examples web application (bsc#1234664)
+ CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663)
+ CVE-2024-52317: Request/response mix-up with HTTP/2 (bsc#1233435)
- Catalina
+ Add: Add option to serve resources from subpath only with WebDAV Servlet
like with DefaultServlet. (michaelo)
+ Fix: Add special handling for the protocols attribute of SSLHostConfig in
storeconfig. (remm)
+ Fix: 69442: Fix case sensitive check on content-type when parsing request
parameters. (remm)
+ Code: Refactor duplicate code for extracting media type and subtype from
content-type into a single method. (markt)
+ Fix: Compatibility of generated embedded code with components where
constructors or property related methods throw a checked exception. (remm)
+ Fix: The previous fix for inconsistent resource metadata during concurrent
reads and writes was incomplete. (markt)
+ Fix: #780: Fix content-range header length. Submitted by Chenjp. (remm)
+ Fix: 69444: Ensure that the jakarta.servlet.error.message request
attribute is set when an application defined error page is called. (markt)
+ Fix: Avoid quotes for numeric values in the JSON generated by the status
servlet. (remm)
+ Add: Add strong ETag support for the WebDAV and default servlet, which can
be enabled by using the useStrongETags init parameter with a value set to
true. The ETag generated will be a SHA-1 checksum of the resource content.
(remm)
+ Fix: Use client locale for directory listings. (remm)
+ Fix: 69439: Improve the handling of multiple Cache-Control headers in the
ExpiresFilter. Based on pull request #777 by Chenjp. (markt)
+ Fix: 69447: Update the support for caching classes the web application
class loader cannot find to take account of classes loaded from external
repositories. Prior to this fix, these classes could be incorrectly marked
as not found. (markt)
+ Fix: 69466: Rework handling of HEAD requests. Headers explicitly set by
users will not be removed and any header present in a HEAD request will
also be present in the equivalent GET request. There may be some headers,
as per RFC 9110, section 9.3.2, that are present in a GET request that are
not present in the equivalent HEAD request. (markt)
+ Fix: 69471: Log instances of CloseNowException caught by
ApplicationDispatcher.invoke() at debug level rather than error level as
they are very likely to have been caused by a client disconnection or
similar I/O issue. (markt)
+ Add: Add a test case for the fix for 69442. Also refactor references to
application/x-www-form-urlencoded. Based on pull request #779 by Chenjp.
(markt)
+ Fix: 69476: Catch possible ISE when trying to report PUT failure in the
DefaultServlet. (remm)
+ Add: Add support for RateLimit header fields for HTTP (draft) in the
RateLimitFilter. Based on pull request #775 provided by Chenjp. (markt)
+ Add: #787: Add regression tests for 69478. Pull request provided by Thomas
Krisch. (markt)
+ Fix: The default servlet now rejects HTTP range requests when two or more
of the requested ranges overlap. Based on pull request #782 provided by
Chenjp. (markt)
+ Fix: Enhance Content-Range verification for partial PUT requests handled
by the default servlet. Provided by Chenjp in pull request #778. (markt)
+ Fix: Harmonize DataSourceStore lookup in the global resources to
optionally avoid the comp/env prefix which is usually not used there.
(remm)
+ Fix: As required by RFC 9110, the HTTP Range header will now only be
processed for GET requests. Based on pull request #790 provided by Chenjp.
(markt)
+ Fix: Deprecate the useAcceptRanges initialisation parameter for the
default servlet. It will be removed in Tomcat 12 onwards where it will
effectively be hard coded to true. (markt)
+ Add: Add DataSource based property storage for the WebdavServlet. (remm)
- Coyote
+ Fix: Align encodedSolidusHandling with the Servlet specification. If the
pass-through mode is used, any %25 sequences will now also be passed
through to avoid errors and/or corruption when the application decodes the
path. (markt)
- Jasper
+ Fix: Follow-up to the fix for 69381. Apply the optimisation for method
lookup performance in expression language to an additional location.
(markt)
- Web applications
+ Fix: Documentation. Remove references to the ResourceParams element.
Support for ResourceParams was removed in Tomcat 5.5.x. (markt)
+ Fix: Documentation. 69477: Correct name of attribute for RemoteIPFilter.
The attribute is internalProxies rather than allowedInternalProxies. Pull
request #786 (markt)
+ Fix: Examples. Fix broken links when Servlet Request Info example is
called via a URL that includes a pathInfo component. (markt)
+ Fix: Examples. Expand the obfuscation of session cookie values in the
request header example to JSON responses. (markt)
+ Add: Examples. Add the ability to delete session attributes in the servlet
session example. (markt)
+ Add: Examples. Add a hard coded limit of 10 attributes per session for the
servlet session example. (markt)
+ Add: Examples. Add the ability to delete session attributes and add a hard
coded limit of 10 attributes per session for the JSP form authentication
example. (markt)
+ Add: Examples. Limit the shopping cart example to only allow adding the
pre-defined items to the cart. (markt)
+ Fix: Examples. Remove JSP calendar example. (markt)
- Other
+ Fix: 69465: Fix warnings during native image compilation using the Tomcat
embedded JARs. (markt)
+ Update: Update Tomcat's fork of Commons DBCP to 2.13.0. (markt)
+ Update: Update EasyMock to 5.5.0. (markt)
+ Update: Update Checkstyle to 10.20.2. (markt)
+ Update: Update BND to 7.1.0. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Korean translations. (markt)
+ Add: Improvements to Chinese translations. (markt)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1 updated
- tomcat10-el-5_0-api-10.1.34-150200.5.31.1 updated
- tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1 updated
- tomcat10-lib-10.1.34-150200.5.31.1 updated
- tomcat10-10.1.34-150200.5.31.1 updated
- container:bci-bci-base-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
From sle-container-updates at lists.suse.com Mon Jan 13 08:07:11 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 13 Jan 2025 09:07:11 +0100 (CET)
Subject: SUSE-CU-2025:153-1: Security update of containers/apache-tomcat
Message-ID: <20250113080711.67A59FCE7@maintenance.suse.de>
SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:153-1
Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21-62.5
Container Release : 62.5
Severity : important
Type : security
References : 1219736 1233435 1234663 1234664 CVE-2024-50379 CVE-2024-52317
CVE-2024-54677
-----------------------------------------------------------------
The container containers/apache-tomcat was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:33-1
Released: Tue Jan 7 23:47:13 2025
Summary: Security update for tomcat10
Type: security
Severity: important
References: 1233435,1234663,1234664,CVE-2024-50379,CVE-2024-52317,CVE-2024-54677
This update for tomcat10 fixes the following issues:
Update to Tomcat 10.1.34
- Fixed CVEs:
+ CVE-2024-54677: DoS in examples web application (bsc#1234664)
+ CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663)
+ CVE-2024-52317: Request/response mix-up with HTTP/2 (bsc#1233435)
- Catalina
+ Add: Add option to serve resources from subpath only with WebDAV Servlet
like with DefaultServlet. (michaelo)
+ Fix: Add special handling for the protocols attribute of SSLHostConfig in
storeconfig. (remm)
+ Fix: 69442: Fix case sensitive check on content-type when parsing request
parameters. (remm)
+ Code: Refactor duplicate code for extracting media type and subtype from
content-type into a single method. (markt)
+ Fix: Compatibility of generated embedded code with components where
constructors or property related methods throw a checked exception. (remm)
+ Fix: The previous fix for inconsistent resource metadata during concurrent
reads and writes was incomplete. (markt)
+ Fix: #780: Fix content-range header length. Submitted by Chenjp. (remm)
+ Fix: 69444: Ensure that the jakarta.servlet.error.message request
attribute is set when an application defined error page is called. (markt)
+ Fix: Avoid quotes for numeric values in the JSON generated by the status
servlet. (remm)
+ Add: Add strong ETag support for the WebDAV and default servlet, which can
be enabled by using the useStrongETags init parameter with a value set to
true. The ETag generated will be a SHA-1 checksum of the resource content.
(remm)
+ Fix: Use client locale for directory listings. (remm)
+ Fix: 69439: Improve the handling of multiple Cache-Control headers in the
ExpiresFilter. Based on pull request #777 by Chenjp. (markt)
+ Fix: 69447: Update the support for caching classes the web application
class loader cannot find to take account of classes loaded from external
repositories. Prior to this fix, these classes could be incorrectly marked
as not found. (markt)
+ Fix: 69466: Rework handling of HEAD requests. Headers explicitly set by
users will not be removed and any header present in a HEAD request will
also be present in the equivalent GET request. There may be some headers,
as per RFC 9110, section 9.3.2, that are present in a GET request that are
not present in the equivalent HEAD request. (markt)
+ Fix: 69471: Log instances of CloseNowException caught by
ApplicationDispatcher.invoke() at debug level rather than error level as
they are very likely to have been caused by a client disconnection or
similar I/O issue. (markt)
+ Add: Add a test case for the fix for 69442. Also refactor references to
application/x-www-form-urlencoded. Based on pull request #779 by Chenjp.
(markt)
+ Fix: 69476: Catch possible ISE when trying to report PUT failure in the
DefaultServlet. (remm)
+ Add: Add support for RateLimit header fields for HTTP (draft) in the
RateLimitFilter. Based on pull request #775 provided by Chenjp. (markt)
+ Add: #787: Add regression tests for 69478. Pull request provided by Thomas
Krisch. (markt)
+ Fix: The default servlet now rejects HTTP range requests when two or more
of the requested ranges overlap. Based on pull request #782 provided by
Chenjp. (markt)
+ Fix: Enhance Content-Range verification for partial PUT requests handled
by the default servlet. Provided by Chenjp in pull request #778. (markt)
+ Fix: Harmonize DataSourceStore lookup in the global resources to
optionally avoid the comp/env prefix which is usually not used there.
(remm)
+ Fix: As required by RFC 9110, the HTTP Range header will now only be
processed for GET requests. Based on pull request #790 provided by Chenjp.
(markt)
+ Fix: Deprecate the useAcceptRanges initialisation parameter for the
default servlet. It will be removed in Tomcat 12 onwards where it will
effectively be hard coded to true. (markt)
+ Add: Add DataSource based property storage for the WebdavServlet. (remm)
- Coyote
+ Fix: Align encodedSolidusHandling with the Servlet specification. If the
pass-through mode is used, any %25 sequences will now also be passed
through to avoid errors and/or corruption when the application decodes the
path. (markt)
- Jasper
+ Fix: Follow-up to the fix for 69381. Apply the optimisation for method
lookup performance in expression language to an additional location.
(markt)
- Web applications
+ Fix: Documentation. Remove references to the ResourceParams element.
Support for ResourceParams was removed in Tomcat 5.5.x. (markt)
+ Fix: Documentation. 69477: Correct name of attribute for RemoteIPFilter.
The attribute is internalProxies rather than allowedInternalProxies. Pull
request #786 (markt)
+ Fix: Examples. Fix broken links when Servlet Request Info example is
called via a URL that includes a pathInfo component. (markt)
+ Fix: Examples. Expand the obfuscation of session cookie values in the
request header example to JSON responses. (markt)
+ Add: Examples. Add the ability to delete session attributes in the servlet
session example. (markt)
+ Add: Examples. Add a hard coded limit of 10 attributes per session for the
servlet session example. (markt)
+ Add: Examples. Add the ability to delete session attributes and add a hard
coded limit of 10 attributes per session for the JSP form authentication
example. (markt)
+ Add: Examples. Limit the shopping cart example to only allow adding the
pre-defined items to the cart. (markt)
+ Fix: Examples. Remove JSP calendar example. (markt)
- Other
+ Fix: 69465: Fix warnings during native image compilation using the Tomcat
embedded JARs. (markt)
+ Update: Update Tomcat's fork of Commons DBCP to 2.13.0. (markt)
+ Update: Update EasyMock to 5.5.0. (markt)
+ Update: Update Checkstyle to 10.20.2. (markt)
+ Update: Update BND to 7.1.0. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Korean translations. (markt)
+ Add: Improvements to Chinese translations. (markt)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- tomcat10-servlet-6_0-api-10.1.34-150200.5.31.1 updated
- tomcat10-el-5_0-api-10.1.34-150200.5.31.1 updated
- tomcat10-jsp-3_1-api-10.1.34-150200.5.31.1 updated
- tomcat10-lib-10.1.34-150200.5.31.1 updated
- tomcat10-10.1.34-150200.5.31.1 updated
- container:bci-bci-base-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
From sle-container-updates at lists.suse.com Mon Jan 13 08:07:20 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 13 Jan 2025 09:07:20 +0100 (CET)
Subject: SUSE-CU-2025:154-1: Security update of containers/apache-tomcat
Message-ID: <20250113080720.6CD93FCE7@maintenance.suse.de>
SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:154-1
Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11-62.5
Container Release : 62.5
Severity : important
Type : security
References : 1219736 1233435 1234663 1234664 CVE-2024-50379 CVE-2024-52317
CVE-2024-54677
-----------------------------------------------------------------
The container containers/apache-tomcat was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:58-1
Released: Fri Jan 10 08:34:50 2025
Summary: Security update for tomcat
Type: security
Severity: important
References: 1233435,1234663,1234664,CVE-2024-50379,CVE-2024-52317,CVE-2024-54677
This update for tomcat fixes the following issues:
Update to Tomcat 9.0.98
- Fixed CVEs:
+ CVE-2024-54677: DoS in examples web application (bsc#1234664)
+ CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663)
+ CVE-2024-52317: Request/response mix-up with HTTP/2 (bsc#1233435)
- Catalina
+ Add: Add option to serve resources from subpath only with WebDAV Servlet
like with DefaultServlet. (michaelo)
+ Fix: Add special handling for the protocols attribute of SSLHostConfig in
storeconfig. (remm)
+ Fix: 69442: Fix case sensitive check on content-type when parsing request
parameters. (remm)
+ Code: Refactor duplicate code for extracting media type and subtype from
content-type into a single method. (markt)
+ Fix: Compatibility of generated embedded code with components where
constructors or property related methods throw a checked exception. (remm)
+ Fix: The previous fix for inconsistent resource metadata during concurrent
reads and writes was incomplete. (markt)
+ Fix: 69444: Ensure that the javax.servlet.error.message request attribute
is set when an application defined error page is called. (markt)
+ Fix: Avoid quotes for numeric values in the JSON generated by the status
servlet. (remm)
+ Add: Add strong ETag support for the WebDAV and default servlet, which can
be enabled by using the useStrongETags init parameter with a value set to
true. The ETag generated will be a SHA-1 checksum of the resource content.
(remm)
+ Fix: Use client locale for directory listings. (remm)
+ Fix: 69439: Improve the handling of multiple Cache-Control headers in the
ExpiresFilter. Based on pull request #777 by Chenjp. (markt)
+ Fix: 69447: Update the support for caching classes the web application
class loader cannot find to take account of classes loaded from external
repositories. Prior to this fix, these classes could be incorrectly marked
as not found. (markt)
+ Fix: 69466: Rework handling of HEAD requests. Headers explicitly set by
users will not be removed and any header present in a HEAD request will
also be present in the equivalent GET request. There may be some headers,
as per RFC 9110, section 9.3.2, that are present in a GET request that are
not present in the equivalent HEAD request. (markt)
+ Fix: 69471: Log instances of CloseNowException caught by
ApplicationDispatcher.invoke() at debug level rather than error level as
they are very likely to have been caused by a client disconnection or
similar I/O issue. (markt)
+ Add: Add a test case for the fix for 69442. Also refactor references to
application/x-www-form-urlencoded. Based on pull request #779 by Chenjp.
(markt)
+ Fix: 69476: Catch possible ISE when trying to report PUT failure in the
DefaultServlet. (remm)
+ Add: Add support for RateLimit header fields for HTTP (draft) in the
RateLimitFilter. Based on pull request #775 provided by Chenjp. (markt)
+ Add: #787: Add regression tests for 69478. Pull request provided by Thomas
Krisch. (markt)
+ Fix: The default servlet now rejects HTTP range requests when two or more
of the requested ranges overlap. Based on pull request #782 provided by
Chenjp. (markt)
+ Fix: Enhance Content-Range verification for partial PUT requests handled
by the default servlet. Provided by Chenjp in pull request #778. (markt)
+ Fix: Harmonize DataSourceStore lookup in the global resources to
optionally avoid the comp/env prefix which is usually not used there.
(remm)
+ Fix: As required by RFC 9110, the HTTP Range header will now only be
processed for GET requests. Based on pull request #790 provided by Chenjp.
(markt)
+ Fix: Deprecate the useAcceptRanges initialisation parameter for the
default servlet. It will be removed in Tomcat 12 onwards where it will
effectively be hard coded to true. (markt)
+ Add: Add DataSource based property storage for the WebdavServlet. (remm)
- Coyote
+ Fix: Align encodedSolidusHandling with the Servlet specification. If the
pass-through mode is used, any %25 sequences will now also be passed
through to avoid errors and/or corruption when the application decodes the
path. (markt)
- Jasper
+ Fix: Further optimise EL evaluation of method parameters. Patch provided
by Paolo B. (markt)
+ Fix: Follow-up to the fix for 69381. Apply the optimisation for method
lookup performance in expression language to an additional location.
(markt)
- Web applications
+ Fix: Documentation. Remove references to the ResourceParams element.
Support for ResourceParams was removed in Tomcat 5.5.x. (markt)
+ Fix: Documentation. 69477: Correct name of attribute for RemoteIPFilter.
The attribute is internalProxies rather than allowedInternalProxies. Pull
request #786 (markt)
+ Fix: Examples. Fix broken links when Servlet Request Info example is
called via a URL that includes a pathInfo component. (markt)
+ Fix: Examples. Expand the obfuscation of session cookie values in the
request header example to JSON responses. (markt)
+ Add: Examples. Add the ability to delete session attributes in the servlet
session example. (markt)
+ Add: Examples. Add a hard coded limit of 10 attributes per session for the
servlet session example. (markt)
+ Add: Examples. Add the ability to delete session attributes and add a hard
coded limit of 10 attributes per session for the JSP form authentication
example. (markt)
+ Add: Examples. Limit the shopping cart example to only allow adding the
pre-defined items to the cart. (markt)
+ Fix: Examples. Remove JSP calendar example. (markt)
- Other
+ Fix: 69465: Fix warnings during native image compilation using the Tomcat
embedded JARs. (markt)
+ Update: Update Tomcat's fork of Commons DBCP to 2.13.0. (markt)
+ Update: Update EasyMock to 5.5.0. (markt)
+ Update: Update Checkstyle to 10.20.2. (markt)
+ Update: Update BND to 7.1.0. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Korean translations. (markt)
+ Add: Improvements to Chinese translations. (markt)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- tomcat-servlet-4_0-api-9.0.98-150200.74.1 updated
- tomcat-el-3_0-api-9.0.98-150200.74.1 updated
- tomcat-jsp-2_3-api-9.0.98-150200.74.1 updated
- tomcat-lib-9.0.98-150200.74.1 updated
- tomcat-9.0.98-150200.74.1 updated
- container:bci-bci-base-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
From sle-container-updates at lists.suse.com Mon Jan 13 08:07:32 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 13 Jan 2025 09:07:32 +0100 (CET)
Subject: SUSE-CU-2025:155-1: Security update of containers/apache-tomcat
Message-ID: <20250113080732.CD23EFCE7@maintenance.suse.de>
SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:155-1
Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17-62.5
Container Release : 62.5
Severity : important
Type : security
References : 1219736 1233435 1234663 1234664 CVE-2024-50379 CVE-2024-52317
CVE-2024-54677
-----------------------------------------------------------------
The container containers/apache-tomcat was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:58-1
Released: Fri Jan 10 08:34:50 2025
Summary: Security update for tomcat
Type: security
Severity: important
References: 1233435,1234663,1234664,CVE-2024-50379,CVE-2024-52317,CVE-2024-54677
This update for tomcat fixes the following issues:
Update to Tomcat 9.0.98
- Fixed CVEs:
+ CVE-2024-54677: DoS in examples web application (bsc#1234664)
+ CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663)
+ CVE-2024-52317: Request/response mix-up with HTTP/2 (bsc#1233435)
- Catalina
+ Add: Add option to serve resources from subpath only with WebDAV Servlet
like with DefaultServlet. (michaelo)
+ Fix: Add special handling for the protocols attribute of SSLHostConfig in
storeconfig. (remm)
+ Fix: 69442: Fix case sensitive check on content-type when parsing request
parameters. (remm)
+ Code: Refactor duplicate code for extracting media type and subtype from
content-type into a single method. (markt)
+ Fix: Compatibility of generated embedded code with components where
constructors or property related methods throw a checked exception. (remm)
+ Fix: The previous fix for inconsistent resource metadata during concurrent
reads and writes was incomplete. (markt)
+ Fix: 69444: Ensure that the javax.servlet.error.message request attribute
is set when an application defined error page is called. (markt)
+ Fix: Avoid quotes for numeric values in the JSON generated by the status
servlet. (remm)
+ Add: Add strong ETag support for the WebDAV and default servlet, which can
be enabled by using the useStrongETags init parameter with a value set to
true. The ETag generated will be a SHA-1 checksum of the resource content.
(remm)
+ Fix: Use client locale for directory listings. (remm)
+ Fix: 69439: Improve the handling of multiple Cache-Control headers in the
ExpiresFilter. Based on pull request #777 by Chenjp. (markt)
+ Fix: 69447: Update the support for caching classes the web application
class loader cannot find to take account of classes loaded from external
repositories. Prior to this fix, these classes could be incorrectly marked
as not found. (markt)
+ Fix: 69466: Rework handling of HEAD requests. Headers explicitly set by
users will not be removed and any header present in a HEAD request will
also be present in the equivalent GET request. There may be some headers,
as per RFC 9110, section 9.3.2, that are present in a GET request that are
not present in the equivalent HEAD request. (markt)
+ Fix: 69471: Log instances of CloseNowException caught by
ApplicationDispatcher.invoke() at debug level rather than error level as
they are very likely to have been caused by a client disconnection or
similar I/O issue. (markt)
+ Add: Add a test case for the fix for 69442. Also refactor references to
application/x-www-form-urlencoded. Based on pull request #779 by Chenjp.
(markt)
+ Fix: 69476: Catch possible ISE when trying to report PUT failure in the
DefaultServlet. (remm)
+ Add: Add support for RateLimit header fields for HTTP (draft) in the
RateLimitFilter. Based on pull request #775 provided by Chenjp. (markt)
+ Add: #787: Add regression tests for 69478. Pull request provided by Thomas
Krisch. (markt)
+ Fix: The default servlet now rejects HTTP range requests when two or more
of the requested ranges overlap. Based on pull request #782 provided by
Chenjp. (markt)
+ Fix: Enhance Content-Range verification for partial PUT requests handled
by the default servlet. Provided by Chenjp in pull request #778. (markt)
+ Fix: Harmonize DataSourceStore lookup in the global resources to
optionally avoid the comp/env prefix which is usually not used there.
(remm)
+ Fix: As required by RFC 9110, the HTTP Range header will now only be
processed for GET requests. Based on pull request #790 provided by Chenjp.
(markt)
+ Fix: Deprecate the useAcceptRanges initialisation parameter for the
default servlet. It will be removed in Tomcat 12 onwards where it will
effectively be hard coded to true. (markt)
+ Add: Add DataSource based property storage for the WebdavServlet. (remm)
- Coyote
+ Fix: Align encodedSolidusHandling with the Servlet specification. If the
pass-through mode is used, any %25 sequences will now also be passed
through to avoid errors and/or corruption when the application decodes the
path. (markt)
- Jasper
+ Fix: Further optimise EL evaluation of method parameters. Patch provided
by Paolo B. (markt)
+ Fix: Follow-up to the fix for 69381. Apply the optimisation for method
lookup performance in expression language to an additional location.
(markt)
- Web applications
+ Fix: Documentation. Remove references to the ResourceParams element.
Support for ResourceParams was removed in Tomcat 5.5.x. (markt)
+ Fix: Documentation. 69477: Correct name of attribute for RemoteIPFilter.
The attribute is internalProxies rather than allowedInternalProxies. Pull
request #786 (markt)
+ Fix: Examples. Fix broken links when Servlet Request Info example is
called via a URL that includes a pathInfo component. (markt)
+ Fix: Examples. Expand the obfuscation of session cookie values in the
request header example to JSON responses. (markt)
+ Add: Examples. Add the ability to delete session attributes in the servlet
session example. (markt)
+ Add: Examples. Add a hard coded limit of 10 attributes per session for the
servlet session example. (markt)
+ Add: Examples. Add the ability to delete session attributes and add a hard
coded limit of 10 attributes per session for the JSP form authentication
example. (markt)
+ Add: Examples. Limit the shopping cart example to only allow adding the
pre-defined items to the cart. (markt)
+ Fix: Examples. Remove JSP calendar example. (markt)
- Other
+ Fix: 69465: Fix warnings during native image compilation using the Tomcat
embedded JARs. (markt)
+ Update: Update Tomcat's fork of Commons DBCP to 2.13.0. (markt)
+ Update: Update EasyMock to 5.5.0. (markt)
+ Update: Update Checkstyle to 10.20.2. (markt)
+ Update: Update BND to 7.1.0. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Korean translations. (markt)
+ Add: Improvements to Chinese translations. (markt)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- tomcat-servlet-4_0-api-9.0.98-150200.74.1 updated
- tomcat-el-3_0-api-9.0.98-150200.74.1 updated
- tomcat-jsp-2_3-api-9.0.98-150200.74.1 updated
- tomcat-lib-9.0.98-150200.74.1 updated
- tomcat-9.0.98-150200.74.1 updated
- container:bci-bci-base-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
From sle-container-updates at lists.suse.com Mon Jan 13 08:07:43 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 13 Jan 2025 09:07:43 +0100 (CET)
Subject: SUSE-CU-2025:156-1: Security update of containers/apache-tomcat
Message-ID: <20250113080743.96BB9FCE7@maintenance.suse.de>
SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:156-1
Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21-62.5
Container Release : 62.5
Severity : important
Type : security
References : 1219736 1233435 1234663 1234664 CVE-2024-50379 CVE-2024-52317
CVE-2024-54677
-----------------------------------------------------------------
The container containers/apache-tomcat was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:58-1
Released: Fri Jan 10 08:34:50 2025
Summary: Security update for tomcat
Type: security
Severity: important
References: 1233435,1234663,1234664,CVE-2024-50379,CVE-2024-52317,CVE-2024-54677
This update for tomcat fixes the following issues:
Update to Tomcat 9.0.98
- Fixed CVEs:
+ CVE-2024-54677: DoS in examples web application (bsc#1234664)
+ CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663)
+ CVE-2024-52317: Request/response mix-up with HTTP/2 (bsc#1233435)
- Catalina
+ Add: Add option to serve resources from subpath only with WebDAV Servlet
like with DefaultServlet. (michaelo)
+ Fix: Add special handling for the protocols attribute of SSLHostConfig in
storeconfig. (remm)
+ Fix: 69442: Fix case sensitive check on content-type when parsing request
parameters. (remm)
+ Code: Refactor duplicate code for extracting media type and subtype from
content-type into a single method. (markt)
+ Fix: Compatibility of generated embedded code with components where
constructors or property related methods throw a checked exception. (remm)
+ Fix: The previous fix for inconsistent resource metadata during concurrent
reads and writes was incomplete. (markt)
+ Fix: 69444: Ensure that the javax.servlet.error.message request attribute
is set when an application defined error page is called. (markt)
+ Fix: Avoid quotes for numeric values in the JSON generated by the status
servlet. (remm)
+ Add: Add strong ETag support for the WebDAV and default servlet, which can
be enabled by using the useStrongETags init parameter with a value set to
true. The ETag generated will be a SHA-1 checksum of the resource content.
(remm)
+ Fix: Use client locale for directory listings. (remm)
+ Fix: 69439: Improve the handling of multiple Cache-Control headers in the
ExpiresFilter. Based on pull request #777 by Chenjp. (markt)
+ Fix: 69447: Update the support for caching classes the web application
class loader cannot find to take account of classes loaded from external
repositories. Prior to this fix, these classes could be incorrectly marked
as not found. (markt)
+ Fix: 69466: Rework handling of HEAD requests. Headers explicitly set by
users will not be removed and any header present in a HEAD request will
also be present in the equivalent GET request. There may be some headers,
as per RFC 9110, section 9.3.2, that are present in a GET request that are
not present in the equivalent HEAD request. (markt)
+ Fix: 69471: Log instances of CloseNowException caught by
ApplicationDispatcher.invoke() at debug level rather than error level as
they are very likely to have been caused by a client disconnection or
similar I/O issue. (markt)
+ Add: Add a test case for the fix for 69442. Also refactor references to
application/x-www-form-urlencoded. Based on pull request #779 by Chenjp.
(markt)
+ Fix: 69476: Catch possible ISE when trying to report PUT failure in the
DefaultServlet. (remm)
+ Add: Add support for RateLimit header fields for HTTP (draft) in the
RateLimitFilter. Based on pull request #775 provided by Chenjp. (markt)
+ Add: #787: Add regression tests for 69478. Pull request provided by Thomas
Krisch. (markt)
+ Fix: The default servlet now rejects HTTP range requests when two or more
of the requested ranges overlap. Based on pull request #782 provided by
Chenjp. (markt)
+ Fix: Enhance Content-Range verification for partial PUT requests handled
by the default servlet. Provided by Chenjp in pull request #778. (markt)
+ Fix: Harmonize DataSourceStore lookup in the global resources to
optionally avoid the comp/env prefix which is usually not used there.
(remm)
+ Fix: As required by RFC 9110, the HTTP Range header will now only be
processed for GET requests. Based on pull request #790 provided by Chenjp.
(markt)
+ Fix: Deprecate the useAcceptRanges initialisation parameter for the
default servlet. It will be removed in Tomcat 12 onwards where it will
effectively be hard coded to true. (markt)
+ Add: Add DataSource based property storage for the WebdavServlet. (remm)
- Coyote
+ Fix: Align encodedSolidusHandling with the Servlet specification. If the
pass-through mode is used, any %25 sequences will now also be passed
through to avoid errors and/or corruption when the application decodes the
path. (markt)
- Jasper
+ Fix: Further optimise EL evaluation of method parameters. Patch provided
by Paolo B. (markt)
+ Fix: Follow-up to the fix for 69381. Apply the optimisation for method
lookup performance in expression language to an additional location.
(markt)
- Web applications
+ Fix: Documentation. Remove references to the ResourceParams element.
Support for ResourceParams was removed in Tomcat 5.5.x. (markt)
+ Fix: Documentation. 69477: Correct name of attribute for RemoteIPFilter.
The attribute is internalProxies rather than allowedInternalProxies. Pull
request #786 (markt)
+ Fix: Examples. Fix broken links when Servlet Request Info example is
called via a URL that includes a pathInfo component. (markt)
+ Fix: Examples. Expand the obfuscation of session cookie values in the
request header example to JSON responses. (markt)
+ Add: Examples. Add the ability to delete session attributes in the servlet
session example. (markt)
+ Add: Examples. Add a hard coded limit of 10 attributes per session for the
servlet session example. (markt)
+ Add: Examples. Add the ability to delete session attributes and add a hard
coded limit of 10 attributes per session for the JSP form authentication
example. (markt)
+ Add: Examples. Limit the shopping cart example to only allow adding the
pre-defined items to the cart. (markt)
+ Fix: Examples. Remove JSP calendar example. (markt)
- Other
+ Fix: 69465: Fix warnings during native image compilation using the Tomcat
embedded JARs. (markt)
+ Update: Update Tomcat's fork of Commons DBCP to 2.13.0. (markt)
+ Update: Update EasyMock to 5.5.0. (markt)
+ Update: Update Checkstyle to 10.20.2. (markt)
+ Update: Update BND to 7.1.0. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Korean translations. (markt)
+ Add: Improvements to Chinese translations. (markt)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- tomcat-servlet-4_0-api-9.0.98-150200.74.1 updated
- tomcat-el-3_0-api-9.0.98-150200.74.1 updated
- tomcat-jsp-2_3-api-9.0.98-150200.74.1 updated
- tomcat-lib-9.0.98-150200.74.1 updated
- tomcat-9.0.98-150200.74.1 updated
- container:bci-bci-base-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
From sle-container-updates at lists.suse.com Mon Jan 13 08:07:50 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 13 Jan 2025 09:07:50 +0100 (CET)
Subject: SUSE-CU-2025:157-1: Security update of containers/apache-tomcat
Message-ID: <20250113080750.8E36FFCE7@maintenance.suse.de>
SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:157-1
Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8-62.5
Container Release : 62.5
Severity : important
Type : security
References : 1219736 1233435 1234663 1234664 CVE-2024-50379 CVE-2024-52317
CVE-2024-54677
-----------------------------------------------------------------
The container containers/apache-tomcat was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:58-1
Released: Fri Jan 10 08:34:50 2025
Summary: Security update for tomcat
Type: security
Severity: important
References: 1233435,1234663,1234664,CVE-2024-50379,CVE-2024-52317,CVE-2024-54677
This update for tomcat fixes the following issues:
Update to Tomcat 9.0.98
- Fixed CVEs:
+ CVE-2024-54677: DoS in examples web application (bsc#1234664)
+ CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation (bsc#1234663)
+ CVE-2024-52317: Request/response mix-up with HTTP/2 (bsc#1233435)
- Catalina
+ Add: Add option to serve resources from subpath only with WebDAV Servlet
like with DefaultServlet. (michaelo)
+ Fix: Add special handling for the protocols attribute of SSLHostConfig in
storeconfig. (remm)
+ Fix: 69442: Fix case sensitive check on content-type when parsing request
parameters. (remm)
+ Code: Refactor duplicate code for extracting media type and subtype from
content-type into a single method. (markt)
+ Fix: Compatibility of generated embedded code with components where
constructors or property related methods throw a checked exception. (remm)
+ Fix: The previous fix for inconsistent resource metadata during concurrent
reads and writes was incomplete. (markt)
+ Fix: 69444: Ensure that the javax.servlet.error.message request attribute
is set when an application defined error page is called. (markt)
+ Fix: Avoid quotes for numeric values in the JSON generated by the status
servlet. (remm)
+ Add: Add strong ETag support for the WebDAV and default servlet, which can
be enabled by using the useStrongETags init parameter with a value set to
true. The ETag generated will be a SHA-1 checksum of the resource content.
(remm)
+ Fix: Use client locale for directory listings. (remm)
+ Fix: 69439: Improve the handling of multiple Cache-Control headers in the
ExpiresFilter. Based on pull request #777 by Chenjp. (markt)
+ Fix: 69447: Update the support for caching classes the web application
class loader cannot find to take account of classes loaded from external
repositories. Prior to this fix, these classes could be incorrectly marked
as not found. (markt)
+ Fix: 69466: Rework handling of HEAD requests. Headers explicitly set by
users will not be removed and any header present in a HEAD request will
also be present in the equivalent GET request. There may be some headers,
as per RFC 9110, section 9.3.2, that are present in a GET request that are
not present in the equivalent HEAD request. (markt)
+ Fix: 69471: Log instances of CloseNowException caught by
ApplicationDispatcher.invoke() at debug level rather than error level as
they are very likely to have been caused by a client disconnection or
similar I/O issue. (markt)
+ Add: Add a test case for the fix for 69442. Also refactor references to
application/x-www-form-urlencoded. Based on pull request #779 by Chenjp.
(markt)
+ Fix: 69476: Catch possible ISE when trying to report PUT failure in the
DefaultServlet. (remm)
+ Add: Add support for RateLimit header fields for HTTP (draft) in the
RateLimitFilter. Based on pull request #775 provided by Chenjp. (markt)
+ Add: #787: Add regression tests for 69478. Pull request provided by Thomas
Krisch. (markt)
+ Fix: The default servlet now rejects HTTP range requests when two or more
of the requested ranges overlap. Based on pull request #782 provided by
Chenjp. (markt)
+ Fix: Enhance Content-Range verification for partial PUT requests handled
by the default servlet. Provided by Chenjp in pull request #778. (markt)
+ Fix: Harmonize DataSourceStore lookup in the global resources to
optionally avoid the comp/env prefix which is usually not used there.
(remm)
+ Fix: As required by RFC 9110, the HTTP Range header will now only be
processed for GET requests. Based on pull request #790 provided by Chenjp.
(markt)
+ Fix: Deprecate the useAcceptRanges initialisation parameter for the
default servlet. It will be removed in Tomcat 12 onwards where it will
effectively be hard coded to true. (markt)
+ Add: Add DataSource based property storage for the WebdavServlet. (remm)
- Coyote
+ Fix: Align encodedSolidusHandling with the Servlet specification. If the
pass-through mode is used, any %25 sequences will now also be passed
through to avoid errors and/or corruption when the application decodes the
path. (markt)
- Jasper
+ Fix: Further optimise EL evaluation of method parameters. Patch provided
by Paolo B. (markt)
+ Fix: Follow-up to the fix for 69381. Apply the optimisation for method
lookup performance in expression language to an additional location.
(markt)
- Web applications
+ Fix: Documentation. Remove references to the ResourceParams element.
Support for ResourceParams was removed in Tomcat 5.5.x. (markt)
+ Fix: Documentation. 69477: Correct name of attribute for RemoteIPFilter.
The attribute is internalProxies rather than allowedInternalProxies. Pull
request #786 (markt)
+ Fix: Examples. Fix broken links when Servlet Request Info example is
called via a URL that includes a pathInfo component. (markt)
+ Fix: Examples. Expand the obfuscation of session cookie values in the
request header example to JSON responses. (markt)
+ Add: Examples. Add the ability to delete session attributes in the servlet
session example. (markt)
+ Add: Examples. Add a hard coded limit of 10 attributes per session for the
servlet session example. (markt)
+ Add: Examples. Add the ability to delete session attributes and add a hard
coded limit of 10 attributes per session for the JSP form authentication
example. (markt)
+ Add: Examples. Limit the shopping cart example to only allow adding the
pre-defined items to the cart. (markt)
+ Fix: Examples. Remove JSP calendar example. (markt)
- Other
+ Fix: 69465: Fix warnings during native image compilation using the Tomcat
embedded JARs. (markt)
+ Update: Update Tomcat's fork of Commons DBCP to 2.13.0. (markt)
+ Update: Update EasyMock to 5.5.0. (markt)
+ Update: Update Checkstyle to 10.20.2. (markt)
+ Update: Update BND to 7.1.0. (markt)
+ Add: Improvements to French translations. (remm)
+ Add: Improvements to Korean translations. (markt)
+ Add: Improvements to Chinese translations. (markt)
+ Add: Improvements to Japanese translations by tak7iji. (markt)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- tomcat-servlet-4_0-api-9.0.98-150200.74.1 updated
- tomcat-el-3_0-api-9.0.98-150200.74.1 updated
- tomcat-jsp-2_3-api-9.0.98-150200.74.1 updated
- tomcat-lib-9.0.98-150200.74.1 updated
- tomcat-9.0.98-150200.74.1 updated
- container:bci-bci-base-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:02:38 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:02:38 +0100 (CET)
Subject: SUSE-CU-2025:158-1: Recommended update of containers/milvus
Message-ID: <20250114080238.86920FCE7@maintenance.suse.de>
SUSE Container Update Advisory: containers/milvus
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:158-1
Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.15
Container Release : 7.15
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container containers/milvus was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- libcurl4-8.6.0-150600.4.18.1 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:03:46 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:03:46 +0100 (CET)
Subject: SUSE-CU-2025:159-1: Recommended update of containers/ollama
Message-ID: <20250114080346.2FAB0FBA0@maintenance.suse.de>
SUSE Container Update Advisory: containers/ollama
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:159-1
Container Tags : containers/ollama:0.3 , containers/ollama:0.3.6 , containers/ollama:0.3.6-4.21
Container Release : 4.21
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container containers/ollama was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:registry.suse.com-bci-bci-base-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:04:42 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:04:42 +0100 (CET)
Subject: SUSE-CU-2025:160-1: Security update of containers/open-webui
Message-ID: <20250114080442.5B021FBA0@maintenance.suse.de>
SUSE Container Update Advisory: containers/open-webui
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:160-1
Container Tags : containers/open-webui:0.3 , containers/open-webui:0.3.32 , containers/open-webui:0.3.32-7.1
Container Release : 7.1
Severity : important
Type : security
References : 1219736 1234415 1234449 1234450 1234453 1234455 1234456 1234459
1234460 1235029 CVE-2024-47538 CVE-2024-47541 CVE-2024-47542
CVE-2024-47600 CVE-2024-47606 CVE-2024-47607 CVE-2024-47615 CVE-2024-47835
CVE-2024-56826
-----------------------------------------------------------------
The container containers/open-webui was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:44-1
Released: Thu Jan 9 16:04:53 2025
Summary: Security update for openjpeg2
Type: security
Severity: moderate
References: 1235029,CVE-2024-56826
This update for openjpeg2 fixes the following issues:
- CVE-2024-56826: Fixed heap buffer overflow in bin/common/color.c (bsc#1235029)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:62-1
Released: Fri Jan 10 13:53:30 2025
Summary: Security update for gstreamer
Type: security
Severity: important
References: 1234449,CVE-2024-47606
This update for gstreamer fixes the following issues:
- CVE-2024-47606: Avoid integer overflow when allocating sysmem. (bsc#1234449).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:65-1
Released: Fri Jan 10 15:42:35 2025
Summary: Security update for gstreamer-plugins-base
Type: security
Severity: important
References: 1234415,1234450,1234453,1234455,1234456,1234459,1234460,CVE-2024-47538,CVE-2024-47541,CVE-2024-47542,CVE-2024-47600,CVE-2024-47607,CVE-2024-47615,CVE-2024-47835
This update for gstreamer-plugins-base fixes the following issues:
- CVE-2024-47538: Fixed a stack-buffer overflow in vorbis_handle_identification_packet. (bsc#1234415)
- CVE-2024-47835: Fixed a NULL-pointer dereference in LRC subtitle parser. (bsc#1234450)
- CVE-2024-47600: Fixed an out-of-bounds read in gst-discoverer-1.0 commandline tool. (bsc#1234453)
- CVE-2024-47615: Fixed an out-of-bounds write in Ogg demuxer. (bsc#1234456)
- CVE-2024-47541: Fixed an out-of-bounds write in SSA subtitle parser. (bsc#1234459)
- CVE-2024-47542: Fixed an ID3v2 parser out-of-bounds read and NULL-pointer dereference. (bsc#1234460)
- CVE-2024-47607: Fixed a stack buffer-overflow in Opus decoder. (bsc#1234455)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- libopenjp2-7-2.3.0-150000.3.18.1 updated
- python311-safetensors-0.4.3-150600.1.5 updated
- python311-primp-0.6.3-150600.1.4 updated
- python311-orjson-3.10.7-150600.1.5 updated
- python311-jiter-0.5.0-150600.1.4 updated
- python311-bcrypt-4.2.0-150600.1.4 updated
- libgstreamer-1_0-0-1.24.0-150600.3.3.1 updated
- gstreamer-1.24.0-150600.3.3.1 updated
- python311-pydantic-core-2.23.4-150600.1.3 updated
- python311-cryptography-43.0.1-150600.1.7 updated
- gstreamer-plugins-base-1.24.0-150600.3.8.1 updated
- libgstvideo-1_0-0-1.24.0-150600.3.8.1 updated
- python311-tiktoken-0.7.0-150600.1.4 updated
- libgsttag-1_0-0-1.24.0-150600.3.8.1 updated
- libgstaudio-1_0-0-1.24.0-150600.3.8.1 updated
- libgstapp-1_0-0-1.24.0-150600.3.8.1 updated
- python311-tokenizers-0.20.0-150600.1.4 updated
- libgstpbutils-1_0-0-1.24.0-150600.3.8.1 updated
- libgstallocators-1_0-0-1.24.0-150600.3.8.1 updated
- libgstgl-1_0-0-1.24.0-150600.3.8.1 updated
- libgstriff-1_0-0-1.24.0-150600.3.8.1 updated
- python311-open-webui-0.3.32-150600.1.33 updated
- container:registry.suse.com-bci-bci-base-15.6-f3cf52285b7e934feb5ce6756e7ad2517c1a4863047039f9e2b2bf5bd208a1c4-0 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:10:48 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:10:48 +0100 (CET)
Subject: SUSE-CU-2025:169-1: Recommended update of bci/gcc
Message-ID: <20250114081048.AF751FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/gcc
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:169-1
Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-8.6 , bci/gcc:latest
Container Release : 8.6
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container bci/gcc was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- curl-8.6.0-150600.4.18.1 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:11:22 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:11:22 +0100 (CET)
Subject: SUSE-CU-2025:171-1: Recommended update of suse/git
Message-ID: <20250114081122.1A064FBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/git
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:171-1
Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-35.4 , suse/git:latest
Container Release : 35.4
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container suse/git was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- libcurl4-8.6.0-150600.4.18.1 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:11:45 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:11:45 +0100 (CET)
Subject: SUSE-CU-2025:172-1: Recommended update of bci/golang
Message-ID: <20250114081145.A3D00FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:172-1
Container Tags : bci/golang:1.22 , bci/golang:1.22.10 , bci/golang:1.22.10-2.48.6 , bci/golang:oldstable , bci/golang:oldstable-2.48.6
Container Release : 48.6
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- curl-8.6.0-150600.4.18.1 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:12:11 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:12:11 +0100 (CET)
Subject: SUSE-CU-2025:174-1: Recommended update of bci/golang
Message-ID: <20250114081211.EA8CCFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:174-1
Container Tags : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.7 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.7
Container Release : 55.7
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- curl-8.6.0-150600.4.18.1 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:12:33 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:12:33 +0100 (CET)
Subject: SUSE-CU-2025:176-1: Recommended update of bci/golang
Message-ID: <20250114081233.15F9EFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:176-1
Container Tags : bci/golang:1.23 , bci/golang:1.23.4 , bci/golang:1.23.4-1.48.8 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.48.8
Container Release : 48.8
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- libcurl4-8.6.0-150600.4.18.1 updated
- curl-8.6.0-150600.4.18.1 updated
- container:registry.suse.com-bci-bci-base-15.6-0adf16bc95f9b2578f89fc1bbdcc1b507ae5317ec1965fd605da444dae1cb4fd-0 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:12:52 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:12:52 +0100 (CET)
Subject: SUSE-CU-2025:177-1: Recommended update of
suse/hpc/warewulf4-x86_64/sle-hpc-node
Message-ID: <20250114081252.96F29FBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:177-1
Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.85 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
Container Release : 17.5.85
Severity : moderate
Type : recommended
References : 1082756 1189451 1219736 1235151
-----------------------------------------------------------------
The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:79-1
Released: Mon Jan 13 12:50:24 2025
Summary: Recommended update for libnl3, ovpn-dco, openVPN
Type: recommended
Severity: moderate
References: 1082756,1189451
This update for libnl3, ovpn-dco, openVPN fixes the following issue:
- Update libnl to release 3.9
- Create Multibuild Environment to support openVPN Data Channel Offload (openvpn-dco package)(#PED-8305)
The following package changes have been done:
- curl-8.6.0-150600.4.18.1 updated
- libcurl4-8.6.0-150600.4.18.1 updated
- libnl-config-3.9.0-150600.15.4.4 updated
- libnl3-200-3.9.0-150600.15.4.4 updated
- permissions-20240826-150600.10.12.1 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:13:40 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:13:40 +0100 (CET)
Subject: SUSE-CU-2025:179-1: Recommended update of bci/kiwi
Message-ID: <20250114081340.0A578FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/kiwi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:179-1
Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-20.7 , bci/kiwi:latest
Container Release : 20.7
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container bci/kiwi was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- curl-8.6.0-150600.4.18.1 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:13:59 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:13:59 +0100 (CET)
Subject: SUSE-CU-2025:181-1: Recommended update of suse/nginx
Message-ID: <20250114081359.03D4DFBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/nginx
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:181-1
Container Tags : suse/nginx:1.21 , suse/nginx:1.21-51.5 , suse/nginx:latest
Container Release : 51.5
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/nginx was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:registry.suse.com-bci-bci-base-15.6-f3cf52285b7e934feb5ce6756e7ad2517c1a4863047039f9e2b2bf5bd208a1c4-0 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:14:25 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:14:25 +0100 (CET)
Subject: SUSE-CU-2025:182-1: Recommended update of bci/nodejs
Message-ID: <20250114081425.176CAFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:182-1
Container Tags : bci/node:20 , bci/node:20.18.1 , bci/node:20.18.1-48.7 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.1 , bci/nodejs:20.18.1-48.7 , bci/nodejs:latest
Container Release : 48.7
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- curl-8.6.0-150600.4.18.1 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:15:28 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:15:28 +0100 (CET)
Subject: SUSE-CU-2025:186-1: Recommended update of bci/openjdk
Message-ID: <20250114081528.481FFFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/openjdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:186-1
Container Tags : bci/openjdk:21 , bci/openjdk:21.0.5.0 , bci/openjdk:21.0.5.0-32.6 , bci/openjdk:latest
Container Release : 32.6
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container bci/openjdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- curl-8.6.0-150600.4.18.1 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:15:50 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:15:50 +0100 (CET)
Subject: SUSE-CU-2025:188-1: Recommended update of suse/pcp
Message-ID: <20250114081550.D5BE3FBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/pcp
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:188-1
Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-42.6 , suse/pcp:latest
Container Release : 42.6
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/pcp was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:bci-bci-init-15.6-55ffbde15b52dc6853ba3899c3fa4c3e14dbdb7f0cfda4fb579430af092c9d7b-0 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:16:17 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:16:17 +0100 (CET)
Subject: SUSE-CU-2025:190-1: Recommended update of bci/php-apache
Message-ID: <20250114081617.14F9AFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/php-apache
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:190-1
Container Tags : bci/php-apache:8 , bci/php-apache:8.2.26 , bci/php-apache:8.2.26-48.9 , bci/php-apache:latest
Container Release : 48.9
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container bci/php-apache was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- libcurl4-8.6.0-150600.4.18.1 updated
- container:registry.suse.com-bci-bci-base-15.6-0adf16bc95f9b2578f89fc1bbdcc1b507ae5317ec1965fd605da444dae1cb4fd-0 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:16:38 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:16:38 +0100 (CET)
Subject: SUSE-CU-2025:191-1: Recommended update of bci/php-fpm
Message-ID: <20250114081638.DE002FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/php-fpm
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:191-1
Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.26 , bci/php-fpm:8.2.26-48.9 , bci/php-fpm:latest
Container Release : 48.9
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container bci/php-fpm was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- libcurl4-8.6.0-150600.4.18.1 updated
- container:registry.suse.com-bci-bci-base-15.6-0adf16bc95f9b2578f89fc1bbdcc1b507ae5317ec1965fd605da444dae1cb4fd-0 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:16:59 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:16:59 +0100 (CET)
Subject: SUSE-CU-2025:192-1: Recommended update of bci/php
Message-ID: <20250114081659.58F14FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/php
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:192-1
Container Tags : bci/php:8 , bci/php:8.2.26 , bci/php:8.2.26-48.7 , bci/php:latest
Container Release : 48.7
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container bci/php was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- libcurl4-8.6.0-150600.4.18.1 updated
- container:registry.suse.com-bci-bci-base-15.6-0adf16bc95f9b2578f89fc1bbdcc1b507ae5317ec1965fd605da444dae1cb4fd-0 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:17:33 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:17:33 +0100 (CET)
Subject: SUSE-CU-2025:193-1: Recommended update of bci/python
Message-ID: <20250114081733.2E9A5FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:193-1
Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.10 , bci/python:3.11.10-61.6
Container Release : 61.6
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- curl-8.6.0-150600.4.18.1 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:18:03 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:18:03 +0100 (CET)
Subject: SUSE-CU-2025:195-1: Recommended update of bci/python
Message-ID: <20250114081803.E4B0AFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:195-1
Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.8 , bci/python:3.12.8-61.7 , bci/python:latest
Container Release : 61.7
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- curl-8.6.0-150600.4.18.1 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:18:28 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:18:28 +0100 (CET)
Subject: SUSE-CU-2025:197-1: Recommended update of bci/python
Message-ID: <20250114081828.0EC35FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:197-1
Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.6
Container Release : 60.6
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- curl-8.6.0-150600.4.18.1 updated
From sle-container-updates at lists.suse.com Tue Jan 14 08:18:49 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 14 Jan 2025 09:18:49 +0100 (CET)
Subject: SUSE-CU-2025:199-1: Recommended update of suse/rmt-mariadb
Message-ID: <20250114081849.17FFAFBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/rmt-mariadb
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:199-1
Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-60.6 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11.9 , suse/rmt-mariadb:10.11.9-60.6 , suse/rmt-mariadb:latest
Container Release : 60.6
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/rmt-mariadb was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:suse-sle15-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
From sle-container-updates at lists.suse.com Wed Jan 15 08:06:19 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 09:06:19 +0100 (CET)
Subject: SUSE-CU-2025:201-1: Recommended update of bci/golang
Message-ID: <20250115080619.3E14CFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:201-1
Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.8 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.8
Container Release : 55.8
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- libcurl4-8.6.0-150600.4.18.1 updated
- curl-8.6.0-150600.4.18.1 updated
- container:registry.suse.com-bci-bci-base-15.6-0adf16bc95f9b2578f89fc1bbdcc1b507ae5317ec1965fd605da444dae1cb4fd-0 updated
From sle-container-updates at lists.suse.com Wed Jan 15 08:06:47 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 09:06:47 +0100 (CET)
Subject: SUSE-CU-2025:199-1: Recommended update of suse/rmt-mariadb
Message-ID: <20250115080647.B6C3CFBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/rmt-mariadb
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:199-1
Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-60.6 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11.9 , suse/rmt-mariadb:10.11.9-60.6 , suse/rmt-mariadb:latest
Container Release : 60.6
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/rmt-mariadb was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- permissions-20240826-150600.10.12.1 updated
- container:suse-sle15-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-8c8379b13fc9d877eaee9c89bb62f595f4e264cc3f736584244214f710cc599b-0 updated
From sle-container-updates at lists.suse.com Wed Jan 15 08:07:05 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 09:07:05 +0100 (CET)
Subject: SUSE-CU-2025:203-1: Recommended update of bci/ruby
Message-ID: <20250115080705.73917FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/ruby
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:203-1
Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.7 , bci/ruby:latest
Container Release : 31.7
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container bci/ruby was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- curl-8.6.0-150600.4.18.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 08:07:21 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 09:07:21 +0100 (CET)
Subject: SUSE-CU-2025:206-1: Recommended update of bci/rust
Message-ID: <20250115080721.80102FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:206-1
Container Tags : bci/rust:1.82 , bci/rust:1.82.0 , bci/rust:1.82.0-2.2.6 , bci/rust:oldstable , bci/rust:oldstable-2.2.6
Container Release : 2.6
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- libcurl4-8.6.0-150600.4.18.1 updated
- container:registry.suse.com-bci-bci-base-15.6-0adf16bc95f9b2578f89fc1bbdcc1b507ae5317ec1965fd605da444dae1cb4fd-0 updated
From sle-container-updates at lists.suse.com Wed Jan 15 08:07:38 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 09:07:38 +0100 (CET)
Subject: SUSE-CU-2025:208-1: Recommended update of bci/rust
Message-ID: <20250115080738.40918FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:208-1
Container Tags : bci/rust:1.83 , bci/rust:1.83.0 , bci/rust:1.83.0-1.2.6 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.6
Container Release : 2.6
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- libcurl4-8.6.0-150600.4.18.1 updated
- container:registry.suse.com-bci-bci-base-15.6-0adf16bc95f9b2578f89fc1bbdcc1b507ae5317ec1965fd605da444dae1cb4fd-0 updated
From sle-container-updates at lists.suse.com Wed Jan 15 08:08:05 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 09:08:05 +0100 (CET)
Subject: SUSE-CU-2025:209-1: Recommended update of containers/python
Message-ID: <20250115080805.DB9B5FBA0@maintenance.suse.de>
SUSE Container Update Advisory: containers/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:209-1
Container Tags : containers/python:3.11 , containers/python:3.11.10 , containers/python:3.11.10-44.6
Container Release : 44.6
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container containers/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- curl-8.6.0-150600.4.18.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 08:08:10 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 09:08:10 +0100 (CET)
Subject: SUSE-CU-2025:211-1: Recommended update of containers/python
Message-ID: <20250115080810.4A890FBA0@maintenance.suse.de>
SUSE Container Update Advisory: containers/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:211-1
Container Tags : containers/python:3.9 , containers/python:3.9.21 , containers/python:3.9.21-51.7
Container Release : 51.7
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container containers/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- curl-8.6.0-150600.4.18.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 08:08:57 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 09:08:57 +0100 (CET)
Subject: SUSE-CU-2025:214-1: Recommended update of suse/sle15
Message-ID: <20250115080857.56E87FBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:214-1
Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.17.3 , suse/sle15:15.6 , suse/sle15:15.6.47.17.3
Container Release : 47.17.3
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- curl-8.6.0-150600.4.18.1 updated
- libcurl4-8.6.0-150600.4.18.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 08:09:19 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 09:09:19 +0100 (CET)
Subject: SUSE-CU-2025:215-1: Recommended update of bci/spack
Message-ID: <20250115080919.10743FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/spack
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:215-1
Container Tags : bci/spack:0.21 , bci/spack:0.21.3 , bci/spack:0.21.3-19.6 , bci/spack:latest
Container Release : 19.6
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container bci/spack was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- libcurl-devel-8.6.0-150600.4.18.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 08:09:33 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 09:09:33 +0100 (CET)
Subject: SUSE-CU-2025:225-1: Security update of suse/sle15
Message-ID: <20250115080933.DF0C3FBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:225-1
Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-3.2.1 , suse/sle15:15.7 , suse/sle15:15.7-3.2.1
Container Release : 3.2.1
Severity : important
Type : security
References : 1203617 1219736 1220338 1231048 1232227 1232844 1234015 1234068
1234749 1235151 CVE-2024-11053
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released: Wed Dec 11 09:31:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4337-1
Released: Tue Dec 17 08:17:39 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1231048,1232844
This update for systemd fixes the following issues:
- udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4402-1
Released: Fri Dec 20 16:41:09 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- curl-8.6.0-150600.4.18.1 updated
- findutils-4.10.0-150700.1.2 updated
- glibc-2.38-150700.19.1 updated
- grep-3.11-150700.1.2 updated
- libblkid1-2.40.2-150700.1.2 updated
- libcurl4-8.6.0-150600.4.18.1 updated
- libfdisk1-2.40.2-150700.1.2 updated
- libgcrypt20-1.11.0-150700.2.7 updated
- libgpg-error0-1.50-150700.1.2 updated
- libmount1-2.40.2-150700.1.2 updated
- libnghttp2-14-1.64.0-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.2 updated
- libopenssl3-3.2.3-150700.3.2 updated
- libsmartcols1-2.40.2-150700.1.2 updated
- libudev1-254.21-150600.4.21.1 updated
- libuuid1-2.40.2-150700.1.2 updated
- libxml2-2-2.12.9-150700.1.2 updated
- libzypp-17.35.16-150600.3.39.1 updated
- openssl-3-3.2.3-150700.3.2 updated
- permissions-20240826-150600.10.12.1 updated
- sle-module-basesystem-release-15.7-150700.16.3 updated
- sle-module-python3-release-15.7-150700.16.3 updated
- sle-module-server-applications-release-15.7-150700.16.3 updated
- sles-release-15.7-150700.16.8 updated
- util-linux-2.40.2-150700.1.2 updated
From sle-container-updates at lists.suse.com Wed Jan 15 12:21:12 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 13:21:12 +0100 (CET)
Subject: SUSE-CU-2025:230-1: Recommended update of containers/open-webui
Message-ID: <20250115122112.7F6BFFCE7@maintenance.suse.de>
SUSE Container Update Advisory: containers/open-webui
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:230-1
Container Tags : containers/open-webui:0.3 , containers/open-webui:0.3.32 , containers/open-webui:0.3.32-7.5
Container Release : 7.5
Severity : moderate
Type : recommended
References : 1235151
-----------------------------------------------------------------
The container containers/open-webui was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- libcurl4-8.6.0-150600.4.18.1 updated
- python311-pandas-2.2.3-150600.1.10 updated
- python311-pyarrow-17.0.0-150600.2.13 updated
- python311-open-webui-0.3.32-150600.1.35 updated
- container:registry.suse.com-bci-bci-base-15.6-0adf16bc95f9b2578f89fc1bbdcc1b507ae5317ec1965fd605da444dae1cb4fd-0 updated
From sle-container-updates at lists.suse.com Wed Jan 15 12:25:50 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 13:25:50 +0100 (CET)
Subject: SUSE-CU-2025:231-1: Security update of suse/sle15
Message-ID: <20250115122550.7EB6CFCE7@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:231-1
Container Tags : bci/bci-base:15.5 , bci/bci-base:15.5.36.14.43 , suse/sle15:15.5 , suse/sle15:15.5.36.14.43
Container Release : 36.14.43
Severity : important
Type : security
References : 1203617 1230272 1231610 1234068 1234749 CVE-2024-11053
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4338-1
Released: Tue Dec 17 08:18:46 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1230272,1231610
This update for systemd fixes the following issues:
- core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout (bsc#1230272)
- core/unit: add get_timeout_start_usec in UnitVTable and define it for service
- sd-bus: make bus_add_match_full accept timeout
- udev-builtin-path_id: SAS wide ports must have num_phys > 1 (bsc#1231610)
- sd-device: add helper to read a unsigned int attribute
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4359-1
Released: Tue Dec 17 14:19:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4403-1
Released: Fri Dec 20 16:42:05 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- curl-8.0.1-150400.5.59.1 updated
- libcurl4-8.0.1-150400.5.59.1 updated
- libsystemd0-249.17-150400.8.46.1 updated
- libudev1-249.17-150400.8.46.1 updated
- libzypp-17.35.16-150500.6.31.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 12:26:48 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 13:26:48 +0100 (CET)
Subject: SUSE-CU-2025:233-1: Security update of containers/python
Message-ID: <20250115122648.3FF38FCE7@maintenance.suse.de>
SUSE Container Update Advisory: containers/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:233-1
Container Tags : containers/python:3.11 , containers/python:3.11.10 , containers/python:3.11.10-44.9
Container Release : 44.9
Severity : important
Type : security
References : 1235600 1235601 CVE-2024-50349 CVE-2024-52006
-----------------------------------------------------------------
The container containers/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:116-1
Released: Wed Jan 15 09:32:35 2025
Summary: Security update for git
Type: security
Severity: important
References: 1235600,1235601,CVE-2024-50349,CVE-2024-52006
This update for git fixes the following issues:
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
The following package changes have been done:
- git-core-2.43.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 12:26:55 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 13:26:55 +0100 (CET)
Subject: SUSE-CU-2025:234-1: Security update of containers/python
Message-ID: <20250115122655.82D35FCE7@maintenance.suse.de>
SUSE Container Update Advisory: containers/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:234-1
Container Tags : containers/python:3.9 , containers/python:3.9.21 , containers/python:3.9.21-51.10
Container Release : 51.10
Severity : important
Type : security
References : 1235600 1235601 CVE-2024-50349 CVE-2024-52006
-----------------------------------------------------------------
The container containers/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:116-1
Released: Wed Jan 15 09:32:35 2025
Summary: Security update for git
Type: security
Severity: important
References: 1235600,1235601,CVE-2024-50349,CVE-2024-52006
This update for git fixes the following issues:
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
The following package changes have been done:
- git-core-2.43.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 12:27:27 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 13:27:27 +0100 (CET)
Subject: SUSE-CU-2025:235-1: Security update of bci/spack
Message-ID: <20250115122727.6A705FCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/spack
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:235-1
Container Tags : bci/spack:0.21 , bci/spack:0.21.3 , bci/spack:0.21.3-19.9 , bci/spack:latest
Container Release : 19.9
Severity : important
Type : security
References : 1235600 1235601 CVE-2024-50349 CVE-2024-52006
-----------------------------------------------------------------
The container bci/spack was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:116-1
Released: Wed Jan 15 09:32:35 2025
Summary: Security update for git
Type: security
Severity: important
References: 1235600,1235601,CVE-2024-50349,CVE-2024-52006
This update for git fixes the following issues:
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
The following package changes have been done:
- git-core-2.43.0-150600.3.9.1 updated
- perl-Git-2.43.0-150600.3.9.1 updated
- git-2.43.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 16:07:53 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 17:07:53 +0100 (CET)
Subject: SUSE-CU-2025:240-1: Security update of suse/sle-micro/5.5/toolbox
Message-ID: <20250115160753.AC9A3FBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:240-1
Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.5.117 , suse/sle-micro/5.5/toolbox:latest
Container Release : 3.5.117
Severity : important
Type : security
References : 1203617 1230272 1231610 1234068 1234749 CVE-2024-11053
-----------------------------------------------------------------
The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4338-1
Released: Tue Dec 17 08:18:46 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1230272,1231610
This update for systemd fixes the following issues:
- core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout (bsc#1230272)
- core/unit: add get_timeout_start_usec in UnitVTable and define it for service
- sd-bus: make bus_add_match_full accept timeout
- udev-builtin-path_id: SAS wide ports must have num_phys > 1 (bsc#1231610)
- sd-device: add helper to read a unsigned int attribute
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4359-1
Released: Tue Dec 17 14:19:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4403-1
Released: Fri Dec 20 16:42:05 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- libcurl4-8.0.1-150400.5.59.1 updated
- libsystemd0-249.17-150400.8.46.1 updated
- libudev1-249.17-150400.8.46.1 updated
- libzypp-17.35.16-150500.6.31.1 updated
- container:suse-sle15-15.5-d9566b7970d05e7a0773130e5c8c6b7ee52897e9ad031e41822c8731b0aeb2ed-0 updated
From sle-container-updates at lists.suse.com Wed Jan 15 16:10:13 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 17:10:13 +0100 (CET)
Subject: SUSE-CU-2025:241-1: Security update of bci/gcc
Message-ID: <20250115161013.C52DFFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/gcc
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:241-1
Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-8.9 , bci/gcc:latest
Container Release : 8.9
Severity : important
Type : security
References : 1235600 1235601 CVE-2024-50349 CVE-2024-52006
-----------------------------------------------------------------
The container bci/gcc was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:116-1
Released: Wed Jan 15 09:32:35 2025
Summary: Security update for git
Type: security
Severity: important
References: 1235600,1235601,CVE-2024-50349,CVE-2024-52006
This update for git fixes the following issues:
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
The following package changes have been done:
- git-core-2.43.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 16:10:26 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 17:10:26 +0100 (CET)
Subject: SUSE-CU-2025:242-1: Security update of bci/golang
Message-ID: <20250115161026.3463AFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:242-1
Container Tags : bci/golang:1.22 , bci/golang:1.22.10 , bci/golang:1.22.10-2.48.9 , bci/golang:oldstable , bci/golang:oldstable-2.48.9
Container Release : 48.9
Severity : important
Type : security
References : 1235600 1235601 CVE-2024-50349 CVE-2024-52006
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:116-1
Released: Wed Jan 15 09:32:35 2025
Summary: Security update for git
Type: security
Severity: important
References: 1235600,1235601,CVE-2024-50349,CVE-2024-52006
This update for git fixes the following issues:
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
The following package changes have been done:
- git-core-2.43.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 16:10:42 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 17:10:42 +0100 (CET)
Subject: SUSE-CU-2025:243-1: Security update of bci/golang
Message-ID: <20250115161042.9841AFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:243-1
Container Tags : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.10 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.10
Container Release : 55.10
Severity : important
Type : security
References : 1235600 1235601 CVE-2024-50349 CVE-2024-52006
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:116-1
Released: Wed Jan 15 09:32:35 2025
Summary: Security update for git
Type: security
Severity: important
References: 1235600,1235601,CVE-2024-50349,CVE-2024-52006
This update for git fixes the following issues:
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
The following package changes have been done:
- git-core-2.43.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 16:11:00 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 17:11:00 +0100 (CET)
Subject: SUSE-CU-2025:244-1: Security update of bci/golang
Message-ID: <20250115161100.60BD8FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:244-1
Container Tags : bci/golang:1.23 , bci/golang:1.23.4 , bci/golang:1.23.4-1.48.9 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.48.9
Container Release : 48.9
Severity : important
Type : security
References : 1235600 1235601 CVE-2024-50349 CVE-2024-52006
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:116-1
Released: Wed Jan 15 09:32:35 2025
Summary: Security update for git
Type: security
Severity: important
References: 1235600,1235601,CVE-2024-50349,CVE-2024-52006
This update for git fixes the following issues:
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
The following package changes have been done:
- git-core-2.43.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 16:11:18 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 17:11:18 +0100 (CET)
Subject: SUSE-CU-2025:245-1: Security update of bci/golang
Message-ID: <20250115161118.70022FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:245-1
Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.9 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.9
Container Release : 55.9
Severity : important
Type : security
References : 1235600 1235601 CVE-2024-50349 CVE-2024-52006
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:116-1
Released: Wed Jan 15 09:32:35 2025
Summary: Security update for git
Type: security
Severity: important
References: 1235600,1235601,CVE-2024-50349,CVE-2024-52006
This update for git fixes the following issues:
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
The following package changes have been done:
- git-core-2.43.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 16:11:53 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 17:11:53 +0100 (CET)
Subject: SUSE-CU-2025:247-1: Security update of bci/kiwi
Message-ID: <20250115161153.B5470FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/kiwi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:247-1
Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-20.11 , bci/kiwi:latest
Container Release : 20.11
Severity : important
Type : security
References : 1235600 1235601 CVE-2024-50349 CVE-2024-52006
-----------------------------------------------------------------
The container bci/kiwi was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:116-1
Released: Wed Jan 15 09:32:35 2025
Summary: Security update for git
Type: security
Severity: important
References: 1235600,1235601,CVE-2024-50349,CVE-2024-52006
This update for git fixes the following issues:
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
The following package changes have been done:
- rsync-3.2.7-150600.3.4.1 updated
- git-core-2.43.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 16:12:12 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 17:12:12 +0100 (CET)
Subject: SUSE-CU-2025:248-1: Security update of bci/nodejs
Message-ID: <20250115161212.5159CFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:248-1
Container Tags : bci/node:20 , bci/node:20.18.1 , bci/node:20.18.1-48.10 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.1 , bci/nodejs:20.18.1-48.10 , bci/nodejs:latest
Container Release : 48.10
Severity : important
Type : security
References : 1235600 1235601 CVE-2024-50349 CVE-2024-52006
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:116-1
Released: Wed Jan 15 09:32:35 2025
Summary: Security update for git
Type: security
Severity: important
References: 1235600,1235601,CVE-2024-50349,CVE-2024-52006
This update for git fixes the following issues:
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
The following package changes have been done:
- git-core-2.43.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 16:12:42 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 17:12:42 +0100 (CET)
Subject: SUSE-CU-2025:249-1: Security update of bci/openjdk
Message-ID: <20250115161242.9C50AFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/openjdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:249-1
Container Tags : bci/openjdk:21 , bci/openjdk:21.0.5.0 , bci/openjdk:21.0.5.0-32.9 , bci/openjdk:latest
Container Release : 32.9
Severity : important
Type : security
References : 1235600 1235601 CVE-2024-50349 CVE-2024-52006
-----------------------------------------------------------------
The container bci/openjdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:116-1
Released: Wed Jan 15 09:32:35 2025
Summary: Security update for git
Type: security
Severity: important
References: 1235600,1235601,CVE-2024-50349,CVE-2024-52006
This update for git fixes the following issues:
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
The following package changes have been done:
- git-core-2.43.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 16:13:13 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 17:13:13 +0100 (CET)
Subject: SUSE-CU-2025:250-1: Security update of bci/python
Message-ID: <20250115161313.B64B8FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:250-1
Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.10 , bci/python:3.11.10-61.9
Container Release : 61.9
Severity : important
Type : security
References : 1235600 1235601 CVE-2024-50349 CVE-2024-52006
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:116-1
Released: Wed Jan 15 09:32:35 2025
Summary: Security update for git
Type: security
Severity: important
References: 1235600,1235601,CVE-2024-50349,CVE-2024-52006
This update for git fixes the following issues:
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
The following package changes have been done:
- git-core-2.43.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 16:13:37 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 17:13:37 +0100 (CET)
Subject: SUSE-CU-2025:251-1: Security update of bci/python
Message-ID: <20250115161337.0DD53FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:251-1
Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.8 , bci/python:3.12.8-61.10 , bci/python:latest
Container Release : 61.10
Severity : important
Type : security
References : 1235600 1235601 CVE-2024-50349 CVE-2024-52006
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:116-1
Released: Wed Jan 15 09:32:35 2025
Summary: Security update for git
Type: security
Severity: important
References: 1235600,1235601,CVE-2024-50349,CVE-2024-52006
This update for git fixes the following issues:
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
The following package changes have been done:
- git-core-2.43.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 16:13:56 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 17:13:56 +0100 (CET)
Subject: SUSE-CU-2025:252-1: Security update of bci/python
Message-ID: <20250115161356.EC4ECFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:252-1
Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.9
Container Release : 60.9
Severity : important
Type : security
References : 1235600 1235601 CVE-2024-50349 CVE-2024-52006
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:116-1
Released: Wed Jan 15 09:32:35 2025
Summary: Security update for git
Type: security
Severity: important
References: 1235600,1235601,CVE-2024-50349,CVE-2024-52006
This update for git fixes the following issues:
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
The following package changes have been done:
- git-core-2.43.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Wed Jan 15 16:14:14 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 15 Jan 2025 17:14:14 +0100 (CET)
Subject: SUSE-CU-2025:253-1: Security update of bci/ruby
Message-ID: <20250115161414.6F811FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/ruby
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:253-1
Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.10 , bci/ruby:latest
Container Release : 31.10
Severity : important
Type : security
References : 1235600 1235601 CVE-2024-50349 CVE-2024-52006
-----------------------------------------------------------------
The container bci/ruby was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:116-1
Released: Wed Jan 15 09:32:35 2025
Summary: Security update for git
Type: security
Severity: important
References: 1235600,1235601,CVE-2024-50349,CVE-2024-52006
This update for git fixes the following issues:
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
The following package changes have been done:
- git-core-2.43.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Thu Jan 16 15:04:02 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 16 Jan 2025 16:04:02 +0100 (CET)
Subject: SUSE-CU-2025:260-1: Recommended update of bci/gcc
Message-ID: <20250116150402.E7772FCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/gcc
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:260-1
Container Tags : bci/gcc:14 , bci/gcc:14.2 , bci/gcc:14.2-8.10 , bci/gcc:latest
Container Release : 8.10
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/gcc was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-devel-2.38-150600.14.20.3 updated
From sle-container-updates at lists.suse.com Thu Jan 16 15:04:22 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 16 Jan 2025 16:04:22 +0100 (CET)
Subject: SUSE-CU-2025:261-1: Security update of suse/git
Message-ID: <20250116150422.BA43AFCE7@maintenance.suse.de>
SUSE Container Update Advisory: suse/git
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:261-1
Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-35.6 , suse/git:latest
Container Release : 35.6
Severity : important
Type : security
References : 1235600 1235601 CVE-2024-50349 CVE-2024-52006
-----------------------------------------------------------------
The container suse/git was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:116-1
Released: Wed Jan 15 09:32:35 2025
Summary: Security update for git
Type: security
Severity: important
References: 1235600,1235601,CVE-2024-50349,CVE-2024-52006
This update for git fixes the following issues:
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
The following package changes have been done:
- git-core-2.43.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Thu Jan 16 15:04:40 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 16 Jan 2025 16:04:40 +0100 (CET)
Subject: SUSE-CU-2025:262-1: Recommended update of suse/postgres
Message-ID: <20250116150440.D806BFCE7@maintenance.suse.de>
SUSE Container Update Advisory: suse/postgres
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:262-1
Container Tags : suse/postgres:16 , suse/postgres:16.6 , suse/postgres:16.6 , suse/postgres:16.6-57.8
Container Release : 57.8
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container suse/postgres was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-locale-base-2.38-150600.14.20.3 updated
- glibc-locale-2.38-150600.14.20.3 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:02:45 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:02:45 +0100 (CET)
Subject: SUSE-CU-2025:267-1: Recommended update of containers/milvus
Message-ID: <20250117080245.347F2F78D@maintenance.suse.de>
SUSE Container Update Advisory: containers/milvus
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:267-1
Container Tags : containers/milvus:2.4 , containers/milvus:2.4.6 , containers/milvus:2.4.6-7.17
Container Release : 7.17
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container containers/milvus was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:03:58 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:03:58 +0100 (CET)
Subject: SUSE-CU-2025:269-1: Recommended update of containers/ollama
Message-ID: <20250117080358.AA819F78D@maintenance.suse.de>
SUSE Container Update Advisory: containers/ollama
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:269-1
Container Tags : containers/ollama:0.3 , containers/ollama:0.3.6 , containers/ollama:0.3.6-4.27
Container Release : 4.27
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container containers/ollama was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:05:03 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:05:03 +0100 (CET)
Subject: SUSE-CU-2025:271-1: Recommended update of containers/open-webui
Message-ID: <20250117080503.8035CF78D@maintenance.suse.de>
SUSE Container Update Advisory: containers/open-webui
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:271-1
Container Tags : containers/open-webui:0.3 , containers/open-webui:0.3.32 , containers/open-webui:0.3.32-7.8
Container Release : 7.8
Severity : moderate
Type : recommended
References : 1234665 1234940 1235097
-----------------------------------------------------------------
The container containers/open-webui was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:151-1
Released: Thu Jan 16 20:44:56 2025
Summary: Recommended update for libproxy
Type: recommended
Severity: moderate
References: 1234940,1235097
This update for libproxy fixes the following issues:
- Properly handle empty proxy ignore entry (bsc#1234940).
- Ignore invalid proxy URI to suppress GUri warnings (bsc#1235097).
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- libpxbackend-1_0-0.5.3-150600.4.6.2 updated
- libproxy1-0.5.3-150600.4.6.2 updated
- python311-open-webui-0.3.32-150600.1.38 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:05:57 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:05:57 +0100 (CET)
Subject: SUSE-IU-2025:201-1: Recommended update of suse/sle-micro/base-5.5
Message-ID: <20250117080557.A0694F78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sle-micro/base-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:201-1
Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.131 , suse/sle-micro/base-5.5:latest
Image Release : 5.8.131
Severity : moderate
Type : recommended
References : 1234273
-----------------------------------------------------------------
The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:148-1
Released: Thu Jan 16 17:00:45 2025
Summary: Recommended update for cryptsetup
Type: recommended
Severity: moderate
References: 1234273
This update for cryptsetup fixes the following issue:
- luksFormat succeeds despite creating corrupt device (bsc#1234273).
* Add a better warning if luksFormat ends with image without any space for data.
* Print warning early if LUKS container is too small for activation.
The following package changes have been done:
- libcryptsetup12-2.4.3-150400.3.6.2 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:06:27 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:06:27 +0100 (CET)
Subject: SUSE-IU-2025:202-1: Recommended update of suse/sle-micro/kvm-5.5
Message-ID: <20250117080627.ACBEEF78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sle-micro/kvm-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:202-1
Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.251 , suse/sle-micro/kvm-5.5:latest
Image Release : 3.5.251
Severity : moderate
Type : recommended
References : 1234273
-----------------------------------------------------------------
The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:148-1
Released: Thu Jan 16 17:00:45 2025
Summary: Recommended update for cryptsetup
Type: recommended
Severity: moderate
References: 1234273
This update for cryptsetup fixes the following issue:
- luksFormat succeeds despite creating corrupt device (bsc#1234273).
* Add a better warning if luksFormat ends with image without any space for data.
* Print warning early if LUKS container is too small for activation.
The following package changes have been done:
- libcryptsetup12-2.4.3-150400.3.6.2 updated
- container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.131 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:07:11 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:07:11 +0100 (CET)
Subject: SUSE-IU-2025:203-1: Recommended update of suse/sle-micro/rt-5.5
Message-ID: <20250117080711.26936F78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sle-micro/rt-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:203-1
Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.285 , suse/sle-micro/rt-5.5:latest
Image Release : 4.5.285
Severity : moderate
Type : recommended
References : 1234273
-----------------------------------------------------------------
The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:148-1
Released: Thu Jan 16 17:00:45 2025
Summary: Recommended update for cryptsetup
Type: recommended
Severity: moderate
References: 1234273
This update for cryptsetup fixes the following issue:
- luksFormat succeeds despite creating corrupt device (bsc#1234273).
* Add a better warning if luksFormat ends with image without any space for data.
* Print warning early if LUKS container is too small for activation.
The following package changes have been done:
- libcryptsetup12-2.4.3-150400.3.6.2 updated
- container:suse-sle-micro-5.5-latest-2.0.4-5.5.218 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:07:56 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:07:56 +0100 (CET)
Subject: SUSE-IU-2025:204-1: Recommended update of suse/sle-micro/5.5
Message-ID: <20250117080756.44146F78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sle-micro/5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:204-1
Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.218 , suse/sle-micro/5.5:latest
Image Release : 5.5.218
Severity : moderate
Type : recommended
References : 1234273
-----------------------------------------------------------------
The container suse/sle-micro/5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:148-1
Released: Thu Jan 16 17:00:45 2025
Summary: Recommended update for cryptsetup
Type: recommended
Severity: moderate
References: 1234273
This update for cryptsetup fixes the following issue:
- luksFormat succeeds despite creating corrupt device (bsc#1234273).
* Add a better warning if luksFormat ends with image without any space for data.
* Print warning early if LUKS container is too small for activation.
The following package changes have been done:
- libcryptsetup12-2.4.3-150400.3.6.2 updated
- cryptsetup-2.4.3-150400.3.6.2 updated
- container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.131 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:18:37 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:18:37 +0100 (CET)
Subject: SUSE-CU-2025:274-1: Recommended update of suse/389-ds
Message-ID: <20250117081837.813CDF78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/389-ds
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:274-1
Container Tags : suse/389-ds:2.2 , suse/389-ds:2.2-49.10 , suse/389-ds:latest
Container Release : 49.10
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container suse/389-ds was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:19:13 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:19:13 +0100 (CET)
Subject: SUSE-CU-2025:275-1: Recommended update of bci/dotnet-aspnet
Message-ID: <20250117081913.4BF21F78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-aspnet
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:275-1
Container Tags : bci/dotnet-aspnet:8.0 , bci/dotnet-aspnet:8.0.10 , bci/dotnet-aspnet:8.0.10-44.6
Container Release : 44.6
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/dotnet-aspnet was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:19:19 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:19:19 +0100 (CET)
Subject: SUSE-CU-2025:276-1: Recommended update of bci/dotnet-aspnet
Message-ID: <20250117081919.28C8EF78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-aspnet
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:276-1
Container Tags : bci/dotnet-aspnet:9.0 , bci/dotnet-aspnet:9.0.0 , bci/dotnet-aspnet:9.0.0-3.6 , bci/dotnet-aspnet:latest
Container Release : 3.6
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/dotnet-aspnet was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:19:41 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:19:41 +0100 (CET)
Subject: SUSE-CU-2025:277-1: Recommended update of bci/bci-base-fips
Message-ID: <20250117081941.D409CF78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-base-fips
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:277-1
Container Tags : bci/bci-base-fips:15.6 , bci/bci-base-fips:15.6.19.8 , bci/bci-base-fips:latest
Container Release : 19.8
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/bci-base-fips was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:19:53 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:19:53 +0100 (CET)
Subject: SUSE-CU-2025:278-1: Recommended update of bci/bci-busybox
Message-ID: <20250117081953.D2362F78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-busybox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:278-1
Container Tags : bci/bci-busybox:15.6 , bci/bci-busybox:15.6.29.2 , bci/bci-busybox:latest
Container Release : 29.2
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/bci-busybox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:19:58 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:19:58 +0100 (CET)
Subject: SUSE-CU-2025:279-1: Recommended update of suse/cosign
Message-ID: <20250117081958.36C65F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/cosign
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:279-1
Container Tags : suse/cosign:2 , suse/cosign:2.4 , suse/cosign:2.4.0 , suse/cosign:2.4.0-8.8 , suse/cosign:latest
Container Release : 8.8
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container suse/cosign was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:suse-sle15-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:20:21 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:20:21 +0100 (CET)
Subject: SUSE-CU-2025:280-1: Recommended update of suse/registry
Message-ID: <20250117082021.60251F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/registry
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:280-1
Container Tags : suse/registry:2.8 , suse/registry:2.8-33.5 , suse/registry:latest
Container Release : 33.5
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container suse/registry was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:bci-bci-micro-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:20:50 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:20:50 +0100 (CET)
Subject: SUSE-CU-2025:281-1: Recommended update of bci/dotnet-sdk
Message-ID: <20250117082050.CFC44F78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-sdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:281-1
Container Tags : bci/dotnet-sdk:8.0 , bci/dotnet-sdk:8.0.10 , bci/dotnet-sdk:8.0.10-46.6
Container Release : 46.6
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/dotnet-sdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:21:01 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:21:01 +0100 (CET)
Subject: SUSE-CU-2025:282-1: Recommended update of bci/dotnet-sdk
Message-ID: <20250117082101.4172CF78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-sdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:282-1
Container Tags : bci/dotnet-sdk:9.0 , bci/dotnet-sdk:9.0.0 , bci/dotnet-sdk:9.0.0-4.6 , bci/dotnet-sdk:latest
Container Release : 4.6
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/dotnet-sdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:21:36 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:21:36 +0100 (CET)
Subject: SUSE-CU-2025:283-1: Recommended update of bci/dotnet-runtime
Message-ID: <20250117082136.53BDFF78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-runtime
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:283-1
Container Tags : bci/dotnet-runtime:8.0 , bci/dotnet-runtime:8.0.10 , bci/dotnet-runtime:8.0.10-44.6
Container Release : 44.6
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/dotnet-runtime was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:21:43 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:21:43 +0100 (CET)
Subject: SUSE-CU-2025:284-1: Recommended update of bci/dotnet-runtime
Message-ID: <20250117082143.866DCF78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/dotnet-runtime
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:284-1
Container Tags : bci/dotnet-runtime:9.0 , bci/dotnet-runtime:9.0.0 , bci/dotnet-runtime:9.0.0-3.7 , bci/dotnet-runtime:latest
Container Release : 3.7
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/dotnet-runtime was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:22:21 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:22:21 +0100 (CET)
Subject: SUSE-CU-2025:286-1: Recommended update of suse/git
Message-ID: <20250117082221.F2F25F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/git
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:286-1
Container Tags : suse/git:2 , suse/git:2.43 , suse/git:2.43.0 , suse/git:2.43.0-35.7 , suse/git:latest
Container Release : 35.7
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container suse/git was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:bci-bci-micro-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:22:42 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:22:42 +0100 (CET)
Subject: SUSE-CU-2025:287-1: Recommended update of bci/golang
Message-ID: <20250117082242.ECA3DF78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:287-1
Container Tags : bci/golang:1.22 , bci/golang:1.22.10 , bci/golang:1.22.10-2.48.10 , bci/golang:oldstable , bci/golang:oldstable-2.48.10
Container Release : 48.10
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-devel-2.38-150600.14.20.3 updated
From sle-container-updates at lists.suse.com Fri Jan 17 08:23:09 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 17 Jan 2025 09:23:09 +0100 (CET)
Subject: SUSE-CU-2025:289-1: Recommended update of bci/golang
Message-ID: <20250117082309.6C627F78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:289-1
Container Tags : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.11 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.11
Container Release : 55.11
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-devel-2.38-150600.14.20.3 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:03:04 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:03:04 +0100 (CET)
Subject: SUSE-IU-2025:208-1: Security update of suse/sle-micro/base-5.5
Message-ID: <20250118080304.C1B5FF78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sle-micro/base-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:208-1
Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.132 , suse/sle-micro/base-5.5:latest
Image Release : 5.8.132
Severity : important
Type : security
References : 1234101 1234102 1234103 1234104 1235475 1235895 CVE-2024-12085
CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747
-----------------------------------------------------------------
The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:165-1
Released: Fri Jan 17 17:09:00 2025
Summary: Security update for rsync
Type: security
Severity: important
References: 1234101,1234102,1234103,1234104,1235475,1235895,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747
This update for rsync fixes the following issues:
- CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101)
- CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102)
- CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103)
- CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104)
- CVE-2024-12747: Fixed a race condition in rsync handling symbolic links. (bsc#1235475)
The following package changes have been done:
- rsync-3.2.3-150400.3.17.1 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:03:24 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:03:24 +0100 (CET)
Subject: SUSE-IU-2025:209-1: Security update of suse/sle-micro/kvm-5.5
Message-ID: <20250118080324.17232F78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sle-micro/kvm-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:209-1
Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.253 , suse/sle-micro/kvm-5.5:latest
Image Release : 3.5.253
Severity : important
Type : security
References : 1234101 1234102 1234103 1234104 1235475 1235895 CVE-2024-12085
CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747
-----------------------------------------------------------------
The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:165-1
Released: Fri Jan 17 17:09:00 2025
Summary: Security update for rsync
Type: security
Severity: important
References: 1234101,1234102,1234103,1234104,1235475,1235895,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747
This update for rsync fixes the following issues:
- CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101)
- CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102)
- CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103)
- CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104)
- CVE-2024-12747: Fixed a race condition in rsync handling symbolic links. (bsc#1235475)
The following package changes have been done:
- rsync-3.2.3-150400.3.17.1 updated
- container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.132 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:03:55 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:03:55 +0100 (CET)
Subject: SUSE-IU-2025:210-1: Security update of suse/sle-micro/rt-5.5
Message-ID: <20250118080355.0BAE9F78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sle-micro/rt-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:210-1
Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.288 , suse/sle-micro/rt-5.5:latest
Image Release : 4.5.288
Severity : important
Type : security
References : 1234101 1234102 1234103 1234104 1235475 1235895 CVE-2024-12085
CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747
-----------------------------------------------------------------
The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:165-1
Released: Fri Jan 17 17:09:00 2025
Summary: Security update for rsync
Type: security
Severity: important
References: 1234101,1234102,1234103,1234104,1235475,1235895,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747
This update for rsync fixes the following issues:
- CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101)
- CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102)
- CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103)
- CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104)
- CVE-2024-12747: Fixed a race condition in rsync handling symbolic links. (bsc#1235475)
The following package changes have been done:
- rsync-3.2.3-150400.3.17.1 updated
- container:suse-sle-micro-5.5-latest-2.0.4-5.5.220 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:04:27 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:04:27 +0100 (CET)
Subject: SUSE-IU-2025:211-1: Security update of suse/sle-micro/5.5
Message-ID: <20250118080427.5A2CFF78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sle-micro/5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:211-1
Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.220 , suse/sle-micro/5.5:latest
Image Release : 5.5.220
Severity : important
Type : security
References : 1234101 1234102 1234103 1234104 1235475 1235895 CVE-2024-12085
CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747
-----------------------------------------------------------------
The container suse/sle-micro/5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:165-1
Released: Fri Jan 17 17:09:00 2025
Summary: Security update for rsync
Type: security
Severity: important
References: 1234101,1234102,1234103,1234104,1235475,1235895,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747
This update for rsync fixes the following issues:
- CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101)
- CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102)
- CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103)
- CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104)
- CVE-2024-12747: Fixed a race condition in rsync handling symbolic links. (bsc#1235475)
The following package changes have been done:
- rsync-3.2.3-150400.3.17.1 updated
- container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.132 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:08:46 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:08:46 +0100 (CET)
Subject: SUSE-IU-2025:212-1: Security update of
suse/sl-micro/6.0/baremetal-os-container
Message-ID: <20250118080846.DB455F78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:212-1
Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-4.40 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release : 4.40
Severity : important
Type : security
References : 1234812 CVE-2024-40896
-----------------------------------------------------------------
The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 188
Released: Fri Jan 17 15:35:14 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1234812,CVE-2024-40896
This update for libxml2 fixes the following issues:
- CVE-2024-40896: Fixed XML external entity vulnerability (bsc#1234812)
The following package changes have been done:
- libxml2-2-2.11.6-4.1 updated
- SL-Micro-release-6.0-24.43 updated
- container:SL-Micro-base-container-2.1.3-4.37 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:09:02 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:09:02 +0100 (CET)
Subject: SUSE-IU-2025:213-1: Security update of
suse/sl-micro/6.0/base-os-container
Message-ID: <20250118080902.4967BF78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:213-1
Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-4.37 , suse/sl-micro/6.0/base-os-container:latest
Image Release : 4.37
Severity : important
Type : security
References : 1234812 CVE-2024-40896
-----------------------------------------------------------------
The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 188
Released: Fri Jan 17 15:35:14 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1234812,CVE-2024-40896
This update for libxml2 fixes the following issues:
- CVE-2024-40896: Fixed XML external entity vulnerability (bsc#1234812)
The following package changes have been done:
- libxml2-2-2.11.6-4.1 updated
- SL-Micro-release-6.0-24.43 updated
- container:suse-toolbox-image-1.0.0-6.82 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:09:18 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:09:18 +0100 (CET)
Subject: SUSE-IU-2025:214-1: Security update of
suse/sl-micro/6.0/kvm-os-container
Message-ID: <20250118080918.30CBBF78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:214-1
Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-4.39 , suse/sl-micro/6.0/kvm-os-container:latest
Image Release : 4.39
Severity : important
Type : security
References : 1234812 CVE-2024-40896
-----------------------------------------------------------------
The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 188
Released: Fri Jan 17 15:35:14 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1234812,CVE-2024-40896
This update for libxml2 fixes the following issues:
- CVE-2024-40896: Fixed XML external entity vulnerability (bsc#1234812)
The following package changes have been done:
- libxml2-2-2.11.6-4.1 updated
- SL-Micro-release-6.0-24.43 updated
- container:SL-Micro-base-container-2.1.3-4.37 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:09:35 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:09:35 +0100 (CET)
Subject: SUSE-IU-2025:215-1: Security update of
suse/sl-micro/6.0/rt-os-container
Message-ID: <20250118080935.1A853F78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:215-1
Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-5.38 , suse/sl-micro/6.0/rt-os-container:latest
Image Release : 5.38
Severity : important
Type : security
References : 1234812 CVE-2024-40896
-----------------------------------------------------------------
The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 188
Released: Fri Jan 17 15:35:14 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1234812,CVE-2024-40896
This update for libxml2 fixes the following issues:
- CVE-2024-40896: Fixed XML external entity vulnerability (bsc#1234812)
The following package changes have been done:
- libxml2-2-2.11.6-4.1 updated
- SL-Micro-release-6.0-24.43 updated
- container:SL-Micro-container-2.1.3-4.40 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:13:08 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:13:08 +0100 (CET)
Subject: SUSE-CU-2025:289-1: Recommended update of bci/golang
Message-ID: <20250118081308.E96AEF78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:289-1
Container Tags : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.11 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.11
Container Release : 55.11
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-devel-2.38-150600.14.20.3 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:13:26 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:13:26 +0100 (CET)
Subject: SUSE-CU-2025:299-1: Recommended update of bci/golang
Message-ID: <20250118081326.E168FF78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:299-1
Container Tags : bci/golang:1.23 , bci/golang:1.23.4 , bci/golang:1.23.4-1.48.11 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.48.11
Container Release : 48.11
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- glibc-devel-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:13:46 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:13:46 +0100 (CET)
Subject: SUSE-CU-2025:300-1: Recommended update of bci/golang
Message-ID: <20250118081346.0988FF78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:300-1
Container Tags : bci/golang:1.23-openssl , bci/golang:1.23.2-openssl , bci/golang:1.23.2-openssl-55.10 , bci/golang:latest , bci/golang:stable-openssl , bci/golang:stable-openssl-55.10
Container Release : 55.10
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-devel-2.38-150600.14.20.3 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:13:57 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:13:57 +0100 (CET)
Subject: SUSE-CU-2025:302-1: Recommended update of suse/helm
Message-ID: <20250118081357.054F0F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/helm
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:302-1
Container Tags : suse/helm:3 , suse/helm:3.16 , suse/helm:3.16.3 , suse/helm:3.16.3-38.7 , suse/helm:latest
Container Release : 38.7
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container suse/helm was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:suse-sle15-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:14:13 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:14:13 +0100 (CET)
Subject: SUSE-CU-2025:304-1: Security update of
suse/hpc/warewulf4-x86_64/sle-hpc-node
Message-ID: <20250118081413.4A574F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:304-1
Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.89 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
Container Release : 17.5.89
Severity : important
Type : security
References : 1234100 1234101 1234102 1234103 1234104 1235475 1235895 CVE-2024-12084
CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747
-----------------------------------------------------------------
The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:156-1
Released: Fri Jan 17 12:59:07 2025
Summary: Security update for rsync
Type: security
Severity: important
References: 1234100,1234101,1234102,1234103,1234104,1235475,1235895,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747
This update for rsync fixes the following issues:
- CVE-2024-12084: heap buffer overflow in checksum parsing. (bsc#1234100)
- CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101)
- CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102)
- CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103)
- CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104)
- CVE-2024-12747: race condition in rsync handling symbolic links (bsc#1235475)
The following package changes have been done:
- rsync-3.2.7-150600.3.8.1 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:14:32 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:14:32 +0100 (CET)
Subject: SUSE-CU-2025:305-1: Recommended update of bci/bci-init
Message-ID: <20250118081432.CA371F78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-init
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:305-1
Container Tags : bci/bci-init:15.6 , bci/bci-init:15.6.30.10 , bci/bci-init:latest
Container Release : 30.10
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/bci-init was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:14:53 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:14:53 +0100 (CET)
Subject: SUSE-CU-2025:306-1: Recommended update of bci/kiwi
Message-ID: <20250118081453.A4E21F78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/kiwi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:306-1
Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-20.12 , bci/kiwi:latest
Container Release : 20.12
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/kiwi was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-locale-base-2.38-150600.14.20.3 updated
- glibc-devel-2.38-150600.14.20.3 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:15:02 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:15:02 +0100 (CET)
Subject: SUSE-CU-2025:308-1: Recommended update of bci/bci-micro
Message-ID: <20250118081502.B1321F78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-micro
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:308-1
Container Tags : bci/bci-micro:15.6 , bci/bci-micro:15.6.29.2 , bci/bci-micro:latest
Container Release : 29.2
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/bci-micro was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:15:13 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:15:13 +0100 (CET)
Subject: SUSE-CU-2025:309-1: Recommended update of bci/bci-minimal
Message-ID: <20250118081513.28D0CF78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-minimal
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:309-1
Container Tags : bci/bci-minimal:15.6 , bci/bci-minimal:15.6.31.4 , bci/bci-minimal:latest
Container Release : 31.4
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/bci-minimal was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:bci-bci-micro-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:15:27 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:15:27 +0100 (CET)
Subject: SUSE-CU-2025:310-1: Recommended update of suse/nginx
Message-ID: <20250118081527.3F375F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/nginx
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:310-1
Container Tags : suse/nginx:1.21 , suse/nginx:1.21-51.9 , suse/nginx:latest
Container Release : 51.9
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container suse/nginx was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:15:45 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:15:45 +0100 (CET)
Subject: SUSE-CU-2025:311-1: Recommended update of bci/nodejs
Message-ID: <20250118081545.D5362F78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:311-1
Container Tags : bci/node:20 , bci/node:20.18.1 , bci/node:20.18.1-48.12 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.1 , bci/nodejs:20.18.1-48.12 , bci/nodejs:latest
Container Release : 48.12
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:16:13 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:16:13 +0100 (CET)
Subject: SUSE-CU-2025:312-1: Recommended update of bci/openjdk-devel
Message-ID: <20250118081613.D856CF78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/openjdk-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:312-1
Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.5.0 , bci/openjdk-devel:21.0.5.0-32.12 , bci/openjdk-devel:latest
Container Release : 32.12
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/openjdk-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:bci-openjdk-21-5e67a4f867b2ae748c011d8e5a8cdb691b00f8714e728eb552314b214ba9ec00-0 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:06:01 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:06:01 +0100 (CET)
Subject: SUSE-CU-2025:312-1: Recommended update of bci/openjdk-devel
Message-ID: <20250119080601.9A96EFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/openjdk-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:312-1
Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.5.0 , bci/openjdk-devel:21.0.5.0-32.12 , bci/openjdk-devel:latest
Container Release : 32.12
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/openjdk-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:bci-openjdk-21-5e67a4f867b2ae748c011d8e5a8cdb691b00f8714e728eb552314b214ba9ec00-0 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:06:27 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:06:27 +0100 (CET)
Subject: SUSE-CU-2025:313-1: Recommended update of bci/openjdk
Message-ID: <20250119080627.7D26EFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/openjdk
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:313-1
Container Tags : bci/openjdk:21 , bci/openjdk:21.0.5.0 , bci/openjdk:21.0.5.0-32.11 , bci/openjdk:latest
Container Release : 32.11
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/openjdk was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:06:45 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:06:45 +0100 (CET)
Subject: SUSE-CU-2025:314-1: Recommended update of suse/pcp
Message-ID: <20250119080645.78A8AFBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/pcp
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:314-1
Container Tags : suse/pcp:6 , suse/pcp:6.2 , suse/pcp:6.2.0 , suse/pcp:6.2.0-42.10 , suse/pcp:latest
Container Release : 42.10
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container suse/pcp was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:bci-bci-init-15.6-1bbe435814f12bdb2b98b437a364c8961e9c8843c7038366b28cb5d2851dd273-0 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:07:08 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:07:08 +0100 (CET)
Subject: SUSE-CU-2025:315-1: Recommended update of bci/php-apache
Message-ID: <20250119080708.4A4F0FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/php-apache
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:315-1
Container Tags : bci/php-apache:8 , bci/php-apache:8.2.26 , bci/php-apache:8.2.26-48.11 , bci/php-apache:latest
Container Release : 48.11
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/php-apache was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:07:30 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:07:30 +0100 (CET)
Subject: SUSE-CU-2025:316-1: Recommended update of bci/php-fpm
Message-ID: <20250119080730.64898FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/php-fpm
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:316-1
Container Tags : bci/php-fpm:8 , bci/php-fpm:8.2.26 , bci/php-fpm:8.2.26-48.11 , bci/php-fpm:latest
Container Release : 48.11
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/php-fpm was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:07:49 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:07:49 +0100 (CET)
Subject: SUSE-CU-2025:317-1: Recommended update of bci/php
Message-ID: <20250119080749.757D6FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/php
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:317-1
Container Tags : bci/php:8 , bci/php:8.2.26 , bci/php:8.2.26-48.9 , bci/php:latest
Container Release : 48.9
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/php was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:08:10 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:08:10 +0100 (CET)
Subject: SUSE-CU-2025:319-1: Recommended update of suse/postgres
Message-ID: <20250119080810.917EBFBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/postgres
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:319-1
Container Tags : suse/postgres:17 , suse/postgres:17.2 , suse/postgres:17.2 , suse/postgres:17.2-38.8 , suse/postgres:latest
Container Release : 38.8
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container suse/postgres was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-locale-base-2.38-150600.14.20.3 updated
- glibc-locale-2.38-150600.14.20.3 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:08:43 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:08:43 +0100 (CET)
Subject: SUSE-CU-2025:321-1: Recommended update of bci/python
Message-ID: <20250119080843.2DA06FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:321-1
Container Tags : bci/python:3 , bci/python:3.11 , bci/python:3.11.10 , bci/python:3.11.10-61.11
Container Release : 61.11
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:09:09 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:09:09 +0100 (CET)
Subject: SUSE-CU-2025:322-1: Recommended update of bci/python
Message-ID: <20250119080909.74E2BFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:322-1
Container Tags : bci/python:3 , bci/python:3.12 , bci/python:3.12.8 , bci/python:3.12.8-61.12 , bci/python:latest
Container Release : 61.12
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:09:31 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:09:31 +0100 (CET)
Subject: SUSE-CU-2025:323-1: Recommended update of bci/python
Message-ID: <20250119080931.A6F5FFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:323-1
Container Tags : bci/python:3 , bci/python:3.6 , bci/python:3.6.15 , bci/python:3.6.15-60.11
Container Release : 60.11
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:09:47 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:09:47 +0100 (CET)
Subject: SUSE-CU-2025:324-1: Recommended update of suse/rmt-mariadb-client
Message-ID: <20250119080947.7917FFBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/rmt-mariadb-client
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:324-1
Container Tags : suse/mariadb-client:10.11 , suse/mariadb-client:10.11.9 , suse/mariadb-client:10.11.9-54.8 , suse/mariadb-client:latest , suse/rmt-mariadb-client:10.11 , suse/rmt-mariadb-client:10.11.9 , suse/rmt-mariadb-client:10.11.9-54.8 , suse/rmt-mariadb-client:latest
Container Release : 54.8
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container suse/rmt-mariadb-client was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:suse-sle15-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:10:03 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:10:03 +0100 (CET)
Subject: SUSE-CU-2025:325-1: Recommended update of suse/rmt-mariadb
Message-ID: <20250119081003.AEB5AFBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/rmt-mariadb
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:325-1
Container Tags : suse/mariadb:10.11 , suse/mariadb:10.11.9 , suse/mariadb:10.11.9-60.9 , suse/mariadb:latest , suse/rmt-mariadb:10.11 , suse/rmt-mariadb:10.11.9 , suse/rmt-mariadb:10.11.9-60.9 , suse/rmt-mariadb:latest
Container Release : 60.9
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container suse/rmt-mariadb was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:suse-sle15-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:10:26 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:10:26 +0100 (CET)
Subject: SUSE-CU-2025:326-1: Recommended update of bci/ruby
Message-ID: <20250119081026.576E7FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/ruby
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:326-1
Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-31.12 , bci/ruby:latest
Container Release : 31.12
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/ruby was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- glibc-devel-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:10:44 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:10:44 +0100 (CET)
Subject: SUSE-CU-2025:327-1: Recommended update of bci/rust
Message-ID: <20250119081044.E62EFFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:327-1
Container Tags : bci/rust:1.82 , bci/rust:1.82.0 , bci/rust:1.82.0-2.2.8 , bci/rust:oldstable , bci/rust:oldstable-2.2.8
Container Release : 2.8
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:92-1
Released: Tue Jan 14 08:42:09 2025
Summary: Recommended update for gcc13
Type: recommended
Severity: moderate
References:
This update for gcc13 fixes the following issues:
- Fix the incorrect NOPs layout when -fpatchable-function-enry is passed
in ppc64le (jsc#PED-7395).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- cpp13-13.3.0+git8781-150000.1.15.1 updated
- glibc-devel-2.38-150600.14.20.3 updated
- gcc13-13.3.0+git8781-150000.1.15.1 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:11:06 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:11:06 +0100 (CET)
Subject: SUSE-CU-2025:329-1: Recommended update of bci/rust
Message-ID: <20250119081106.9C727FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/rust
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:329-1
Container Tags : bci/rust:1.83 , bci/rust:1.83.0 , bci/rust:1.83.0-1.2.8 , bci/rust:latest , bci/rust:stable , bci/rust:stable-1.2.8
Container Release : 2.8
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/rust was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:92-1
Released: Tue Jan 14 08:42:09 2025
Summary: Recommended update for gcc13
Type: recommended
Severity: moderate
References:
This update for gcc13 fixes the following issues:
- Fix the incorrect NOPs layout when -fpatchable-function-enry is passed
in ppc64le (jsc#PED-7395).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- cpp13-13.3.0+git8781-150000.1.15.1 updated
- glibc-devel-2.38-150600.14.20.3 updated
- gcc13-13.3.0+git8781-150000.1.15.1 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:11:13 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:11:13 +0100 (CET)
Subject: SUSE-CU-2025:331-1: Recommended update of containers/apache-tomcat
Message-ID: <20250119081113.937D3FBA0@maintenance.suse.de>
SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:331-1
Container Tags : containers/apache-tomcat:10.1-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11 , containers/apache-tomcat:10.1.34-openjdk11-62.9
Container Release : 62.9
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container containers/apache-tomcat was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:bci-bci-base-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:11:23 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:11:23 +0100 (CET)
Subject: SUSE-CU-2025:332-1: Recommended update of containers/apache-tomcat
Message-ID: <20250119081123.37FB1FBA0@maintenance.suse.de>
SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:332-1
Container Tags : containers/apache-tomcat:10.1-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17 , containers/apache-tomcat:10.1.34-openjdk17-62.9
Container Release : 62.9
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container containers/apache-tomcat was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:bci-bci-base-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:11:33 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:11:33 +0100 (CET)
Subject: SUSE-CU-2025:333-1: Recommended update of containers/apache-tomcat
Message-ID: <20250119081133.2066FFBA0@maintenance.suse.de>
SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:333-1
Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21-62.9
Container Release : 62.9
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container containers/apache-tomcat was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:bci-bci-base-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:11:39 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:11:39 +0100 (CET)
Subject: SUSE-CU-2025:334-1: Recommended update of containers/apache-tomcat
Message-ID: <20250119081139.62A2DFBA0@maintenance.suse.de>
SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:334-1
Container Tags : containers/apache-tomcat:9-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11 , containers/apache-tomcat:9.0.98-openjdk11-62.9
Container Release : 62.9
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container containers/apache-tomcat was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:bci-bci-base-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:11:47 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:11:47 +0100 (CET)
Subject: SUSE-CU-2025:335-1: Recommended update of containers/apache-tomcat
Message-ID: <20250119081147.96805FBA0@maintenance.suse.de>
SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:335-1
Container Tags : containers/apache-tomcat:9-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17 , containers/apache-tomcat:9.0.98-openjdk17-62.9
Container Release : 62.9
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container containers/apache-tomcat was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:bci-bci-base-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
From sle-container-updates at lists.suse.com Sun Jan 19 08:11:54 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 19 Jan 2025 09:11:54 +0100 (CET)
Subject: SUSE-CU-2025:336-1: Recommended update of containers/apache-tomcat
Message-ID: <20250119081154.EA64FFBA0@maintenance.suse.de>
SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:336-1
Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21-62.9
Container Release : 62.9
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container containers/apache-tomcat was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:bci-bci-base-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
From sle-container-updates at lists.suse.com Mon Jan 20 08:05:52 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 20 Jan 2025 09:05:52 +0100 (CET)
Subject: SUSE-CU-2025:336-1: Recommended update of containers/apache-tomcat
Message-ID: <20250120080552.EAC9FF78D@maintenance.suse.de>
SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:336-1
Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21-62.9
Container Release : 62.9
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container containers/apache-tomcat was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:bci-bci-base-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
From sle-container-updates at lists.suse.com Mon Jan 20 08:05:59 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 20 Jan 2025 09:05:59 +0100 (CET)
Subject: SUSE-CU-2025:337-1: Recommended update of containers/apache-tomcat
Message-ID: <20250120080559.2D422F78D@maintenance.suse.de>
SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:337-1
Container Tags : containers/apache-tomcat:9-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8 , containers/apache-tomcat:9.0.98-openjdk8-62.9
Container Release : 62.9
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container containers/apache-tomcat was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:bci-bci-base-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
- container:registry.suse.com-bci-bci-micro-15.6-ae54f9cbaef0e60736ec0fd55403a6a2c4d344abbbcc171ec3290295ef01fc88-0 updated
From sle-container-updates at lists.suse.com Mon Jan 20 08:06:06 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 20 Jan 2025 09:06:06 +0100 (CET)
Subject: SUSE-CU-2025:338-1: Recommended update of containers/python
Message-ID: <20250120080606.4F7FFF78D@maintenance.suse.de>
SUSE Container Update Advisory: containers/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:338-1
Container Tags : containers/python:3.11 , containers/python:3.11.10 , containers/python:3.11.10-44.11
Container Release : 44.11
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container containers/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Mon Jan 20 08:06:11 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 20 Jan 2025 09:06:11 +0100 (CET)
Subject: SUSE-CU-2025:339-1: Recommended update of containers/python
Message-ID: <20250120080611.65016F78D@maintenance.suse.de>
SUSE Container Update Advisory: containers/python
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:339-1
Container Tags : containers/python:3.9 , containers/python:3.9.21 , containers/python:3.9.21-51.12
Container Release : 51.12
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container containers/python was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Mon Jan 20 08:06:46 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 20 Jan 2025 09:06:46 +0100 (CET)
Subject: SUSE-CU-2025:340-1: Recommended update of
bci/bci-sle15-kernel-module-devel
Message-ID: <20250120080646.6F08AF78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:340-1
Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.30.9 , bci/bci-sle15-kernel-module-devel:latest
Container Release : 30.9
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- glibc-locale-base-2.38-150600.14.20.3 updated
- glibc-locale-2.38-150600.14.20.3 updated
- glibc-devel-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Mon Jan 20 08:07:08 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 20 Jan 2025 09:07:08 +0100 (CET)
Subject: SUSE-CU-2025:341-1: Recommended update of suse/sle15
Message-ID: <20250120080708.04DF6F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:341-1
Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.17.4 , suse/sle15:15.6 , suse/sle15:15.6.47.17.4
Container Release : 47.17.4
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
From sle-container-updates at lists.suse.com Mon Jan 20 08:07:35 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 20 Jan 2025 09:07:35 +0100 (CET)
Subject: SUSE-CU-2025:342-1: Recommended update of bci/spack
Message-ID: <20250120080735.10F9BF78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/spack
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:342-1
Container Tags : bci/spack:0.21 , bci/spack:0.21.3 , bci/spack:0.21.3-19.10 , bci/spack:latest
Container Release : 19.10
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container bci/spack was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-devel-2.38-150600.14.20.3 updated
From sle-container-updates at lists.suse.com Mon Jan 20 08:09:06 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 20 Jan 2025 09:09:06 +0100 (CET)
Subject: SUSE-CU-2025:352-1: Recommended update of suse/manager/4.3/proxy-httpd
Message-ID: <20250120080906.30B34F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:352-1
Container Tags : suse/manager/4.3/proxy-httpd:4.3.14 , suse/manager/4.3/proxy-httpd:4.3.14.9.60.14 , suse/manager/4.3/proxy-httpd:latest
Container Release : 9.60.14
Severity : moderate
Type : recommended
References : 1234273
-----------------------------------------------------------------
The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:148-1
Released: Thu Jan 16 17:00:45 2025
Summary: Recommended update for cryptsetup
Type: recommended
Severity: moderate
References: 1234273
This update for cryptsetup fixes the following issue:
- luksFormat succeeds despite creating corrupt device (bsc#1234273).
* Add a better warning if luksFormat ends with image without any space for data.
* Print warning early if LUKS container is too small for activation.
The following package changes have been done:
- libcryptsetup12-2.4.3-150400.3.6.2 updated
- libcryptsetup12-hmac-2.4.3-150400.3.6.2 updated
From sle-container-updates at lists.suse.com Mon Jan 20 12:39:37 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 20 Jan 2025 13:39:37 +0100 (CET)
Subject: SUSE-IU-2025:319-1: Recommended update of
suse/sl-micro/6.0/baremetal-os-container
Message-ID: <20250120123937.8BCC5FBA0@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:319-1
Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-4.42 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release : 4.42
Severity : moderate
Type : recommended
References : 1234996 1235088
-----------------------------------------------------------------
The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 190
Released: Mon Jan 20 09:02:53 2025
Summary: Recommended update for iptables
Type: recommended
Severity: moderate
References: 1234996,1235088
This update for iptables fixes the following issues:
* Fixes checking existence of rules. Fixes issues with rule creation
with podman/netavark. (bsc#1235088, bsc#1234996)
The following package changes have been done:
- libip4tc2-1.8.9-4.1 updated
- SL-Micro-release-6.0-24.44 updated
- libxtables12-1.8.9-4.1 updated
- libip6tc2-1.8.9-4.1 updated
- xtables-plugins-1.8.9-4.1 updated
- iptables-1.8.9-4.1 updated
- container:SL-Micro-base-container-2.1.3-4.39 updated
From sle-container-updates at lists.suse.com Mon Jan 20 12:39:55 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 20 Jan 2025 13:39:55 +0100 (CET)
Subject: SUSE-IU-2025:320-1: Recommended update of
suse/sl-micro/6.0/base-os-container
Message-ID: <20250120123955.AE0D9FBA0@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:320-1
Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-4.39 , suse/sl-micro/6.0/base-os-container:latest
Image Release : 4.39
Severity : moderate
Type : recommended
References : 1234996 1235088
-----------------------------------------------------------------
The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 190
Released: Mon Jan 20 09:02:53 2025
Summary: Recommended update for iptables
Type: recommended
Severity: moderate
References: 1234996,1235088
This update for iptables fixes the following issues:
* Fixes checking existence of rules. Fixes issues with rule creation
with podman/netavark. (bsc#1235088, bsc#1234996)
The following package changes have been done:
- libip4tc2-1.8.9-4.1 updated
- SL-Micro-release-6.0-24.44 updated
- libxtables12-1.8.9-4.1 updated
- container:suse-toolbox-image-1.0.0-6.84 updated
From sle-container-updates at lists.suse.com Mon Jan 20 12:40:15 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 20 Jan 2025 13:40:15 +0100 (CET)
Subject: SUSE-IU-2025:321-1: Recommended update of
suse/sl-micro/6.0/kvm-os-container
Message-ID: <20250120124015.17E12FBA0@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:321-1
Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-4.41 , suse/sl-micro/6.0/kvm-os-container:latest
Image Release : 4.41
Severity : moderate
Type : recommended
References : 1234996 1235088
-----------------------------------------------------------------
The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 190
Released: Mon Jan 20 09:02:53 2025
Summary: Recommended update for iptables
Type: recommended
Severity: moderate
References: 1234996,1235088
This update for iptables fixes the following issues:
* Fixes checking existence of rules. Fixes issues with rule creation
with podman/netavark. (bsc#1235088, bsc#1234996)
The following package changes have been done:
- libip4tc2-1.8.9-4.1 updated
- SL-Micro-release-6.0-24.44 updated
- container:SL-Micro-base-container-2.1.3-4.39 updated
From sle-container-updates at lists.suse.com Mon Jan 20 12:40:37 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 20 Jan 2025 13:40:37 +0100 (CET)
Subject: SUSE-IU-2025:322-1: Recommended update of
suse/sl-micro/6.0/rt-os-container
Message-ID: <20250120124037.AD852FBA0@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:322-1
Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-5.39 , suse/sl-micro/6.0/rt-os-container:latest
Image Release : 5.39
Severity : moderate
Type : recommended
References : 1234996 1235088
-----------------------------------------------------------------
The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 190
Released: Mon Jan 20 09:02:53 2025
Summary: Recommended update for iptables
Type: recommended
Severity: moderate
References: 1234996,1235088
This update for iptables fixes the following issues:
* Fixes checking existence of rules. Fixes issues with rule creation
with podman/netavark. (bsc#1235088, bsc#1234996)
The following package changes have been done:
- libip4tc2-1.8.9-4.1 updated
- SL-Micro-release-6.0-24.44 updated
- container:SL-Micro-container-2.1.3-4.42 updated
From sle-container-updates at lists.suse.com Mon Jan 20 12:45:23 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 20 Jan 2025 13:45:23 +0100 (CET)
Subject: SUSE-CU-2025:365-1: Security update of bci/kiwi
Message-ID: <20250120124523.1FA3BFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/kiwi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:365-1
Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-20.14 , bci/kiwi:latest
Container Release : 20.14
Severity : important
Type : security
References : 1234100 1234101 1234102 1234103 1234104 1235475 1235895 CVE-2024-12084
CVE-2024-12085 CVE-2024-12086 CVE-2024-12087 CVE-2024-12088 CVE-2024-12747
-----------------------------------------------------------------
The container bci/kiwi was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:156-1
Released: Fri Jan 17 12:59:07 2025
Summary: Security update for rsync
Type: security
Severity: important
References: 1234100,1234101,1234102,1234103,1234104,1235475,1235895,CVE-2024-12084,CVE-2024-12085,CVE-2024-12086,CVE-2024-12087,CVE-2024-12088,CVE-2024-12747
This update for rsync fixes the following issues:
- CVE-2024-12084: heap buffer overflow in checksum parsing. (bsc#1234100)
- CVE-2024-12085: leak of uninitialized stack data on the server leading to possible ASLR bypass. (bsc#1234101)
- CVE-2024-12086: leak of a client machine's file contents through the processing of checksum data. (bsc#1234102)
- CVE-2024-12087: arbitrary file overwrite possible on clients when symlink syncing is enabled. (bsc#1234103)
- CVE-2024-12088: bypass of the --safe-links flag may allow the placement of unsafe symlinks in a client. (bsc#1234104)
- CVE-2024-12747: race condition in rsync handling symbolic links (bsc#1235475)
The following package changes have been done:
- rsync-3.2.7-150600.3.8.1 updated
From sle-container-updates at lists.suse.com Mon Jan 20 12:45:36 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 20 Jan 2025 13:45:36 +0100 (CET)
Subject: SUSE-CU-2025:366-1: Recommended update of suse/rmt-server
Message-ID: <20250120124536.39A7AFBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/rmt-server
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:366-1
Container Tags : suse/rmt-server:2.20 , suse/rmt-server:2.20-56.10 , suse/rmt-server:latest
Container Release : 56.10
Severity : moderate
Type : recommended
References : 1234665
-----------------------------------------------------------------
The container suse/rmt-server was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
The following package changes have been done:
- glibc-2.38-150600.14.20.3 updated
- container:registry.suse.com-bci-bci-base-15.6-dadf2bf99da1b4cb8897f5d943019992fc69822b45d0747e3593e5e80d778da8-0 updated
From sle-container-updates at lists.suse.com Wed Jan 22 08:03:56 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 22 Jan 2025 09:03:56 +0100 (CET)
Subject: SUSE-IU-2025:326-1: Security update of suse/sle-micro/base-5.5
Message-ID: <20250122080356.9A8A4F78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sle-micro/base-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:326-1
Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.133 , suse/sle-micro/base-5.5:latest
Image Release : 5.8.133
Severity : important
Type : security
References : 1170891 1173139 1185010 1190358 1190428 1203332 1205521 1209288
1209798 1211593 1211595 1214635 1215304 1215523 1216813 1216909
1219608 1222878 1223044 1225758 1225820 1226694 1228190 1229809
1230422 1230697 1231388 1231453 1231854 1232045 1232157 1232166
1232419 1232436 1232472 1232823 1233038 1233050 1233070 1233096
1233127 1233200 1233239 1233324 1233467 1233468 1233469 1233485
1233547 1233550 1233558 1233564 1233568 1233637 1233642 1233701
1233769 1233837 1234072 1234073 1234075 1234076 1234077 1234087
1234120 1234156 1234219 1234220 1234240 1234241 1234281 1234282
1234294 1234338 1234357 1234437 1234464 1234605 1234639 1234650
1234727 1234811 1234827 1234834 1234843 1234846 1234853 1234856
1234891 1234912 1234920 1234921 1234960 1234963 1234971 1234973
1235004 1235035 1235037 1235039 1235054 1235056 1235061 1235073
1235220 1235224 1235246 1235507 CVE-2021-47202 CVE-2022-36280
CVE-2022-48742 CVE-2022-49033 CVE-2022-49035 CVE-2023-1382 CVE-2023-33951
CVE-2023-33952 CVE-2023-52920 CVE-2024-24860 CVE-2024-26886 CVE-2024-26924
CVE-2024-36915 CVE-2024-42232 CVE-2024-44934 CVE-2024-47666 CVE-2024-47678
CVE-2024-49944 CVE-2024-49952 CVE-2024-50018 CVE-2024-50143 CVE-2024-50154
CVE-2024-50166 CVE-2024-50181 CVE-2024-50202 CVE-2024-50211 CVE-2024-50256
CVE-2024-50262 CVE-2024-50278 CVE-2024-50279 CVE-2024-50280 CVE-2024-50296
CVE-2024-53051 CVE-2024-53055 CVE-2024-53056 CVE-2024-53064 CVE-2024-53072
CVE-2024-53090 CVE-2024-53095 CVE-2024-53101 CVE-2024-53113 CVE-2024-53114
CVE-2024-53119 CVE-2024-53120 CVE-2024-53122 CVE-2024-53125 CVE-2024-53130
CVE-2024-53131 CVE-2024-53142 CVE-2024-53146 CVE-2024-53150 CVE-2024-53156
CVE-2024-53157 CVE-2024-53158 CVE-2024-53161 CVE-2024-53162 CVE-2024-53173
CVE-2024-53179 CVE-2024-53206 CVE-2024-53210 CVE-2024-53213 CVE-2024-53214
CVE-2024-53239 CVE-2024-53240 CVE-2024-53241 CVE-2024-56539 CVE-2024-56548
CVE-2024-56549 CVE-2024-56570 CVE-2024-56571 CVE-2024-56575 CVE-2024-56598
CVE-2024-56604 CVE-2024-56605 CVE-2024-56619 CVE-2024-56755 CVE-2024-8805
-----------------------------------------------------------------
The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:201-1
Released: Tue Jan 21 13:51:32 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1170891,1173139,1185010,1190358,1190428,1203332,1205521,1209288,1209798,1211593,1211595,1214635,1215304,1215523,1216813,1216909,1219608,1222878,1223044,1225758,1225820,1226694,1228190,1229809,1230422,1230697,1231388,1231453,1231854,1232045,1232157,1232166,1232419,1232436,1232472,1232823,1233038,1233050,1233070,1233096,1233127,1233200,1233239,1233324,1233467,1233468,1233469,1233485,1233547,1233550,1233558,1233564,1233568,1233637,1233642,1233701,1233769,1233837,1234072,1234073,1234075,1234076,1234077,1234087,1234120,1234156,1234219,1234220,1234240,1234241,1234281,1234282,1234294,1234338,1234357,1234437,1234464,1234605,1234639,1234650,1234727,1234811,1234827,1234834,1234843,1234846,1234853,1234856,1234891,1234912,1234920,1234921,1234960,1234963,1234971,1234973,1235004,1235035,1235037,1235039,1235054,1235056,1235061,1235073,1235220,1235224,1235246,1235507,CVE-2021-47202,CVE-2022-36280,CVE-2022-48742,CVE-2022-49033,CVE-2022-49035,CVE-2023-1382,CVE-2023-33951,CVE-2023-33952,CV
E-2023-52920,CVE-2024-24860,CVE-2024-26886,CVE-2024-26924,CVE-2024-36915,CVE-2024-42232,CVE-2024-44934,CVE-2024-47666,CVE-2024-47678,CVE-2024-49944,CVE-2024-49952,CVE-2024-50018,CVE-2024-50143,CVE-2024-50154,CVE-2024-50166,CVE-2024-50181,CVE-2024-50202,CVE-2024-50211,CVE-2024-50256,CVE-2024-50262,CVE-2024-50278,CVE-2024-50279,CVE-2024-50280,CVE-2024-50296,CVE-2024-53051,CVE-2024-53055,CVE-2024-53056,CVE-2024-53064,CVE-2024-53072,CVE-2024-53090,CVE-2024-53095,CVE-2024-53101,CVE-2024-53113,CVE-2024-53114,CVE-2024-53119,CVE-2024-53120,CVE-2024-53122,CVE-2024-53125,CVE-2024-53130,CVE-2024-53131,CVE-2024-53142,CVE-2024-53146,CVE-2024-53150,CVE-2024-53156,CVE-2024-53157,CVE-2024-53158,CVE-2024-53161,CVE-2024-53162,CVE-2024-53173,CVE-2024-53179,CVE-2024-53206,CVE-2024-53210,CVE-2024-53213,CVE-2024-53214,CVE-2024-53239,CVE-2024-53240,CVE-2024-53241,CVE-2024-56539,CVE-2024-56548,CVE-2024-56549,CVE-2024-56570,CVE-2024-56571,CVE-2024-56575,CVE-2024-56598,CVE-2024-56604,CVE-2024-56605,CVE-2024-
56619,CVE-2024-56755,CVE-2024-8805
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-48742: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (bsc#1226694).
- CVE-2022-49033: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (bsc#1232045).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-33951: Fixed a race condition that could have led to an information disclosure inside the vmwgfx driver (bsc#1211593).
- CVE-2023-33952: Fixed a double free that could have led to a local privilege escalation inside the vmwgfx driver (bsc#1211595).
- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).
- CVE-2024-26886: Bluetooth: af_bluetooth: Fix deadlock (bsc#1223044).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809).
- CVE-2024-47666: scsi: pm80xx: Set phy->enable_completion only when we wait for it (bsc#1231453).
- CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854).
- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
- CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419).
- CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038).
- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
- CVE-2024-50181: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (bsc#1233127).
- CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324).
- CVE-2024-50211: udf: refactor inode_bmap() to handle error (bsc#1233096).
- CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200).
- CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239).
- CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469).
- CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-53072: platform/x86/amd/pmc: Detect when STB is not available (bsc#1233564).
- CVE-2024-53090: afs: Fix lock recursion (bsc#1233637).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53101: fs: Fix uninitialized value issue in from_kuid and from_kgid (bsc#1233769).
- CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077).
- CVE-2024-53114: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1234072).
- CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073).
- CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219).
- CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53150: ALSA: usb-audio: Fix out of bounds reads when finding clock sources (bsc#1234834).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53157: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (bsc#1234827).
- CVE-2024-53158: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (bsc#1234811).
- CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856).
- CVE-2024-53162: crypto: qat/qat_4xxx - fix off by one in uof_get_name() (bsc#1234843).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53210: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (bsc#1234971).
- CVE-2024-53213: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (bsc#1234973).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56571: media: uvcvideo: Require entities to have a non-zero unique ID (bsc#1235037).
- CVE-2024-56575: media: imx-jpeg: Ensure power suppliers be suspended before detach them (bsc#1235039).
- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).
- CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920).
The following non-security bugs were fixed:
- ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294)
- Documentation: Add x86/amd_hsmp driver (jsc#PED-1295).
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes).
- Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139)
- KVM: x86: fix sending PV IPI (git-fixes).
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes).
- NFSD: Fix nfsd4_shutdown_copy() (git-fixes).
- NFSD: Move fill_pre_wcc() and fill_post_wcc() (bsc#1234650 bsc#1233701 bsc#1232472).
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes).
- NFSD: Prevent a potential integer overflow (git-fixes).
- NFSD: reduce locking in nfsd_lookup() (bsc#1234650 bsc#1233701 bsc#1232472).
- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes).
- PCI: vmd: Fix secondary bus reset for Intel bridges (git-fixes).
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- README: Clean-up trailing whitespace
- SUNRPC: make sure cache entry active before cache_show (git-fixes).
- amd_hsmp: Add HSMP protocol version 5 messages (jsc#PED-1295).
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605)
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes).
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes).
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes).
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator (git-fixes).
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion (git-fixes).
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes).
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes).
- autofs: use flexible array in ioctl structure (git-fixes).
- devlink: allow registering parameters after the instance (bsc#1231388 bsc#1230422).
- devlink: do not require setting features before registration (bsc#1231388 bsc#1230422).
- dma-fence: Fix reference leak on fence merge failure path (git-fixes).
- dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357).
- dmaengine: idxd: add wq driver name support for accel-config user tool (bsc#1234357).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them (git-fixes).
- exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes).
- fixup 'rpm: support gz and zst compression methods' once more (bsc#1190428, bsc#1190358) Fixes: 3b8c4d9bcc24 ('rpm: support gz and zst compression methods') Fixes: 23510fce36ec ('fixup 'rpm: support gz and zst compression methods'')
- hfsplus: do not query the device logical block size multiple times (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- ipc/sem: Fix dangling sem_array access in semtimedop race (bsc#1234727).
- jffs2: Fix rtime decompressor (git-fixes).
- jffs2: Prevent rtime decompress memory corruption (git-fixes).
- jffs2: fix use of uninitialized variable (git-fixes).
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes).
- jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes).
- jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes).
- jfs: fix shift-out-of-bounds in dbSplit (git-fixes).
- jfs: xattr: check invalid xattr size more strictly (git-fixes).
- kabi/severities: ignore intermodule symbols between fsl_fman and fsl_dpaa_eth
- kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge.
- kobject: Add sanity check for kset->kobj.ktype in kset_register() (bsc#1234639).
- memory: tegra: Add API for retrieving carveout bounds (jsc#PED-1763).
- mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (bsc#1234120).
- mmc: core: Further prevent card detect during shutdown (git-fixes).
- net/ipv6: release expired exception dst cached in socket (bsc#1216813).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- nfsd: make sure exp active before svc_export_show (git-fixes).
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234650 bsc#1233701 bsc#1232472).
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes).
- nilfs2: prevent use of deleted inode (git-fixes).
- ocfs2: uncache inode which has failed entering the group (bsc#1234087).
- phy: tegra: p2u: Set ENABLE_L2_EXIT_RATE_CHANGE in calibration (jsc#PED-1763).
- platform/x86: Add AMD system management interface (jsc#PED-1295).
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes).
- pwm: tegra: Improve required rate calculation (jsc#PED-1763).
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
- scatterlist: fix incorrect func name in kernel-doc (git-fixes).
- scripts/git_sort/git_sort.py: add tegra DRM and linux-pwm repo
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- serial: tegra: Read DMA status before terminating (jsc#PED-1763).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642].
- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).
- sunrpc: simplify two-level sysctl registration for svcrdma_parm_table (git-fixes).
- supported.conf: add bsc1185010 dependency
- supported.conf: hyperv_drm (jsc#sle-19733)
- svcrdma: Address an integer overflow (git-fixes).
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes).
- tpm_tis_spi: Release chip select when flow control fails (bsc#1234338)
- ubifs: Correct the total block count by deducting journal reservation (git-fixes).
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes).
- udf: Handle error when adding extent to a file (bsc#1234437).
- udf: refactor udf_current_aext() to handle error (bsc#1234240).
- udf: refactor udf_next_aext() to handle error (bsc#1234241).
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- zonefs: fix zone report size in __zonefs_io_error() (git-fixes).
The following package changes have been done:
- kernel-default-5.14.21-150500.55.91.1 updated
From sle-container-updates at lists.suse.com Wed Jan 22 08:03:58 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 22 Jan 2025 09:03:58 +0100 (CET)
Subject: SUSE-IU-2025:327-1: Recommended update of suse/sle-micro/base-5.5
Message-ID: <20250122080358.C0A9AF78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sle-micro/base-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:327-1
Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.134 , suse/sle-micro/base-5.5:latest
Image Release : 5.8.134
Severity : moderate
Type : recommended
References :
-----------------------------------------------------------------
The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:218-1
Released: Wed Jan 22 04:33:35 2025
Summary: Optional update for augeas
Type: optional
Severity: moderate
References:
This update ships the augeas commandline tool and the augeas-lenses to SUSE Linux Enterprise Micro 5.5.
The following package changes have been done:
- libaugeas0-1.12.0-150400.3.5.1 updated
From sle-container-updates at lists.suse.com Wed Jan 22 08:04:16 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 22 Jan 2025 09:04:16 +0100 (CET)
Subject: SUSE-IU-2025:328-1: Security update of suse/sle-micro/kvm-5.5
Message-ID: <20250122080416.74415F78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sle-micro/kvm-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:328-1
Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.255 , suse/sle-micro/kvm-5.5:latest
Image Release : 3.5.255
Severity : important
Type : security
References : 1170891 1173139 1185010 1190358 1190428 1203332 1205521 1209288
1209798 1211593 1211595 1214635 1215304 1215523 1216813 1216909
1219608 1222878 1223044 1225758 1225820 1226694 1228190 1229809
1230422 1230697 1231388 1231453 1231854 1232045 1232157 1232166
1232419 1232436 1232472 1232823 1233038 1233050 1233070 1233096
1233127 1233200 1233239 1233324 1233467 1233468 1233469 1233485
1233547 1233550 1233558 1233564 1233568 1233637 1233642 1233701
1233769 1233837 1234072 1234073 1234075 1234076 1234077 1234087
1234120 1234156 1234219 1234220 1234240 1234241 1234281 1234282
1234294 1234338 1234357 1234437 1234464 1234605 1234639 1234650
1234727 1234811 1234827 1234834 1234843 1234846 1234853 1234856
1234891 1234912 1234920 1234921 1234960 1234963 1234971 1234973
1235004 1235035 1235037 1235039 1235054 1235056 1235061 1235073
1235220 1235224 1235246 1235507 CVE-2021-47202 CVE-2022-36280
CVE-2022-48742 CVE-2022-49033 CVE-2022-49035 CVE-2023-1382 CVE-2023-33951
CVE-2023-33952 CVE-2023-52920 CVE-2024-24860 CVE-2024-26886 CVE-2024-26924
CVE-2024-36915 CVE-2024-42232 CVE-2024-44934 CVE-2024-47666 CVE-2024-47678
CVE-2024-49944 CVE-2024-49952 CVE-2024-50018 CVE-2024-50143 CVE-2024-50154
CVE-2024-50166 CVE-2024-50181 CVE-2024-50202 CVE-2024-50211 CVE-2024-50256
CVE-2024-50262 CVE-2024-50278 CVE-2024-50279 CVE-2024-50280 CVE-2024-50296
CVE-2024-53051 CVE-2024-53055 CVE-2024-53056 CVE-2024-53064 CVE-2024-53072
CVE-2024-53090 CVE-2024-53095 CVE-2024-53101 CVE-2024-53113 CVE-2024-53114
CVE-2024-53119 CVE-2024-53120 CVE-2024-53122 CVE-2024-53125 CVE-2024-53130
CVE-2024-53131 CVE-2024-53142 CVE-2024-53146 CVE-2024-53150 CVE-2024-53156
CVE-2024-53157 CVE-2024-53158 CVE-2024-53161 CVE-2024-53162 CVE-2024-53173
CVE-2024-53179 CVE-2024-53206 CVE-2024-53210 CVE-2024-53213 CVE-2024-53214
CVE-2024-53239 CVE-2024-53240 CVE-2024-53241 CVE-2024-56539 CVE-2024-56548
CVE-2024-56549 CVE-2024-56570 CVE-2024-56571 CVE-2024-56575 CVE-2024-56598
CVE-2024-56604 CVE-2024-56605 CVE-2024-56619 CVE-2024-56755 CVE-2024-8805
-----------------------------------------------------------------
The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:201-1
Released: Tue Jan 21 13:51:32 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1170891,1173139,1185010,1190358,1190428,1203332,1205521,1209288,1209798,1211593,1211595,1214635,1215304,1215523,1216813,1216909,1219608,1222878,1223044,1225758,1225820,1226694,1228190,1229809,1230422,1230697,1231388,1231453,1231854,1232045,1232157,1232166,1232419,1232436,1232472,1232823,1233038,1233050,1233070,1233096,1233127,1233200,1233239,1233324,1233467,1233468,1233469,1233485,1233547,1233550,1233558,1233564,1233568,1233637,1233642,1233701,1233769,1233837,1234072,1234073,1234075,1234076,1234077,1234087,1234120,1234156,1234219,1234220,1234240,1234241,1234281,1234282,1234294,1234338,1234357,1234437,1234464,1234605,1234639,1234650,1234727,1234811,1234827,1234834,1234843,1234846,1234853,1234856,1234891,1234912,1234920,1234921,1234960,1234963,1234971,1234973,1235004,1235035,1235037,1235039,1235054,1235056,1235061,1235073,1235220,1235224,1235246,1235507,CVE-2021-47202,CVE-2022-36280,CVE-2022-48742,CVE-2022-49033,CVE-2022-49035,CVE-2023-1382,CVE-2023-33951,CVE-2023-33952,CV
E-2023-52920,CVE-2024-24860,CVE-2024-26886,CVE-2024-26924,CVE-2024-36915,CVE-2024-42232,CVE-2024-44934,CVE-2024-47666,CVE-2024-47678,CVE-2024-49944,CVE-2024-49952,CVE-2024-50018,CVE-2024-50143,CVE-2024-50154,CVE-2024-50166,CVE-2024-50181,CVE-2024-50202,CVE-2024-50211,CVE-2024-50256,CVE-2024-50262,CVE-2024-50278,CVE-2024-50279,CVE-2024-50280,CVE-2024-50296,CVE-2024-53051,CVE-2024-53055,CVE-2024-53056,CVE-2024-53064,CVE-2024-53072,CVE-2024-53090,CVE-2024-53095,CVE-2024-53101,CVE-2024-53113,CVE-2024-53114,CVE-2024-53119,CVE-2024-53120,CVE-2024-53122,CVE-2024-53125,CVE-2024-53130,CVE-2024-53131,CVE-2024-53142,CVE-2024-53146,CVE-2024-53150,CVE-2024-53156,CVE-2024-53157,CVE-2024-53158,CVE-2024-53161,CVE-2024-53162,CVE-2024-53173,CVE-2024-53179,CVE-2024-53206,CVE-2024-53210,CVE-2024-53213,CVE-2024-53214,CVE-2024-53239,CVE-2024-53240,CVE-2024-53241,CVE-2024-56539,CVE-2024-56548,CVE-2024-56549,CVE-2024-56570,CVE-2024-56571,CVE-2024-56575,CVE-2024-56598,CVE-2024-56604,CVE-2024-56605,CVE-2024-
56619,CVE-2024-56755,CVE-2024-8805
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-48742: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (bsc#1226694).
- CVE-2022-49033: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (bsc#1232045).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-33951: Fixed a race condition that could have led to an information disclosure inside the vmwgfx driver (bsc#1211593).
- CVE-2023-33952: Fixed a double free that could have led to a local privilege escalation inside the vmwgfx driver (bsc#1211595).
- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).
- CVE-2024-26886: Bluetooth: af_bluetooth: Fix deadlock (bsc#1223044).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809).
- CVE-2024-47666: scsi: pm80xx: Set phy->enable_completion only when we wait for it (bsc#1231453).
- CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854).
- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
- CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419).
- CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038).
- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
- CVE-2024-50181: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (bsc#1233127).
- CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324).
- CVE-2024-50211: udf: refactor inode_bmap() to handle error (bsc#1233096).
- CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200).
- CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239).
- CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469).
- CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-53072: platform/x86/amd/pmc: Detect when STB is not available (bsc#1233564).
- CVE-2024-53090: afs: Fix lock recursion (bsc#1233637).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53101: fs: Fix uninitialized value issue in from_kuid and from_kgid (bsc#1233769).
- CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077).
- CVE-2024-53114: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1234072).
- CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073).
- CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219).
- CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53150: ALSA: usb-audio: Fix out of bounds reads when finding clock sources (bsc#1234834).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53157: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (bsc#1234827).
- CVE-2024-53158: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (bsc#1234811).
- CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856).
- CVE-2024-53162: crypto: qat/qat_4xxx - fix off by one in uof_get_name() (bsc#1234843).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53210: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (bsc#1234971).
- CVE-2024-53213: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (bsc#1234973).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56571: media: uvcvideo: Require entities to have a non-zero unique ID (bsc#1235037).
- CVE-2024-56575: media: imx-jpeg: Ensure power suppliers be suspended before detach them (bsc#1235039).
- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).
- CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920).
The following non-security bugs were fixed:
- ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294)
- Documentation: Add x86/amd_hsmp driver (jsc#PED-1295).
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes).
- Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139)
- KVM: x86: fix sending PV IPI (git-fixes).
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes).
- NFSD: Fix nfsd4_shutdown_copy() (git-fixes).
- NFSD: Move fill_pre_wcc() and fill_post_wcc() (bsc#1234650 bsc#1233701 bsc#1232472).
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes).
- NFSD: Prevent a potential integer overflow (git-fixes).
- NFSD: reduce locking in nfsd_lookup() (bsc#1234650 bsc#1233701 bsc#1232472).
- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes).
- PCI: vmd: Fix secondary bus reset for Intel bridges (git-fixes).
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- README: Clean-up trailing whitespace
- SUNRPC: make sure cache entry active before cache_show (git-fixes).
- amd_hsmp: Add HSMP protocol version 5 messages (jsc#PED-1295).
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605)
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes).
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes).
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes).
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator (git-fixes).
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion (git-fixes).
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes).
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes).
- autofs: use flexible array in ioctl structure (git-fixes).
- devlink: allow registering parameters after the instance (bsc#1231388 bsc#1230422).
- devlink: do not require setting features before registration (bsc#1231388 bsc#1230422).
- dma-fence: Fix reference leak on fence merge failure path (git-fixes).
- dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357).
- dmaengine: idxd: add wq driver name support for accel-config user tool (bsc#1234357).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them (git-fixes).
- exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes).
- fixup 'rpm: support gz and zst compression methods' once more (bsc#1190428, bsc#1190358) Fixes: 3b8c4d9bcc24 ('rpm: support gz and zst compression methods') Fixes: 23510fce36ec ('fixup 'rpm: support gz and zst compression methods'')
- hfsplus: do not query the device logical block size multiple times (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- ipc/sem: Fix dangling sem_array access in semtimedop race (bsc#1234727).
- jffs2: Fix rtime decompressor (git-fixes).
- jffs2: Prevent rtime decompress memory corruption (git-fixes).
- jffs2: fix use of uninitialized variable (git-fixes).
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes).
- jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes).
- jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes).
- jfs: fix shift-out-of-bounds in dbSplit (git-fixes).
- jfs: xattr: check invalid xattr size more strictly (git-fixes).
- kabi/severities: ignore intermodule symbols between fsl_fman and fsl_dpaa_eth
- kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge.
- kobject: Add sanity check for kset->kobj.ktype in kset_register() (bsc#1234639).
- memory: tegra: Add API for retrieving carveout bounds (jsc#PED-1763).
- mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (bsc#1234120).
- mmc: core: Further prevent card detect during shutdown (git-fixes).
- net/ipv6: release expired exception dst cached in socket (bsc#1216813).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- nfsd: make sure exp active before svc_export_show (git-fixes).
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234650 bsc#1233701 bsc#1232472).
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes).
- nilfs2: prevent use of deleted inode (git-fixes).
- ocfs2: uncache inode which has failed entering the group (bsc#1234087).
- phy: tegra: p2u: Set ENABLE_L2_EXIT_RATE_CHANGE in calibration (jsc#PED-1763).
- platform/x86: Add AMD system management interface (jsc#PED-1295).
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes).
- pwm: tegra: Improve required rate calculation (jsc#PED-1763).
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
- scatterlist: fix incorrect func name in kernel-doc (git-fixes).
- scripts/git_sort/git_sort.py: add tegra DRM and linux-pwm repo
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- serial: tegra: Read DMA status before terminating (jsc#PED-1763).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642].
- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).
- sunrpc: simplify two-level sysctl registration for svcrdma_parm_table (git-fixes).
- supported.conf: add bsc1185010 dependency
- supported.conf: hyperv_drm (jsc#sle-19733)
- svcrdma: Address an integer overflow (git-fixes).
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes).
- tpm_tis_spi: Release chip select when flow control fails (bsc#1234338)
- ubifs: Correct the total block count by deducting journal reservation (git-fixes).
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes).
- udf: Handle error when adding extent to a file (bsc#1234437).
- udf: refactor udf_current_aext() to handle error (bsc#1234240).
- udf: refactor udf_next_aext() to handle error (bsc#1234241).
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- zonefs: fix zone report size in __zonefs_io_error() (git-fixes).
The following package changes have been done:
- kernel-default-base-5.14.21-150500.55.91.1.150500.6.41.1 updated
- container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.133 updated
From sle-container-updates at lists.suse.com Wed Jan 22 08:09:19 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 22 Jan 2025 09:09:19 +0100 (CET)
Subject: SUSE-CU-2025:377-1: Recommended update of suse/sle-micro/5.3/toolbox
Message-ID: <20250122080919.C73B5F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:377-1
Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.72 , suse/sle-micro/5.3/toolbox:latest
Container Release : 6.11.72
Severity : moderate
Type : recommended
References :
-----------------------------------------------------------------
The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:218-1
Released: Wed Jan 22 04:33:35 2025
Summary: Optional update for augeas
Type: optional
Severity: moderate
References:
This update ships the augeas commandline tool and the augeas-lenses to SUSE Linux Enterprise Micro 5.5.
The following package changes have been done:
- libaugeas0-1.12.0-150400.3.5.1 updated
From sle-container-updates at lists.suse.com Wed Jan 22 08:12:01 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 22 Jan 2025 09:12:01 +0100 (CET)
Subject: SUSE-CU-2025:380-1: Recommended update of suse/sle-micro/5.4/toolbox
Message-ID: <20250122081201.74E77F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:380-1
Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.72 , suse/sle-micro/5.4/toolbox:latest
Container Release : 5.19.72
Severity : moderate
Type : recommended
References :
-----------------------------------------------------------------
The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:218-1
Released: Wed Jan 22 04:33:35 2025
Summary: Optional update for augeas
Type: optional
Severity: moderate
References:
This update ships the augeas commandline tool and the augeas-lenses to SUSE Linux Enterprise Micro 5.5.
The following package changes have been done:
- libaugeas0-1.12.0-150400.3.5.1 updated
From sle-container-updates at lists.suse.com Wed Jan 22 08:14:21 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 22 Jan 2025 09:14:21 +0100 (CET)
Subject: SUSE-CU-2025:382-1: Recommended update of suse/ltss/sle15.5/sle15
Message-ID: <20250122081421.3DEE5F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/ltss/sle15.5/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:382-1
Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.3 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.3 , suse/ltss/sle15.5/sle15:latest
Container Release : 4.3
Severity : moderate
Type : recommended
References :
-----------------------------------------------------------------
The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:218-1
Released: Wed Jan 22 04:33:35 2025
Summary: Optional update for augeas
Type: optional
Severity: moderate
References:
This update ships the augeas commandline tool and the augeas-lenses to SUSE Linux Enterprise Micro 5.5.
The following package changes have been done:
- libaugeas0-1.12.0-150400.3.5.1 updated
From sle-container-updates at lists.suse.com Thu Jan 23 08:03:12 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:03:12 +0100 (CET)
Subject: SUSE-CU-2025:384-1: Security update of containers/ollama
Message-ID: <20250123080312.2F934F78D@maintenance.suse.de>
SUSE Container Update Advisory: containers/ollama
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:384-1
Container Tags : containers/ollama:0.3 , containers/ollama:0.3.14 , containers/ollama:0.3.14-5.3
Container Release : 5.3
Severity : moderate
Type : security
References : 1195654 1199944 CVE-2022-1664
-----------------------------------------------------------------
The container containers/ollama was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:789-1
Released: Thu Mar 10 11:22:05 2022
Summary: Recommended update for update-alternatives
Type: recommended
Severity: moderate
References: 1195654
This update for update-alternatives fixes the following issues:
- Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4081-1
Released: Fri Nov 18 15:40:46 2022
Summary: Security update for dpkg
Type: security
Severity: low
References: 1199944,CVE-2022-1664
This update for dpkg fixes the following issues:
- CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).
The following package changes have been done:
- cuda-cccl-12-5-12.5.39-150600.1.1 added
- cuda-crt-12-5-12.5.82-150600.1.1 added
- cuda-nvvm-12-5-12.5.82-150600.1.1 added
- cuda-toolkit-12-5-config-common-12.5.82-150600.1.1 added
- cuda-toolkit-12-config-common-12.5.82-150600.1.1 added
- cuda-toolkit-config-common-12.5.82-150600.1.1 added
- update-alternatives-1.19.0.4-150000.4.4.1 added
- libcublas-12-5-12.5.3.2-150600.1.1 added
- cuda-cudart-12-5-12.5.82-150600.1.1 added
- ollama-nvidia-0.3.14-150600.1.1 updated
From sle-container-updates at lists.suse.com Thu Jan 23 08:04:35 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:04:35 +0100 (CET)
Subject: SUSE-IU-2025:335-1: Recommended update of suse/sle-micro/base-5.5
Message-ID: <20250123080435.635A0F78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sle-micro/base-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:335-1
Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.135 , suse/sle-micro/base-5.5:latest
Image Release : 5.8.135
Severity : low
Type : recommended
References :
-----------------------------------------------------------------
The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:224-1
Released: Wed Jan 22 12:31:25 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
The following package changes have been done:
- libzypp-17.35.16-150500.6.33.1 updated
- zypper-1.14.79-150500.6.17.1 updated
From sle-container-updates at lists.suse.com Thu Jan 23 08:06:02 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:06:02 +0100 (CET)
Subject: SUSE-IU-2025:339-1: Recommended update of suse/sle-micro/5.5
Message-ID: <20250123080602.72D96F78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sle-micro/5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:339-1
Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.225 , suse/sle-micro/5.5:latest
Image Release : 5.5.225
Severity : moderate
Type : recommended
References : 1234214 1234245 1234333
-----------------------------------------------------------------
The container suse/sle-micro/5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:225-1
Released: Wed Jan 22 15:31:54 2025
Summary: Recommended update for vim
Type: recommended
Severity: moderate
References: 1234214,1234245,1234333
This update for vim fixes the following issues:
- Fix for migration problems related to 'xxd', a subpackages of vim (bsc#1234333 / bsc#1234214 / bsc#1234245).
Package 'xxd' has been obsoleted by Vim, as it provides the xxd
files directly.
However, because the 'Obsoletes' entry was versioned, depending on
which version of 'xxd' that is installed, the 'Obsoletes' isn't
actually triggered. Thus, there is a conflict between 'vim' and
'xxd' in these cases.
Fixing this by removing the version completely. The 'vim' package
should always replace 'xxd', even if people are migrating from an
older SLE15 service pack which has the exact same version.
The following package changes have been done:
- vim-data-common-9.1.0836-150500.20.18.1 updated
- vim-small-9.1.0836-150500.20.18.1 updated
- container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.135 updated
From sle-container-updates at lists.suse.com Thu Jan 23 08:10:05 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:10:05 +0100 (CET)
Subject: SUSE-CU-2025:391-1: Recommended update of suse/sle-micro/5.3/toolbox
Message-ID: <20250123081005.D1496F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle-micro/5.3/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:391-1
Container Tags : suse/sle-micro/5.3/toolbox:14.2 , suse/sle-micro/5.3/toolbox:14.2-6.11.73 , suse/sle-micro/5.3/toolbox:latest
Container Release : 6.11.73
Severity : low
Type : recommended
References :
-----------------------------------------------------------------
The container suse/sle-micro/5.3/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:223-1
Released: Wed Jan 22 12:30:52 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
The following package changes have been done:
- libzypp-17.35.16-150400.3.107.1 updated
- zypper-1.14.79-150400.3.70.1 updated
From sle-container-updates at lists.suse.com Thu Jan 23 08:12:48 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:12:48 +0100 (CET)
Subject: SUSE-CU-2025:393-1: Recommended update of suse/sle-micro/5.4/toolbox
Message-ID: <20250123081248.55C24F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle-micro/5.4/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:393-1
Container Tags : suse/sle-micro/5.4/toolbox:14.2 , suse/sle-micro/5.4/toolbox:14.2-5.19.73 , suse/sle-micro/5.4/toolbox:latest
Container Release : 5.19.73
Severity : low
Type : recommended
References :
-----------------------------------------------------------------
The container suse/sle-micro/5.4/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:223-1
Released: Wed Jan 22 12:30:52 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
The following package changes have been done:
- libzypp-17.35.16-150400.3.107.1 updated
- zypper-1.14.79-150400.3.70.1 updated
From sle-container-updates at lists.suse.com Thu Jan 23 08:13:40 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:13:40 +0100 (CET)
Subject: SUSE-CU-2025:394-1: Recommended update of suse/sle-micro/5.5/toolbox
Message-ID: <20250123081340.8349FF78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle-micro/5.5/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:394-1
Container Tags : suse/sle-micro/5.5/toolbox:14.2 , suse/sle-micro/5.5/toolbox:14.2-3.5.122 , suse/sle-micro/5.5/toolbox:latest
Container Release : 3.5.122
Severity : moderate
Type : recommended
References : 1234214 1234245 1234333
-----------------------------------------------------------------
The container suse/sle-micro/5.5/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:225-1
Released: Wed Jan 22 15:31:54 2025
Summary: Recommended update for vim
Type: recommended
Severity: moderate
References: 1234214,1234245,1234333
This update for vim fixes the following issues:
- Fix for migration problems related to 'xxd', a subpackages of vim (bsc#1234333 / bsc#1234214 / bsc#1234245).
Package 'xxd' has been obsoleted by Vim, as it provides the xxd
files directly.
However, because the 'Obsoletes' entry was versioned, depending on
which version of 'xxd' that is installed, the 'Obsoletes' isn't
actually triggered. Thus, there is a conflict between 'vim' and
'xxd' in these cases.
Fixing this by removing the version completely. The 'vim' package
should always replace 'xxd', even if people are migrating from an
older SLE15 service pack which has the exact same version.
The following package changes have been done:
- vim-data-common-9.1.0836-150500.20.18.1 updated
- vim-9.1.0836-150500.20.18.1 updated
From sle-container-updates at lists.suse.com Thu Jan 23 08:17:28 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:17:28 +0100 (CET)
Subject: SUSE-CU-2025:401-1: Recommended update of
suse/hpc/warewulf4-x86_64/sle-hpc-node
Message-ID: <20250123081728.71CB9F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:401-1
Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.91 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
Container Release : 17.5.91
Severity : moderate
Type : recommended
References : 1234214 1234245 1234333
-----------------------------------------------------------------
The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:222-1
Released: Wed Jan 22 12:30:04 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:225-1
Released: Wed Jan 22 15:31:54 2025
Summary: Recommended update for vim
Type: recommended
Severity: moderate
References: 1234214,1234245,1234333
This update for vim fixes the following issues:
- Fix for migration problems related to 'xxd', a subpackages of vim (bsc#1234333 / bsc#1234214 / bsc#1234245).
Package 'xxd' has been obsoleted by Vim, as it provides the xxd
files directly.
However, because the 'Obsoletes' entry was versioned, depending on
which version of 'xxd' that is installed, the 'Obsoletes' isn't
actually triggered. Thus, there is a conflict between 'vim' and
'xxd' in these cases.
Fixing this by removing the version completely. The 'vim' package
should always replace 'xxd', even if people are migrating from an
older SLE15 service pack which has the exact same version.
The following package changes have been done:
- libzypp-17.35.16-150600.3.41.1 updated
- vim-data-common-9.1.0836-150500.20.18.1 updated
- vim-small-9.1.0836-150500.20.18.1 updated
- zypper-1.14.79-150600.10.19.1 updated
From sle-container-updates at lists.suse.com Thu Jan 23 08:20:24 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:20:24 +0100 (CET)
Subject: SUSE-CU-2025:410-1: Recommended update of suse/sle15
Message-ID: <20250123082024.9A859F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:410-1
Container Tags : bci/bci-base:15.6 , bci/bci-base:15.6.47.17.5 , suse/sle15:15.6 , suse/sle15:15.6.47.17.5
Container Release : 47.17.5
Severity : low
Type : recommended
References :
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:222-1
Released: Wed Jan 22 12:30:04 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
The following package changes have been done:
- libzypp-17.35.16-150600.3.41.1 updated
- zypper-1.14.79-150600.10.19.1 updated
From sle-container-updates at lists.suse.com Thu Jan 23 08:20:31 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:20:31 +0100 (CET)
Subject: SUSE-CU-2025:412-1: Recommended update of suse/sles/15.7/cdi-apiserver
Message-ID: <20250123082031.D98C0F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.7/cdi-apiserver
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:412-1
Container Tags : suse/sles/15.7/cdi-apiserver:1.58.0 , suse/sles/15.7/cdi-apiserver:1.58.0-150700.7.35 , suse/sles/15.7/cdi-apiserver:1.58.0.27.82
Container Release : 27.82
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/sles/15.7/cdi-apiserver was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- glibc-2.38-150700.19.2 updated
- libopenssl3-3.2.3-150700.3.3 updated
- grep-3.11-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.3 updated
- permissions-20240826-150600.10.12.1 updated
- containerized-data-importer-api-1.58.0-150700.7.35 updated
- container:sles15-image-15.7.0-2.4 updated
From sle-container-updates at lists.suse.com Thu Jan 23 08:20:36 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:20:36 +0100 (CET)
Subject: SUSE-CU-2025:413-1: Security update of suse/sles/15.7/cdi-cloner
Message-ID: <20250123082036.4B533F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.7/cdi-cloner
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:413-1
Container Tags : suse/sles/15.7/cdi-cloner:1.58.0 , suse/sles/15.7/cdi-cloner:1.58.0-150700.7.35 , suse/sles/15.7/cdi-cloner:1.58.0.28.82
Container Release : 28.82
Severity : moderate
Type : security
References : 1219736 1234068 1235151 CVE-2024-11053
-----------------------------------------------------------------
The container suse/sles/15.7/cdi-cloner was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released: Wed Dec 11 09:31:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- glibc-2.38-150700.19.2 updated
- libuuid1-2.40.2-150700.1.2 updated
- libsmartcols1-2.40.2-150700.1.2 updated
- libnghttp2-14-1.64.0-150700.1.3 updated
- libblkid1-2.40.2-150700.1.2 updated
- libopenssl3-3.2.3-150700.3.3 updated
- grep-3.11-150700.1.2 updated
- libmount1-2.40.2-150700.1.2 updated
- libfdisk1-2.40.2-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.3 updated
- permissions-20240826-150600.10.12.1 updated
- libcurl4-8.6.0-150600.4.18.1 updated
- util-linux-2.40.2-150700.1.2 updated
- curl-8.6.0-150600.4.18.1 updated
- containerized-data-importer-cloner-1.58.0-150700.7.35 updated
- container:sles15-image-15.7.0-2.4 updated
- file-magic-5.32-7.14.1 removed
- libmagic1-5.32-7.14.1 removed
From sle-container-updates at lists.suse.com Thu Jan 23 08:20:40 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:20:40 +0100 (CET)
Subject: SUSE-CU-2025:414-1: Recommended update of
suse/sles/15.7/cdi-controller
Message-ID: <20250123082040.9EC4CF78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.7/cdi-controller
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:414-1
Container Tags : suse/sles/15.7/cdi-controller:1.58.0 , suse/sles/15.7/cdi-controller:1.58.0-150700.7.35 , suse/sles/15.7/cdi-controller:1.58.0.27.82
Container Release : 27.82
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/sles/15.7/cdi-controller was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- glibc-2.38-150700.19.2 updated
- libopenssl3-3.2.3-150700.3.3 updated
- grep-3.11-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.3 updated
- permissions-20240826-150600.10.12.1 updated
- containerized-data-importer-controller-1.58.0-150700.7.35 updated
- container:sles15-image-15.7.0-2.4 updated
From sle-container-updates at lists.suse.com Thu Jan 23 08:20:45 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:20:45 +0100 (CET)
Subject: SUSE-CU-2025:415-1: Security update of suse/sles/15.7/cdi-importer
Message-ID: <20250123082045.341D5F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.7/cdi-importer
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:415-1
Container Tags : suse/sles/15.7/cdi-importer:1.58.0 , suse/sles/15.7/cdi-importer:1.58.0-150700.7.35 , suse/sles/15.7/cdi-importer:1.58.0.29.50
Container Release : 29.50
Severity : moderate
Type : security
References : 1219736 1234068 1235151 CVE-2024-11053
-----------------------------------------------------------------
The container suse/sles/15.7/cdi-importer was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released: Wed Dec 11 09:31:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- glibc-2.38-150700.19.2 updated
- libuuid1-2.40.2-150700.1.2 updated
- libsmartcols1-2.40.2-150700.1.2 updated
- libnghttp2-14-1.64.0-150700.1.3 updated
- libgpg-error0-1.50-150700.1.2 updated
- libgcrypt20-1.11.0-150700.2.8 updated
- libblkid1-2.40.2-150700.1.2 updated
- libxml2-2-2.12.9-150700.1.2 updated
- libopenssl3-3.2.3-150700.3.3 updated
- grep-3.11-150700.1.2 updated
- libmount1-2.40.2-150700.1.2 updated
- libfdisk1-2.40.2-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.3 updated
- permissions-20240826-150600.10.12.1 updated
- libcurl4-8.6.0-150600.4.18.1 updated
- util-linux-2.40.2-150700.1.2 updated
- curl-8.6.0-150600.4.18.1 updated
- libnettle8-3.10.1-150700.2.2 updated
- libhogweed6-3.10.1-150700.2.2 updated
- qemu-img-9.2.0-150700.1.3 updated
- nbdkit-server-1.40.4-150700.2.2 updated
- libnbd0-1.20.3-150700.1.2 updated
- nbdkit-xz-filter-1.40.4-150700.2.2 updated
- nbdkit-curl-plugin-1.40.4-150700.2.2 updated
- nbdkit-basic-filters-1.40.4-150700.2.2 updated
- containerized-data-importer-importer-1.58.0-150700.7.35 updated
- nbdkit-vddk-plugin-1.40.4-150700.2.2 updated
- container:sles15-image-15.7.0-2.4 updated
- file-magic-5.32-7.14.1 removed
- libmagic1-5.32-7.14.1 removed
From sle-container-updates at lists.suse.com Thu Jan 23 08:20:49 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:20:49 +0100 (CET)
Subject: SUSE-CU-2025:416-1: Recommended update of suse/sles/15.7/cdi-operator
Message-ID: <20250123082049.AD30AF78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.7/cdi-operator
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:416-1
Container Tags : suse/sles/15.7/cdi-operator:1.58.0 , suse/sles/15.7/cdi-operator:1.58.0-150700.7.35 , suse/sles/15.7/cdi-operator:1.58.0.27.82
Container Release : 27.82
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/sles/15.7/cdi-operator was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- glibc-2.38-150700.19.2 updated
- libopenssl3-3.2.3-150700.3.3 updated
- grep-3.11-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.3 updated
- permissions-20240826-150600.10.12.1 updated
- containerized-data-importer-operator-1.58.0-150700.7.35 updated
- container:sles15-image-15.7.0-2.4 updated
From sle-container-updates at lists.suse.com Thu Jan 23 08:20:54 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:20:54 +0100 (CET)
Subject: SUSE-CU-2025:417-1: Recommended update of
suse/sles/15.7/cdi-uploadproxy
Message-ID: <20250123082054.27B68F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadproxy
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:417-1
Container Tags : suse/sles/15.7/cdi-uploadproxy:1.58.0 , suse/sles/15.7/cdi-uploadproxy:1.58.0-150700.7.35 , suse/sles/15.7/cdi-uploadproxy:1.58.0.27.82
Container Release : 27.82
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/sles/15.7/cdi-uploadproxy was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- glibc-2.38-150700.19.2 updated
- libopenssl3-3.2.3-150700.3.3 updated
- grep-3.11-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.3 updated
- permissions-20240826-150600.10.12.1 updated
- containerized-data-importer-uploadproxy-1.58.0-150700.7.35 updated
- container:sles15-image-15.7.0-2.4 updated
From sle-container-updates at lists.suse.com Thu Jan 23 08:20:58 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:20:58 +0100 (CET)
Subject: SUSE-CU-2025:418-1: Security update of suse/sles/15.7/cdi-uploadserver
Message-ID: <20250123082058.B20E2F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.7/cdi-uploadserver
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:418-1
Container Tags : suse/sles/15.7/cdi-uploadserver:1.58.0 , suse/sles/15.7/cdi-uploadserver:1.58.0-150700.7.35 , suse/sles/15.7/cdi-uploadserver:1.58.0.28.93
Container Release : 28.93
Severity : moderate
Type : security
References : 1219736 1234068 1235151 CVE-2024-11053
-----------------------------------------------------------------
The container suse/sles/15.7/cdi-uploadserver was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released: Wed Dec 11 09:31:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- glibc-2.38-150700.19.2 updated
- libuuid1-2.40.2-150700.1.2 updated
- libsmartcols1-2.40.2-150700.1.2 updated
- libnghttp2-14-1.64.0-150700.1.3 updated
- libgpg-error0-1.50-150700.1.2 updated
- libgcrypt20-1.11.0-150700.2.8 updated
- libblkid1-2.40.2-150700.1.2 updated
- libxml2-2-2.12.9-150700.1.2 updated
- libopenssl3-3.2.3-150700.3.3 updated
- grep-3.11-150700.1.2 updated
- libmount1-2.40.2-150700.1.2 updated
- libfdisk1-2.40.2-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.3 updated
- permissions-20240826-150600.10.12.1 updated
- libcurl4-8.6.0-150600.4.18.1 updated
- util-linux-2.40.2-150700.1.2 updated
- curl-8.6.0-150600.4.18.1 updated
- libnettle8-3.10.1-150700.2.2 updated
- libhogweed6-3.10.1-150700.2.2 updated
- qemu-img-9.2.0-150700.1.3 updated
- libnbd0-1.20.3-150700.1.2 updated
- libnbd-1.20.3-150700.1.2 updated
- containerized-data-importer-uploadserver-1.58.0-150700.7.35 updated
- container:sles15-image-15.7.0-2.4 updated
- file-magic-5.32-7.14.1 removed
- libmagic1-5.32-7.14.1 removed
From sle-container-updates at lists.suse.com Thu Jan 23 08:21:07 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:21:07 +0100 (CET)
Subject: SUSE-CU-2025:422-1: Recommended update of suse/sle15
Message-ID: <20250123082107.5231DF78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:422-1
Container Tags : bci/bci-base:15.7 , bci/bci-base:15.7-3.2.4 , suse/sle15:15.7 , suse/sle15:15.7-3.2.4
Container Release : 3.2.4
Severity : low
Type : recommended
References :
-----------------------------------------------------------------
The container suse/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:222-1
Released: Wed Jan 22 12:30:04 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
The following package changes have been done:
- libzypp-17.35.16-150600.3.41.1 updated
- zypper-1.14.79-150600.10.19.1 updated
From sle-container-updates at lists.suse.com Thu Jan 23 08:21:11 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:21:11 +0100 (CET)
Subject: SUSE-CU-2025:423-1: Recommended update of suse/sles/15.7/virt-api
Message-ID: <20250123082111.D9BB1F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.7/virt-api
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:423-1
Container Tags : suse/sles/15.7/virt-api:1.1.1 , suse/sles/15.7/virt-api:1.1.1-150700.9.40 , suse/sles/15.7/virt-api:1.1.1.27.81
Container Release : 27.81
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/sles/15.7/virt-api was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- glibc-2.38-150700.19.2 updated
- libopenssl3-3.2.3-150700.3.3 updated
- grep-3.11-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.3 updated
- permissions-20240826-150600.10.12.1 updated
- kubevirt-virt-api-1.1.1-150700.9.40 updated
- container:sles15-image-15.7.0-2.4 updated
From sle-container-updates at lists.suse.com Thu Jan 23 08:21:16 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:21:16 +0100 (CET)
Subject: SUSE-CU-2025:424-1: Recommended update of
suse/sles/15.7/virt-controller
Message-ID: <20250123082116.0C440F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.7/virt-controller
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:424-1
Container Tags : suse/sles/15.7/virt-controller:1.1.1 , suse/sles/15.7/virt-controller:1.1.1-150700.9.40 , suse/sles/15.7/virt-controller:1.1.1.27.81
Container Release : 27.81
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/sles/15.7/virt-controller was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- glibc-2.38-150700.19.2 updated
- libopenssl3-3.2.3-150700.3.3 updated
- grep-3.11-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.3 updated
- permissions-20240826-150600.10.12.1 updated
- kubevirt-virt-controller-1.1.1-150700.9.40 updated
- container:sles15-image-15.7.0-2.4 updated
From sle-container-updates at lists.suse.com Thu Jan 23 08:21:20 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:21:20 +0100 (CET)
Subject: SUSE-CU-2025:425-1: Recommended update of
suse/sles/15.7/virt-exportproxy
Message-ID: <20250123082120.72A36F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.7/virt-exportproxy
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:425-1
Container Tags : suse/sles/15.7/virt-exportproxy:1.1.1 , suse/sles/15.7/virt-exportproxy:1.1.1-150700.9.40 , suse/sles/15.7/virt-exportproxy:1.1.1.11.81
Container Release : 11.81
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/sles/15.7/virt-exportproxy was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- glibc-2.38-150700.19.2 updated
- libopenssl3-3.2.3-150700.3.3 updated
- grep-3.11-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.3 updated
- permissions-20240826-150600.10.12.1 updated
- kubevirt-virt-exportproxy-1.1.1-150700.9.40 updated
- container:sles15-image-15.7.0-2.4 updated
From sle-container-updates at lists.suse.com Thu Jan 23 08:21:24 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:21:24 +0100 (CET)
Subject: SUSE-CU-2025:426-1: Recommended update of
suse/sles/15.7/virt-exportserver
Message-ID: <20250123082124.C4051F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.7/virt-exportserver
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:426-1
Container Tags : suse/sles/15.7/virt-exportserver:1.1.1 , suse/sles/15.7/virt-exportserver:1.1.1-150700.9.40 , suse/sles/15.7/virt-exportserver:1.1.1.12.81
Container Release : 12.81
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/sles/15.7/virt-exportserver was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- glibc-2.38-150700.19.2 updated
- libopenssl3-3.2.3-150700.3.3 updated
- grep-3.11-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.3 updated
- permissions-20240826-150600.10.12.1 updated
- kubevirt-virt-exportserver-1.1.1-150700.9.40 updated
- container:sles15-image-15.7.0-2.4 updated
From sle-container-updates at lists.suse.com Thu Jan 23 08:21:28 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 23 Jan 2025 09:21:28 +0100 (CET)
Subject: SUSE-CU-2025:427-1: Security update of suse/sles/15.7/virt-handler
Message-ID: <20250123082128.F23DBF78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.7/virt-handler
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:427-1
Container Tags : suse/sles/15.7/virt-handler:1.1.1 , suse/sles/15.7/virt-handler:1.1.1-150700.9.40 , suse/sles/15.7/virt-handler:1.1.1.29.96
Container Release : 29.96
Severity : important
Type : security
References : 1203617 1219736 1220338 1231048 1232227 1232844 1234015 1234068
1235151 CVE-2024-11053
-----------------------------------------------------------------
The container suse/sles/15.7/virt-handler was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released: Wed Dec 11 09:31:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4337-1
Released: Tue Dec 17 08:17:39 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1231048,1232844
This update for systemd fixes the following issues:
- udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- glibc-2.38-150700.19.2 updated
- libuuid1-2.40.2-150700.1.2 updated
- libsmartcols1-2.40.2-150700.1.2 updated
- libnghttp2-14-1.64.0-150700.1.3 updated
- libgpg-error0-1.50-150700.1.2 updated
- libudev1-254.21-150600.4.21.1 updated
- findutils-4.10.0-150700.1.2 updated
- libgcrypt20-1.11.0-150700.2.8 updated
- libblkid1-2.40.2-150700.1.2 updated
- libopenssl3-3.2.3-150700.3.3 updated
- grep-3.11-150700.1.2 updated
- libmount1-2.40.2-150700.1.2 updated
- libfdisk1-2.40.2-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.3 updated
- permissions-20240826-150600.10.12.1 updated
- sles-release-15.7-150700.17.2 updated
- libcurl4-8.6.0-150600.4.18.1 updated
- util-linux-2.40.2-150700.1.2 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- curl-8.6.0-150600.4.18.1 updated
- kbd-2.4.0-150700.13.1 updated
- kubevirt-container-disk-1.1.1-150700.9.40 updated
- kubevirt-virt-handler-1.1.1-150700.9.40 updated
- libbpf1-1.5.0-150700.1.1 updated
- libexpat1-2.6.4-150700.1.2 updated
- libnettle8-3.10.1-150700.2.2 updated
- libsystemd0-254.21-150600.4.21.1 updated
- libhogweed6-3.10.1-150700.2.2 updated
- qemu-img-9.2.0-150700.1.3 updated
- systemd-254.21-150600.4.21.1 updated
- util-linux-systemd-2.40.2-150700.1.3 updated
- container:sles15-image-15.7.0-2.4 updated
- file-magic-5.32-7.14.1 removed
- kbd-legacy-2.4.0-150400.5.6.1 removed
- libmagic1-5.32-7.14.1 removed
From sle-container-updates at lists.suse.com Fri Jan 24 08:05:47 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 24 Jan 2025 09:05:47 +0100 (CET)
Subject: SUSE-CU-2025:428-1: Recommended update of suse/ltss/sle15.5/sle15
Message-ID: <20250124080547.A3E0CF78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/ltss/sle15.5/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:428-1
Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.4 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.4 , suse/ltss/sle15.5/sle15:latest
Container Release : 4.4
Severity : low
Type : recommended
References :
-----------------------------------------------------------------
The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:224-1
Released: Wed Jan 22 12:31:25 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
The following package changes have been done:
- libzypp-17.35.16-150500.6.33.1 updated
- zypper-1.14.79-150500.6.17.1 updated
From sle-container-updates at lists.suse.com Fri Jan 24 08:11:07 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 24 Jan 2025 09:11:07 +0100 (CET)
Subject: SUSE-CU-2025:427-1: Security update of suse/sles/15.7/virt-handler
Message-ID: <20250124081107.B41BEF78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.7/virt-handler
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:427-1
Container Tags : suse/sles/15.7/virt-handler:1.1.1 , suse/sles/15.7/virt-handler:1.1.1-150700.9.40 , suse/sles/15.7/virt-handler:1.1.1.29.96
Container Release : 29.96
Severity : important
Type : security
References : 1203617 1219736 1220338 1231048 1232227 1232844 1234015 1234068
1235151 CVE-2024-11053
-----------------------------------------------------------------
The container suse/sles/15.7/virt-handler was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released: Wed Dec 11 09:31:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4337-1
Released: Tue Dec 17 08:17:39 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1231048,1232844
This update for systemd fixes the following issues:
- udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
The following package changes have been done:
- glibc-2.38-150700.19.2 updated
- libuuid1-2.40.2-150700.1.2 updated
- libsmartcols1-2.40.2-150700.1.2 updated
- libnghttp2-14-1.64.0-150700.1.3 updated
- libgpg-error0-1.50-150700.1.2 updated
- libudev1-254.21-150600.4.21.1 updated
- findutils-4.10.0-150700.1.2 updated
- libgcrypt20-1.11.0-150700.2.8 updated
- libblkid1-2.40.2-150700.1.2 updated
- libopenssl3-3.2.3-150700.3.3 updated
- grep-3.11-150700.1.2 updated
- libmount1-2.40.2-150700.1.2 updated
- libfdisk1-2.40.2-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.3 updated
- permissions-20240826-150600.10.12.1 updated
- sles-release-15.7-150700.17.2 updated
- libcurl4-8.6.0-150600.4.18.1 updated
- util-linux-2.40.2-150700.1.2 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- curl-8.6.0-150600.4.18.1 updated
- kbd-2.4.0-150700.13.1 updated
- kubevirt-container-disk-1.1.1-150700.9.40 updated
- kubevirt-virt-handler-1.1.1-150700.9.40 updated
- libbpf1-1.5.0-150700.1.1 updated
- libexpat1-2.6.4-150700.1.2 updated
- libnettle8-3.10.1-150700.2.2 updated
- libsystemd0-254.21-150600.4.21.1 updated
- libhogweed6-3.10.1-150700.2.2 updated
- qemu-img-9.2.0-150700.1.3 updated
- systemd-254.21-150600.4.21.1 updated
- util-linux-systemd-2.40.2-150700.1.3 updated
- container:sles15-image-15.7.0-2.4 updated
- file-magic-5.32-7.14.1 removed
- kbd-legacy-2.4.0-150400.5.6.1 removed
- libmagic1-5.32-7.14.1 removed
From sle-container-updates at lists.suse.com Fri Jan 24 08:11:13 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 24 Jan 2025 09:11:13 +0100 (CET)
Subject: SUSE-CU-2025:443-1: Security update of suse/sles/15.7/virt-launcher
Message-ID: <20250124081113.281E0F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.7/virt-launcher
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:443-1
Container Tags : suse/sles/15.7/virt-launcher:1.1.1 , suse/sles/15.7/virt-launcher:1.1.1-150700.9.40 , suse/sles/15.7/virt-launcher:1.1.1.34.75
Container Release : 34.75
Severity : important
Type : security
References : 1082756 1189451 1203617 1219736 1220338 1225462 1229238 1231048
1231373 1232227 1232844 1234015 1234068 1235151 CVE-2024-11053
CVE-2024-43374 CVE-2024-47814 CVE-2024-54661
-----------------------------------------------------------------
The container suse/sles/15.7/virt-launcher was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released: Wed Dec 11 09:31:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4295-1
Released: Wed Dec 11 15:40:56 2024
Summary: Security update for socat
Type: security
Severity: moderate
References: 1225462,CVE-2024-54661
This update for socat fixes the following issues:
- CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory in socat readline.sh (bsc#1225462)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4330-1
Released: Mon Dec 16 14:17:15 2024
Summary: Security update for vim
Type: security
Severity: low
References: 1229238,1231373,CVE-2024-43374,CVE-2024-47814
This update for vim fixes the following issues:
- CVE-2024-47814: Fixed use-after-free when closing buffers in Vim (bsc#1231373)
- CVE-2024-43374: Fixed use-after-free in alist_add() (bsc#1229238)
Other fixes:
- Updated to version 9.1.0836
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4337-1
Released: Tue Dec 17 08:17:39 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1231048,1232844
This update for systemd fixes the following issues:
- udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:79-1
Released: Mon Jan 13 12:50:24 2025
Summary: Recommended update for libnl3, ovpn-dco, openVPN
Type: recommended
Severity: moderate
References: 1082756,1189451
This update for libnl3, ovpn-dco, openVPN fixes the following issue:
- Update libnl to release 3.9
- Create Multibuild Environment to support openVPN Data Channel Offload (openvpn-dco package)(#PED-8305)
The following package changes have been done:
- glibc-2.38-150700.19.2 updated
- libuuid1-2.40.2-150700.1.2 updated
- libsmartcols1-2.40.2-150700.1.2 updated
- libnghttp2-14-1.64.0-150700.1.3 updated
- libgpg-error0-1.50-150700.1.2 updated
- libudev1-254.21-150600.4.21.1 updated
- findutils-4.10.0-150700.1.2 updated
- libgcrypt20-1.11.0-150700.2.8 updated
- libblkid1-2.40.2-150700.1.2 updated
- libxml2-2-2.12.9-150700.1.2 updated
- libopenssl3-3.2.3-150700.3.3 updated
- grep-3.11-150700.1.2 updated
- libmount1-2.40.2-150700.1.2 updated
- libfdisk1-2.40.2-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.3 updated
- permissions-20240826-150600.10.12.1 updated
- sles-release-15.7-150700.17.2 updated
- libcurl4-8.6.0-150600.4.18.1 updated
- util-linux-2.40.2-150700.1.2 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- curl-8.6.0-150600.4.18.1 updated
- kbd-2.4.0-150700.13.1 updated
- kubevirt-container-disk-1.1.1-150700.9.40 updated
- libbpf1-1.5.0-150700.1.1 updated
- libcbor0_10-0.10.1-150500.1.1 added
- libdevmapper1_03-2.03.24_1.02.198-150700.1.2 updated
- libexpat1-2.6.4-150700.1.2 updated
- libnettle8-3.10.1-150700.2.2 updated
- libnl-config-3.9.0-150600.15.4.4 updated
- libusdm0-24.09.0-150700.1.1 added
- qemu-accel-tcg-x86-9.2.0-150700.1.3 updated
- qemu-hw-usb-host-9.2.0-150700.1.3 updated
- qemu-ipxe-9.2.0-150700.1.3 updated
- qemu-seabios-9.2.01.16.3_3_g3d33c746-150700.1.3 updated
- qemu-vgabios-9.2.01.16.3_3_g3d33c746-150700.1.3 updated
- vim-data-common-9.1.0836-150500.20.15.1 updated
- libndctl6-80-150700.1.2 updated
- libsystemd0-254.21-150600.4.21.1 updated
- libhogweed6-3.10.1-150700.2.2 updated
- libnl3-200-3.9.0-150600.15.4.4 updated
- virtiofsd-1.12.0-150700.1.4 updated
- qemu-hw-usb-redirect-9.2.0-150700.1.3 updated
- libqat4-24.09.0-150700.1.1 added
- socat-1.8.0.0-150600.20.6.1 updated
- vim-small-9.1.0836-150500.20.15.1 updated
- xen-libs-4.20.0_02-150700.1.4 updated
- libqatzip3-1.2.0-150700.1.1 added
- qemu-img-9.2.0-150700.1.3 updated
- systemd-254.21-150600.4.21.1 updated
- udev-254.21-150600.4.21.1 updated
- systemd-container-254.21-150600.4.21.1 updated
- libvirt-libs-10.10.0-150700.2.2 updated
- rdma-core-54.0-150700.1.3 updated
- libvirt-daemon-log-10.10.0-150700.2.2 updated
- libvirt-client-10.10.0-150700.2.2 updated
- kubevirt-virt-launcher-1.1.1-150700.9.40 updated
- swtpm-0.9.0-150700.1.2 updated
- libibverbs1-54.0-150700.1.3 updated
- libmlx5-1-54.0-150700.1.3 updated
- libvirt-daemon-common-10.10.0-150700.2.2 updated
- libmlx4-1-54.0-150700.1.3 updated
- libmana1-54.0-150700.1.3 updated
- libhns1-54.0-150700.1.3 updated
- libefa1-54.0-150700.1.3 updated
- libibverbs-54.0-150700.1.3 updated
- librdmacm1-54.0-150700.1.3 updated
- qemu-ovmf-x86_64-202408-150700.1.2 updated
- qemu-x86-9.2.0-150700.1.3 updated
- qemu-9.2.0-150700.1.3 updated
- libvirt-daemon-driver-qemu-10.10.0-150700.2.2 updated
- container:sles15-image-15.7.0-2.4 updated
- kbd-legacy-2.4.0-150400.5.6.1 removed
From sle-container-updates at lists.suse.com Fri Jan 24 08:11:18 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 24 Jan 2025 09:11:18 +0100 (CET)
Subject: SUSE-CU-2025:444-1: Security update of suse/sles/15.7/libguestfs-tools
Message-ID: <20250124081118.B2AB7F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.7/libguestfs-tools
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:444-1
Container Tags : suse/sles/15.7/libguestfs-tools:1.1.1 , suse/sles/15.7/libguestfs-tools:1.1.1-150700.9.40 , suse/sles/15.7/libguestfs-tools:1.1.1.28.108
Container Release : 28.108
Severity : important
Type : security
References : 1082756 1189451 1203617 1219736 1220338 1231048 1232227 1232844
1233285 1233287 1233292 1234015 1234068 1234749 1234940 1235097
1235151 CVE-2024-11053 CVE-2024-52530 CVE-2024-52531 CVE-2024-52532
-----------------------------------------------------------------
The container suse/sles/15.7/libguestfs-tools was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released: Wed Dec 11 09:31:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4337-1
Released: Tue Dec 17 08:17:39 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1231048,1232844
This update for systemd fixes the following issues:
- udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4355-1
Released: Tue Dec 17 13:35:13 2024
Summary: Security update for libsoup
Type: security
Severity: important
References: 1233285,1233287,1233292,CVE-2024-52530,CVE-2024-52531,CVE-2024-52532
This update for libsoup fixes the following issues:
- CVE-2024-52530: Fixed HTTP request smuggling via stripping null bytes from the ends of header names (bsc#1233285)
- CVE-2024-52531: Fixed buffer overflow via UTF-8 conversion in soup_header_parse_param_list_strict (bsc#1233292)
- CVE-2024-52532: Fixed infinite loop while reading websocket data (bsc#1233287)
Other fixes:
- websocket-test: disconnect error copy after the test ends (glgo#GNOME/libsoup#391).
- fix an intermittent test failure (glgo#GNOME/soup#399).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4363-1
Released: Tue Dec 17 16:12:41 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update v0.390
* Update pci and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4402-1
Released: Fri Dec 20 16:41:09 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:79-1
Released: Mon Jan 13 12:50:24 2025
Summary: Recommended update for libnl3, ovpn-dco, openVPN
Type: recommended
Severity: moderate
References: 1082756,1189451
This update for libnl3, ovpn-dco, openVPN fixes the following issue:
- Update libnl to release 3.9
- Create Multibuild Environment to support openVPN Data Channel Offload (openvpn-dco package)(#PED-8305)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:151-1
Released: Thu Jan 16 20:44:56 2025
Summary: Recommended update for libproxy
Type: recommended
Severity: moderate
References: 1234940,1235097
This update for libproxy fixes the following issues:
- Properly handle empty proxy ignore entry (bsc#1234940).
- Ignore invalid proxy URI to suppress GUri warnings (bsc#1235097).
The following package changes have been done:
- glibc-2.38-150700.19.2 updated
- libuuid1-2.40.2-150700.1.2 updated
- libsmartcols1-2.40.2-150700.1.2 updated
- libnghttp2-14-1.64.0-150700.1.3 updated
- libgpg-error0-1.50-150700.1.2 updated
- libudev1-254.21-150600.4.21.1 updated
- findutils-4.10.0-150700.1.2 updated
- libgcrypt20-1.11.0-150700.2.8 updated
- libblkid1-2.40.2-150700.1.2 updated
- libxml2-2-2.12.9-150700.1.2 updated
- libopenssl3-3.2.3-150700.3.3 updated
- grep-3.11-150700.1.2 updated
- libmount1-2.40.2-150700.1.2 updated
- libfdisk1-2.40.2-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.3 updated
- permissions-20240826-150600.10.12.1 updated
- sles-release-15.7-150700.17.2 updated
- libcurl4-8.6.0-150600.4.18.1 updated
- libzypp-17.35.16-150600.3.39.1 updated
- util-linux-2.40.2-150700.1.2 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- curl-8.6.0-150600.4.18.1 updated
- kbd-2.4.0-150700.13.1 updated
- libguestfs-winsupport-1.55.2-150700.1.2 updated
- guestfs-tools-1.53.5-150700.1.1 updated
- libbpf1-1.5.0-150700.1.1 updated
- libcbor0_10-0.10.1-150500.1.1 added
- libdevmapper1_03-2.03.24_1.02.198-150700.1.2 updated
- libexpat1-2.6.4-150700.1.2 updated
- libhivex0-1.3.24-150700.1.3 updated
- libnettle8-3.10.1-150700.2.2 updated
- libnl-config-3.9.0-150600.15.4.4 updated
- libopenssl1_1-1.1.1w-150700.9.8 updated
- libusdm0-24.09.0-150700.1.1 added
- pigz-2.8-150700.1.2 updated
- qemu-accel-tcg-x86-9.2.0-150700.1.3 updated
- qemu-ipxe-9.2.0-150700.1.3 updated
- qemu-seabios-9.2.01.16.3_3_g3d33c746-150700.1.3 updated
- qemu-vgabios-9.2.01.16.3_3_g3d33c746-150700.1.3 updated
- libndctl6-80-150700.1.2 updated
- libsystemd0-254.21-150600.4.21.1 updated
- libhogweed6-3.10.1-150700.2.2 updated
- libnl3-200-3.9.0-150600.15.4.4 updated
- virtiofsd-1.12.0-150700.1.4 updated
- libqat4-24.09.0-150700.1.1 added
- bind-utils-9.20.3-150700.1.3 updated
- xkeyboard-config-2.42-150700.1.1 updated
- hwdata-0.390-150000.3.74.2 updated
- libmpath0-0.10.1~2+112+suse.b66763a-150700.1.2 updated
- xen-libs-4.20.0_02-150700.1.4 updated
- libqatzip3-1.2.0-150700.1.1 added
- qemu-vmsr-helper-9.2.0-150700.1.3 updated
- qemu-pr-helper-9.2.0-150700.1.3 updated
- qemu-img-9.2.0-150700.1.3 updated
- systemd-254.21-150600.4.21.1 updated
- qemu-tools-9.2.0-150700.1.3 updated
- util-linux-systemd-2.40.2-150700.1.3 updated
- libvirt-libs-10.10.0-150700.2.2 updated
- libpxbackend-1_0-0.5.3-150600.4.6.2 updated
- wicked-0.6.78-150700.1.2 updated
- wicked-service-0.6.78-150700.1.2 updated
- libproxy1-0.5.3-150600.4.6.2 updated
- udev-254.21-150600.4.21.1 updated
- supermin-5.3.5-150700.2.2 updated
- rdma-core-54.0-150700.1.3 updated
- libsoup-3_0-0-3.4.4-150600.3.3.1 updated
- libibverbs1-54.0-150700.1.3 updated
- libmlx5-1-54.0-150700.1.3 updated
- libosinfo-1_0-0-1.12.0-150700.1.2 updated
- libosinfo-1.12.0-150700.1.2 updated
- libmlx4-1-54.0-150700.1.3 updated
- libmana1-54.0-150700.1.3 updated
- libhns1-54.0-150700.1.3 updated
- libefa1-54.0-150700.1.3 updated
- libibverbs-54.0-150700.1.3 updated
- librdmacm1-54.0-150700.1.3 updated
- qemu-x86-9.2.0-150700.1.3 updated
- qemu-9.2.0-150700.1.3 updated
- qemu-ovmf-x86_64-202408-150700.1.2 updated
- libguestfs0-1.55.2-150700.1.2 updated
- libguestfs-devel-1.55.2-150700.1.2 updated
- libguestfs-appliance-1.55.2-150700.1.2 updated
- libguestfs-1.55.2-150700.1.2 updated
- container:sles15-image-15.7.0-2.4 updated
- kbd-legacy-2.4.0-150400.5.6.1 removed
- libjansson4-2.14-150000.3.5.1 removed
From sle-container-updates at lists.suse.com Fri Jan 24 08:11:23 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 24 Jan 2025 09:11:23 +0100 (CET)
Subject: SUSE-CU-2025:445-1: Recommended update of suse/sles/15.7/virt-operator
Message-ID: <20250124081123.83E83F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sles/15.7/virt-operator
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:445-1
Container Tags : suse/sles/15.7/virt-operator:1.1.1 , suse/sles/15.7/virt-operator:1.1.1-150700.9.40 , suse/sles/15.7/virt-operator:1.1.1.27.81
Container Release : 27.81
Severity : moderate
Type : recommended
References : 1219736
-----------------------------------------------------------------
The container suse/sles/15.7/virt-operator was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
The following package changes have been done:
- glibc-2.38-150700.19.2 updated
- libopenssl3-3.2.3-150700.3.3 updated
- grep-3.11-150700.1.2 updated
- libopenssl-3-fips-provider-3.2.3-150700.3.3 updated
- permissions-20240826-150600.10.12.1 updated
- kubevirt-virt-operator-1.1.1-150700.9.40 updated
- container:sles15-image-15.7.0-2.4 updated
From sle-container-updates at lists.suse.com Fri Jan 24 08:12:36 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 24 Jan 2025 09:12:36 +0100 (CET)
Subject: SUSE-CU-2025:447-1: Recommended update of suse/sle-micro/5.1/toolbox
Message-ID: <20250124081236.A9BA0F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:447-1
Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.66 , suse/sle-micro/5.1/toolbox:latest
Container Release : 3.13.66
Severity : low
Type : recommended
References :
-----------------------------------------------------------------
The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:221-1
Released: Wed Jan 22 12:29:28 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
The following package changes have been done:
- libzypp-17.35.16-150200.141.1 updated
- zypper-1.14.79-150200.99.1 updated
From sle-container-updates at lists.suse.com Fri Jan 24 08:16:10 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 24 Jan 2025 09:16:10 +0100 (CET)
Subject: SUSE-CU-2025:449-1: Recommended update of suse/sle-micro/5.2/toolbox
Message-ID: <20250124081610.ABB5CF78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:449-1
Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.68 , suse/sle-micro/5.2/toolbox:latest
Container Release : 7.11.68
Severity : low
Type : recommended
References :
-----------------------------------------------------------------
The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:221-1
Released: Wed Jan 22 12:29:28 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
The following package changes have been done:
- libzypp-17.35.16-150200.141.1 updated
- zypper-1.14.79-150200.99.1 updated
From sle-container-updates at lists.suse.com Sat Jan 25 08:05:17 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 25 Jan 2025 09:05:17 +0100 (CET)
Subject: SUSE-IU-2025:353-1: Security update of suse/sle-micro/rt-5.5
Message-ID: <20250125080517.13F0DFBA0@maintenance.suse.de>
SUSE Image Update Advisory: suse/sle-micro/rt-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:353-1
Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.294 , suse/sle-micro/rt-5.5:latest
Image Release : 4.5.294
Severity : important
Type : security
References : 1135481 1170891 1171420 1173139 1175543 1181006 1185010 1187211
1187619 1188412 1188616 1188700 1188983 1188985 1189760 1189762
1189870 1189872 1190117 1190131 1190181 1190358 1190412 1190428
1203332 1205521 1209288 1209798 1211593 1211595 1215304 1216813
1216909 1219608 1222878 1223044 1225758 1225820 1226694 1228190
1229809 1230422 1230697 1231388 1231453 1231854 1232045 1232157
1232166 1232419 1232436 1232472 1232823 1233038 1233050 1233070
1233096 1233127 1233200 1233239 1233324 1233467 1233468 1233469
1233485 1233547 1233550 1233558 1233564 1233568 1233637 1233701
1233769 1233837 1234072 1234073 1234075 1234076 1234077 1234087
1234120 1234156 1234219 1234220 1234240 1234241 1234281 1234282
1234294 1234338 1234357 1234437 1234464 1234605 1234639 1234650
1234727 1234811 1234827 1234834 1234843 1234846 1234853 1234856
1234891 1234912 1234920 1234921 1234960 1234963 1234971 1234973
1235004 1235035 1235037 1235039 1235054 1235056 1235061 1235073
1235220 1235224 1235246 1235507 CVE-2020-12770 CVE-2021-34556
CVE-2021-35477 CVE-2021-38160 CVE-2021-47202 CVE-2022-36280 CVE-2022-48742
CVE-2022-49033 CVE-2022-49035 CVE-2023-1382 CVE-2023-33951 CVE-2023-33952
CVE-2023-52920 CVE-2024-24860 CVE-2024-26886 CVE-2024-26924 CVE-2024-36915
CVE-2024-42232 CVE-2024-44934 CVE-2024-47666 CVE-2024-47678 CVE-2024-49944
CVE-2024-49952 CVE-2024-50018 CVE-2024-50143 CVE-2024-50154 CVE-2024-50166
CVE-2024-50181 CVE-2024-50202 CVE-2024-50211 CVE-2024-50256 CVE-2024-50262
CVE-2024-50278 CVE-2024-50279 CVE-2024-50280 CVE-2024-50296 CVE-2024-53051
CVE-2024-53055 CVE-2024-53056 CVE-2024-53064 CVE-2024-53072 CVE-2024-53090
CVE-2024-53101 CVE-2024-53113 CVE-2024-53114 CVE-2024-53119 CVE-2024-53120
CVE-2024-53122 CVE-2024-53125 CVE-2024-53130 CVE-2024-53131 CVE-2024-53142
CVE-2024-53146 CVE-2024-53150 CVE-2024-53156 CVE-2024-53157 CVE-2024-53158
CVE-2024-53161 CVE-2024-53162 CVE-2024-53173 CVE-2024-53179 CVE-2024-53206
CVE-2024-53210 CVE-2024-53213 CVE-2024-53214 CVE-2024-53239 CVE-2024-53240
CVE-2024-53241 CVE-2024-56539 CVE-2024-56548 CVE-2024-56549 CVE-2024-56570
CVE-2024-56571 CVE-2024-56575 CVE-2024-56598 CVE-2024-56604 CVE-2024-56605
CVE-2024-56619 CVE-2024-56755 CVE-2024-8805
-----------------------------------------------------------------
The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:229-1
Released: Fri Jan 24 11:10:23 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1135481,1170891,1171420,1173139,1175543,1181006,1185010,1187211,1187619,1188412,1188616,1188700,1188983,1188985,1189760,1189762,1189870,1189872,1190117,1190131,1190181,1190358,1190412,1190428,1203332,1205521,1209288,1209798,1211593,1211595,1215304,1216813,1216909,1219608,1222878,1223044,1225758,1225820,1226694,1228190,1229809,1230422,1230697,1231388,1231453,1231854,1232045,1232157,1232166,1232419,1232436,1232472,1232823,1233038,1233050,1233070,1233096,1233127,1233200,1233239,1233324,1233467,1233468,1233469,1233485,1233547,1233550,1233558,1233564,1233568,1233637,1233701,1233769,1233837,1234072,1234073,1234075,1234076,1234077,1234087,1234120,1234156,1234219,1234220,1234240,1234241,1234281,1234282,1234294,1234338,1234357,1234437,1234464,1234605,1234639,1234650,1234727,1234811,1234827,1234834,1234843,1234846,1234853,1234856,1234891,1234912,1234920,1234921,1234960,1234963,1234971,1234973,1235004,1235035,1235037,1235039,1235054,1235056,1235061,1235073,1235220,1235224,1235246,1
235507,CVE-2020-12770,CVE-2021-34556,CVE-2021-35477,CVE-2021-38160,CVE-2021-47202,CVE-2022-36280,CVE-2022-48742,CVE-2022-49033,CVE-2022-49035,CVE-2023-1382,CVE-2023-33951,CVE-2023-33952,CVE-2023-52920,CVE-2024-24860,CVE-2024-26886,CVE-2024-26924,CVE-2024-36915,CVE-2024-42232,CVE-2024-44934,CVE-2024-47666,CVE-2024-47678,CVE-2024-49944,CVE-2024-49952,CVE-2024-50018,CVE-2024-50143,CVE-2024-50154,CVE-2024-50166,CVE-2024-50181,CVE-2024-50202,CVE-2024-50211,CVE-2024-50256,CVE-2024-50262,CVE-2024-50278,CVE-2024-50279,CVE-2024-50280,CVE-2024-50296,CVE-2024-53051,CVE-2024-53055,CVE-2024-53056,CVE-2024-53064,CVE-2024-53072,CVE-2024-53090,CVE-2024-53101,CVE-2024-53113,CVE-2024-53114,CVE-2024-53119,CVE-2024-53120,CVE-2024-53122,CVE-2024-53125,CVE-2024-53130,CVE-2024-53131,CVE-2024-53142,CVE-2024-53146,CVE-2024-53150,CVE-2024-53156,CVE-2024-53157,CVE-2024-53158,CVE-2024-53161,CVE-2024-53162,CVE-2024-53173,CVE-2024-53179,CVE-2024-53206,CVE-2024-53210,CVE-2024-53213,CVE-2024-53214,CVE-2024-53239,C
VE-2024-53240,CVE-2024-53241,CVE-2024-56539,CVE-2024-56548,CVE-2024-56549,CVE-2024-56570,CVE-2024-56571,CVE-2024-56575,CVE-2024-56598,CVE-2024-56604,CVE-2024-56605,CVE-2024-56619,CVE-2024-56755,CVE-2024-8805
The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-48742: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (bsc#1226694).
- CVE-2022-49033: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (bsc#1232045).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).
- CVE-2024-26886: Bluetooth: af_bluetooth: Fix deadlock (bsc#1223044).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809).
- CVE-2024-47666: scsi: pm80xx: Set phy->enable_completion only when we wait for it (bsc#1231453).
- CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854).
- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
- CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419).
- CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038).
- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
- CVE-2024-50181: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (bsc#1233127).
- CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324).
- CVE-2024-50211: udf: refactor inode_bmap() to handle error (bsc#1233096).
- CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200).
- CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239).
- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558).
- CVE-2024-53072: platform/x86/amd/pmc: Detect when STB is not available (bsc#1233564).
- CVE-2024-53090: afs: Fix lock recursion (bsc#1233637).
- CVE-2024-53101: fs: Fix uninitialized value issue in from_kuid and from_kgid (bsc#1233769).
- CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077).
- CVE-2024-53114: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1234072).
- CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073).
- CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219).
- CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53150: ALSA: usb-audio: Fix out of bounds reads when finding clock sources (bsc#1234834).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53157: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (bsc#1234827).
- CVE-2024-53158: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (bsc#1234811).
- CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856).
- CVE-2024-53162: crypto: qat/qat_4xxx - fix off by one in uof_get_name() (bsc#1234843).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53210: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (bsc#1234971).
- CVE-2024-53213: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (bsc#1234973).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (bsc#1234282).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56571: media: uvcvideo: Require entities to have a non-zero unique ID (bsc#1235037).
- CVE-2024-56575: media: imx-jpeg: Ensure power suppliers be suspended before detach them (bsc#1235039).
- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).
- CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920).
The following non-security bugs were fixed:
- ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294)
- amd_hsmp: Add HSMP protocol version 5 messages (jsc#PED-1295).
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes).
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes).
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes).
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator (git-fixes).
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion (git-fixes).
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes).
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605)
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes).
- autofs: use flexible array in ioctl structure (git-fixes).
- devlink: allow registering parameters after the instance (bsc#1231388 bsc#1230422).
- devlink: do not require setting features before registration (bsc#1231388 bsc#1230422).
- dma-fence: Fix reference leak on fence merge failure path (git-fixes).
- dmaengine: idxd: add wq driver name support for accel-config user tool (bsc#1234357).
- dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357).
- Documentation: Add x86/amd_hsmp driver (jsc#PED-1295).
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them (git-fixes).
- exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes).
- hfsplus: do not query the device logical block size multiple times (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- ipc/sem: Fix dangling sem_array access in semtimedop race (bsc#1234727).
- jffs2: Fix rtime decompressor (git-fixes).
- jffs2: fix use of uninitialized variable (git-fixes).
- jffs2: Prevent rtime decompress memory corruption (git-fixes).
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes).
- jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes).
- jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes).
- jfs: fix shift-out-of-bounds in dbSplit (git-fixes).
- jfs: xattr: check invalid xattr size more strictly (git-fixes).
- kabi/severities: ignore intermodule symbols between fsl_fman and fsl_dpaa_eth
- kobject: Add sanity check for kset->kobj.ktype in kset_register() (bsc#1234639).
- KVM: x86: fix sending PV IPI (git-fixes).
- memory: tegra: Add API for retrieving carveout bounds (jsc#PED-1763).
- mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (bsc#1234120).
- mmc: core: Further prevent card detect during shutdown (git-fixes).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- net/ipv6: release expired exception dst cached in socket (bsc#1216813).
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes).
- NFSD: Fix nfsd4_shutdown_copy() (git-fixes).
- nfsd: make sure exp active before svc_export_show (git-fixes).
- NFSD: Move fill_pre_wcc() and fill_post_wcc() (bsc#1234650 bsc#1233701 bsc#1232472).
- NFSD: Prevent a potential integer overflow (git-fixes).
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes).
- NFSD: reduce locking in nfsd_lookup() (bsc#1234650 bsc#1233701 bsc#1232472).
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234650 bsc#1233701 bsc#1232472).
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes).
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes).
- nilfs2: prevent use of deleted inode (git-fixes).
- ocfs2: uncache inode which has failed entering the group (bsc#1234087).
- PCI: vmd: Fix secondary bus reset for Intel bridges (git-fixes).
- phy: tegra: p2u: Set ENABLE_L2_EXIT_RATE_CHANGE in calibration (jsc#PED-1763).
- platform/x86: Add AMD system management interface (jsc#PED-1295).
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes).
- pwm: tegra: Improve required rate calculation (jsc#PED-1763).
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- scatterlist: fix incorrect func name in kernel-doc (git-fixes).
- scripts/git_sort/git_sort.py: add tegra DRM and linux-pwm repo
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- serial: tegra: Read DMA status before terminating (jsc#PED-1763).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) (bsc#1233642).
- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).
- SUNRPC: make sure cache entry active before cache_show (git-fixes).
- sunrpc: simplify two-level sysctl registration for svcrdma_parm_table (git-fixes).
- svcrdma: Address an integer overflow (git-fixes).
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes).
- tpm_tis_spi: Release chip select when flow control fails (bsc#1234338)
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes).
- ubifs: Correct the total block count by deducting journal reservation (git-fixes).
- udf: Handle error when adding extent to a file (bsc#1234437).
- udf: refactor udf_current_aext() to handle error (bsc#1234240).
- udf: refactor udf_next_aext() to handle error (bsc#1234241).
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- zonefs: fix zone report size in __zonefs_io_error() (git-fixes).
The following package changes have been done:
- kernel-rt-5.14.21-150500.13.82.1 updated
From sle-container-updates at lists.suse.com Sat Jan 25 08:05:59 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 25 Jan 2025 09:05:59 +0100 (CET)
Subject: SUSE-IU-2025:354-1: Security update of
suse/sl-micro/6.0/baremetal-os-container
Message-ID: <20250125080559.4983FFBA0@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.0/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:354-1
Image Tags : suse/sl-micro/6.0/baremetal-os-container:2.1.3 , suse/sl-micro/6.0/baremetal-os-container:2.1.3-4.43 , suse/sl-micro/6.0/baremetal-os-container:latest
Image Release : 4.43
Severity : important
Type : security
References : 1220262 1230698 CVE-2023-50782 CVE-2024-41996
-----------------------------------------------------------------
The container suse/sl-micro/6.0/baremetal-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 201
Released: Fri Jan 24 13:32:37 2025
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1220262,1230698,CVE-2023-50782,CVE-2024-41996
This update for openssl-3 fixes the following issues:
- CVE-2024-41996: Fixed a denial of service in the Diffie-Hellman Key Agreement Protocol (bsc#1230698).
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
The following package changes have been done:
- libopenssl3-3.1.4-7.1 updated
- SL-Micro-release-6.0-24.45 updated
- container:SL-Micro-base-container-2.1.3-4.40 updated
From sle-container-updates at lists.suse.com Sat Jan 25 08:06:18 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 25 Jan 2025 09:06:18 +0100 (CET)
Subject: SUSE-IU-2025:355-1: Security update of
suse/sl-micro/6.0/base-os-container
Message-ID: <20250125080618.9241EFBA0@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.0/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:355-1
Image Tags : suse/sl-micro/6.0/base-os-container:2.1.3 , suse/sl-micro/6.0/base-os-container:2.1.3-4.40 , suse/sl-micro/6.0/base-os-container:latest
Image Release : 4.40
Severity : important
Type : security
References : 1220262 1230698 CVE-2023-50782 CVE-2024-41996
-----------------------------------------------------------------
The container suse/sl-micro/6.0/base-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 201
Released: Fri Jan 24 13:32:37 2025
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1220262,1230698,CVE-2023-50782,CVE-2024-41996
This update for openssl-3 fixes the following issues:
- CVE-2024-41996: Fixed a denial of service in the Diffie-Hellman Key Agreement Protocol (bsc#1230698).
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
The following package changes have been done:
- libopenssl3-3.1.4-7.1 updated
- SL-Micro-release-6.0-24.45 updated
- openssl-3-3.1.4-7.1 updated
- container:suse-toolbox-image-1.0.0-6.85 updated
From sle-container-updates at lists.suse.com Sat Jan 25 08:06:38 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 25 Jan 2025 09:06:38 +0100 (CET)
Subject: SUSE-IU-2025:356-1: Security update of
suse/sl-micro/6.0/kvm-os-container
Message-ID: <20250125080638.2CB6FFBA0@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.0/kvm-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:356-1
Image Tags : suse/sl-micro/6.0/kvm-os-container:2.1.3 , suse/sl-micro/6.0/kvm-os-container:2.1.3-4.42 , suse/sl-micro/6.0/kvm-os-container:latest
Image Release : 4.42
Severity : important
Type : security
References : 1220262 1230698 CVE-2023-50782 CVE-2024-41996
-----------------------------------------------------------------
The container suse/sl-micro/6.0/kvm-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 201
Released: Fri Jan 24 13:32:37 2025
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1220262,1230698,CVE-2023-50782,CVE-2024-41996
This update for openssl-3 fixes the following issues:
- CVE-2024-41996: Fixed a denial of service in the Diffie-Hellman Key Agreement Protocol (bsc#1230698).
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
The following package changes have been done:
- libopenssl3-3.1.4-7.1 updated
- SL-Micro-release-6.0-24.45 updated
- container:SL-Micro-base-container-2.1.3-4.40 updated
From sle-container-updates at lists.suse.com Sat Jan 25 08:07:01 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 25 Jan 2025 09:07:01 +0100 (CET)
Subject: SUSE-IU-2025:357-1: Security update of
suse/sl-micro/6.0/rt-os-container
Message-ID: <20250125080701.626CAFBA0@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.0/rt-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:357-1
Image Tags : suse/sl-micro/6.0/rt-os-container:2.1.3 , suse/sl-micro/6.0/rt-os-container:2.1.3-5.40 , suse/sl-micro/6.0/rt-os-container:latest
Image Release : 5.40
Severity : important
Type : security
References : 1220262 1230698 CVE-2023-50782 CVE-2024-41996
-----------------------------------------------------------------
The container suse/sl-micro/6.0/rt-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 201
Released: Fri Jan 24 13:32:37 2025
Summary: Security update for openssl-3
Type: security
Severity: important
References: 1220262,1230698,CVE-2023-50782,CVE-2024-41996
This update for openssl-3 fixes the following issues:
- CVE-2024-41996: Fixed a denial of service in the Diffie-Hellman Key Agreement Protocol (bsc#1230698).
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
The following package changes have been done:
- libopenssl3-3.1.4-7.1 updated
- SL-Micro-release-6.0-24.45 updated
- container:SL-Micro-container-2.1.3-4.43 updated
From sle-container-updates at lists.suse.com Sat Jan 25 08:08:27 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 25 Jan 2025 09:08:27 +0100 (CET)
Subject: SUSE-CU-2025:455-1: Recommended update of suse/ltss/sle15.3/sle15
Message-ID: <20250125080827.1337FFBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/ltss/sle15.3/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:455-1
Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.30 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.30 , suse/ltss/sle15.3/sle15:latest
Container Release : 2.30
Severity : low
Type : recommended
References :
-----------------------------------------------------------------
The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:221-1
Released: Wed Jan 22 12:29:28 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
The following package changes have been done:
- libzypp-17.35.16-150200.141.1 updated
- zypper-1.14.79-150200.99.1 updated
From sle-container-updates at lists.suse.com Sat Jan 25 08:09:07 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 25 Jan 2025 09:09:07 +0100 (CET)
Subject: SUSE-CU-2025:456-1: Recommended update of suse/ltss/sle15.4/sle15
Message-ID: <20250125080907.95EA4FBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/ltss/sle15.4/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:456-1
Container Tags : suse/ltss/sle15.4/bci-base:15.4 , suse/ltss/sle15.4/bci-base:15.4.2.15 , suse/ltss/sle15.4/bci-base:latest , suse/ltss/sle15.4/sle15:15.4 , suse/ltss/sle15.4/sle15:15.4.2.15 , suse/ltss/sle15.4/sle15:latest
Container Release : 2.15
Severity : moderate
Type : recommended
References : 1203617 1234749
-----------------------------------------------------------------
The container suse/ltss/sle15.4/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4404-1
Released: Fri Dec 20 16:43:28 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:218-1
Released: Wed Jan 22 04:33:35 2025
Summary: Optional update for augeas
Type: optional
Severity: moderate
References:
This update ships the augeas commandline tool and the augeas-lenses to SUSE Linux Enterprise Micro 5.5.
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:223-1
Released: Wed Jan 22 12:30:52 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- libaugeas0-1.12.0-150400.3.5.1 updated
- libzypp-17.35.16-150400.3.107.1 updated
- zypper-1.14.79-150400.3.70.1 updated
From sle-container-updates at lists.suse.com Sat Jan 25 08:12:20 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 25 Jan 2025 09:12:20 +0100 (CET)
Subject: SUSE-CU-2025:457-1: Security update of bci/nodejs
Message-ID: <20250125081220.AED33FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:457-1
Container Tags : bci/node:20 , bci/node:20.18.2 , bci/node:20.18.2-48.14 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.2 , bci/nodejs:20.18.2-48.14 , bci/nodejs:latest
Container Release : 48.14
Severity : important
Type : security
References : 1236250 1236251 1236258 CVE-2025-22150 CVE-2025-23083 CVE-2025-23085
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:237-1
Released: Fri Jan 24 20:33:34 2025
Summary: Security update for nodejs20
Type: security
Severity: important
References: 1236250,1236251,1236258,CVE-2025-22150,CVE-2025-23083,CVE-2025-23085
This update for nodejs20 fixes the following issues:
Update to 20.18.2:
- CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics (bsc#1236251)
- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)
- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)
The following package changes have been done:
- nodejs20-20.18.2-150600.3.9.1 updated
- npm20-20.18.2-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Sat Jan 25 08:14:09 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 25 Jan 2025 09:14:09 +0100 (CET)
Subject: SUSE-CU-2025:461-1: Recommended update of suse/manager/4.3/proxy-httpd
Message-ID: <20250125081409.71A87FBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/manager/4.3/proxy-httpd
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:461-1
Container Tags : suse/manager/4.3/proxy-httpd:4.3.14 , suse/manager/4.3/proxy-httpd:4.3.14.9.60.17 , suse/manager/4.3/proxy-httpd:latest
Container Release : 9.60.17
Severity : moderate
Type : recommended
References : 1203617 1234749
-----------------------------------------------------------------
The container suse/manager/4.3/proxy-httpd was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4404-1
Released: Fri Dec 20 16:43:28 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:218-1
Released: Wed Jan 22 04:33:35 2025
Summary: Optional update for augeas
Type: optional
Severity: moderate
References:
This update ships the augeas commandline tool and the augeas-lenses to SUSE Linux Enterprise Micro 5.5.
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:223-1
Released: Wed Jan 22 12:30:52 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
The following package changes have been done:
- libaugeas0-1.12.0-150400.3.5.1 updated
- libzypp-17.35.16-150400.3.107.1 updated
- zypper-1.14.79-150400.3.70.1 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- container:sles15-ltss-image-15.4.0-2.15 updated
From sle-container-updates at lists.suse.com Sat Jan 25 08:14:52 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 25 Jan 2025 09:14:52 +0100 (CET)
Subject: SUSE-CU-2025:462-1: Recommended update of
suse/manager/4.3/proxy-salt-broker
Message-ID: <20250125081452.9BFE1FBA0@maintenance.suse.de>
SUSE Container Update Advisory: suse/manager/4.3/proxy-salt-broker
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:462-1
Container Tags : suse/manager/4.3/proxy-salt-broker:4.3.14 , suse/manager/4.3/proxy-salt-broker:4.3.14.9.50.19 , suse/manager/4.3/proxy-salt-broker:latest
Container Release : 9.50.19
Severity : moderate
Type : recommended
References : 1203617 1234749
-----------------------------------------------------------------
The container suse/manager/4.3/proxy-salt-broker was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4404-1
Released: Fri Dec 20 16:43:28 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:218-1
Released: Wed Jan 22 04:33:35 2025
Summary: Optional update for augeas
Type: optional
Severity: moderate
References:
This update ships the augeas commandline tool and the augeas-lenses to SUSE Linux Enterprise Micro 5.5.
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:223-1
Released: Wed Jan 22 12:30:52 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
The following package changes have been done:
- libaugeas0-1.12.0-150400.3.5.1 updated
- libzypp-17.35.16-150400.3.107.1 updated
- zypper-1.14.79-150400.3.70.1 updated
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- container:sles15-ltss-image-15.4.0-2.15 updated
From sle-container-updates at lists.suse.com Fri Jan 10 08:09:17 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 10 Jan 2025 08:09:17 -0000
Subject: SUSE-CU-2025:117-1: Security update of bci/golang
Message-ID: <20250110080916.30C68FCE7@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:117-1
Container Tags : bci/golang:1.22-openssl , bci/golang:1.22.9-openssl , bci/golang:1.22.9-openssl-55.5 , bci/golang:oldstable-openssl , bci/golang:oldstable-openssl-55.5
Container Release : 55.5
Severity : important
Type : security
References : 1218424 1219988 1220262 1220338 1220999 1221000 1221001 1221002
1221003 1221400 1224017 1224018 1225973 1225974 1227314 1230252
1230253 1230254 1231048 1232227 1232528 1232579 1232844 1233306
1233306 1233520 1233699 1234015 1234068 CVE-2023-45288 CVE-2023-45289
CVE-2023-45290 CVE-2023-50782 CVE-2024-11053 CVE-2024-24783 CVE-2024-24784
CVE-2024-24785 CVE-2024-24787 CVE-2024-24788 CVE-2024-24789 CVE-2024-24790
CVE-2024-24791 CVE-2024-34155 CVE-2024-34156 CVE-2024-34158 CVE-2024-50602
CVE-2024-9681
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3925-1
Released: Wed Nov 6 11:14:28 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1232528,CVE-2024-9681
This update for curl fixes the following issues:
- CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3938-1
Released: Thu Nov 7 11:08:19 2024
Summary: Security update for go1.22-openssl
Type: security
Severity: important
References: 1218424,1219988,1220999,1221000,1221001,1221002,1221003,1221400,1224017,1224018,1225973,1225974,1227314,1230252,1230253,1230254,CVE-2023-45288,CVE-2023-45289,CVE-2023-45290,CVE-2024-24783,CVE-2024-24784,CVE-2024-24785,CVE-2024-24787,CVE-2024-24788,CVE-2024-24789,CVE-2024-24790,CVE-2024-24791,CVE-2024-34155,CVE-2024-34156,CVE-2024-34158
This update for go1.22-openssl fixes the following issues:
This update ships go1.22-openssl 1.22.7.1 (jsc#SLE-18320)
- Update to version 1.22.7.1 cut from the go1.22-fips-release
branch at the revision tagged go1.22.7-1-openssl-fips.
* Update to Go 1.22.7 (#229)
- go1.22.7 (released 2024-09-05) includes security fixes to the
encoding/gob, go/build/constraint, and go/parser packages, as
well as bug fixes to the fix command and the runtime.
CVE-2024-34155 CVE-2024-34156 CVE-2024-34158:
- go#69142 go#69138 bsc#1230252 security: fix CVE-2024-34155 go/parser: stack exhaustion in all Parse* functions (CVE-2024-34155)
- go#69144 go#69139 bsc#1230253 security: fix CVE-2024-34156 encoding/gob: stack exhaustion in Decoder.Decode (CVE-2024-34156)
- go#69148 go#69141 bsc#1230254 security: fix CVE-2024-34158 go/build/constraint: stack exhaustion in Parse (CVE-2024-34158)
- go#68811 os: TestChtimes failures
- go#68825 cmd/fix: fails to run on modules whose go directive value is in '1.n.m' format introduced in Go 1.21.0
- go#68972 cmd/cgo: aix c-archive corrupting stack
- go1.22.6 (released 2024-08-06) includes fixes to the go command,
the compiler, the linker, the trace command, the covdata command,
and the bytes, go/types, and os/exec packages.
* go#68594 cmd/compile: internal compiler error with zero-size types
* go#68546 cmd/trace/v2: pprof profiles always empty
* go#68492 cmd/covdata: too many open files due to defer f.Close() in for loop
* go#68475 bytes: IndexByte can return -4294967295 when memory usage is above 2^31 on js/wasm
* go#68370 go/types: assertion failure in recent range statement checking logic
* go#68331 os/exec: modifications to Path ignored when *Cmd is created using Command with an absolute path on Windows
* go#68230 cmd/compile: inconsistent integer arithmetic result on Go 1.22+arm64 with/without -race
* go#68222 cmd/go: list with -export and -covermode=atomic fails to build
* go#68198 cmd/link: issues with Xcode 16 beta
- Update to version 1.22.5.3 cut from the go1.22-fips-release
branch at the revision tagged go1.22.5-3-openssl-fips.
* Only load openssl if fips == '1'
Avoid loading openssl whenever GOLANG_FIPS is not 1.
Previously only an unset variable would cause the library load
to be skipped, but users may also expect to be able to set eg.
GOLANG_FIPS=0 in environments without openssl.
- Update to version 1.22.5.2 cut from the go1.22-fips-release
branch at the revision tagged go1.22.5-2-openssl-fips.
* Only load OpenSSL when in FIPS mode
- Update to version 1.22.5.1 cut from the go1.22-fips-release
branch at the revision tagged go1.22.5-1-openssl-fips.
* Update to go1.22.5
- go1.22.5 (released 2024-07-02) includes security fixes to the
net/http package, as well as bug fixes to the compiler, cgo, the
go command, the linker, the runtime, and the crypto/tls,
go/types, net, net/http, and os/exec packages.
CVE-2024-24791:
* go#68200 go#67555 bsc#1227314 security: fix CVE CVE-2024-24791 net/http: expect: 100-continue handling is broken in various ways
* go#65983 cmd/compile: hash of unhashable type
* go#65994 crypto/tls: segfault when calling tlsrsakex.IncNonDefault()
* go#66598 os/exec: calling Cmd.Start after setting Cmd.Path manually to absolute path without '.exe' no longer implicitly adds '.exe' in Go 1.22
* go#67298 runtime: 'fatal: morestack on g0' on amd64 after upgrade to Go 1.21, stale bounds
* go#67715 cmd/cgo/internal/swig,cmd/go,x/build: swig cgo tests incompatible with C++ toolchain on builders
* go#67798 cmd/compile: internal compiler error: unexpected type: () in for-range
* go#67820 cmd/compile: package-level variable initialization with constant dependencies doesn't match order specified in Go spec
* go#67850 go/internal/gccgoimporter: go building failing with gcc 14.1.0
* go#67934 net: go DNS resolver fails to connect to local DNS server
* go#67945 cmd/link: using -fuzz with test that links with cgo on darwin causes linker failure
* go#68052 cmd/go: go list -u -m all fails loading module retractions: module requires go >= 1.N+1 (running go 1.N)
* go#68122 cmd/link: runtime.mach_vm_region_trampoline: unsupported dynamic relocation for symbol libc_mach_task_self_ (type=29 (R_GOTPCREL) stype=46 (SDYNIMPORT))
- Update to version 1.22.4.1 cut from the go1.22-fips-release
branch at the revision tagged go1.22.4-1-openssl-fips.
* Update to go1.22.4
- go1.22.4 (released 2024-06-04) includes security fixes to the
archive/zip and net/netip packages, as well as bug fixes to the
compiler, the go command, the linker, the runtime, and the os
package.
CVE-2024-24789 CVE-2024-24790:
* go#67554 go#66869 bsc#1225973 security: fix CVE-2024-24789 archive/zip: EOCDR comment length handling is inconsistent with other ZIP implementations
* go#67682 go#67680 bsc#1225974 security: fix CVE-2024-24790 net/netip: unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
* go#67188 runtime/metrics: /memory/classes/heap/unused:bytes spikes
* go#67212 cmd/compile: SIGBUS unaligned access on mips64 via qemu-mips64
* go#67236 cmd/go: mod tidy reports toolchain not available with 'go 1.21'
* go#67258 runtime: unexpected fault address 0
* go#67311 cmd/go: TestScript/gotoolchain_issue66175 fails on tip locally
* go#67314 cmd/go,cmd/link: TestScript/build_issue48319 and TestScript/build_plugin_reproducible failing on LUCI gotip-darwin-amd64-longtest builder due to non-reproducible LC_UUID
* go#67352 crypto/x509: TestPlatformVerifier failures on Windows due to broken connections
* go#67460 cmd/compile: internal compiler error: panic with range over integer value
* go#67527 cmd/link: panic: machorelocsect: size mismatch
* go#67650 runtime: SIGSEGV after performing clone(CLONE_PARENT) via C constructor prior to runtime start
* go#67696 os: RemoveAll susceptible to symlink race
- Update to version 1.22.3.3 cut from the go1.22-fips-release
branch at the revision tagged go1.22.3-3-openssl-fips.
* config: update openssl backend (#201)
- Update to version 1.22.3.2 cut from the go1.22-fips-release
branch at the revision tagged go1.22.3-2-openssl-fips.
* patches: restore signature of HashSign/HashVerify (#199)
- Update to version 1.22.3.1 cut from the go1.22-fips-release
branch at the revision tagged go1.22.3-1-openssl-fips.
* Update to go1.22.3
* fix: rename patch file
* Backport change https://go-review.googlesource.com/c/go/+/554615 to Go1.22 (#193)
runtime: crash asap and extend total sleep time for slow machine in test
Running with few threads usually does not need 500ms to crash, so let it
crash as soon as possible. While the test may caused more time on slow
machine, try to expand the sleep time in test.
* cmd/go: re-enable CGO for Go toolchain commands (#190)
* crypto/ecdsa: Restore HashSign and HashVerify (#189)
- go1.22.3 (released 2024-05-07) includes security fixes to the go
command and the net package, as well as bug fixes to the
compiler, the runtime, and the net/http package.
CVE-2024-24787 CVE-2024-24788:
* go#67122 go#67119 bsc#1224017 security: fix CVE-2024-24787 cmd/go: arbitrary code execution during build on darwin
* go#67040 go#66754 bsc#1224018 security: fix CVE-2024-24788 net: high cpu usage in extractExtendedRCode
* go#67018 cmd/compile: Go 1.22.x failed to be bootstrapped from 386 to ppc64le
* go#67017 cmd/compile: changing a hot concrete method to interface method triggers a PGO ICE
* go#66886 runtime: deterministic fallback hashes across process boundary
* go#66698 net/http: TestRequestLimit/h2 becomes significantly more expensive and slower after x/net at v0.23.0
- Update to version 1.22.2.1 cut from the go1.22-fips-release
branch at the revision tagged go1.22.2-1-openssl-fips.
* Update to go1.22.2
- go1.22.2 (released 2024-04-03) includes a security fix to the
net/http package, as well as bug fixes to the compiler, the go
command, the linker, and the encoding/gob, go/types, net/http,
and runtime/trace packages.
CVE-2023-45288:
* go#66298 go#65051 bsc#1221400 security: fix CVE-2023-45288 net/http, x/net/http2: close connections when receiving too many headers
* go#65858 cmd/compile: unreachable panic with GODEBUG=gotypesalias=1
* go#66060 cmd/link: RISC-V external link, failed to find text symbol for HI20 relocation
* go#66076 cmd/compile: out-of-bounds panic with uint32 conversion and modulus operation in Go 1.22.0 on arm64
* go#66134 cmd/compile: go test . results in CLOSURE ... : internal compiler error: assertion failed
* go#66137 cmd/go: go 1.22.0: go test throws errors when processing folders not listed in coverpkg argument
* go#66178 cmd/compile: ICE: panic: interface conversion: ir.Node is *ir.ConvExpr, not *ir.IndexExpr
* go#66201 runtime/trace: v2 traces contain an incorrect timestamp scaling factor on Windows
* go#66255 net/http: http2 round tripper nil pointer dereference causes panic causing deadlock
* go#66256 cmd/go: git shallow fetches broken at CL 556358
* go#66273 crypto/x509: Certificate no longer encodable using encoding/gob in Go1.22
* go#66412 cmd/link: bad carrier sym for symbol runtime.elf_savegpr0.args_stackmap on ppc64le
- Update to version 1.22.1.2 cut from the go1.22-fips-release
branch at the revision tagged go1.22.1-2-openssl-fips.
* config: Update openssl v2 module (#178)
- Remove subpackage go1.x-openssl-libstd for compiled shared object
libstd.so.
* Continue to build experimental libstd only on go1.x Tumbleweed.
* Removal fixes build errors on go1.x-openssl Factory and ALP.
* Use of libstd.so is experimental and not recommended for
general use, Go currently has no ABI.
* Feature go build -buildmode=shared is deprecated by upstream,
but not yet removed.
- Initial package go1.22-openssl version 1.22.1.1 cut from the
go1.22-fips-release branch at the revision tagged
go1.22.1-1-openssl-fips.
* Go upstream merged branch dev.boringcrypto in go1.19+.
* In go1.x enable BoringCrypto via GOEXPERIMENT=boringcrypto.
* In go1.x-openssl enable FIPS mode (or boring mode as the
package is named) either via an environment variable
GOLANG_FIPS=1 or by virtue of booting the host in FIPS mode.
* When the operating system is operating in FIPS mode, Go
applications which import crypto/tls/fipsonly limit operations
to the FIPS ciphersuite.
* go1.x-openssl is delivered as two large patches to go1.x
applying necessary modifications from the golang-fips/go GitHub
project for the Go crypto library to use OpenSSL as the
external cryptographic library in a FIPS compliant way.
* go1.x-openssl modifies the crypto/* packages to use OpenSSL for
cryptographic operations.
* go1.x-openssl uses dlopen() to call into OpenSSL.
* SUSE RPM packaging introduces a fourth version digit go1.x.y.z
corresponding to the golang-fips/go patchset tagged revision.
* Patchset improvements can be updated independently of upstream
Go maintenance releases.
- go1.22.1 (released 2024-03-05) includes security fixes to the
crypto/x509, html/template, net/http, net/http/cookiejar, and
net/mail packages, as well as bug fixes to the compiler, the go
command, the runtime, the trace command, and the go/types and
net/http packages.
CVE-2023-45289 CVE-2023-45290 CVE-2024-24783 CVE-2024-24784 CVE-2024-24785:
* go#65831 go#65390 bsc#1220999 security: fix CVE-2024-24783 crypto/x509: Verify panics on certificates with an unknown public key algorithm
* go#65849 go#65083 bsc#1221002 security: fix CVE-2024-24784 net/mail: comments in display names are incorrectly handled
* go#65850 go#65383 bsc#1221001 security: fix CVE-2023-45290 net/http: memory exhaustion in Request.ParseMultipartForm
* go#65859 go#65065 bsc#1221000 security: fix CVE-2023-45289 net/http, net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect
* go#65969 go#65697 bsc#1221003 security: fix CVE-2024-24785 html/template: errors returned from MarshalJSON methods may break template escaping
* go#65352 cmd/go: go generate fails silently when run on a package in a nested workspace module
* go#65471 internal/testenv: TestHasGoBuild failures on the LUCI noopt builders
* go#65474 internal/testenv: support LUCI mobile builders in testenv tests
* go#65577 cmd/trace/v2: goroutine analysis page doesn't identify goroutines consistently
* go#65618 cmd/compile: Go 1.22 build fails with 1.21 PGO profile on internal/saferio change
* go#65619 cmd/compile: Go 1.22 changes support for modules that declare go 1.0
* go#65641 cmd/cgo/internal/testsanitizers,x/build: LUCI clang15 builders failing
* go#65644 runtime: crash in race detector when execution tracer reads from CPU profile buffer
* go#65728 go/types: nil pointer dereference in Alias.Underlying()
* go#65759 net/http: context cancellation can leave HTTP client with deadlocked HTTP/1.1 connections in Go1.22
* go#65760 runtime: Go 1.22.0 fails to build from source on armv7 Alpine Linux
* go#65818 runtime: go1.22.0 test with -race will SIGSEGV or SIGBUS or Bad Pointer
* go#65852 cmd/go: 'missing ziphash' error with go.work
* go#65883 runtime: scheduler sometimes starves a runnable goroutine on wasm platforms
* bsc#1219988 ensure VERSION file is present in GOROOT
as required by go tool dist and go tool distpack
- go1.22 (released 2024-02-06) is a major release of Go.
go1.22.x minor releases will be provided through February 2024.
https://github.com/golang/go/wiki/Go-Release-Cycle
go1.22 arrives six months after go1.21. Most of its changes are
in the implementation of the toolchain, runtime, and libraries.
As always, the release maintains the Go 1 promise of
compatibility. We expect almost all Go programs to continue to
compile and run as before.
* Language change: go1.22 makes two changes to for loops.
Previously, the variables declared by a for loop were created
once and updated by each iteration. In go1.22, each iteration
of the loop creates new variables, to avoid accidental sharing
bugs. The transition support tooling described in the proposal
continues to work in the same way it did in Go 1.21.
* Language change: For loops may now range over integers
* Language change: go1.22 includes a preview of a language change
we are considering for a future version of Go:
range-over-function iterators. Building with
GOEXPERIMENT=rangefunc enables this feature.
* go command: Commands in workspaces can now use a vendor
directory containing the dependencies of the workspace. The
directory is created by go work vendor, and used by build
commands when the -mod flag is set to vendor, which is the
default when a workspace vendor directory is present. Note
that the vendor directory's contents for a workspace are
different from those of a single module: if the directory at
the root of a workspace also contains one of the modules in the
workspace, its vendor directory can contain the dependencies of
either the workspace or of the module, but not both.
* go get is no longer supported outside of a module in the legacy
GOPATH mode (that is, with GO111MODULE=off). Other build
commands, such as go build and go test, will continue to work
indefinitely for legacy GOPATH programs.
* go mod init no longer attempts to import module requirements
from configuration files for other vendoring tools (such as
Gopkg.lock).
* go test -cover now prints coverage summaries for covered
packages that do not have their own test files. Prior to Go
1.22 a go test -cover run for such a package would report: ?
mymod/mypack [no test files] and now with go1.22, functions in
the package are treated as uncovered: mymod/mypack coverage:
0.0% of statements Note that if a package contains no
executable code at all, we can't report a meaningful coverage
percentage; for such packages the go tool will continue to
report that there are no test files.
* trace: The trace tool's web UI has been gently refreshed as
part of the work to support the new tracer, resolving several
issues and improving the readability of various sub-pages. The
web UI now supports exploring traces in a thread-oriented
view. The trace viewer also now displays the full duration of
all system calls. These improvements only apply for viewing
traces produced by programs built with go1.22 or newer. A
future release will bring some of these improvements to traces
produced by older version of Go.
* vet: References to loop variables The behavior of the vet tool
has changed to match the new semantics (see above) of loop
variables in go1.22. When analyzing a file that requires go1.22
or newer (due to its go.mod file or a per-file build
constraint), vetcode> no longer reports references to loop
variables from within a function literal that might outlive the
iteration of the loop. In Go 1.22, loop variables are created
anew for each iteration, so such references are no longer at
risk of using a variable after it has been updated by the loop.
* vet: New warnings for missing values after append The vet tool
now reports calls to append that pass no values to be appended
to the slice, such as slice = append(slice). Such a statement
has no effect, and experience has shown that is nearly always a
mistake.
* vet: New warnings for deferring time.Since The vet tool now
reports a non-deferred call to time.Since(t) within a defer
statement. This is equivalent to calling time.Now().Sub(t)
before the defer statement, not when the deferred function is
called. In nearly all cases, the correct code requires
deferring the time.Since call.
* vet: New warnings for mismatched key-value pairs in log/slog
calls The vet tool now reports invalid arguments in calls to
functions and methods in the structured logging package,
log/slog, that accept alternating key/value pairs. It reports
calls where an argument in a key position is neither a string
nor a slog.Attr, and where a final key is missing its value.
* runtime: The runtime now keeps type-based garbage collection
metadata nearer to each heap object, improving the CPU
performance (latency or throughput) of Go programs by
1-3%. This change also reduces the memory overhead of the
majority Go programs by approximately 1% by deduplicating
redundant metadata. Some programs may see a smaller improvement
because this change adjusts the size class boundaries of the
memory allocator, so some objects may be moved up a size class.
A consequence of this change is that some objects' addresses
that were previously always aligned to a 16 byte (or higher)
boundary will now only be aligned to an 8 byte boundary. Some
programs that use assembly instructions that require memory
addresses to be more than 8-byte aligned and rely on the memory
allocator's previous alignment behavior may break, but we
expect such programs to be rare. Such programs may be built
with GOEXPERIMENT=noallocheaders to revert to the old metadata
layout and restore the previous alignment behavior, but package
owners should update their assembly code to avoid the alignment
assumption, as this workaround will be removed in a future
release.
* runtime: On the windows/amd64 port, programs linking or loading
Go libraries built with -buildmode=c-archive or
-buildmode=c-shared can now use the SetUnhandledExceptionFilter
Win32 function to catch exceptions not handled by the Go
runtime. Note that this was already supported on the
windows/386 port.
* compiler: Profile-guided Optimization (PGO) builds can now
devirtualize a higher proportion of calls than previously
possible. Most programs from a representative set of Go
programs now see between 2 and 14% improvement from enabling
PGO.
* compiler: The compiler now interleaves devirtualization and
inlining, so interface method calls are better optimized.
* compiler: go1.22 also includes a preview of an enhanced
implementation of the compiler's inlining phase that uses
heuristics to boost inlinability at call sites deemed
'important' (for example, in loops) and discourage inlining at
call sites deemed 'unimportant' (for example, on panic
paths). Building with GOEXPERIMENT=newinliner enables the new
call-site heuristics; see issue #61502 for more info and to
provide feedback.
* linker: The linker's -s and -w flags are now behave more
consistently across all platforms. The -w flag suppresses DWARF
debug information generation. The -s flag suppresses symbol
table generation. The -s flag also implies the -w flag, which
can be negated with -w=0. That is, -s -w=0 will generate a
binary with DWARF debug information generation but without the
symbol table.
* linker: On ELF platforms, the -B linker flag now accepts a
special form: with -B gobuildid, the linker will generate a GNU
build ID (the ELF NT_GNU_BUILD_ID note) derived from the Go
build ID.
* linker: On Windows, when building with -linkmode=internal, the
linker now preserves SEH information from C object files by
copying the .pdata and .xdata sections into the final
binary. This helps with debugging and profiling binaries using
native tools, such as WinDbg. Note that until now, C functions'
SEH exception handlers were not being honored, so this change
may cause some programs to behave differently.
-linkmode=external is not affected by this change, as external
linkers already preserve SEH information.
* bootstrap: As mentioned in the Go 1.20 release notes, go1.22
now requires the final point release of Go 1.20 or later for
bootstrap. We expect that Go 1.24 will require the final point
release of go1.22 or later for bootstrap.
* core library: New math/rand/v2 package: go1.22 includes the
first ???v2??? package in the standard library, math/rand/v2. The
changes compared to math/rand are detailed in proposal
go#61716. The most important changes are:
- The Read method, deprecated in math/rand, was not carried
forward for math/rand/v2. (It remains available in
math/rand.) The vast majority of calls to Read should use
crypto/rand???s Read instead. Otherwise a custom Read can be
constructed using the Uint64 method.
- The global generator accessed by top-level functions is
unconditionally randomly seeded. Because the API guarantees
no fixed sequence of results, optimizations like per-thread
random generator states are now possible.
- The Source interface now has a single Uint64 method; there is
no Source64 interface.
- Many methods now use faster algorithms that were not possible
to adopt in math/rand because they changed the output
streams.
- The Intn, Int31, Int31n, Int63, and Int64n top-level
functions and methods from math/rand are spelled more
idiomatically in math/rand/v2: IntN, Int32, Int32N, Int64,
and Int64N. There are also new top-level functions and
methods Uint32, Uint32N, Uint64, Uint64N, Uint, and UintN.
- The new generic function N is like Int64N or Uint64N but
works for any integer type. For example a random duration
from 0 up to 5 minutes is rand.N(5*time.Minute).
- The Mitchell & Reeds LFSR generator provided by math/rand???s
Source has been replaced by two more modern pseudo-random
generator sources: ChaCha8 PCG. ChaCha8 is a new,
cryptographically strong random number generator roughly
similar to PCG in efficiency. ChaCha8 is the algorithm used
for the top-level functions in math/rand/v2. As of go1.22,
math/rand's top-level functions (when not explicitly seeded)
and the Go runtime also use ChaCha8 for randomness.
- We plan to include an API migration tool in a future release,
likely Go 1.23.
* core library: New go/version package: The new go/version
package implements functions for validating and comparing Go
version strings.
* core library: Enhanced routing patterns: HTTP routing in the
standard library is now more expressive. The patterns used by
net/http.ServeMux have been enhanced to accept methods and
wildcards. This change breaks backwards compatibility in small
ways, some obvious???patterns with '{' and '}' behave
differently??? and some less so???treatment of escaped paths has
been improved. The change is controlled by a GODEBUG field
named httpmuxgo121. Set httpmuxgo121=1 to restore the old
behavior.
* Minor changes to the library As always, there are various minor
changes and updates to the library, made with the Go 1 promise
of compatibility in mind. There are also various performance
improvements, not enumerated here.
* archive/tar: The new method Writer.AddFS adds all of the files
from an fs.FS to the archive.
* archive/zip: The new method Writer.AddFS adds all of the files
from an fs.FS to the archive.
* bufio: When a SplitFunc returns ErrFinalToken with a nil token,
Scanner will now stop immediately. Previously, it would report
a final empty token before stopping, which was usually not
desired. Callers that do want to report a final empty token can
do so by returning []byte{} rather than nil.
* cmp: The new function Or returns the first in a sequence of
values that is not the zero value.
* crypto/tls: ConnectionState.ExportKeyingMaterial will now
return an error unless TLS 1.3 is in use, or the
extended_master_secret extension is supported by both the
server and client. crypto/tls has supported this extension
since Go 1.20. This can be disabled with the tlsunsafeekm=1
GODEBUG setting.
* crypto/tls: By default, the minimum version offered by
crypto/tls servers is now TLS 1.2 if not specified with
config.MinimumVersion, matching the behavior of crypto/tls
clients. This change can be reverted with the tls10server=1
GODEBUG setting.
* crypto/tls: By default, cipher suites without ECDHE support are
no longer offered by either clients or servers during pre-TLS
1.3 handshakes. This change can be reverted with the
tlsrsakex=1 GODEBUG setting.
* crypto/x509: The new CertPool.AddCertWithConstraint method can
be used to add customized constraints to root certificates to
be applied during chain building.
* crypto/x509: On Android, root certificates will now be loaded
from /data/misc/keychain/certs-added as well as
/system/etc/security/cacerts.
* crypto/x509: A new type, OID, supports ASN.1 Object Identifiers
with individual components larger than 31 bits. A new field
which uses this type, Policies, is added to the Certificate
struct, and is now populated during parsing. Any OIDs which
cannot be represented using a asn1.ObjectIdentifier will appear
in Policies, but not in the old PolicyIdentifiers field. When
calling CreateCertificate, the Policies field is ignored, and
policies are taken from the PolicyIdentifiers field. Using the
x509usepolicies=1 GODEBUG setting inverts this, populating
certificate policies from the Policies field, and ignoring the
PolicyIdentifiers field. We may change the default value of
x509usepolicies in Go 1.23, making Policies the default field
for marshaling.
* database/sql: The new Null[T] type provide a way to scan
nullable columns for any column types.
* debug/elf: Constant R_MIPS_PC32 is defined for use with MIPS64
systems. Additional R_LARCH_* constants are defined for use
with LoongArch systems.
* encoding: The new methods AppendEncode and AppendDecode added
to each of the Encoding types in the packages encoding/base32,
encoding/base64, and encoding/hex simplify encoding and
decoding from and to byte slices by taking care of byte slice
buffer management.
* encoding: The methods base32.Encoding.WithPadding and
base64.Encoding.WithPadding now panic if the padding argument
is a negative value other than NoPadding.
* encoding/json: Marshaling and encoding functionality now
escapes '\b' and '\f' characters as \b and \f instead of \u0008
and \u000c.
* go/ast: The following declarations related to syntactic
identifier resolution are now deprecated: Ident.Obj, Object,
Scope, File.Scope, File.Unresolved, Importer, Package,
NewPackage. In general, identifiers cannot be accurately
resolved without type information. Consider, for example, the
identifier K in T{K: ''}: it could be the name of a local
variable if T is a map type, or the name of a field if T is a
struct type. New programs should use the go/types package to
resolve identifiers; see Object, Info.Uses, and Info.Defs for
details.
* go/ast: The new ast.Unparen function removes any enclosing
parentheses from an expression.
* go/types: The new Alias type represents type
aliases. Previously, type aliases were not represented
explicitly, so a reference to a type alias was equivalent to
spelling out the aliased type, and the name of the alias was
lost. The new representation retains the intermediate
Alias. This enables improved error reporting (the name of a
type alias can be reported), and allows for better handling of
cyclic type declarations involving type aliases. In a future
release, Alias types will also carry type parameter
information. The new function Unalias returns the actual type
denoted by an Alias type (or any other Type for that matter).
* go/types: Because Alias types may break existing type switches
that do not know to check for them, this functionality is
controlled by a GODEBUG field named gotypesalias. With
gotypesalias=0, everything behaves as before, and Alias types
are never created. With gotypesalias=1, Alias types are created
and clients must expect them. The default is gotypesalias=0. In
a future release, the default will be changed to
gotypesalias=1. Clients of go/types are urged to adjust their
code as soon as possible to work with gotypesalias=1 to
eliminate problems early.
* go/types: The Info struct now exports the FileVersions map
which provides per-file Go version information.
* go/types: The new helper method PkgNameOf returns the local
package name for the given import declaration.
* go/types: The implementation of SizesFor has been adjusted to
compute the same type sizes as the compiler when the compiler
argument for SizesFor is 'gc'. The default Sizes implementation
used by the type checker is now types.SizesFor('gc', 'amd64').
* go/types: The start position (Pos) of the lexical environment
block (Scope) that represents a function body has changed: it
used to start at the opening curly brace of the function body,
but now starts at the function's func token.
* html/template: Javascript template literals may now contain Go
template actions, and parsing a template containing one will no
longer return ErrJSTemplate. Similarly the GODEBUG setting
jstmpllitinterp no longer has any effect.
* io: The new SectionReader.Outer method returns the ReaderAt,
offset, and size passed to NewSectionReader.
* log/slog: The new SetLogLoggerLevel function controls the level
for the bridge between the `slog` and `log` packages. It sets
the minimum level for calls to the top-level `slog` logging
functions, and it sets the level for calls to `log.Logger` that
go through `slog`.
* math/big: The new method Rat.FloatPrec computes the number of
fractional decimal digits required to represent a rational
number accurately as a floating-point number, and whether
accurate decimal representation is possible in the first place.
* net: When io.Copy copies from a TCPConn to a UnixConn, it will
now use Linux's splice(2) system call if possible, using the
new method TCPConn.WriteTo.
* net: The Go DNS Resolver, used when building with
'-tags=netgo', now searches for a matching name in the Windows
hosts file, located at %SystemRoot%\System32\drivers\etc\hosts,
before making a DNS query.
* net/http: The new functions ServeFileFS, FileServerFS, and
NewFileTransportFS are versions of the existing ServeFile,
FileServer, and NewFileTransport, operating on an fs.FS.
* net/http: The HTTP server and client now reject requests and
responses containing an invalid empty Content-Length
header. The previous behavior may be restored by setting
GODEBUG field httplaxcontentlength=1.
* net/http: The new method Request.PathValue returns path
wildcard values from a request and the new method
Request.SetPathValue sets path wildcard values on a request.
* net/http/cgi: When executing a CGI process, the PATH_INFO
variable is now always set to the empty string or a value
starting with a / character, as required by RFC 3875. It was
previously possible for some combinations of Handler.Root and
request URL to violate this requirement.
* net/netip: The new AddrPort.Compare method compares two
AddrPorts.
* os: On Windows, the Stat function now follows all reparse
points that link to another named entity in the system. It was
previously only following IO_REPARSE_TAG_SYMLINK and
IO_REPARSE_TAG_MOUNT_POINT reparse points.
* os: On Windows, passing O_SYNC to OpenFile now causes write
operations to go directly to disk, equivalent to O_SYNC on Unix
platforms.
* os: On Windows, the ReadDir, File.ReadDir, File.Readdir, and
File.Readdirnames functions now read directory entries in
batches to reduce the number of system calls, improving
performance up to 30%.
* os: When io.Copy copies from a File to a net.UnixConn, it will
now use Linux's sendfile(2) system call if possible, using the
new method File.WriteTo.
* os/exec: On Windows, LookPath now ignores empty entries
in %PATH%, and returns ErrNotFound (instead of ErrNotExist)
if no executable file extension is found to resolve an
otherwise-unambiguous name.
* os/exec: On Windows, Command and Cmd.Start no longer call
LookPath if the path to the executable is already absolute and
has an executable file extension. In addition, Cmd.Start no
longer writes the resolved extension back to the Path field, so
it is now safe to call the String method concurrently with a
call to Start.
* reflect: The Value.IsZero method will now return true for a
floating-point or complex negative zero, and will return true
for a struct value if a blank field (a field named _) somehow
has a non-zero value. These changes make IsZero consistent with
comparing a value to zero using the language == operator.
* reflect: The PtrTo function is deprecated, in favor of
PointerTo.
* reflect: The new function TypeFor returns the Type that
represents the type argument T. Previously, to get the
reflect.Type value for a type, one had to use
reflect.TypeOf((*T)(nil)).Elem(). This may now be written as
reflect.TypeFor[T]().
* runtime/metrics: Four new histogram metrics
/sched/pauses/stopping/gc:seconds,
/sched/pauses/stopping/other:seconds,
/sched/pauses/total/gc:seconds, and
/sched/pauses/total/other:seconds provide additional details
about stop-the-world pauses. The 'stopping' metrics report the
time taken from deciding to stop the world until all goroutines
are stopped. The 'total' metrics report the time taken from
deciding to stop the world until it is started again.
* runtime/metrics: The /gc/pauses:seconds metric is deprecated,
as it is equivalent to the new /sched/pauses/total/gc:seconds
metric.
* runtime/metrics: /sync/mutex/wait/total:seconds now includes
contention on runtime-internal locks in addition to sync.Mutex
and sync.RWMutex.
* runtime/pprof: Mutex profiles now scale contention by the
number of goroutines blocked on the mutex. This provides a more
accurate representation of the degree to which a mutex is a
bottleneck in a Go program. For instance, if 100 goroutines are
blocked on a mutex for 10 milliseconds, a mutex profile will
now record 1 second of delay instead of 10 milliseconds of
delay.
* runtime/pprof: Mutex profiles also now include contention on
runtime-internal locks in addition to sync.Mutex and
sync.RWMutex. Contention on runtime-internal locks is always
reported at runtime._LostContendedRuntimeLock. A future release
will add complete stack traces in these cases.
* runtime/pprof: CPU profiles on Darwin platforms now contain the
process's memory map, enabling the disassembly view in the
pprof tool.
* runtime/trace: The execution tracer has been completely
overhauled in this release, resolving several long-standing
issues and paving the way for new use-cases for execution
traces.
* runtime/trace: Execution traces now use the operating system's
clock on most platforms (Windows excluded) so it is possible to
correlate them with traces produced by lower-level
components. Execution traces no longer depend on the
reliability of the platform's clock to produce a correct
trace. Execution traces are now partitioned regularly
on-the-fly and as a result may be processed in a streamable
way. Execution traces now contain complete durations for all
system calls. Execution traces now contain information about
the operating system threads that goroutines executed on. The
latency impact of starting and stopping execution traces has
been dramatically reduced. Execution traces may now begin or
end during the garbage collection mark phase.
* runtime/trace: To allow Go developers to take advantage of
these improvements, an experimental trace reading package is
available at golang.org/x/exp/trace. Note that this package
only works on traces produced by programs built with go1.22 at
the moment. Please try out the package and provide feedback on
the corresponding proposal issue.
* runtime/trace: If you experience any issues with the new
execution tracer implementation, you may switch back to the old
implementation by building your Go program with
GOEXPERIMENT=noexectracer2. If you do, please file an issue,
otherwise this option will be removed in a future release.
* slices: The new function Concat concatenates multiple slices.
* slices: Functions that shrink the size of a slice (Delete,
DeleteFunc, Compact, CompactFunc, and Replace) now zero the
elements between the new length and the old length.
* slices: Insert now always panics if the argument i is out of
range. Previously it did not panic in this situation if there
were no elements to be inserted.
* syscall: The syscall package has been frozen since Go 1.4 and
was marked as deprecated in Go 1.11, causing many editors to
warn about any use of the package. However, some non-deprecated
functionality requires use of the syscall package, such as the
os/exec.Cmd.SysProcAttr field. To avoid unnecessary complaints
on such code, the syscall package is no longer marked as
deprecated. The package remains frozen to most new
functionality, and new code remains encouraged to use
golang.org/x/sys/unix or golang.org/x/sys/windows where
possible.
* syscall: On Linux, the new SysProcAttr.PidFD field allows
obtaining a PID FD when starting a child process via
StartProcess or os/exec.
* syscall: On Windows, passing O_SYNC to Open now causes write
operations to go directly to disk, equivalent to O_SYNC on Unix
platforms.
* testing/slogtest: The new Run function uses sub-tests to run
test cases, providing finer-grained control.
* Ports: Darwin: On macOS on 64-bit x86 architecture (the
darwin/amd64 port), the Go toolchain now generates
position-independent executables (PIE) by default. Non-PIE
binaries can be generated by specifying the -buildmode=exe
build flag. On 64-bit ARM-based macOS (the darwin/arm64 port),
the Go toolchain already generates PIE by default. go1.22 is
the last release that will run on macOS 10.15 Catalina. Go 1.23
will require macOS 11 Big Sur or later.
* Ports: Arm: The GOARM environment variable now allows you to
select whether to use software or hardware floating
point. Previously, valid GOARM values were 5, 6, or 7. Now
those same values can be optionally followed by ,softfloat or
,hardfloat to select the floating-point implementation. This
new option defaults to softfloat for version 5 and hardfloat
for versions 6 and 7.
* Ports: Loong64: The loong64 port now supports passing function
arguments and results using registers. The linux/loong64 port
now supports the address sanitizer, memory sanitizer, new-style
linker relocations, and the plugin build mode.
* OpenBSD go1.22 adds an experimental port to OpenBSD on
big-endian 64-bit PowerPC (openbsd/ppc64).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3943-1
Released: Thu Nov 7 11:12:00 2024
Summary: Security update for openssl-3
Type: security
Severity: moderate
References: 1220262,CVE-2023-50782
This update for openssl-3 fixes the following issues:
- CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4035-1
Released: Mon Nov 18 16:22:57 2024
Summary: Security update for expat
Type: security
Severity: moderate
References: 1232579,CVE-2024-50602
This update for expat fixes the following issues:
- CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4045-1
Released: Mon Nov 25 08:33:05 2024
Summary: Recommended update for patterns-base
Type: recommended
Severity: moderate
References:
This update for patterns-base fixes the following issue:
- Updated patterns-base, removing plymouth recommendation on s390x archs.
Our certification team run into an issue (jsc#PED-10532), when they
run bare metal installation with fully encrypted disk.
If the whole disk is crypted, the prompt for the password is sent to
plymouth, which is obviously showing nothing because for booting bare
metal (LPAR) is used terminal in HMC.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4066-1
Released: Tue Nov 26 11:11:21 2024
Summary: Recommended update for lifecycle-data-sle-module-development-tools
Type: recommended
Severity: moderate
References:
This update for lifecycle-data-sle-module-development-tools fixes the following issues:
- mark past EOL dates for go1.20, go1.21, as now we have go1.22 and go1.23
- mark EOL date for gcc13 (2025-04-30).
- added missing EOLs for rust 1.xx (release date of N+2 , +7 days )
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4104-1
Released: Thu Nov 28 16:06:00 2024
Summary: Recommended update for lifecycle-data-sle-module-development-tools
Type: recommended
Severity: moderate
References:
This update for lifecycle-data-sle-module-development-tools fixes the following issues:
- fixed cpp13 lifecycle entry with incorrect year
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4224-1
Released: Fri Dec 6 10:24:50 2024
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1233699
This update for glibc fixes the following issue:
- Remove nss-systemd from default nsswitch.conf (bsc#1233699).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released: Wed Dec 11 09:31:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4308-1
Released: Fri Dec 13 08:45:59 2024
Summary: Recommended update for go1.22-openssl
Type: recommended
Severity: moderate
References: 1233306
This update for go1.22-openssl fixes the following issues:
- Write three digit version to file VERSION which sets go env
GOVERSION. Fixes bsc#1233306.
* Go toolchain file VERSION sets the immutable value for
go env GOVERSION
* go1.x-openssl toolchains have used a bespoke fourth digit to
represent the upstream patch set release number,
e.g. go1.22.9-1-openssl-fips. This digit has not been needed.
* Some Go applications including helm break when this fourth
digit is present in VERSION, with error:
go.mod requires go >= 1.22.0 (running go 1.22; GOTOOLCHAIN=local)
* Keep the fourth digit in the packaging for now, it will be
dropped in the next toolchain version update.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4337-1
Released: Tue Dec 17 08:17:39 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1231048,1232844
This update for systemd fixes the following issues:
- udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4415-1
Released: Mon Dec 23 20:45:48 2024
Summary: Recommended update for binutils
Type: recommended
Severity: moderate
References: 1233520
This update for binutils fixes the following issues:
Update to current 2.43.1 branch [PED-10254, PED-10306]:
* s390 - Add arch15 instructions
* various fixes from upstream: PR32153, PR32171, PR32189,
PR32196, PR32191, PR32109, PR32372, PR32387
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:45-1
Released: Thu Jan 9 16:05:11 2025
Summary: Recommended update for go1.22-openssl
Type: recommended
Severity: moderate
References: 1233306
This update for go1.22-openssl fixes the following issues:
- Write three digit version to file VERSION which sets go env
GOVERSION. Fixes bsc#1233306.
* Go toolchain file VERSION sets the immutable value for
go env GOVERSION
* go1.x-openssl toolchains have used a bespoke fourth digit to
represent the upstream patch set release number,
e.g. go1.22.9-1-openssl-fips. This digit has not been needed.
* Some Go applications including helm break when this fourth
digit is present in VERSION, with error:
go.mod requires go >= 1.22.0 (running go 1.22; GOTOOLCHAIN=local)
* Keep the fourth digit in the packaging for now, it will be
dropped in the next toolchain version update.
The following package changes have been done:
- glibc-2.38-150600.14.17.2 updated
- libopenssl3-3.1.4-150600.5.21.1 updated
- libopenssl-3-fips-provider-3.1.4-150600.5.21.1 updated
- patterns-base-fips-20200124-150600.32.3.2 updated
- libcurl4-8.6.0-150600.4.15.1 updated
- curl-8.6.0-150600.4.15.1 updated
- openssl-3-3.1.4-150600.5.21.1 updated
- go1.22-openssl-doc-1.22.9.1-150600.13.8.1 added
- libctf-nobfd0-2.43-150100.7.52.1 updated
- libexpat1-2.4.4-150400.3.25.1 updated
- lifecycle-data-sle-module-development-tools-1-150200.3.33.1 updated
- libsystemd0-254.21-150600.4.21.1 updated
- libctf0-2.43-150100.7.52.1 updated
- binutils-2.43-150100.7.52.1 updated
- glibc-devel-2.38-150600.14.17.2 updated
- libopenssl-3-devel-3.1.4-150600.5.21.1 updated
- go1.22-openssl-1.22.9.1-150600.13.8.1 added
- go1.22-openssl-race-1.22.9.1-150600.13.8.1 added
- container:registry.suse.com-bci-bci-base-15.6-5eec4a1777d05deeeb4e305812d7686e5db266f4813fb015d59ac5c4524afd6e-0 updated
- go1.20-openssl-1.20.12.1-150000.1.17.1 removed
- go1.20-openssl-doc-1.20.12.1-150000.1.17.1 removed
- go1.20-openssl-race-1.20.12.1-150000.1.17.1 removed
From sle-container-updates at lists.suse.com Fri Jan 24 08:02:13 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 24 Jan 2025 09:02:13 +0100 (CET)
Subject: SUSE-IU-2025:340-1: Security update of
suse-sles-15-sp6-chost-byos-v20250122-x86_64-gen2
Message-ID: <20250124080213.19F5EFBA0@maintenance.suse.de>
SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20250122-x86_64-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:340-1
Image Tags : suse-sles-15-sp6-chost-byos-v20250122-x86_64-gen2:20250122
Image Release :
Severity : important
Type : security
References : 1012628 1027519 1052837 1065729 1082555 1082756 1133306 1187941
1189451 1192020 1194869 1203617 1214954 1215199 1216813 1217070
1217845 1218562 1218644 1219596 1219736 1219803 1220338 1220355
1220382 1220773 1221309 1222423 1222587 1222590 1223112 1223384
1223656 1223700 1223733 1223824 1223848 1224088 1224095 1224429
1224518 1224548 1224574 1224726 1224948 1225611 1225713 1225725
1225730 1225742 1225743 1225758 1225764 1225768 1225813 1225820
1225903 1226003 1226130 1226498 1226623 1226631 1226748 1226797
1226848 1226872 1227445 1227726 1227842 1228119 1228244 1228269
1228324 1228410 1228430 1228454 1228526 1228537 1228553 1228620
1228743 1228747 1228850 1228857 1229019 1229165 1229238 1229429
1229450 1229585 1229677 1229769 1229806 1229808 1229809 1229891
1230055 1230132 1230179 1230205 1230220 1230231 1230289 1230294
1230295 1230331 1230333 1230339 1230341 1230375 1230413 1230414
1230429 1230456 1230501 1230527 1230550 1230557 1230558 1230600
1230620 1230697 1230710 1230733 1230762 1230763 1230773 1230774
1230801 1230807 1230817 1230827 1230831 1230914 1230918 1230971
1231016 1231035 1231048 1231072 1231073 1231075 1231076 1231081
1231082 1231083 1231084 1231085 1231087 1231089 1231092 1231093
1231094 1231096 1231098 1231100 1231101 1231102 1231105 1231108
1231111 1231114 1231115 1231116 1231117 1231131 1231132 1231135
1231136 1231138 1231148 1231169 1231170 1231171 1231178 1231179
1231182 1231183 1231187 1231191 1231193 1231195 1231197 1231200
1231202 1231203 1231276 1231293 1231348 1231373 1231384 1231434
1231435 1231436 1231439 1231440 1231441 1231442 1231452 1231453
1231465 1231474 1231481 1231496 1231502 1231537 1231539 1231540
1231541 1231604 1231617 1231630 1231634 1231635 1231636 1231637
1231638 1231639 1231640 1231673 1231828 1231849 1231854 1231855
1231856 1231857 1231858 1231859 1231860 1231861 1231864 1231865
1231868 1231869 1231871 1231872 1231901 1231902 1231903 1231904
1231906 1231907 1231908 1231909 1231914 1231916 1231920 1231924
1231926 1231930 1231931 1231935 1231942 1231944 1231946 1231947
1231950 1231951 1231952 1231953 1231954 1231955 1231956 1231957
1231963 1231965 1231967 1231968 1231987 1231988 1231989 1231990
1231998 1232000 1232003 1232009 1232013 1232015 1232016 1232017
1232018 1232024 1232024 1232033 1232034 1232036 1232043 1232047
1232048 1232049 1232050 1232056 1232075 1232076 1232079 1232080
1232083 1232084 1232085 1232089 1232090 1232093 1232094 1232096
1232097 1232098 1232103 1232104 1232105 1232109 1232111 1232114
1232116 1232117 1232124 1232126 1232127 1232129 1232130 1232131
1232132 1232134 1232135 1232140 1232141 1232142 1232145 1232147
1232148 1232149 1232151 1232152 1232154 1232155 1232156 1232157
1232159 1232160 1232162 1232164 1232165 1232166 1232174 1232180
1232182 1232183 1232185 1232187 1232189 1232192 1232193 1232195
1232196 1232198 1232198 1232199 1232200 1232201 1232201 1232207
1232208 1232217 1232218 1232220 1232221 1232222 1232224 1232227
1232232 1232250 1232251 1232253 1232254 1232255 1232256 1232258
1232259 1232260 1232262 1232263 1232264 1232272 1232275 1232279
1232282 1232285 1232287 1232295 1232305 1232307 1232309 1232310
1232312 1232313 1232314 1232315 1232316 1232317 1232318 1232329
1232332 1232333 1232334 1232335 1232337 1232339 1232340 1232342
1232345 1232349 1232352 1232354 1232355 1232357 1232358 1232359
1232361 1232362 1232366 1232367 1232368 1232369 1232370 1232371
1232374 1232378 1232381 1232383 1232385 1232386 1232387 1232392
1232394 1232395 1232396 1232413 1232416 1232417 1232418 1232418
1232419 1232420 1232421 1232424 1232427 1232432 1232435 1232436
1232436 1232442 1232446 1232483 1232494 1232498 1232499 1232500
1232501 1232502 1232503 1232504 1232505 1232506 1232507 1232511
1232519 1232520 1232529 1232552 1232573 1232623 1232626 1232627
1232628 1232629 1232704 1232757 1232768 1232819 1232823 1232844
1232860 1232869 1232870 1232873 1232876 1232877 1232878 1232880
1232881 1232884 1232885 1232887 1232888 1232890 1232892 1232894
1232896 1232897 1232905 1232907 1232914 1232919 1232925 1232926
1232928 1232935 1232999 1233029 1233032 1233035 1233036 1233038
1233041 1233044 1233049 1233050 1233051 1233056 1233057 1233061
1233062 1233063 1233065 1233067 1233070 1233070 1233073 1233074
1233088 1233091 1233092 1233096 1233097 1233100 1233103 1233104
1233105 1233106 1233107 1233108 1233110 1233111 1233113 1233114
1233115 1233117 1233119 1233123 1233125 1233127 1233129 1233130
1233132 1233135 1233176 1233179 1233185 1233188 1233189 1233191
1233193 1233197 1233200 1233201 1233203 1233204 1233205 1233206
1233207 1233208 1233209 1233210 1233211 1233212 1233216 1233217
1233219 1233226 1233238 1233239 1233241 1233244 1233253 1233255
1233259 1233260 1233293 1233298 1233305 1233320 1233324 1233328
1233350 1233443 1233452 1233453 1233454 1233456 1233457 1233458
1233460 1233461 1233462 1233463 1233464 1233465 1233467 1233468
1233468 1233469 1233471 1233476 1233478 1233479 1233481 1233484
1233485 1233487 1233490 1233491 1233523 1233524 1233540 1233546
1233547 1233548 1233550 1233552 1233553 1233554 1233555 1233557
1233558 1233560 1233561 1233564 1233566 1233567 1233568 1233570
1233572 1233573 1233577 1233580 1233637 1233640 1233641 1233642
1233642 1233721 1233754 1233756 1233769 1233771 1233772 1233819
1233837 1233977 1234009 1234011 1234012 1234015 1234024 1234025
1234039 1234040 1234041 1234042 1234043 1234044 1234045 1234046
1234069 1234071 1234072 1234073 1234075 1234076 1234077 1234078
1234079 1234081 1234083 1234085 1234086 1234087 1234093 1234098
1234108 1234121 1234139 1234140 1234141 1234142 1234143 1234144
1234145 1234146 1234147 1234148 1234149 1234150 1234153 1234155
1234156 1234158 1234159 1234160 1234161 1234162 1234163 1234164
1234165 1234166 1234167 1234168 1234169 1234170 1234171 1234172
1234173 1234174 1234175 1234176 1234177 1234178 1234179 1234180
1234181 1234182 1234183 1234184 1234185 1234186 1234187 1234188
1234189 1234190 1234191 1234192 1234193 1234194 1234195 1234196
1234197 1234198 1234199 1234200 1234201 1234203 1234204 1234205
1234207 1234208 1234209 1234214 1234219 1234220 1234221 1234223
1234237 1234238 1234239 1234240 1234241 1234242 1234243 1234245
1234278 1234279 1234280 1234281 1234282 1234282 1234294 1234333
1234338 1234357 1234381 1234454 1234464 1234605 1234651 1234652
1234654 1234655 1234657 1234658 1234659 1234665 1234668 1234690
1234708 1234725 1234726 1234749 1234809 1234810 1234811 1234826
1234827 1234829 1234832 1234834 1234843 1234845 1234846 1234848
1234853 1234855 1234856 1234884 1234889 1234891 1234899 1234900
1234905 1234907 1234909 1234911 1234912 1234916 1234918 1234920
1234921 1234922 1234929 1234930 1234937 1234940 1234948 1234950
1234952 1234960 1234962 1234963 1234968 1234969 1234970 1234971
1234973 1234974 1234989 1234999 1235002 1235003 1235004 1235007
1235009 1235016 1235019 1235033 1235045 1235056 1235061 1235075
1235097 1235108 1235128 1235134 1235138 1235151 1235246 1235406
1235409 1235416 1235507 1235550 CVE-2023-45142 CVE-2023-47108
CVE-2023-52766 CVE-2023-52778 CVE-2023-52800 CVE-2023-52881 CVE-2023-52917
CVE-2023-52918 CVE-2023-52919 CVE-2023-52920 CVE-2023-52921 CVE-2023-52922
CVE-2023-6270 CVE-2024-26596 CVE-2024-26703 CVE-2024-26741 CVE-2024-26758
CVE-2024-26761 CVE-2024-26767 CVE-2024-26782 CVE-2024-26864 CVE-2024-26924
CVE-2024-26943 CVE-2024-26953 CVE-2024-27017 CVE-2024-27026 CVE-2024-27043
CVE-2024-27397 CVE-2024-27407 CVE-2024-35839 CVE-2024-35888 CVE-2024-35980
CVE-2024-36000 CVE-2024-36031 CVE-2024-36244 CVE-2024-36484 CVE-2024-36883
CVE-2024-36886 CVE-2024-36905 CVE-2024-36908 CVE-2024-36915 CVE-2024-36920
CVE-2024-36927 CVE-2024-36954 CVE-2024-36968 CVE-2024-38576 CVE-2024-38577
CVE-2024-38589 CVE-2024-38599 CVE-2024-39480 CVE-2024-40914 CVE-2024-41016
CVE-2024-41023 CVE-2024-41031 CVE-2024-41042 CVE-2024-41047 CVE-2024-41082
CVE-2024-41110 CVE-2024-42102 CVE-2024-42145 CVE-2024-43374 CVE-2024-44932
CVE-2024-44934 CVE-2024-44958 CVE-2024-44964 CVE-2024-44995 CVE-2024-44996
CVE-2024-45016 CVE-2024-45025 CVE-2024-46678 CVE-2024-46680 CVE-2024-46681
CVE-2024-46721 CVE-2024-46754 CVE-2024-46765 CVE-2024-46766 CVE-2024-46770
CVE-2024-46775 CVE-2024-46777 CVE-2024-46788 CVE-2024-46797 CVE-2024-46800
CVE-2024-46802 CVE-2024-46803 CVE-2024-46804 CVE-2024-46805 CVE-2024-46806
CVE-2024-46807 CVE-2024-46809 CVE-2024-46810 CVE-2024-46811 CVE-2024-46812
CVE-2024-46813 CVE-2024-46814 CVE-2024-46815 CVE-2024-46816 CVE-2024-46817
CVE-2024-46818 CVE-2024-46819 CVE-2024-46821 CVE-2024-46825 CVE-2024-46826
CVE-2024-46827 CVE-2024-46828 CVE-2024-46830 CVE-2024-46831 CVE-2024-46834
CVE-2024-46835 CVE-2024-46836 CVE-2024-46840 CVE-2024-46841 CVE-2024-46842
CVE-2024-46843 CVE-2024-46845 CVE-2024-46846 CVE-2024-46848 CVE-2024-46849
CVE-2024-46851 CVE-2024-46852 CVE-2024-46853 CVE-2024-46854 CVE-2024-46855
CVE-2024-46857 CVE-2024-46859 CVE-2024-46860 CVE-2024-46861 CVE-2024-46864
CVE-2024-46870 CVE-2024-46871 CVE-2024-47658 CVE-2024-47660 CVE-2024-47661
CVE-2024-47662 CVE-2024-47663 CVE-2024-47664 CVE-2024-47665 CVE-2024-47666
CVE-2024-47667 CVE-2024-47668 CVE-2024-47669 CVE-2024-47670 CVE-2024-47671
CVE-2024-47672 CVE-2024-47673 CVE-2024-47674 CVE-2024-47675 CVE-2024-47678
CVE-2024-47679 CVE-2024-47681 CVE-2024-47682 CVE-2024-47684 CVE-2024-47685
CVE-2024-47686 CVE-2024-47687 CVE-2024-47688 CVE-2024-47692 CVE-2024-47693
CVE-2024-47695 CVE-2024-47696 CVE-2024-47697 CVE-2024-47698 CVE-2024-47699
CVE-2024-47701 CVE-2024-47702 CVE-2024-47703 CVE-2024-47704 CVE-2024-47705
CVE-2024-47706 CVE-2024-47707 CVE-2024-47709 CVE-2024-47710 CVE-2024-47712
CVE-2024-47713 CVE-2024-47714 CVE-2024-47715 CVE-2024-47718 CVE-2024-47719
CVE-2024-47720 CVE-2024-47723 CVE-2024-47727 CVE-2024-47728 CVE-2024-47730
CVE-2024-47731 CVE-2024-47732 CVE-2024-47735 CVE-2024-47737 CVE-2024-47738
CVE-2024-47739 CVE-2024-47741 CVE-2024-47742 CVE-2024-47743 CVE-2024-47744
CVE-2024-47745 CVE-2024-47747 CVE-2024-47748 CVE-2024-47749 CVE-2024-47750
CVE-2024-47751 CVE-2024-47752 CVE-2024-47753 CVE-2024-47754 CVE-2024-47756
CVE-2024-47757 CVE-2024-47814 CVE-2024-49850 CVE-2024-49851 CVE-2024-49852
CVE-2024-49853 CVE-2024-49854 CVE-2024-49855 CVE-2024-49858 CVE-2024-49860
CVE-2024-49861 CVE-2024-49862 CVE-2024-49863 CVE-2024-49864 CVE-2024-49866
CVE-2024-49867 CVE-2024-49868 CVE-2024-49870 CVE-2024-49871 CVE-2024-49874
CVE-2024-49875 CVE-2024-49877 CVE-2024-49878 CVE-2024-49879 CVE-2024-49881
CVE-2024-49882 CVE-2024-49883 CVE-2024-49884 CVE-2024-49884 CVE-2024-49886
CVE-2024-49888 CVE-2024-49890 CVE-2024-49891 CVE-2024-49892 CVE-2024-49894
CVE-2024-49895 CVE-2024-49896 CVE-2024-49897 CVE-2024-49898 CVE-2024-49899
CVE-2024-49900 CVE-2024-49901 CVE-2024-49902 CVE-2024-49903 CVE-2024-49905
CVE-2024-49906 CVE-2024-49907 CVE-2024-49908 CVE-2024-49909 CVE-2024-49911
CVE-2024-49912 CVE-2024-49913 CVE-2024-49914 CVE-2024-49915 CVE-2024-49917
CVE-2024-49918 CVE-2024-49919 CVE-2024-49920 CVE-2024-49921 CVE-2024-49922
CVE-2024-49923 CVE-2024-49925 CVE-2024-49928 CVE-2024-49929 CVE-2024-49930
CVE-2024-49931 CVE-2024-49933 CVE-2024-49934 CVE-2024-49935 CVE-2024-49936
CVE-2024-49937 CVE-2024-49938 CVE-2024-49939 CVE-2024-49944 CVE-2024-49945
CVE-2024-49946 CVE-2024-49947 CVE-2024-49949 CVE-2024-49950 CVE-2024-49952
CVE-2024-49953 CVE-2024-49954 CVE-2024-49955 CVE-2024-49957 CVE-2024-49958
CVE-2024-49959 CVE-2024-49960 CVE-2024-49961 CVE-2024-49962 CVE-2024-49963
CVE-2024-49965 CVE-2024-49966 CVE-2024-49967 CVE-2024-49968 CVE-2024-49969
CVE-2024-49972 CVE-2024-49973 CVE-2024-49974 CVE-2024-49975 CVE-2024-49976
CVE-2024-49981 CVE-2024-49982 CVE-2024-49983 CVE-2024-49985 CVE-2024-49986
CVE-2024-49987 CVE-2024-49989 CVE-2024-49991 CVE-2024-49993 CVE-2024-49995
CVE-2024-49996 CVE-2024-50000 CVE-2024-50001 CVE-2024-50002 CVE-2024-50003
CVE-2024-50004 CVE-2024-50006 CVE-2024-50007 CVE-2024-50008 CVE-2024-50009
CVE-2024-50012 CVE-2024-50013 CVE-2024-50014 CVE-2024-50015 CVE-2024-50016
CVE-2024-50017 CVE-2024-50018 CVE-2024-50019 CVE-2024-50020 CVE-2024-50021
CVE-2024-50022 CVE-2024-50023 CVE-2024-50024 CVE-2024-50025 CVE-2024-50026
CVE-2024-50027 CVE-2024-50028 CVE-2024-50031 CVE-2024-50033 CVE-2024-50035
CVE-2024-50039 CVE-2024-50040 CVE-2024-50041 CVE-2024-50042 CVE-2024-50044
CVE-2024-50045 CVE-2024-50046 CVE-2024-50047 CVE-2024-50047 CVE-2024-50048
CVE-2024-50049 CVE-2024-50055 CVE-2024-50058 CVE-2024-50059 CVE-2024-50060
CVE-2024-50061 CVE-2024-50062 CVE-2024-50063 CVE-2024-50064 CVE-2024-50067
CVE-2024-50069 CVE-2024-50073 CVE-2024-50074 CVE-2024-50075 CVE-2024-50076
CVE-2024-50077 CVE-2024-50078 CVE-2024-50080 CVE-2024-50081 CVE-2024-50082
CVE-2024-50084 CVE-2024-50087 CVE-2024-50088 CVE-2024-50089 CVE-2024-50093
CVE-2024-50095 CVE-2024-50096 CVE-2024-50098 CVE-2024-50099 CVE-2024-50100
CVE-2024-50101 CVE-2024-50102 CVE-2024-50103 CVE-2024-50108 CVE-2024-50110
CVE-2024-50115 CVE-2024-50116 CVE-2024-50117 CVE-2024-50121 CVE-2024-50124
CVE-2024-50125 CVE-2024-50127 CVE-2024-50128 CVE-2024-50130 CVE-2024-50131
CVE-2024-50134 CVE-2024-50135 CVE-2024-50136 CVE-2024-50138 CVE-2024-50139
CVE-2024-50141 CVE-2024-50143 CVE-2024-50145 CVE-2024-50146 CVE-2024-50147
CVE-2024-50148 CVE-2024-50150 CVE-2024-50153 CVE-2024-50154 CVE-2024-50154
CVE-2024-50155 CVE-2024-50156 CVE-2024-50157 CVE-2024-50158 CVE-2024-50159
CVE-2024-50160 CVE-2024-50166 CVE-2024-50167 CVE-2024-50169 CVE-2024-50171
CVE-2024-50172 CVE-2024-50175 CVE-2024-50176 CVE-2024-50177 CVE-2024-50179
CVE-2024-50180 CVE-2024-50181 CVE-2024-50182 CVE-2024-50183 CVE-2024-50184
CVE-2024-50186 CVE-2024-50187 CVE-2024-50188 CVE-2024-50189 CVE-2024-50192
CVE-2024-50194 CVE-2024-50195 CVE-2024-50196 CVE-2024-50198 CVE-2024-50200
CVE-2024-50201 CVE-2024-50202 CVE-2024-50203 CVE-2024-50205 CVE-2024-50208
CVE-2024-50209 CVE-2024-50210 CVE-2024-50211 CVE-2024-50215 CVE-2024-50216
CVE-2024-50218 CVE-2024-50221 CVE-2024-50224 CVE-2024-50225 CVE-2024-50228
CVE-2024-50229 CVE-2024-50230 CVE-2024-50231 CVE-2024-50232 CVE-2024-50233
CVE-2024-50234 CVE-2024-50235 CVE-2024-50236 CVE-2024-50237 CVE-2024-50240
CVE-2024-50245 CVE-2024-50246 CVE-2024-50248 CVE-2024-50249 CVE-2024-50250
CVE-2024-50252 CVE-2024-50255 CVE-2024-50256 CVE-2024-50257 CVE-2024-50261
CVE-2024-50262 CVE-2024-50264 CVE-2024-50265 CVE-2024-50267 CVE-2024-50268
CVE-2024-50269 CVE-2024-50271 CVE-2024-50272 CVE-2024-50273 CVE-2024-50274
CVE-2024-50275 CVE-2024-50276 CVE-2024-50278 CVE-2024-50279 CVE-2024-50279
CVE-2024-50280 CVE-2024-50282 CVE-2024-50287 CVE-2024-50289 CVE-2024-50290
CVE-2024-50292 CVE-2024-50295 CVE-2024-50296 CVE-2024-50298 CVE-2024-50301
CVE-2024-50302 CVE-2024-53042 CVE-2024-53043 CVE-2024-53045 CVE-2024-53048
CVE-2024-53050 CVE-2024-53051 CVE-2024-53052 CVE-2024-53055 CVE-2024-53056
CVE-2024-53058 CVE-2024-53059 CVE-2024-53060 CVE-2024-53061 CVE-2024-53063
CVE-2024-53064 CVE-2024-53066 CVE-2024-53068 CVE-2024-53072 CVE-2024-53074
CVE-2024-53076 CVE-2024-53079 CVE-2024-53081 CVE-2024-53082 CVE-2024-53085
CVE-2024-53088 CVE-2024-53090 CVE-2024-53093 CVE-2024-53094 CVE-2024-53095
CVE-2024-53095 CVE-2024-53096 CVE-2024-53099 CVE-2024-53100 CVE-2024-53101
CVE-2024-53103 CVE-2024-53104 CVE-2024-53105 CVE-2024-53106 CVE-2024-53108
CVE-2024-53110 CVE-2024-53111 CVE-2024-53112 CVE-2024-53113 CVE-2024-53114
CVE-2024-53117 CVE-2024-53118 CVE-2024-53119 CVE-2024-53120 CVE-2024-53121
CVE-2024-53122 CVE-2024-53125 CVE-2024-53126 CVE-2024-53127 CVE-2024-53129
CVE-2024-53130 CVE-2024-53131 CVE-2024-53133 CVE-2024-53134 CVE-2024-53136
CVE-2024-53138 CVE-2024-53141 CVE-2024-53142 CVE-2024-53144 CVE-2024-53146
CVE-2024-53148 CVE-2024-53150 CVE-2024-53151 CVE-2024-53154 CVE-2024-53155
CVE-2024-53156 CVE-2024-53157 CVE-2024-53158 CVE-2024-53159 CVE-2024-53160
CVE-2024-53161 CVE-2024-53162 CVE-2024-53166 CVE-2024-53169 CVE-2024-53171
CVE-2024-53173 CVE-2024-53174 CVE-2024-53179 CVE-2024-53180 CVE-2024-53188
CVE-2024-53190 CVE-2024-53191 CVE-2024-53200 CVE-2024-53201 CVE-2024-53202
CVE-2024-53206 CVE-2024-53207 CVE-2024-53208 CVE-2024-53209 CVE-2024-53210
CVE-2024-53213 CVE-2024-53214 CVE-2024-53215 CVE-2024-53216 CVE-2024-53217
CVE-2024-53222 CVE-2024-53224 CVE-2024-53229 CVE-2024-53234 CVE-2024-53237
CVE-2024-53240 CVE-2024-53241 CVE-2024-53241 CVE-2024-56326 CVE-2024-56536
CVE-2024-56539 CVE-2024-56549 CVE-2024-56551 CVE-2024-56562 CVE-2024-56566
CVE-2024-56567 CVE-2024-56576 CVE-2024-56582 CVE-2024-56599 CVE-2024-56604
CVE-2024-56605 CVE-2024-56645 CVE-2024-56667 CVE-2024-56752 CVE-2024-56754
CVE-2024-56755 CVE-2024-56756 CVE-2024-8805
-----------------------------------------------------------------
The container suse-sles-15-sp6-chost-byos-v20250122-x86_64-gen2 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2019:3205-1
Released: Mon Dec 9 13:48:28 2019
Summary: Recommended update for insserv-compat
Type: recommended
Severity: moderate
References: 1052837,1133306
This update for insserv-compat fixes the following issues:
- Fix handling of start parameters. (bsc#1133306)
- Remove unnecessary entry from configuration file. (bsc#1052837)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2021:2901-1
Released: Wed Sep 1 10:34:50 2021
Summary: Recommended update for insserv-compat
Type: recommended
Severity: moderate
References: 1187941
This update for insserv-compat fixes the following issues:
- Require sysvinit-tools. (bsc#1187941)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4318-1
Released: Fri Dec 13 16:33:37 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1012628,1065729,1082555,1194869,1215199,1217845,1218562,1218644,1219596,1219803,1220355,1220382,1221309,1222423,1222587,1222590,1223112,1223384,1223656,1223700,1223733,1223824,1223848,1224088,1224429,1224518,1224548,1224574,1224948,1225611,1225713,1225725,1225730,1225742,1225764,1225768,1225813,1225903,1226003,1226130,1226498,1226623,1226631,1226748,1226797,1226848,1226872,1227726,1227842,1228119,1228244,1228269,1228410,1228430,1228454,1228537,1228620,1228743,1228747,1228850,1228857,1229019,1229165,1229429,1229450,1229585,1229677,1229769,1229808,1229891,1230055,1230132,1230179,1230220,1230231,1230289,1230295,1230339,1230341,1230375,1230414,1230429,1230456,1230501,1230527,1230550,1230557,1230558,1230600,1230620,1230710,1230733,1230762,1230763,1230773,1230774,1230801,1230807,1230817,1230827,1230831,1230914,1230918,1230971,1231016,1231035,1231072,1231073,1231075,1231076,1231081,1231082,1231083,1231084,1231085,1231087,1231089,1231092,1231093,1231094,1231096,1231098,1231100,1
231101,1231102,1231105,1231108,1231111,1231114,1231115,1231116,1231117,1231131,1231132,1231135,1231136,1231138,1231148,1231169,1231170,1231171,1231178,1231179,1231182,1231183,1231187,1231191,1231193,1231195,1231197,1231200,1231202,1231203,1231276,1231293,1231384,1231434,1231435,1231436,1231439,1231440,1231441,1231442,1231452,1231453,1231465,1231474,1231481,1231496,1231502,1231537,1231539,1231540,1231541,1231617,1231630,1231634,1231635,1231636,1231637,1231638,1231639,1231640,1231673,1231828,1231849,1231855,1231856,1231857,1231858,1231859,1231860,1231861,1231864,1231865,1231868,1231869,1231871,1231872,1231901,1231902,1231903,1231904,1231906,1231907,1231908,1231914,1231916,1231920,1231924,1231926,1231930,1231931,1231935,1231942,1231944,1231946,1231947,1231950,1231951,1231952,1231953,1231954,1231955,1231956,1231957,1231965,1231967,1231968,1231987,1231988,1231989,1231990,1231998,1232000,1232003,1232009,1232013,1232015,1232016,1232017,1232018,1232033,1232034,1232036,1232043,1232047,123204
8,1232049,1232050,1232056,1232075,1232076,1232079,1232080,1232083,1232084,1232085,1232089,1232090,1232093,1232094,1232096,1232097,1232098,1232103,1232104,1232105,1232109,1232111,1232114,1232116,1232117,1232124,1232126,1232127,1232129,1232130,1232131,1232132,1232134,1232135,1232140,1232141,1232142,1232145,1232147,1232148,1232149,1232151,1232152,1232154,1232155,1232156,1232157,1232159,1232160,1232162,1232164,1232165,1232166,1232174,1232180,1232182,1232183,1232185,1232187,1232189,1232192,1232195,1232196,1232198,1232199,1232200,1232201,1232207,1232208,1232217,1232218,1232220,1232221,1232222,1232224,1232232,1232250,1232251,1232253,1232254,1232255,1232256,1232258,1232259,1232260,1232262,1232263,1232264,1232272,1232275,1232279,1232282,1232285,1232287,1232295,1232305,1232307,1232309,1232310,1232312,1232313,1232314,1232315,1232316,1232317,1232318,1232329,1232332,1232333,1232334,1232335,1232337,1232339,1232340,1232342,1232345,1232349,1232352,1232354,1232355,1232357,1232358,1232359,1232361,123
2362,1232366,1232367,1232368,1232369,1232370,1232371,1232374,1232378,1232381,1232383,1232385,1232386,1232387,1232392,1232394,1232395,1232396,1232413,1232416,1232417,1232418,1232424,1232427,1232432,1232435,1232436,1232442,1232446,1232483,1232494,1232498,1232499,1232500,1232501,1232502,1232503,1232504,1232505,1232506,1232507,1232511,1232519,1232520,1232529,1232552,1232623,1232626,1232627,1232628,1232629,1232704,1232757,1232768,1232819,1232823,1232860,1232869,1232870,1232873,1232876,1232877,1232878,1232880,1232881,1232884,1232885,1232887,1232888,1232890,1232892,1232894,1232896,1232897,1232905,1232907,1232914,1232919,1232925,1232926,1232928,1232935,1233029,1233032,1233035,1233036,1233041,1233044,1233049,1233050,1233051,1233056,1233057,1233061,1233062,1233063,1233065,1233067,1233070,1233073,1233074,1233088,1233091,1233092,1233097,1233100,1233103,1233104,1233105,1233106,1233107,1233108,1233110,1233111,1233113,1233114,1233115,1233117,1233119,1233123,1233125,1233127,1233129,1233130,1233132,
1233135,1233176,1233179,1233185,1233188,1233189,1233191,1233193,1233197,1233201,1233203,1233205,1233206,1233207,1233208,1233209,1233210,1233211,1233212,1233216,1233217,1233219,1233226,1233238,1233241,1233244,1233253,1233255,1233293,1233298,1233305,1233320,1233350,1233443,1233452,1233453,1233454,1233456,1233457,1233458,1233460,1233462,1233463,1233464,1233465,1233468,1233471,1233476,1233478,1233479,1233481,1233484,1233485,1233487,1233490,1233491,1233523,1233524,1233540,1233547,1233548,1233550,1233552,1233553,1233554,1233555,1233557,1233560,1233561,1233564,1233566,1233567,1233568,1233570,1233572,1233573,1233577,1233580,1233640,1233641,1233642,1233721,1233754,1233756,1233769,1233771,1233977,1234009,1234011,1234012,1234025,1234039,1234040,1234041,1234042,1234043,1234044,1234045,1234046,1234072,1234078,1234081,1234083,1234085,1234087,1234093,1234098,1234108,1234121,1234223,CVE-2023-52766,CVE-2023-52778,CVE-2023-52800,CVE-2023-52881,CVE-2023-52917,CVE-2023-52918,CVE-2023-52919,CVE-2023-529
20,CVE-2023-52921,CVE-2023-52922,CVE-2023-6270,CVE-2024-26596,CVE-2024-26703,CVE-2024-26741,CVE-2024-26758,CVE-2024-26761,CVE-2024-26767,CVE-2024-26782,CVE-2024-26864,CVE-2024-26943,CVE-2024-26953,CVE-2024-27017,CVE-2024-27026,CVE-2024-27043,CVE-2024-27407,CVE-2024-35888,CVE-2024-35980,CVE-2024-36000,CVE-2024-36031,CVE-2024-36244,CVE-2024-36484,CVE-2024-36883,CVE-2024-36886,CVE-2024-36905,CVE-2024-36920,CVE-2024-36927,CVE-2024-36954,CVE-2024-36968,CVE-2024-38576,CVE-2024-38577,CVE-2024-38589,CVE-2024-38599,CVE-2024-40914,CVE-2024-41016,CVE-2024-41023,CVE-2024-41031,CVE-2024-41047,CVE-2024-41082,CVE-2024-42102,CVE-2024-42145,CVE-2024-44932,CVE-2024-44958,CVE-2024-44964,CVE-2024-44995,CVE-2024-45016,CVE-2024-45025,CVE-2024-46678,CVE-2024-46680,CVE-2024-46681,CVE-2024-46721,CVE-2024-46754,CVE-2024-46765,CVE-2024-46766,CVE-2024-46770,CVE-2024-46775,CVE-2024-46777,CVE-2024-46788,CVE-2024-46797,CVE-2024-46800,CVE-2024-46802,CVE-2024-46803,CVE-2024-46804,CVE-2024-46805,CVE-2024-46806,CVE-2
024-46807,CVE-2024-46809,CVE-2024-46810,CVE-2024-46811,CVE-2024-46812,CVE-2024-46813,CVE-2024-46814,CVE-2024-46815,CVE-2024-46816,CVE-2024-46817,CVE-2024-46818,CVE-2024-46819,CVE-2024-46821,CVE-2024-46825,CVE-2024-46826,CVE-2024-46827,CVE-2024-46828,CVE-2024-46830,CVE-2024-46831,CVE-2024-46834,CVE-2024-46835,CVE-2024-46836,CVE-2024-46840,CVE-2024-46841,CVE-2024-46842,CVE-2024-46843,CVE-2024-46845,CVE-2024-46846,CVE-2024-46848,CVE-2024-46849,CVE-2024-46851,CVE-2024-46852,CVE-2024-46853,CVE-2024-46854,CVE-2024-46855,CVE-2024-46857,CVE-2024-46859,CVE-2024-46860,CVE-2024-46861,CVE-2024-46864,CVE-2024-46870,CVE-2024-46871,CVE-2024-47658,CVE-2024-47660,CVE-2024-47661,CVE-2024-47662,CVE-2024-47663,CVE-2024-47664,CVE-2024-47665,CVE-2024-47666,CVE-2024-47667,CVE-2024-47668,CVE-2024-47669,CVE-2024-47670,CVE-2024-47671,CVE-2024-47672,CVE-2024-47673,CVE-2024-47674,CVE-2024-47675,CVE-2024-47679,CVE-2024-47681,CVE-2024-47682,CVE-2024-47684,CVE-2024-47685,CVE-2024-47686,CVE-2024-47687,CVE-2024-476
88,CVE-2024-47692,CVE-2024-47693,CVE-2024-47695,CVE-2024-47696,CVE-2024-47697,CVE-2024-47698,CVE-2024-47699,CVE-2024-47701,CVE-2024-47702,CVE-2024-47703,CVE-2024-47704,CVE-2024-47705,CVE-2024-47706,CVE-2024-47707,CVE-2024-47709,CVE-2024-47710,CVE-2024-47712,CVE-2024-47713,CVE-2024-47714,CVE-2024-47715,CVE-2024-47718,CVE-2024-47719,CVE-2024-47720,CVE-2024-47723,CVE-2024-47727,CVE-2024-47728,CVE-2024-47730,CVE-2024-47731,CVE-2024-47732,CVE-2024-47735,CVE-2024-47737,CVE-2024-47738,CVE-2024-47739,CVE-2024-47741,CVE-2024-47742,CVE-2024-47743,CVE-2024-47744,CVE-2024-47745,CVE-2024-47747,CVE-2024-47748,CVE-2024-47749,CVE-2024-47750,CVE-2024-47751,CVE-2024-47752,CVE-2024-47753,CVE-2024-47754,CVE-2024-47756,CVE-2024-47757,CVE-2024-49850,CVE-2024-49851,CVE-2024-49852,CVE-2024-49853,CVE-2024-49855,CVE-2024-49858,CVE-2024-49860,CVE-2024-49861,CVE-2024-49862,CVE-2024-49863,CVE-2024-49864,CVE-2024-49866,CVE-2024-49867,CVE-2024-49868,CVE-2024-49870,CVE-2024-49871,CVE-2024-49874,CVE-2024-49875,CVE-
2024-49877,CVE-2024-49878,CVE-2024-49879,CVE-2024-49881,CVE-2024-49882,CVE-2024-49883,CVE-2024-49884,CVE-2024-49886,CVE-2024-49888,CVE-2024-49890,CVE-2024-49891,CVE-2024-49892,CVE-2024-49894,CVE-2024-49895,CVE-2024-49896,CVE-2024-49897,CVE-2024-49898,CVE-2024-49899,CVE-2024-49900,CVE-2024-49901,CVE-2024-49902,CVE-2024-49903,CVE-2024-49905,CVE-2024-49906,CVE-2024-49907,CVE-2024-49908,CVE-2024-49909,CVE-2024-49911,CVE-2024-49912,CVE-2024-49913,CVE-2024-49914,CVE-2024-49917,CVE-2024-49918,CVE-2024-49919,CVE-2024-49920,CVE-2024-49921,CVE-2024-49922,CVE-2024-49923,CVE-2024-49925,CVE-2024-49928,CVE-2024-49929,CVE-2024-49930,CVE-2024-49931,CVE-2024-49933,CVE-2024-49934,CVE-2024-49935,CVE-2024-49936,CVE-2024-49937,CVE-2024-49938,CVE-2024-49939,CVE-2024-49944,CVE-2024-49945,CVE-2024-49946,CVE-2024-49947,CVE-2024-49949,CVE-2024-49950,CVE-2024-49952,CVE-2024-49953,CVE-2024-49954,CVE-2024-49955,CVE-2024-49957,CVE-2024-49958,CVE-2024-49959,CVE-2024-49960,CVE-2024-49961,CVE-2024-49962,CVE-2024-49
963,CVE-2024-49965,CVE-2024-49966,CVE-2024-49967,CVE-2024-49968,CVE-2024-49969,CVE-2024-49972,CVE-2024-49973,CVE-2024-49974,CVE-2024-49975,CVE-2024-49976,CVE-2024-49981,CVE-2024-49982,CVE-2024-49983,CVE-2024-49985,CVE-2024-49986,CVE-2024-49987,CVE-2024-49989,CVE-2024-49991,CVE-2024-49993,CVE-2024-49995,CVE-2024-49996,CVE-2024-50000,CVE-2024-50001,CVE-2024-50002,CVE-2024-50003,CVE-2024-50004,CVE-2024-50006,CVE-2024-50007,CVE-2024-50008,CVE-2024-50009,CVE-2024-50012,CVE-2024-50013,CVE-2024-50014,CVE-2024-50015,CVE-2024-50017,CVE-2024-50019,CVE-2024-50020,CVE-2024-50021,CVE-2024-50022,CVE-2024-50023,CVE-2024-50024,CVE-2024-50025,CVE-2024-50026,CVE-2024-50027,CVE-2024-50028,CVE-2024-50031,CVE-2024-50033,CVE-2024-50035,CVE-2024-50040,CVE-2024-50041,CVE-2024-50042,CVE-2024-50044,CVE-2024-50045,CVE-2024-50046,CVE-2024-50047,CVE-2024-50048,CVE-2024-50049,CVE-2024-50055,CVE-2024-50058,CVE-2024-50059,CVE-2024-50060,CVE-2024-50061,CVE-2024-50062,CVE-2024-50063,CVE-2024-50064,CVE-2024-50067,CVE
-2024-50069,CVE-2024-50073,CVE-2024-50074,CVE-2024-50075,CVE-2024-50076,CVE-2024-50077,CVE-2024-50078,CVE-2024-50080,CVE-2024-50081,CVE-2024-50082,CVE-2024-50084,CVE-2024-50087,CVE-2024-50088,CVE-2024-50089,CVE-2024-50093,CVE-2024-50095,CVE-2024-50096,CVE-2024-50098,CVE-2024-50099,CVE-2024-50100,CVE-2024-50101,CVE-2024-50102,CVE-2024-50103,CVE-2024-50108,CVE-2024-50110,CVE-2024-50115,CVE-2024-50116,CVE-2024-50117,CVE-2024-50121,CVE-2024-50124,CVE-2024-50125,CVE-2024-50127,CVE-2024-50128,CVE-2024-50130,CVE-2024-50131,CVE-2024-50134,CVE-2024-50135,CVE-2024-50136,CVE-2024-50138,CVE-2024-50139,CVE-2024-50141,CVE-2024-50145,CVE-2024-50146,CVE-2024-50147,CVE-2024-50148,CVE-2024-50150,CVE-2024-50153,CVE-2024-50154,CVE-2024-50155,CVE-2024-50156,CVE-2024-50157,CVE-2024-50158,CVE-2024-50159,CVE-2024-50160,CVE-2024-50166,CVE-2024-50167,CVE-2024-50169,CVE-2024-50171,CVE-2024-50172,CVE-2024-50175,CVE-2024-50176,CVE-2024-50177,CVE-2024-50179,CVE-2024-50180,CVE-2024-50181,CVE-2024-50182,CVE-2024-5
0183,CVE-2024-50184,CVE-2024-50186,CVE-2024-50187,CVE-2024-50188,CVE-2024-50189,CVE-2024-50192,CVE-2024-50194,CVE-2024-50195,CVE-2024-50196,CVE-2024-50198,CVE-2024-50200,CVE-2024-50201,CVE-2024-50205,CVE-2024-50208,CVE-2024-50209,CVE-2024-50210,CVE-2024-50215,CVE-2024-50216,CVE-2024-50218,CVE-2024-50221,CVE-2024-50224,CVE-2024-50225,CVE-2024-50229,CVE-2024-50230,CVE-2024-50231,CVE-2024-50232,CVE-2024-50233,CVE-2024-50234,CVE-2024-50235,CVE-2024-50236,CVE-2024-50237,CVE-2024-50240,CVE-2024-50245,CVE-2024-50246,CVE-2024-50248,CVE-2024-50249,CVE-2024-50250,CVE-2024-50252,CVE-2024-50255,CVE-2024-50257,CVE-2024-50261,CVE-2024-50264,CVE-2024-50265,CVE-2024-50267,CVE-2024-50268,CVE-2024-50269,CVE-2024-50271,CVE-2024-50273,CVE-2024-50274,CVE-2024-50275,CVE-2024-50276,CVE-2024-50279,CVE-2024-50282,CVE-2024-50287,CVE-2024-50289,CVE-2024-50290,CVE-2024-50292,CVE-2024-50295,CVE-2024-50296,CVE-2024-50298,CVE-2024-50301,CVE-2024-50302,CVE-2024-53042,CVE-2024-53043,CVE-2024-53045,CVE-2024-53048,CV
E-2024-53051,CVE-2024-53052,CVE-2024-53055,CVE-2024-53056,CVE-2024-53058,CVE-2024-53059,CVE-2024-53060,CVE-2024-53061,CVE-2024-53063,CVE-2024-53066,CVE-2024-53068,CVE-2024-53072,CVE-2024-53074,CVE-2024-53076,CVE-2024-53079,CVE-2024-53081,CVE-2024-53082,CVE-2024-53085,CVE-2024-53088,CVE-2024-53093,CVE-2024-53094,CVE-2024-53095,CVE-2024-53096,CVE-2024-53100,CVE-2024-53101,CVE-2024-53104,CVE-2024-53106,CVE-2024-53108,CVE-2024-53110,CVE-2024-53112,CVE-2024-53114,CVE-2024-53121,CVE-2024-53138
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2023-52778: mptcp: deal with large GSO size (bsc#1224948).
- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).
- CVE-2023-6270: aoe: fix the potential use-after-free problem in more places (bsc#1218562).
- CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events (bsc#1220355).
- CVE-2024-26741: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished() (bsc#1222587).
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
- CVE-2024-27017: netfilter: nft_set_pipapo: walk over current view on netlink dump (bsc#1223733).
- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
- CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).
- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).
- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
- CVE-2024-36927: ipv4: Fix uninit-value access in __ip_make_skb() (bsc#1225813).
- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
- CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130).
- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
- CVE-2024-40914: mm/huge_memory: do not unpoison huge_zero_folio (bsc#1227842).
- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
- CVE-2024-41031: mm/filemap: skip to create PMD-sized page cache if needed (bsc#1228454).
- CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620).
- CVE-2024-42102: Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (bsc#1233132).
- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).
- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).
- CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).
- CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing driver (bsc#1230557).
- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
- CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).
- CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807).
- CVE-2024-46766: ice: move netif_queue_set_napi to rtnl-protected sections (bsc#1230762).
- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).
- CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).
- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).
- CVE-2024-46828: sched: sch_cake: fix bulk flow accounting logic for host fairness (bsc#1231114).
- CVE-2024-46831: net: microchip: vcap: Fix use-after-free error in kunit test (bsc#1231117).
- CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096).
- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).
- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).
- CVE-2024-46843: scsi: ufs: core: Remove SCSI host only if added (bsc#1231100).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).
- CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).
- CVE-2024-46870: drm/amd/display: Disable DMCUB timeout for DCN35 (bsc#1231435).
- CVE-2024-47658: crypto: stm32/cryp - call finalize with bh disabled (bsc#1231436).
- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).
- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).
- CVE-2024-47687: vdpa/mlx5: Fix invalid mr resource destroy (bsc#1232003).
- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).
- CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920).
- CVE-2024-47703: bpf, lsm: add check for BPF LSM return value (bsc#1231946).
- CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944).
- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).
- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).
- CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116).
- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).
- CVE-2024-47731: drivers/perf: Fix ali_drw_pmu driver interrupt status clearing (bsc#1232117).
- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).
- CVE-2024-47741: btrfs: fix race setting file private on concurrent lseek using same fd (bsc#1231869).
- CVE-2024-47745: mm: call the security_mmap_file() LSM hook in remap_file_pages() (bsc#1232135).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47752: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning (bsc#1232130).
- CVE-2024-47753: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning (bsc#1231868).
- CVE-2024-47754: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning (bsc#1232131).
- CVE-2024-49852: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (bsc#1232819).
- CVE-2024-49864: rxrpc: Fix a race between socket set up and I/O thread creation (bsc#1232256).
- CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232262).
- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).
- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).
- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).
- CVE-2024-49888: bpf: Fix a sdiv overflow issue (bsc#1232208).
- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).
- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220).
- CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354).
- CVE-2024-49895: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (bsc#1232352).
- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).
- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).
- CVE-2024-49898: drm/amd/display: Check null-initialized variables (bsc#1232222).
- CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).
- CVE-2024-49907: drm/amd/display: Check null pointers before using dc->clk_mgr (bsc#1232334).
- CVE-2024-49908: drm/amd/display: Add null check for 'afb' in amdgpu_dm_update_cursor (bsc#1232335).
- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).
- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).
- CVE-2024-49912: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (bsc#1232367).
- CVE-2024-49913: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (bsc#1232307).
- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369).
- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965).
- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).
- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).
- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).
- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).
- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).
- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).
- CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).
- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
- CVE-2024-49953: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice (bsc#1232156).
- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).
- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).
- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).
- CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49972: drm/amd/display: Deallocate DML memory if allocation fails (bsc#1232315).
- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).
- CVE-2024-49986: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors (bsc#1232093).
- CVE-2024-49987: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) (bsc#1232258).
- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).
- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).
- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).
- CVE-2024-50003: drm/amd/display: Fix system hang while resume with TBT monitor (bsc#1232385).
- CVE-2024-50004: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 (bsc#1232396).
- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318).
- CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node (bsc#1232386).
- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
- CVE-2024-50015: ext4: dax: fix overflowing extents beyond inode size when partially writing (bsc#1232079).
- CVE-2024-50020: ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() (bsc#1231989).
- CVE-2024-50021: ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() (bsc#1231957).
- CVE-2024-50022: device-dax: correct pgoff align in dax_set_mapping() (bsc#1231956).
- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
- CVE-2024-50027: thermal: core: Free tzp copy along with the thermal zone (bsc#1231951).
- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).
- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).
- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).
- CVE-2024-50040: igb: Do not bring the device up after non-fatal error (bsc#1231908).
- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).
- CVE-2024-50042: ice: Fix increasing MSI-X on VF (bsc#1231906).
- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).
- CVE-2024-50046: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).
- CVE-2024-50060: io_uring: check if we need to reschedule during overflow flush (bsc#1232417).
- CVE-2024-50063: bpf: Prevent tail call between progs attached to different hooks (bsc#1232435).
- CVE-2024-50064: zram: free secondary algorithms names (bsc#1231901).
- CVE-2024-50080: ublk: do not allow user copy for unprivileged device (bsc#1232502).
- CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501).
- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).
- CVE-2024-50084: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() (bsc#1232494).
- CVE-2024-50087: btrfs: fix uninitialized pointer free on read_alloc_one_name() error (bsc#1232499).
- CVE-2024-50088: btrfs: fix uninitialized pointer free in add_inode_ref() (bsc#1232498).
- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).
- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232926).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-50130: netfilter: bpf: must hold reference on net namespace (bsc#1232894).
- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
- CVE-2024-50139: KVM: arm64: Fix shift-out-of-bounds bug (bsc#1233062).
- CVE-2024-50145: octeon_ep: add SKB allocation failures handling in __octep_oq_process_rx() (bsc#1233044).
- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).
- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).
- CVE-2024-50169: vsock: Update rx_bytes on read_skb() (bsc#1233320).
- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).
- CVE-2024-50177: drm/amd/display: fix a UBSAN warning in DML2.1 (bsc#1233115).
- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).
- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).
- CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110).
- CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106).
- CVE-2024-50195: posix-clock: Fix missing timespec64 check in pc_clock_settime() (bsc#1233103).
- CVE-2024-50225: btrfs: fix error propagation of split bios (bsc#1233193).
- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).
- CVE-2024-50245: fs/ntfs3: Fix possible deadlock in mi_read (bsc#1233203).
- CVE-2024-50246: fs/ntfs3: Add rough attr alloc_size check (bsc#1233207).
- CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks (bsc#1233226).
- CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (bsc#1233201).
- CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233244).
- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50275: arm64/sve: Discard stale CPU state when handling SVE traps (bsc#1233464).
- CVE-2024-50276: net: vertexcom: mse102x: Fix possible double free of TX skb (bsc#1233465).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).
- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).
- CVE-2024-53042: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (bsc#1233540).
- CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523).
- CVE-2024-53048: ice: fix crash on probe for DPLL enabled E810 LOM (bsc#1233721).
- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).
- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).
- CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233573).
- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
- CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active (bsc#1234078).
- CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting (bsc#1234223).
The following non-security bugs were fixed:
- 9p: explicitly deny setlease attempts (git-fixes).
- ACPI: CPPC: Add support for setting EPP register in FFH (stable-fixes).
- ACPI: CPPC: Fix _CPC register setting issue (git-fixes).
- ACPI: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).
- ACPI: EC: Do not release locks during operation region accesses (stable-fixes).
- ACPI: PAD: fix crash in exit_round_robin() (stable-fixes).
- ACPI: PRM: Clean up guid type in struct prm_handler_info (git-fixes).
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes).
- ACPI: battery: Fix possible crash when unregistering a battery hook (git-fixes).
- ACPI: battery: Simplify battery hook locking (stable-fixes).
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes).
- ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes).
- ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes).
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes).
- ACPICA: iasl: handle empty connection_node (stable-fixes).
- ALSA/hda: intel-sdw-acpi: cleanup sdw_intel_scan_controller (stable-fixes).
- ALSA/hda: intel-sdw-acpi: fetch fwnode once in sdw_intel_scan_controller() (stable-fixes).
- ALSA/hda: intel-sdw-acpi: simplify sdw-master-count property read (stable-fixes).
- ALSA: 6fire: Release resources at card release (git-fixes).
- ALSA: Reorganize kerneldoc parameter names (stable-fixes).
- ALSA: ac97: bus: Fix the mistake in the comment (git-fixes).
- ALSA: asihpi: Fix potential OOB array access (stable-fixes).
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ALSA: core: add isascii() check to card ID generator (stable-fixes).
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes).
- ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes).
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes).
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes).
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes).
- ALSA: hda/conexant: fix Z60MR100 startup pop issue (stable-fixes).
- ALSA: hda/conexant: fix some typos (stable-fixes).
- ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes).
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (bsc#1219803).
- ALSA: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes).
- ALSA: hda/realtek - update set GPIO3 to default for Thinkpad with ALC1318 (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes).
- ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes).
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes).
- ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (stable-fixes).
- ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG) (stable-fixes).
- ALSA: hda/realtek: Apply quirk for Medion E15433 (bsc#1233298).
- ALSA: hda/realtek: Enable mic on Vaio VJFH52 (stable-fixes).
- ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8 (stable-fixes).
- ALSA: hda/realtek: Enable speaker pins for Medion E15443 platform (bsc#1233298).
- ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (bsc#1233298).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes).
- ALSA: hda/realtek: Fix the push button function for the ALC257 (git-fixes).
- ALSA: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes).
- ALSA: hda/realtek: Refactor and simplify Samsung Galaxy Book init (stable-fixes).
- ALSA: hda/realtek: Set PCBeep to default value for ALC274 (stable-fixes).
- ALSA: hda/realtek: Update ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Update ALC256 depop procedure (git-fixes).
- ALSA: hda/realtek: Update default depop procedure (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes).
- ALSA: hda/realtek: tas2781: Fix ROG ALLY X audio (stable-fixes).
- ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop (stable-fixes).
- ALSA: hda/tas2781: Add new quirk for Lenovo, ASUS, Dell projects (stable-fixes).
- ALSA: hda/tas2781: select CRC32 instead of CRC32_SARWATE (git-fixes).
- ALSA: hda: Poll jack events for LS7A HD-Audio (stable-fixes).
- ALSA: hda: Show the codec quirk info at probing (stable-fixes).
- ALSA: hda: Sound support for HP Spectre x360 16 inch model 2024 (stable-fixes).
- ALSA: hda: tas2781: Fix missing setup at runtime PM (bsc#1230132).
- ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes).
- ALSA: ice1712: Remove redundant code in stac9460_dac_vol_put (stable-fixes).
- ALSA: line6: add hw monitor volume control to POD HD500X (stable-fixes).
- ALSA: line6: update contact information (stable-fixes).
- ALSA: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes).
- ALSA: pcm: Add sanity NULL check for the default mmap fault handler (stable-fixes).
- ALSA: silence integer wrapping warning (stable-fixes).
- ALSA: ump: Fix evaluation of MIDI 1.0 FB info (git-fixes).
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ALSA: usb-audio: Add Pioneer DJ/AlphaTheta DJM-A9 Mixer (stable-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes).
- ALSA: usb-audio: Add input value sanity checks for standard types (stable-fixes).
- ALSA: usb-audio: Add logitech Audio profile quirk (stable-fixes).
- ALSA: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes).
- ALSA: usb-audio: Add quirk for HP 320 FHD Webcam (bsc#1232768).
- ALSA: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).
- ALSA: usb-audio: Define macros for quirk table entries (stable-fixes).
- ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry (stable-fixes).
- ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes).
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (stable-fixes).
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (git-fixes).
- ALSA: usb-audio: Make mic volume workarounds globally applicable (stable-fixes).
- ALSA: usb-audio: Replace complex quirk lines with macros (stable-fixes).
- ALSA: usb-audio: Use snprintf instead of sprintf in build_mixer_unit_ctl (stable-fixes).
- ALSA: usb-audio: add mixer mapping for Corsair HS80 (stable-fixes).
- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ASoC: Intel: avs: da7219: Remove suspend_pre() and resume_post() (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec (stable-fixes).
- ASoC: Intel: sst: Fix used of uninitialized ctx to log an error (git-fixes).
- ASoC: Intel: sst: Support LPE0F28 ACPI HID (stable-fixes).
- ASoC: SOF: Add i2s bt dai configuration support for AMD platforms (bsc#1233305).
- ASoC: SOF: Add support for configuring PDM interface from topology (bsc#1233305).
- ASoC: SOF: Deprecate invalid enums in IPC3 (bsc#1233305).
- ASoC: SOF: IPC4: get pipeline priority from topology (bsc#1233305).
- ASoC: SOF: IPC4: synchronize fw_config_params with fw definitions (bsc#1233305).
- ASoC: SOF: Refactor sof_i2s_tokens reading to update acpbt dai (bsc#1233305).
- ASoC: SOF: Rename amd_bt sof_dai_type (bsc#1233305).
- ASoC: SOF: Wire up buffer flags (bsc#1233305).
- ASoC: SOF: add alignment for topology header file struct definition (bsc#1233305).
- ASoC: SOF: align topology header file with sof topology header (bsc#1233305).
- ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index (git-fixes).
- ASoC: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai() (git-fixes).
- ASoC: SOF: ipc4-control: Add support for ALSA enum control (bsc#1233305).
- ASoC: SOF: ipc4-control: Add support for ALSA switch control (bsc#1233305).
- ASoC: SOF: ipc4-mtrace: move debug slot related definitions to header.h (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add deep buffer size to debug prints (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add definition for generic switch/enum control (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add module ID print during module set up (bsc#1233305).
- ASoC: SOF: ipc4-topology: Helper to find an swidget by module/instance id (bsc#1233305).
- ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (bsc#1233305).
- ASoC: SOF: ipc4-topology: change chain_dma handling in dai_config (bsc#1233305).
- ASoC: SOF: ipc4-topology: export sof_ipc4_copier_is_single_format (bsc#1233305).
- ASoC: SOF: ipc4-topology: set config_length based on device_count (bsc#1233305).
- ASoC: SOF: ipc4: Add data struct for module notification message from firmware (bsc#1233305).
- ASoC: SOF: ipc4: Add new message type: SOF_IPC4_GLB_LOAD_LIBRARY_PREPARE (bsc#1233305).
- ASoC: SOF: sof-client-probes-ipc4: Set param_size extension bits (git-fixes).
- ASoC: SOF: topology: Parse DAI type token for dspless mode (bsc#1233305).
- ASoC: SOF: topology: dynamically allocate and store DAI widget->private (bsc#1233305).
- ASoC: amd: yc: Add quirk for ASUS Vivobook S15 M3502RA (stable-fixes).
- ASoC: amd: yc: Add quirk for HP Dragonfly pro one (stable-fixes).
- ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes).
- ASoC: amd: yc: Fix non-functional mic on ASUS E1404FA (stable-fixes).
- ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 (stable-fixes).
- ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 (stable-fixes).
- ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized (git-fixes).
- ASoC: audio-graph-card2: Purge absent supplies for device tree nodes (stable-fixes).
- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes).
- ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).
- ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() (stable-fixes).
- ASoC: codecs: wsa883x: Handle reading version failure (stable-fixes).
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes).
- ASoC: dapm: fix bounds checker error in dapm_widget_list_create (git-fixes).
- ASoC: fsl_micfil: Add sample rate constraint (stable-fixes).
- ASoC: fsl_micfil: fix regmap_write_bits usage (git-fixes).
- ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes).
- ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes).
- ASoC: max98388: Fix missing increment of variable slot_found (git-fixes).
- ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec (git-fixes).
- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes).
- ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c (git-fixes).
- ASoC: rt722-sdca: increase clk_stop_timeout to fix clock stop issue (stable-fixes).
- ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes).
- ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (stable-fixes).
- ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (stable-fixes).
- ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip (stable-fixes).
- ASoC: tas2781: Use of_property_read_reg() (stable-fixes).
- Bluetooth: Call iso_exit() on module unload (git-fixes).
- Bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes).
- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes).
- Bluetooth: Remove debugfs directory on module init failure (git-fixes).
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes).
- Bluetooth: btintel: Direct exception event to bluetooth stack (git-fixes).
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test (bsc#1230557)
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 (stable-fixes).
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes).
- Bluetooth: fix use-after-free in device_for_each_child() (git-fixes).
- Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes).
- Bluetooth: hci_core: Fix calling mgmt_device_connected (git-fixes).
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes).
- HID: Ignore battery for all ELAN I2C-HID devices (stable-fixes).
- HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes).
- HID: core: zero-initialize the report buffer (git-fixes).
- HID: i2c-hid: Remove I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV quirk (stable-fixes).
- HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes).
- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes).
- HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes).
- HID: multitouch: Add support for B2402FVA track point (stable-fixes).
- HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes).
- HID: multitouch: Add support for lenovo Y9000P Touchpad (stable-fixes).
- HID: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes).
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes).
- HID: wacom: fix when get product name maybe null pointer (git-fixes).
- Input: adp5589-keys - fix NULL pointer dereference (git-fixes).
- Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).
- Input: edt-ft5x06 - fix regmap leak when probe fails (git-fixes).
- Input: hideep - add missing dependency on REGMAP_I2C (git-fixes).
- Input: hycon-hy46xx - add missing dependency on REGMAP_I2C (git-fixes).
- Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (stable-fixes).
- Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (stable-fixes).
- Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (stable-fixes).
- Input: xpad - add GameSir T4 Kaleid Controller support (git-fixes).
- Input: xpad - add GameSir VID for Xbox One controllers (git-fixes).
- Input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller (git-fixes).
- Input: xpad - add support for MSI Claw A1M (git-fixes).
- Input: xpad - add support for Machenike G5 Pro Controller (git-fixes).
- Input: xpad - fix support for some third-party controllers (git-fixes).
- Input: xpad - sort xpad_device by vendor and product ID (git-fixes).
- Input: xpad - spelling fixes for 'Xbox' (git-fixes).
- KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes).
- KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells (bsc#1215199).
- KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests (bsc#1215199).
- KVM: PPC: Book3S HV: remove unused varible (bsc#1194869).
- KVM: SEV-ES: Fix svm_get_msr()/svm_set_msr() for KVM_SEV_ES_INIT guests (bsc#1232207).
- KVM: SEV-ES: Prevent MSR access post VMSA encryption (bsc#1232207).
- KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes).
- KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock (git-fixes).
- KVM: VMX: Also clear SGX EDECCSSA in KVM CPU caps when SGX is disabled (git-fixes).
- KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid (git-fixes).
- KVM: Write the per-page 'segment' when clearing (part of) a guest page (git-fixes).
- KVM: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232626).
- KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231276).
- KVM: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232623).
- KVM: x86/mmu: Skip emulation on page fault iff 1+ SPs were unprotected (git-fixes).
- KVM: x86/mmu: Trigger unprotect logic only on write-protection page faults (git-fixes).
- KVM: x86: Dedup fastpath MSR post-handling logic (git-fixes).
- KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits (git-fixes).
- KVM: x86: Exit to userspace if fastpath triggers one on instruction skip (git-fixes).
- KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() (git-fixes).
- KVM: x86: Re-enter guest if WRMSR(X2APIC_ICR) fastpath is successful (git-fixes).
- KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).
- NFS: Avoid unnecessary rescanning of the per-server delegation list (git-fixes).
- NFS: remove revoked delegation from server's delegation list (git-fixes).
- NFSD: Fix NFSv4's PUTPUBFH operation (git-fixes).
- NFSD: Mark filecache 'down' if init fails (git-fixes).
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- NFSv4: Fix clearing of layout segments in layoutreturn (git-fixes).
- PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes).
- PCI: Add T_PVPERL macro (git-fixes).
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes).
- PCI: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019).
- PCI: Fix reset_method_store() memory leak (git-fixes).
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes).
- PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes).
- PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes).
- PCI: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes).
- PCI: keystone: Set mode as Root Complex for 'ti,keystone-pcie' compatible (git-fixes).
- PCI: rockchip-ep: Fix address translation unit programming (git-fixes).
- RAS/AMD/ATL: Add amd_atl pr_fmt() prefix (jsc#PED-10559).
- RAS/AMD/ATL: Expand helpers for adding and removing base and hole (jsc#PED-10559).
- RAS/AMD/ATL: Implement DF 4.5 NP2 denormalization (jsc#PED-10559).
- RAS/AMD/ATL: Read DRAM hole base early (jsc#PED-10559).
- RAS/AMD/ATL: Validate address map when information is gathered (jsc#PED-10559).
- RDMA/bnxt_re: Add a check for memory allocation (git-fixes)
- RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop (git-fixes)
- RDMA/bnxt_re: Change the sequence of updating the CQ toggle value (git-fixes)
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)
- RDMA/bnxt_re: Fix incorrect dereference of srq in async event (git-fixes)
- RDMA/bnxt_re: Fix out of bound check (git-fixes)
- RDMA/bnxt_re: Fix the GID table length (git-fixes)
- RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)
- RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes)
- RDMA/bnxt_re: Return more meaningful error (git-fixes)
- RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes)
- RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes)
- RDMA/cxgb4: Dump vendor specific QP details (git-fixes)
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)
- RDMA/hns: Add mutex_destroy() (git-fixes)
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)
- RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)
- RDMA/hns: Fix cpu stuck caused by printings during reset (git-fixes)
- RDMA/hns: Fix different dgids mapping to the same dip_idx (git-fixes)
- RDMA/hns: Fix flush cqe error when racing with destroy qp (git-fixes)
- RDMA/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)
- RDMA/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)
- RDMA/hns: Use macro instead of magic number (git-fixes)
- RDMA/irdma: Fix misspelling of 'accept*' (git-fixes)
- RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes)
- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes).
- RDMA/mana_ib: use the correct page table index based on hardware page size (git-fixes).
- RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults (git-fixes)
- RDMA/mlx5: Move events notifier registration to be after device registration (git-fixes)
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)
- RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes).
- RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)
- RDMA/rxe: Fix the qp flush warnings in req (git-fixes)
- RDMA/rxe: Set queue pair cur_qp_state when being queried (git-fixes)
- RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES (git-fixes)
- RDMA/srpt: Make slab cache names unique (git-fixes)
- Revert 'ALSA: hda/conexant: Mute speakers at suspend / shutdown' (bsc#1228269).
- Revert 'ALSA: hda: Conditionally use snooping for AMD HDMI' (stable-fixes).
- Revert 'KEYS: encrypted: Add check for strsep' (git-fixes).
- Revert 'KVM: PPC: Book3S HV Nested: Stop forwarding all HFUs to L1' (bsc#1215199).
- Revert 'RDMA/core: Fix ENODEV error for iWARP test over vlan' (git-fixes)
- Revert 'cgroup: Fix memory leak caused by missing cgroup_bpf_offline' (bsc#1234108).
- Revert 'cpufreq: brcmstb-avs-cpufreq: Fix initial command check' (stable-fixes).
- Revert 'driver core: Fix uevent_show() vs driver detach race' (git-fixes).
- Revert 'ixgbe: Manual AN-37 for troublesome link partners for X550 SFI' (git-fixes).
- Revert 'mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K' (git-fixes).
- Revert 'ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path' (git-fixes).
- Revert 'usb: gadget: composite: fix OS descriptors w_value logic' (git-fixes).
- Revert 'wifi: iwlwifi: remove retry loops in start' (git-fixes).
- SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes).
- SUNRPC: Fixup gss_status tracepoint error output (git-fixes).
- SUNRPC: Remove BUG_ON call sites (git-fixes).
- SUNRPC: clnt.c: Remove misleading comment (git-fixes).
- USB: appledisplay: close race between probe and completion handler (git-fixes).
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes).
- USB: chaoskey: fail open after removal (git-fixes).
- USB: gadget: dummy-hcd: Fix 'task hung' problem (git-fixes).
- USB: misc: cypress_cy7c63: check for short transfer (git-fixes).
- USB: misc: yurex: fix race between read and write (git-fixes).
- USB: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes).
- USB: serial: io_edgeport: fix use after free in debug printk (git-fixes).
- USB: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes).
- USB: serial: option: add Quectel RG650V (stable-fixes).
- USB: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes).
- USB: serial: option: add support for Quectel EG916Q-GL (stable-fixes).
- USB: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes).
- accel/qaic: Fix the for loop used to walk SG table (git-fixes).
- accel: Use XArray instead of IDR for minors (jsc#PED-11580).
- acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (git-fixes).
- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).
- aes-gcm-p10: Use the correct bit to test for P10 (bsc#1232704).
- amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes).
- apparmor: fix 'Do simple duplicate message elimination' (git-fixes).
- apparmor: test: Fix memory leak for aa_unpack_strdup() (git-fixes).
- apparmor: use kvfree_sensitive to free data->data (git-fixes).
- arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (git-fixes)
- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes)
- arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay (git-fixes)
- arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay (git-fixes)
- arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs (git-fixes)
- arm64: dts: imx8qxp: Add VPU subsystem file (git-fixes)
- arm64: dts: imx93: add nvmem property for eqos (git-fixes)
- arm64: dts: imx93: add nvmem property for fec1 (git-fixes)
- arm64: dts: imx93: add ocotp node (git-fixes)
- arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus (git-fixes)
- arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes (git-fixes)
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes)
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes)
- arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo (git-fixes)
- arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes (git-fixes)
- arm64: dts: rockchip: Fix rt5651 compatible value on (git-fixes)
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 (git-fixes)
- arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node (git-fixes)
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma (git-fixes)
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes)
- arm64: dts: rockchip: Remove undocumented supports-emmc property (git-fixes)
- arm64: dts: rockchip: fix i2c2 pinctrl-names property on (git-fixes)
- arm64: dts: rockchip: remove num-slots property from (git-fixes)
- arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone (git-fixes)
- arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a (git-fixes).
- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)
- arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS (git-fixes).
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)
- arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes)
- arm64: tegra: Move AGX Orin nodes to correct location (git-fixes)
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)
- ata: libata: Set DID_TIME_OUT for commands that actually timed out (git-fixes).
- ata: libata: avoid superfluous disk spin down + spin up during hibernation (git-fixes).
- audit: do not WARN_ON_ONCE(!current->mm) in audit_exe_compare() (git-fixes).
- audit: do not take task_lock() in audit_exe_compare() code path (git-fixes).
- block: print symbolic error name instead of error code (bsc#1231872).
- block: sed-opal: add ioctl IOC_OPAL_SET_SID_PW (bsc#1229677).
- bnxt_en: Cap the size of HWRM_PORT_PHY_QCFG forwarded response (git-fixes).
- bnxt_en: Fix error recovery for 5760X (P7) chips (git-fixes).
- bnxt_en: Fix the PCI-AER routines (git-fixes).
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes).
- bnxt_en: refactor reset close code (git-fixes).
- bpf, arm64: Fix address emission with tag-based KASAN enabled (git-fixes)
- bpf, arm64: Remove garbage frame for struct_ops trampoline (git-fixes)
- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).
- bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes).
- bpf, sockmap: SK_DROP on attempted redirects of unsupported af_vsock (git-fixes).
- bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes).
- bpf, vsock: Drop static vsock_bpf_prot initialization (git-fixes).
- bpf, x64: Remove tail call detection (git-fixes).
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes).
- bpf: Fail verification for sign-extension of packet data/data_end/data_meta (git-fixes).
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes).
- bpf: Fix error message on kfunc arg type mismatch (git-fixes).
- bpf: Fix helper writes to read-only maps (git-fixes).
- bpf: Fix tailcall cases in test_bpf (git-fixes).
- bpf: Fix truncation bug in coerce_reg_to_size_sx() (git-fixes).
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes).
- bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes).
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes).
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes).
- btf, scripts: rust: drop is_rust_module.sh (bsc#1230414 bsc#1229450).
- btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io() (bsc#1233193)
- btrfs: send: fix invalid clone operation for file that got its size decreased (git-fixes).
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes).
- can: c_can: fix {rx,tx}_errors statistics (git-fixes).
- can: dev: can_set_termination(): allow sleeping GPIOs (git-fixes).
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: hi311x: hi3110_can_ist(): fix potential use-after-free (git-fixes).
- can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics (git-fixes).
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: j1939: j1939_session_new(): fix skb reference counting (git-fixes).
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation (git-fixes).
- can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6 (git-fixes).
- can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes (git-fixes).
- can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode (stable-fixes).
- can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes).
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes).
- ceph: fix cap ref leak via netfs init_request (bsc#1231384).
- cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108).
- clk: bcm: bcm53573: fix OF node leak in init (stable-fixes).
- clk: clk-apple-nco: Add NULL check in applnco_probe (git-fixes).
- clk: clk-axi-clkgen: make sure to enable the AXI bus clock (git-fixes).
- clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (stable-fixes).
- clk: imx: clk-scu: fix clk enable state save and restore (git-fixes).
- clk: imx: fracn-gppll: correct PLL initialization flow (git-fixes).
- clk: imx: fracn-gppll: fix pll power up (git-fixes).
- clk: imx: lpcg-scu: SW workaround for errata (e10858) (git-fixes).
- clk: qcom: clk-alpha-pll: drop lucid-evo pll enabled warning (git-fixes).
- clk: qcom: clk-alpha-pll: fix lucid 5lpe pll enabled check (git-fixes).
- clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (git-fixes).
- clk: renesas: rzg2l: Fix FOUTPOSTDIV clk (git-fixes).
- clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset (git-fixes).
- comedi: Flush partial mappings in error case (git-fixes).
- comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes).
- config: Disable LAM on x86 (bsc#1217845).
- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes).
- cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() (git-fixes).
- cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() (git-fixes).
- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() (git-fixes).
- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() (git-fixes).
- cpufreq: loongson2: Unregister platform_driver on failure (git-fixes).
- cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() (git-fixes).
- crypto: aes-gcm-p10 - Use the correct bit to test for P10 (bsc#1232704).
- crypto: api - Fix liveliness check in crypto_alg_tested (stable-fixes).
- crypto: bcm - add error check in the ahash_hmac_init function (git-fixes).
- crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes).
- crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes).
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes).
- crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes).
- crypto: hisilicon/qm - flush all work before driver removed (bsc#1232075)
- crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes).
- crypto: octeontx - Fix authenc setkey (stable-fixes).
- crypto: octeontx* - Select CRYPTO_AUTHENC (git-fixes).
- crypto: octeontx2 - Fix authenc setkey (stable-fixes).
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (git-fixes).
- crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMD and re-enable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Re-write AES/GCM stitched implementation (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Register modules as SIMD (bsc#1230501 ltc#208632).
- crypto: qat - remove check after debugfs_create_dir() (git-fixes).
- crypto: qat - remove faulty arbiter config reset (git-fixes).
- crypto: qat/qat_4xxx - fix off by one in uof_get_name() (git-fixes).
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes).
- cxgb4: Properly lock TX queue for the selftest (git-fixes).
- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).
- cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes).
- cxl: downgrade a warning message to debug level in cxl_probe_component_regs() (bsc#1229165).
- dcache: keep dentry_hashtable or d_hash_shift even when not used (git-fixes).
- debugfs: fix automount d_fsdata usage (git-fixes).
- devlink: Fix command annotation documentation (git-fixes).
- dma-fence: Fix reference leak on fence merge failure path (git-fixes).
- dma-fence: Use kernel's sort for merging fences (git-fixes).
- dmaengine: sh: rz-dmac: handle configs where one address is zero (git-fixes).
- dmaengine: ti: k3-udma: Set EOP for all TRs in cyclic BCDMA transfer (git-fixes).
- doc: rcu: update printed dynticks counter bits (git-fixes).
- driver core: bus: Fix double free in driver API bus_register() (stable-fixes).
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes).
- drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() (git-fixes).
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes).
- drm/amd/display: Add HDMI DSC native YCbCr422 support (stable-fixes).
- drm/amd/display: Add disable timeout option (bsc#1231435)
- drm/amd/display: Adjust VSDB parser for replay feature (stable-fixes).
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944)
- drm/amd/display: Check null pointer before dereferencing se (stable-fixes).
- drm/amd/display: Clean up dsc blocks in accelerated mode (stable-fixes).
- drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (stable-fixes).
- drm/amd/display: Fix brightness level not retained over reboot (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp (git-fixes).
- drm/amd/display: Remove a redundant check in authenticated_dp (stable-fixes).
- drm/amd/display: Revert 'Check HDCP returned status' (stable-fixes).
- drm/amd/display: Round calculated vtotal (stable-fixes).
- drm/amd/display: Skip to enable dsc if it has been off (stable-fixes).
- drm/amd/display: Validate backlight caps are sane (stable-fixes).
- drm/amd/pm: Vangogh: Fix kernel memory out of bounds write (git-fixes).
- drm/amd: Add some missing straps from NBIO 7.11.0 (git-fixes).
- drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes).
- drm/amd: Guard against bad data for ATIF ACPI method (git-fixes).
- drm/amdgpu/swsmu: Only force workload setup on init (git-fixes).
- drm/amdgpu/vcn: enable AV1 on both instances (stable-fixes).
- drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes).
- drm/amdgpu: Adjust debugfs register access permissions (stable-fixes).
- drm/amdgpu: Fix DPX valid mode check on GC 9.4.3 (git-fixes).
- drm/amdgpu: Fix JPEG v4.0.3 register write (git-fixes).
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes).
- drm/amdgpu: fix check in gmc_v9_0_get_vm_pte() (git-fixes).
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes).
- drm/amdkfd: Accounting pdd vram_usage for svm (stable-fixes).
- drm/amdkfd: Fix wrong usage of INIT_WORK() (git-fixes).
- drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: it6505: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: tc358767: Fix link properties discovery (git-fixes).
- drm/bridge: tc358768: Fix DSI command tx (git-fixes).
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes).
- drm/etnaviv: hold GPU lock across perfmon sampling (git-fixes).
- drm/i915/gem: fix bitwise and logical AND mixup (git-fixes).
- drm/i915/hdcp: fix connector refcounting (git-fixes).
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/mediatek: Fix child node refcount handling in early exit (git-fixes).
- drm/mediatek: Fix get efuse issue for MT8188 DPTX (git-fixes).
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes).
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes).
- drm/msm/dpu: check for overflow in _dpu_crtc_setup_lm_bounds() (git-fixes).
- drm/msm/dpu: do not always program merge_3d block (git-fixes).
- drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 (git-fixes).
- drm/msm/dpu: drop LM_3 / LM_4 on SDM845 (git-fixes).
- drm/msm/dpu: make sure phys resources are properly initialized (git-fixes).
- drm/msm/dpu: move CRTC resource assignment to dpu_encoder_virt_atomic_check (git-fixes).
- drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block (git-fixes).
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes).
- drm/msm/dsi: improve/fix dsc pclk calculation (git-fixes).
- drm/msm/gpu: Check the status of registration to PM QoS (git-fixes).
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes).
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes).
- drm/msm: Fix some typos in comment (git-fixes).
- drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() (git-fixes).
- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).
- drm/omap: Fix possible NULL dereference (git-fixes).
- drm/panfrost: Add missing OPP table refcnt decremental (git-fixes).
- drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes).
- drm/radeon: Fix encoder->possible_clones (git-fixes).
- drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes).
- drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes).
- drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job (git-fixes).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- drm/sti: avoid potential dereference of error pointers (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes).
- drm/v3d: Address race-condition in MMU flush (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them (git-fixes).
- drm/v3d: Stop the active perfmon before being destroyed (git-fixes).
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes).
- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush (git-fixes).
- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load (git-fixes).
- drm/vc4: Stop the active perfmon before being destroyed (git-fixes).
- drm/vc4: hdmi: Avoid hang with debug registers when suspended (git-fixes).
- drm/vc4: hvs: Correct logic on stopping an HVS channel (git-fixes).
- drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes).
- drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes).
- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes).
- drm/vkms: Drop unnecessary call to drm_crtc_cleanup() (git-fixes).
- drm/vmwgfx: Handle surface check failure correctly (git-fixes).
- drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes).
- drm: Expand max DRM device number to full MINORBITS (jsc#PED-11580).
- drm: Use XArray instead of IDR for minors (jsc#PED-11580).
- drm: use ATOMIC64_INIT() for atomic64_t (git-fixes).
- drm: xlnx: zynqmp_dpsub: fix hotplug detection (git-fixes).
- drm: zynqmp_kms: Unplug DRM device before removal (git-fixes).
- e1000e: Fix S0ix residency on corporate systems (git-fixes).
- e1000e: Remove Meteor Lake SMBUS workarounds (git-fixes).
- e1000e: change I219 (19) devices to ADP (git-fixes).
- e1000e: fix force smbus during suspend flow (git-fixes).
- e1000e: move force SMBUS near the end of enable_ulp function (git-fixes).
- efi/libstub: Free correct pointer on failure (git-fixes).
- efi/libstub: fix efi_parse_options() ignoring the default command line (git-fixes).
- efi/libstub: zboot.lds: Discard .discard sections (stable-fixes).
- efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465).
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes).
- eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes).
- ext4: do not track ranges in fast_commit if inode has inlined data (bsc#1231635).
- ext4: fix fast commit inode enqueueing during a full journal commit (bsc#1231636).
- ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() (bsc#1231637).
- ext4: fix possible tid_t sequence overflows (bsc#1231634).
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- ext4: fix unttached inode after power cut with orphan file feature enabled (bsc#1234009).
- ext4: mark fc as ineligible using an handle in ext4_xattr_set() (bsc#1231640).
- ext4: use handle to mark fc as ineligible in __track_dentry_update() (bsc#1231639).
- f2fs: get out of a repeat loop when getting a locked data page (bsc#1234011).
- fat: fix uninitialized variable (git-fixes).
- fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (stable-fixes).
- fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (git-fixes).
- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).
- fgraph: Change the name of cpuhp state to 'fgraph:online' (git-fixes).
- fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes).
- fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes).
- filemap: remove use of wait bookmarks (bsc#1224088).
- firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (git-fixes).
- firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() (git-fixes).
- firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (git-fixes).
- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (git-fixes).
- firmware: google: Unregister driver_info on failure (git-fixes).
- firmware_loader: Fix possible resource leak in fw_log_firmware_info() (git-fixes).
- fs/9p: drop inodes immediately on non-.L too (git-fixes).
- fs/9p: fix the cache always being enabled on files with qid flags (git-fixes).
- fs/ntfs3: Add more attributes checks in mi_enum_attr() (bsc#1233207)
- fs/ntfs3: Fixed overflow check in mi_enum_attr() (bsc#1233207)
- fs/ntfs3: Sequential field availability check in mi_enum_attr() (bsc#1233207)
- fs: Fix uninitialized value issue in from_kuid and from_kgid (git-fixes).
- genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes).
- goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes).
- gpio: aspeed: Add the flush write to ensure the write complete (git-fixes).
- gpio: aspeed: Use devm_clk api to manage clock source (git-fixes).
- gpio: davinci: fix lazy disable (git-fixes).
- gpio: exar: set value when external pull-up or pull-down is present (git-fixes).
- gpio: zevio: Add missed label initialisation (git-fixes).
- gve: Fix XDP TX completion handling when counters overflow (git-fixes).
- gve: Fix an edge case for TSO skb validity check (git-fixes).
- gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes).
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes).
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes).
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (adt7470) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (max16065) Fix alarm attributes (git-fixes).
- hwmon: (max16065) Remove use of i2c_match_id() (stable-fixes).
- hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (nct6775) add G15CF to ASUS WMI monitoring list (stable-fixes).
- hwmon: (nct6775-core) Fix overflows seen when writing limit attributes (git-fixes).
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes).
- hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature (git-fixes).
- i2c: core: Setup i2c_adapter runtime-pm before calling device_add() (git-fixes).
- i2c: core: fix lockdep warning for sparsely nested adapter chain (git-fixes).
- i2c: cpm: Remove linux,i2c-index conversion from be32 (git-fixes).
- i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set (git-fixes).
- i2c: exynos5: Calculate t_scl_l, t_scl_h according to i2c spec (git-fixes).
- i2c: i801: Add lis3lv02d for Dell Precision 3540 (git-fixes).
- i2c: i801: Add lis3lv02d for Dell XPS 15 7590 (git-fixes).
- i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes).
- i2c: i801: add helper i801_restore_regs (git-fixes).
- i2c: ismt: kill transaction in hardware on timeout (git-fixes).
- i2c: ocores: Move system PM hooks to the NOIRQ phase (git-fixes).
- i2c: ocores: Remove #ifdef guards for PM related functions (git-fixes).
- i2c: omap: switch to NOIRQ_SYSTEM_SLEEP_PM_OPS() and RUNTIME_PM_OPS() (git-fixes).
- i2c: omap: wakeup the controller during suspend() callback (git-fixes).
- i2c: rcar: properly format a debug output (git-fixes).
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes).
- i2c: stm32f7: perform most of irq job in threaded handler (git-fixes).
- i2c: synquacer: Deal with optional PCLK correctly (git-fixes).
- i2c: synquacer: Remove a clk reference from struct synquacer_i2c (stable-fixes).
- i2c: xiic: Try re-initialization on bus busy timeout (git-fixes).
- i2c: xiic: improve error message when transfer fails to start (stable-fixes).
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes).
- i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (stable-fixes).
- i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- i40e: Fix XDP program unloading while removing the driver (git-fixes).
- i40e: Report MFS in decimal base instead of hex (git-fixes).
- i40e: fix race condition by adding filter's intermediate sync state (git-fixes).
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes).
- iavf: Fix TC config comparison with existing adapter TC config (git-fixes).
- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).
- ice: Fix checking for unsupported keys on non-tunnel device (git-fixes).
- ice: Fix lldp packets dropping after changing the number of channels (git-fixes).
- ice: Fix netif_is_ice() in Safe Mode (git-fixes).
- ice: Fix package download algorithm (git-fixes).
- ice: Fix recipe read procedure (git-fixes).
- ice: Fix reset handler (git-fixes).
- ice: Flush FDB entries before reset (git-fixes).
- ice: Interpret .set_channels() input differently (git-fixes).
- ice: Rebuild TC queues on VSI queue reconfiguration (git-fixes).
- ice: Reject pin requests with unsupported flags (git-fixes).
- ice: add flag to distinguish reset from .ndo_bpf in XDP rings config (git-fixes).
- ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (git-fixes).
- ice: avoid IRQ collision to fix init failure on ACPI S3 resume (git-fixes).
- ice: clear port vlan config during reset (git-fixes).
- ice: disallow DPLL_PIN_STATE_SELECTABLE for dpll output pins (git-fixes).
- ice: do not bring the VSI up, if it was down before the XDP setup (git-fixes).
- ice: do not busy wait for Rx queue disable in ice_qp_dis() (git-fixes).
- ice: fix 200G PHY types to link speed mapping (git-fixes).
- ice: fix 200G link speed message log (git-fixes).
- ice: fix ICE_LAST_OFFSET formula (git-fixes).
- ice: fix VLAN replay after reset (git-fixes).
- ice: fix VSI lists confusion when adding VLANs (git-fixes).
- ice: fix accounting for filters shared by multiple VSIs (git-fixes).
- ice: fix accounting if a VLAN already exists (git-fixes).
- ice: fix iteration of TLVs in Preserved Fields Area (git-fixes).
- ice: fix page reuse when PAGE_SIZE is over 8k (git-fixes).
- ice: fix reads from NVM Shadow RAM on E830 and E825-C devices (git-fixes).
- ice: fix truesize operations for PAGE_SIZE >= 8192 (git-fixes).
- ice: implement AQ download pkg retry (git-fixes).
- ice: map XDP queues to vectors in ice_vsi_map_rings_to_vectors() (git-fixes).
- ice: remove af_xdp_zc_qps bitmap (git-fixes).
- ice: replace synchronize_rcu with synchronize_net (git-fixes).
- ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes).
- ice: set correct dst VSI in only LAN filters (git-fixes).
- ice: tc: allow zero flags in parsing tc flower (git-fixes).
- ice: tc: check src_vsi in case of traffic from VF (git-fixes).
- ice: use proper macro for testing bit (git-fixes).
- idpf: Interpret .set_channels() input differently (git-fixes).
- idpf: avoid bloating &idpf_q_vector with big %NR_CPUS (git-fixes).
- idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes).
- idpf: do not skip over ethtool tcp-data-split setting (git-fixes).
- idpf: fix UAFs when destroying the queues (git-fixes).
- idpf: fix memleak in vport interrupt configuration (git-fixes).
- idpf: fix memory leaks and crashes while performing a soft reset (git-fixes).
- ieee802154: Fix build error (git-fixes).
- igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes).
- igb: Disable threaded IRQ for igb_msix_other (git-fixes).
- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).
- igc: Fix double reset adapter triggered from a single taprio cmd (git-fixes).
- igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (git-fixes).
- igc: Fix qbv tx latency by setting gtxoffset (git-fixes).
- igc: Fix qbv_config_change_errors logics (git-fixes).
- igc: Fix reset adapter logics when tx mode change (git-fixes).
- igc: Unlock on error in igc_io_resume() (git-fixes).
- iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() (git-fixes).
- iio: accel: bma400: Fix uninitialized variable field_value in tap event handling (git-fixes).
- iio: accel: kx022a: Fix raw read format (git-fixes).
- iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes).
- iio: adc: ad7606: Fix typo in the driver name (git-fixes).
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes).
- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes).
- iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig (git-fixes).
- iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig (git-fixes).
- iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() (git-fixes).
- iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() (git-fixes).
- iio: gts: Fix uninitialized symbol 'ret' (git-fixes).
- iio: gts: fix infinite loop for gain_to_scaletables() (git-fixes).
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes).
- iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes).
- iio: light: opt3001: add missing full-scale range value (git-fixes).
- iio: light: veml6030: fix ALS sensor resolution (git-fixes).
- iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes).
- iio: light: veml6030: fix microlux value calculation (git-fixes).
- iio: magnetometer: ak8975: Convert enum->pointer for data in the match tables (stable-fixes).
- iio: magnetometer: ak8975: Fix 'Unexpected device' error (git-fixes).
- iio: magnetometer: ak8975: drop incorrect AK09116 compatible (git-fixes).
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- ima: fix buffer overrun in ima_eventdigest_init_common (git-fixes).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- intel_idle: add Granite Rapids Xeon support (bsc#1231630).
- intel_idle: fix ACPI _CST matching for newer Xeon platforms (bsc#1231630).
- io_uring/eventfd: move to more idiomatic RCU free usage (git-fixes).
- io_uring/io-wq: do not allow pinning outside of cpuset (git-fixes).
- io_uring/io-wq: inherit cpuset of cgroup in io worker (git-fixes).
- io_uring/net: harden multishot termination case for recv (git-fixes).
- io_uring/rw: fix cflags posting for single issue multishot read (git-fixes).
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (git-fixes).
- io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN (git-fixes).
- io_uring/sqpoll: close race on waiting for sqring entries (git-fixes).
- io_uring/sqpoll: do not allow pinning outside of cpuset (git-fixes).
- io_uring/sqpoll: do not put cpumask on stack (git-fixes).
- io_uring/sqpoll: retain test for whether the CPU is valid (git-fixes).
- io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL (git-fixes).
- iommu/amd: Allocate the page table root using GFP_KERNEL (git-fixes).
- iommu/amd: Do not set the D bit on AMD v2 table entries (git-fixes).
- iommu/amd: Fix typo of , instead of ; (git-fixes).
- iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes).
- iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (git-fixes).
- iommufd: Check the domain owner of the parent before creating a nesting domain (git-fixes).
- iommufd: Protect against overflow of ALIGN() during iova allocation (git-fixes).
- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes).
- jbd2: Move j_transaction_overhead_buffers into a hole (bsc#1234042).
- jbd2: avoid infinite transaction commit loop (bsc#1234039).
- jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (bsc#1234043).
- jbd2: avoid mount failed when commit block is partial submitted (bsc#1234040).
- jbd2: correct the printing of write_flags in jbd2_write_superblock() (bsc#1234045).
- jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit (bsc#1231638).
- jbd2: fix kernel-doc for j_transaction_overhead_buffers (bsc#1234042).
- jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (bsc#1234044).
- jbd2: fix soft lockup in journal_finish_inode_data_buffers() (bsc#1234046).
- jbd2: make jbd2_journal_get_max_txn_bufs() internal (bsc#1234041).
- jbd2: precompute number of transaction descriptor blocks (bsc#1234042).
- jfs: Fix sanity check in dbMount (git-fixes).
- jfs: Fix uaf in dbFreeBits (git-fixes).
- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).
- jfs: check if leafidx greater than num leaves per dmap tree (git-fixes).
- jump_label: Fix static_key_slow_dec() yet again (git-fixes).
- kABI fix of VM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).
- kABI: Restore exported __arm_smccc_sve_check (git-fixes)
- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).
- kABI: bpf: struct bpf_insn_acces_aux kABI workaround (git-fixes).
- kabi, mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes kabi).
- kasan: Fix Software Tag-Based KASAN with GCC (git-fixes).
- kasan: move checks to do_strncpy_from_user (git-fixes).
- kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450).
- kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450).
- kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450).
- kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450).
- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450).
- kconfig: qconf: fix buffer overflow in debug links (git-fixes).
- kernel-binary: Enable livepatch package only when livepatch is enabled (bsc#1218644).
- kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y (git-fixes).
- keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (git-fixes).
- keys: Fix overwrite of key expiration on instantiation (git-fixes).
- kthread: unpark only parked kthread (git-fixes).
- leds: lp55xx: Remove redundant test for invalid channel number (git-fixes).
- lib/xarray: introduce a new helper xas_get_order (bsc#1231617).
- lib: string_helpers: silence snprintf() output truncation warning (git-fixes).
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes).
- macsec: do not increment counters for an unrelated SA (git-fixes).
- mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() (git-fixes).
- maple_tree: correct tree corruption on spanning store (git-fixes).
- maple_tree: fix alloc node fail issue (git-fixes).
- maple_tree: refine mas_store_root() on storing NULL (git-fixes).
- media: adv7604: prevent underflow condition when reporting colorspace (git-fixes).
- media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: amphion: Set video drvdata before register video device (git-fixes).
- media: ar0521: do not overflow when checking PLL values (git-fixes).
- media: atomisp: Add check for rgby_data memory allocation failure (git-fixes).
- media: bttv: use audio defaults for winfast2000 (git-fixes).
- media: core: v4l2-ioctl: check if ioctl is known to avoid NULL name (git-fixes).
- media: cx24116: prevent overflows on SNR calculus (git-fixes).
- media: dvb_frontend: do not play tricks with underflow values (git-fixes).
- media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (stable-fixes).
- media: dvbdev: prevent the risk of out of memory access (git-fixes).
- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (git-fixes).
- media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: i2c: imx335: Enable regulator supplies (stable-fixes).
- media: i2c: tc358743: Fix crash in the probe error path when using polling (git-fixes).
- media: imx-jpeg: Ensure power suppliers be suspended before detach them (git-fixes).
- media: imx-jpeg: Set video drvdata before register video device (git-fixes).
- media: imx335: Fix reset-gpio handling (git-fixes).
- media: mantis: remove orphan mantis_core.h (git-fixes).
- media: mtk-jpeg: Fix null-ptr-deref during unload module (git-fixes).
- media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning (git-fixes).
- media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (git-fixes).
- media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available (git-fixes).
- media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes).
- media: s5p-jpeg: prevent buffer overflows (git-fixes).
- media: stb0899_algo: initialize cfr before using it (git-fixes).
- media: ts2020: fix null-ptr-deref in ts2020_probe() (git-fixes).
- media: uvcvideo: Require entities to have a non-zero unique ID (git-fixes).
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (git-fixes).
- media: uvcvideo: Stop stream during unregister (git-fixes).
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes).
- media: v4l2-tpg: prevent the risk of a division by zero (git-fixes).
- media: vb2: Fix comment (git-fixes).
- media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes).
- media: videobuf2: fix typo: vb2_dbuf -> vb2_qbuf (git-fixes).
- media: wl128x: Fix atomicity violation in fmc_send_cmd() (git-fixes).
- mei: use kvmalloc for read buffer (git-fixes).
- mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes).
- mfd: rt5033: Fix missing regmap_del_irq_chip() (git-fixes).
- mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (git-fixes).
- minmax: avoid overly complex min()/max() macro arguments in xen (git-fixes).
- minmax: scsi: fix mis-use of 'clamp()' in sr.c (git-fixes).
- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).
- mlx5: avoid truncating error message (git-fixes).
- mlx5: stop warning for 64KB pages (git-fixes).
- mlxbf_gige: disable RX filters until RX path initialized (git-fixes).
- mm/filemap: optimize filemap folio adding (bsc#1231617).
- mm/filemap: return early if failed to allocate memory for split (bsc#1231617).
- mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012).
- mm: avoid unsafe VMA hook invocation when error arises on mmap hook (git-fixes).
- mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point (git-fixes).
- mm: mmap: no need to call khugepaged_enter_vma() for stack (jsc#PED-10978).
- mm: move dummy_vm_ops out of a header (git-fixes prerequisity).
- mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes).
- mm: refactor map_deny_write_exec() (git-fixes).
- mm: resolve faulty mmap_region() error path behaviour (git-fixes).
- mm: unconditionally close VMAs on error (git-fixes).
- mmc: core: Further prevent card detect during shutdown (git-fixes).
- mmc: mmc_spi: drop buggy snprintf() (git-fixes).
- mmc: sunxi-mmc: Fix A100 compatible description (git-fixes).
- modpost: fix acpi MODULE_DEVICE_TABLE built with mismatched endianness (git-fixes).
- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (git-fixes).
- modpost: remove incorrect code in do_eisa_entry() (git-fixes).
- module: abort module loading when sysfs setup suffer errors (git-fixes).
- mtd: rawnand: atmel: Fix possible memory leak (git-fixes).
- mtd: spi-nor: core: replace dummy buswidth from addr to data (git-fixes).
- nbd: fix race between timeout and normal completion (bsc#1230918).
- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes).
- net/mlx5: Added cond_resched() to crdump collection (git-fixes).
- net/mlx5: Check capability for fw_reset (git-fixes).
- net/mlx5: Check for invalid vector index on EQ creation (git-fixes).
- net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes).
- net/mlx5: Fix command bitmask initialization (git-fixes).
- net/mlx5: Fix error handling in irq_pool_request_irq (git-fixes).
- net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes).
- net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes).
- net/mlx5: Stop waiting for PCI if pci channel is offline (git-fixes).
- net/mlx5: Unregister notifier on eswitch init failure (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes).
- net/mlx5e: Add missing link mode to ptys2ext_ethtool_map (git-fixes).
- net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes).
- net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes).
- net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes).
- net/mlx5e: Do not call cleanup on profile rollback failure (git-fixes).
- net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes).
- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).
- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes).
- net/mlx5e: Require mlx5 tc classifier action support for IPsec prio capability (git-fixes).
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes).
- net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891).
- net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289).
- net: mdio-ipq4019: add missing error check (git-fixes).
- net: phy: Remove LED entry from LEDs list on unregister (git-fixes).
- net: phy: bcm84881: Fix some error handling paths (git-fixes).
- net: phy: dp83822: Fix reset pin definitions (git-fixes).
- net: phy: dp83869: fix memory corruption when enabling fiber (git-fixes).
- net: phy: ti: add PHY_RST_AFTER_CLK_EN flag (git-fixes).
- net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() (git-fixes).
- net: qede: use return from qede_parse_actions() (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flower (git-fixes).
- net: relax socket state check at accept time (git-fixes).
- net: stmmac: dwmac-tegra: Fix link bring-up sequence (git-fixes)
- net: sysfs: Fix /sys/class/net/<iface> path for statistics (git-fixes).
- net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes).
- net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (git-fixes).
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes).
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes).
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes).
- net: usb: usbnet: fix name regression (get-fixes).
- net: usb: usbnet: fix race in probe failure (git-fixes).
- net: wwan: fix global oob in wwan_rtnl_policy (git-fixes).
- net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() (git-fixes).
- net: xfrm: preserve kabi for xfrm_state (bsc#1233754).
- netdevsim: copy addresses for both in and out paths (git-fixes).
- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes).
- netfilter: nf_tables: missing iterator type in lookup walk (git-fixes).
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).
- nfs: avoid i_lock contention in nfs_clear_invalid_mapping (git-fixes).
- nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes).
- nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes).
- nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (git-fixes).
- nfsd: enable NFSv2 caused by upstream commit (bsc#1230914).
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).
- nfsd: fix refcount leak when file is unhashed after being found (git-fixes).
- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes).
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234121).
- nfsd: return -EINVAL when namelen is 0 (git-fixes).
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes).
- nilfs2: fix potential deadlock with newly created symlinks (git-fixes).
- nouveau/dmem: Fix privileged error in copy engine channel (git-fixes).
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes).
- nouveau/dp: handle retries for AUX CH transfers with GSP (git-fixes).
- nouveau/gsp: Avoid addressing beyond end of rpc->entries (stable-fixes).
- nouveau: fw: sync dma after setup is called (git-fixes).
- nouveau: handle EBUSY and EAGAIN for GSP aux errors (git-fixes).
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- ntfs3: Add bounds checking to mi_enum_attr() (bsc#1233207)
- nvme-fabrics: fix kernel crash while shutting down controller (git-fixes).
- nvme-loop: flush off pending I/O while shutting down loop controller (git-fixes).
- nvme-multipath: suppress partition scan until the disk is ready (bsc#1228244).
- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).
- nvme-pci: fix race condition between reset and nvme_dev_disable() (git-fixes).
- nvme-pci: qdepth 1 quirk (git-fixes).
- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).
- nvme-pci: set doorbell config before unquiescing (git-fixes).
- nvme/host: Fix RCU list traversal to use SRCU primitive (git-fixes).
- nvme: disable CC.CRIME (NVME_CC_CRIME) (jsc#PED-9901).
- nvme: null terminate nvme_tls_attrs (git-fixes).
- nvme: re-fix error-handling for io_uring nvme-passthrough (git-fixes).
- nvme: tcp: avoid race between queue_lock lock and destroy (git-fixes).
- nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes).
- ocfs2: fix UBSAN warning in ocfs2_verify_volume() (git-fixes).
- ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes).
- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes).
- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes).
- ocfs2: uncache inode which has failed entering the group (git-fixes).
- of: Add cleanup.h based auto release via __free(device_node) markings (bsc#1232386)
- parport: Proper fix for array out-of-bounds access (git-fixes).
- phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check (git-fixes).
- phy: qcom: qmp-combo: move driver data initialisation earlier (git-fixes).
- phy: qcom: qmp-usb: fix NULL-deref on runtime suspend (git-fixes).
- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).
- phy: ti: phy-j721e-wiz: fix usxgmii configuration (git-fixes).
- pinctrl: apple: check devm_kasprintf() returned value (git-fixes).
- pinctrl: k210: Undef K210_PC_DEFAULT (git-fixes).
- pinctrl: ocelot: fix system hang on level based interrupts (stable-fixes).
- pinctrl: qcom: spmi: fix debugfs drive strength (git-fixes).
- pinctrl: zynqmp: drop excess struct member description (git-fixes).
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes).
- platform/x86/amd/pmc: Detect when STB is not available (git-fixes).
- platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (git-fixes).
- platform/x86: dell-sysman: add support for alienware products (stable-fixes).
- platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes).
- platform/x86: lenovo-ymc: Ignore the 0x0 state (stable-fixes).
- platform/x86: panasonic-laptop: Return errno correctly in show callback (git-fixes).
- platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes).
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098).
- power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes).
- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).
- power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes).
- power: supply: rt9471: Fix wrong WDT function regfield declaration (git-fixes).
- power: supply: rt9471: Use IC status regfield to report real charger status (git-fixes).
- powercap: intel_rapl: Fix off by one in get_rpi() (git-fixes).
- powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869).
- powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0 (bsc#1215199).
- powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869).
- powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869).
- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).
- powerpc/code-patching: Add generic memory patching (bsc#1194869).
- powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869).
- powerpc/crypto: do not build aes-gcm-p10 by default (bsc#1230501 ltc#208632).
- powerpc/crypto: fix missing skcipher dependency for aes-gcm-p10 (bsc#1230501 ltc#208632).
- powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() (bsc#1215199).
- powerpc/fadump: Refactor and prepare fadump_cma_init for late init (bsc#1215199).
- powerpc/kexec: Fix return of uninitialized variable (bsc#1194869).
- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).
- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).
- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869).
- powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869).
- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869).
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869).
- powerpc/pseries: Use correct data types from pseries_hp_errorlog struct (bsc#1215199).
- powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869).
- powerpc/vdso: Inconditionally use CFUNC macro (bsc#1215199).
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869).
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- printk: Add notation to console_srcu locking (bsc#1232183).
- pwm: imx-tpm: Use correct MODULO value for EPWM mode (git-fixes).
- qed: avoid truncating work queue length (git-fixes).
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631).
- rcu: Fix buffer overflow in print_cpu_stall_info() (bsc#1226623).
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- regmap: irq: Set lockdep class for hierarchical IRQ domains (git-fixes).
- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK.
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation (bsc#1218644).
- rpmsg: glink: Handle rejected intent request better (git-fixes).
- rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes).
- rtc: abx80x: Fix WDT bit position of the status register (git-fixes).
- rtc: bbnsm: add remove hook (git-fixes).
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes).
- rtc: rzn1: fix BCD to rtc_time conversion errors (git-fixes).
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- runtime constants: add default dummy infrastructure (git-fixes).
- runtime constants: add x86 architecture support (git-fixes).
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747).
- s390/pci: Handle PCI error codes other than 0x3a (git-fixes bsc#1232629).
- s390/sclp: Deactivate sclp after all its users (git-fixes bsc#1232628).
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232627).
- scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes).
- scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers (git-fixes).
- scsi: Remove scsi device no_start_on_resume flag (git-fixes).
- scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes).
- scsi: cdrom: kABI: fix cdrom_dev_ops change (git-fixes).
- scsi: core: Disable CDL by default (git-fixes).
- scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING (git-fixes).
- scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes).
- scsi: core: Handle devices which return an unusually large VPD page count (git-fixes).
- scsi: core: alua: I/O errors for ALUA state transitions (git-fixes).
- scsi: fnic: Move flush_work initialization out of if block (bsc#1230055).
- scsi: hisi_sas: Handle the NCQ error returned by D2H frame (git-fixes).
- scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes).
- scsi: kABI: restore no_start_on_resume to scsi_device (git-fixes).
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes).
- scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes).
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757).
- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757).
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757).
- scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Remove trailing space after \n newline (bsc#1232757).
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (bsc#1232757 bsc#1228119).
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757).
- scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757).
- scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes).
- scsi: mac_scsi: Refactor polling loop (git-fixes).
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes).
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (git-fixes).
- scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings (git-fixes).
- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).
- scsi: mpi3mr: Validate SAS port assignments (git-fixes).
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: pm8001: Do not overwrite PCI queue mapping (git-fixes).
- scsi: pm80xx: Set phy->enable_completion only when we wait for it (git-fixes).
- scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes).
- scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes).
- scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress (git-fixes).
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes).
- scsi: smartpqi: correct stream detection (git-fixes).
- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes).
- scsi: spi: Fix sshdr use (git-fixes).
- scsi: sr: Fix unintentional arithmetic wraparound (git-fixes).
- scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes).
- security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes).
- selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes).
- selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes).
- selftests/bpf: Add test for sign extension in coerce_subreg_to_size_sx() (git-fixes).
- selftests/bpf: Add test for truncation after sign extension in coerce_reg_to_size_sx() (git-fixes).
- selftests/bpf: Add tests for ldsx of pkt data/data_end/data_meta accesses (git-fixes).
- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes).
- selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes).
- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes).
- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).
- serial: imx: Update mctrl old_status on RTSD interrupt (git-fixes).
- serial: protect uart_port_dtr_rts() in uart_shutdown() too (stable-fixes).
- signal: Replace BUG_ON()s (bsc#1234093).
- soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() (git-fixes).
- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (git-fixes).
- soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- soundwire: intel_bus_common: enable interrupts before exiting reset (stable-fixes).
- spi: Fix acpi deferred irq probe (git-fixes).
- spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes).
- spi: atmel-quadspi: Fix wrong register value written to MR (git-fixes).
- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).
- spi: mtk-snfi: fix kerneldoc for mtk_snand_is_page_ops() (git-fixes).
- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).
- spi: spi-fsl-dspi: Fix crash when not using GPIO chip select (git-fixes).
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- spi: tegra210-quad: Avoid shift-out-of-bounds (git-fixes).
- splice: always fsnotify_access(in), fsnotify_modify(out) on success (git-fixes).
- splice: fsnotify_access(fd)/fsnotify_modify(fd) in vmsplice (git-fixes).
- splice: fsnotify_access(in), fsnotify_modify(out) on success in tee (git-fixes).
- srcu: Fix callbacks acceleration mishandling (git-fixes).
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes).
- sumversion: Fix a memory leak in get_src_version() (git-fixes).
- supported.conf: mark nhpoly1305 module as supported (bsc#1231035).
- supported.conf: mark ultravisor userspace access as supported (bsc#1232090).
- task_work: add kerneldoc annotation for 'data' argument (git-fixes).
- tcp: Fix refcnt handling in __inet_hash_connect() (git-fixes).
- thermal: core: Initialize thermal zones before registering them (git-fixes).
- thermal: int3400: Fix reading of current_uuid for active policy (git-fixes).
- thermal: intel: int340x: processor: Fix warning during module unload (git-fixes).
- thunderbolt: Honor TMU requirements in the domain when setting TMU mode (stable-fixes).
- thunderbolt: Improve DisplayPort tunnel setup process to be more robust (stable-fixes).
- tools/lib/thermal: Fix sampling handler context ptr (git-fixes).
- tools/power turbostat: Fix trailing '\n' parsing (git-fixes).
- tools/power turbostat: Increase the limit for fd opened (bsc#1233119).
- tools: hv: rm .*.cmd when make clean (git-fixes).
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes).
- tpm: fix signed/unsigned bug when checking event logs (git-fixes).
- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).
- tracing/osnoise: Fix build when timerlat is not enabled (git-fixes).
- tracing/osnoise: Skip running osnoise if all instances are off (git-fixes).
- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (git-fixes).
- tracing/osnoise: Use a cpumask to know what threads are kthreads (git-fixes).
- tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() (git-fixes).
- tracing/timerlat: Add user-space interface (git-fixes).
- tracing/timerlat: Drop interface_lock in stop_kthread() (git-fixes).
- tracing/timerlat: Fix a race during cpuhp processing (git-fixes).
- tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (git-fixes).
- tracing/timerlat: Move hrtimer_init to timerlat_fd open() (git-fixes).
- tracing/timerlat: Only clear timer if a kthread exists (git-fixes).
- tracing: Consider the NULL character when validating the event length (git-fixes).
- tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler (git-fixes).
- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (stable-fixes).
- u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file (git-fixes).
- ubifs: Fix adding orphan entry twice for the same inode (git-fixes).
- ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes).
- ubifs: add check for crypto_shash_tfm_digest (git-fixes).
- ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes).
- ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460).
- unicode: Do not special case ignorable code points (stable-fixes).
- unicode: Fix utf8_load() error path (git-fixes).
- uprobe: avoid out-of-bounds memory access of fetching args (git-fixes).
- uprobes: encapsulate preparation of uprobe args buffer (git-fixes).
- uprobes: introduce the global struct vm_special_mapping xol_mapping (bsc#1231114).
- uprobes: turn xol_area->pages into xol_area->page (bsc#1231114).
- usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes).
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes).
- usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG (git-fixes).
- usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes).
- usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes).
- usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes).
- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).
- usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes).
- usb: gadget: core: force synchronous registration (git-fixes).
- usb: gadget: dummy_hcd: Set transfer interval to 1 microframe (stable-fixes).
- usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler (stable-fixes).
- usb: gadget: dummy_hcd: execute hrtimer callback in softirq context (git-fixes).
- usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usb: gadget: f_uac2: fix non-newline-terminated function name (stable-fixes).
- usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store (git-fixes).
- usb: musb: Fix hardware lockup on first Rx endpoint request (git-fixes).
- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes).
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes).
- usb: typec: altmode should keep reference to parent (git-fixes).
- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes).
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes).
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes).
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes).
- usb: xhci: Fix problem with xhci resume from suspend (stable-fixes).
- usb: xhci: fix loss of data on Cadence xHC (git-fixes).
- usb: yurex: make waiting on yurex_write interruptible (git-fixes).
- usbip: tools: Fix detach_port() invalid port error path (git-fixes).
- usbnet: fix cyclical race on disconnect with work queue (git-fixes).
- vdpa: Fix an error handling path in eni_vdpa_probe() (git-fixes).
- vdpa_sim_blk: Fix the potential leak of mgmt_dev (git-fixes).
- vdpa_sim_blk: allocate the buffer zeroed (git-fixes).
- vduse: avoid using __GFP_NOFAIL (git-fixes).
- vfs: dcache: move hashlen_hash() from callers into d_hash() (git-fixes).
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes).
- vhost_vdpa: assign irq bypass producer token correctly (git-fixes).
- virtio_console: fix misc probe bugs (git-fixes).
- vmalloc: modify the alloc_vmap_area() error message for better diagnostics (jsc#PED-10978).
- vmxnet3: Add XDP support (bsc#1226498).
- vmxnet3: Fix missing reserved tailroom (bsc#1226498).
- vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame (bsc#1226498).
- vmxnet3: add command to allow disabling of offloads (bsc#1226498).
- vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498).
- vmxnet3: prepare for version 9 changes (bsc#1226498).
- vmxnet3: update to version 9 (bsc#1226498).
- vsock: Update msg_count on read_skb() (git-fixes).
- vt: prevent kernel-infoleak in con_font_get() (git-fixes).
- watchdog: apple: Actually flush writes after requesting watchdog restart (git-fixes).
- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes).
- watchdog: rti: of: honor timeout-sec property (git-fixes).
- wifi: ath10k: Fix memory leak in management tx (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes).
- wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR (git-fixes).
- wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes).
- wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath12k: Skip Rx TID cleanup for self peer (git-fixes).
- wifi: ath12k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath12k: fix crash when unbinding (git-fixes).
- wifi: ath12k: fix warning when unbinding (git-fixes).
- wifi: ath12k: remove msdu_end structure for WCN7850 (git-fixes).
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes).
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes).
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes).
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes).
- wifi: brcmfmac: release 'root' node in all execution paths (git-fixes).
- wifi: cfg80211: Set correct chandef when starting CAC (stable-fixes).
- wifi: cfg80211: clear wdev->cqm_config pointer on free (git-fixes).
- wifi: cw1200: Fix potential NULL dereference (git-fixes).
- wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes).
- wifi: iwlegacy: Fix 'field-spanning write' warning in il_enqueue_hcmd() (git-fixes).
- wifi: iwlwifi: allow only CN mcc from WRDD (stable-fixes).
- wifi: iwlwifi: config: label 'gl' devices as discrete (git-fixes).
- wifi: iwlwifi: mvm: Fix a race in scan abort flow (stable-fixes).
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes).
- wifi: iwlwifi: mvm: avoid NULL pointer dereference (stable-fixes).
- wifi: iwlwifi: mvm: do not add default link in fw restart flow (git-fixes).
- wifi: iwlwifi: mvm: do not leak a link on AP removal (git-fixes).
- wifi: iwlwifi: mvm: drop wrong STA selection in TX (stable-fixes).
- wifi: iwlwifi: mvm: use correct key iteration (stable-fixes).
- wifi: iwlwifi: remove AX101, AX201 and AX203 support from LNL (stable-fixes).
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes).
- wifi: mac80211: fix RCU list iterations (stable-fixes).
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes).
- wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation (stable-fixes).
- wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable (stable-fixes).
- wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes).
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c (stable-fixes).
- wifi: rtw88: Fix USB/SDIO devices not transmitting beacons (git-fixes).
- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).
- wifi: rtw89: avoid reading out of bounds when loading TX power FW elements (stable-fixes).
- wifi: rtw89: avoid to add interface to list twice when SER (stable-fixes).
- wifi: rtw89: correct base HT rate mask for firmware (stable-fixes).
- wifi: wfx: Fix error handling in wfx_core_init() (git-fixes).
- x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1233443).
- x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load (git-fixes).
- x86/Documentation: Indent 'note::' directive for protocol version number note (git-fixes).
- x86/PCI: Check pcie_find_root_port() return for NULL (git-fixes).
- x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h (git-fixes).
- x86/apic: Always explicitly disarm TSC-deadline timer (git-fixes).
- x86/apic: Make x2apic_disable() work correctly (git-fixes).
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).
- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).
- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).
- x86/entry: Remove unwanted instrumentation in common_interrupt() (git-fixes).
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).
- x86/microcode/intel: Remove unnecessary cache writeback and invalidation (git-fixes).
- x86/mm: Use IPIs to synchronize LAM enablement (git-fixes).
- x86/resctrl: Annotate get_mem_config() functions as __init (git-fixes).
- x86/resctrl: Avoid overflow in MB settings in bw_validate() (git-fixes).
- x86/resctrl: Remove hard-coded memory bandwidth limit (git-fixes).
- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).
- x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (git-fixes).
- x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes).
- x86/tdx: Enable CPU topology enumeration (git-fixes).
- x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes).
- x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes).
- x86/traps: move kmsan check after instrumentation_begin (git-fixes).
- x86: Increase brk randomness entropy for 64-bit systems (git-fixes).
- x86: do the user address masking outside the user access area (git-fixes).
- x86: fix off-by-one in access_ok() (git-fixes).
- x86: fix user address masking non-canonical speculation issue (git-fixes).
- x86: make the masked_user_access_begin() macro use its argument only once (git-fixes).
- x86: support user address masking instead of non-speculative conditional (git-fixes).
- xfrm: Export symbol xfrm_dev_state_delete (bsc#1233754).
- xfrm: Fix unregister netdevice hang on hardware offload (bsc#1233754).
- xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 (git-fixes).
- xfs: check shortform attr entry flags specifically (git-fixes).
- xfs: convert delayed extents to unwritten when zeroing post eof blocks (git-fixes).
- xfs: fix finding a last resort AG in xfs_filestream_pick_ag (git-fixes).
- xfs: fix freeing speculative preallocations for preallocated files (git-fixes).
- xfs: make sure sb_fdblocks is non-negative (git-fixes).
- xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional (git-fixes).
- xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset (git-fixes).
- xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent (git-fixes).
- xfs: validate recovered name buffers when recovering xattr items (git-fixes).
- xhci: Add a quirk for writing ERST in high-low order (git-fixes).
- xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes).
- xhci: Fix incorrect stream context type macro (git-fixes).
- xhci: Mitigate failed set dequeue pointer commands (git-fixes).
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes).
- xhci: tegra: fix checked USB2 port number (git-fixes).
- zonefs: Improve error handling (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4330-1
Released: Mon Dec 16 14:17:15 2024
Summary: Security update for vim
Type: security
Severity: low
References: 1229238,1231373,CVE-2024-43374,CVE-2024-47814
This update for vim fixes the following issues:
- CVE-2024-47814: Fixed use-after-free when closing buffers in Vim (bsc#1231373)
- CVE-2024-43374: Fixed use-after-free in alist_add() (bsc#1229238)
Other fixes:
- Updated to version 9.1.0836
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4337-1
Released: Tue Dec 17 08:17:39 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1231048,1232844
This update for systemd fixes the following issues:
- udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4360-1
Released: Tue Dec 17 15:35:28 2024
Summary: Security update for docker
Type: security
Severity: important
References: 1217070,1228324,1228553,1229806,1230294,1230331,1230333,1231348,1232999,1233819,CVE-2023-45142,CVE-2023-47108,CVE-2024-41110
This update for docker fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
.
Some notable changelogs from the last update:
*
*
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Allow a parallel docker-stable RPM to exists in repositories.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)
- Mark docker-buildx as required since classic 'docker build' has been
deprecated since Docker 23.0. (bsc#1230331)
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
(bsc#1230333)
- Update to Docker 26.1.5-ce. See upstream changelog online at
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070 bsc#1229806
* CVE-2023-45142. bsc#1228553 bsc#1229806
- Update to Docker 26.1.4-ce. See upstream changelog online at
- Update to Docker 26.1.0-ce. See upstream changelog online at
- Update --add-runtime to point to correct binary path.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4363-1
Released: Tue Dec 17 16:12:41 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update v0.390
* Update pci and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2024:4377-1
Released: Thu Dec 19 07:10:53 2024
Summary: Feature update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: feature
Severity: low
References: 1232024
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Add amazon-dracut-config, google-dracut-config, microsoft-dracut-config to Public Cloud 15-SP[3-6] channels (bsc#1232024)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4384-1
Released: Thu Dec 19 09:05:33 2024
Summary: Recommended update for grub2
Type: recommended
Severity: moderate
References: 1231604,1232573
This update for grub2 fixes the following issues:
- xen-debug Subpackage Created: Debug files (with the .module suffix) previously included in the main xen package have
been moved to a separate xen-debug subpackage (bsc#1232573)
- minix Filesystem Misdetection Fixed: Addressed an issue where leftover data on disk could cause a misdetection and
errors (bsc#1231604)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4402-1
Released: Fri Dec 20 16:41:09 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4410-1
Released: Mon Dec 23 12:19:40 2024
Summary: Recommended update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: recommended
Severity: moderate
References: 1234708
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Fix support level to L3 (bsc#1234708)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:29-1
Released: Tue Jan 7 11:41:20 2025
Summary: Security update for python-Jinja2
Type: security
Severity: important
References: 1234809,CVE-2024-56326
This update for python-Jinja2 fixes the following issues:
- CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:73-1
Released: Mon Jan 13 07:10:00 2025
Summary: Recommended update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: recommended
Severity: moderate
References: 1232024
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Add amazon-dracut-config, google-dracut-config, microsoft-dracut-config to MicroOS 5.1, 5.2 and Micro 5.3, 5.4, 5.5 channels (bsc#1232024)
- Move dracut config files to usr/lib/ dir
- Add provides and conflicts on generic name dracut-instance-change-config
- Rename config for nvme for consistency
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:75-1
Released: Mon Jan 13 10:34:23 2025
Summary: Recommended update for kdump
Type: recommended
Severity: moderate
References: 1234845
This update for kdump fixes the following issue:
- Version update kdump-2.0.6+git19.ge6e33ae:
* allow negative KDUMP_KEEP_OLD_DUMPS (bsc#1234845).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:76-1
Released: Mon Jan 13 10:42:05 2025
Summary: Recommended update for containerd
Type: recommended
Severity: moderate
References:
This update for containerd fixes the following issues:
containerd was updated from version 1.7.21 to 1.7.23:
- Changes in version 1.7.23:
* Highlights:
+ Added error definition aliases
+ Allow proxy plugins to have capabilities
+ Revert a previous errdefs package migration
* Container Runtime Interface (CRI):
+ Added check for CNI plugins before tearing down pod network
* Image Distribution:
+ Fixed the race condition during GC of snapshots when client retries
* Full Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.23
- Changes in version 1.7.22:
* Highlights:
+ Build and Release Toolchain
+ Updated Go (go1.22.7 and go1.23.1)
* Container Runtime Interface (CRI):
+ Added a fix for decreasing cumulative stats
* Runtime:
+ Fixed bug where init exits were being dropped
+ Update runc binary to 1.1.14
* Full Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.22
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:79-1
Released: Mon Jan 13 12:50:24 2025
Summary: Recommended update for libnl3, ovpn-dco, openVPN
Type: recommended
Severity: moderate
References: 1082756,1189451
This update for libnl3, ovpn-dco, openVPN fixes the following issue:
- Update libnl to release 3.9
- Create Multibuild Environment to support openVPN Data Channel Offload (openvpn-dco package)(#PED-8305)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:142-1
Released: Thu Jan 16 14:20:08 2025
Summary: Security update for xen
Type: security
Severity: moderate
References: 1027519,1234282,CVE-2024-53241
This update for xen fixes the following issues:
- CVE-2024-53241: Xen hypercall page unsafe against speculative attacks (bsc#1234282).
Bug fixes:
- Update to Xen 4.18.4 security bug fix release (bsc#1027519)
* x86: Prefer ACPI reboot over UEFI ResetSystem() run time service call
* No other changes mentioned in upstream changelog, sources, or webpage
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:151-1
Released: Thu Jan 16 20:44:56 2025
Summary: Recommended update for libproxy
Type: recommended
Severity: moderate
References: 1234940,1235097
This update for libproxy fixes the following issues:
- Properly handle empty proxy ignore entry (bsc#1234940).
- Ignore invalid proxy URI to suppress GUri warnings (bsc#1235097).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:154-1
Released: Fri Jan 17 10:15:08 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1214954,1216813,1220773,1224095,1224726,1225743,1225758,1225820,1227445,1228526,1229809,1230205,1230413,1230697,1231854,1231909,1231963,1232193,1232198,1232201,1232418,1232419,1232420,1232421,1232436,1233038,1233070,1233096,1233200,1233204,1233239,1233259,1233260,1233324,1233328,1233461,1233467,1233468,1233469,1233546,1233558,1233637,1233642,1233772,1233837,1234024,1234069,1234071,1234073,1234075,1234076,1234077,1234079,1234086,1234139,1234140,1234141,1234142,1234143,1234144,1234145,1234146,1234147,1234148,1234149,1234150,1234153,1234155,1234156,1234158,1234159,1234160,1234161,1234162,1234163,1234164,1234165,1234166,1234167,1234168,1234169,1234170,1234171,1234172,1234173,1234174,1234175,1234176,1234177,1234178,1234179,1234180,1234181,1234182,1234183,1234184,1234185,1234186,1234187,1234188,1234189,1234190,1234191,1234192,1234193,1234194,1234195,1234196,1234197,1234198,1234199,1234200,1234201,1234203,1234204,1234205,1234207,1234208,1234209,1234219,1234220,1234221,1234237,1
234238,1234239,1234240,1234241,1234242,1234243,1234278,1234279,1234280,1234281,1234282,1234294,1234338,1234357,1234381,1234454,1234464,1234605,1234651,1234652,1234654,1234655,1234657,1234658,1234659,1234668,1234690,1234725,1234726,1234810,1234811,1234826,1234827,1234829,1234832,1234834,1234843,1234846,1234848,1234853,1234855,1234856,1234884,1234889,1234891,1234899,1234900,1234905,1234907,1234909,1234911,1234912,1234916,1234918,1234920,1234921,1234922,1234929,1234930,1234937,1234948,1234950,1234952,1234960,1234962,1234963,1234968,1234969,1234970,1234971,1234973,1234974,1234989,1234999,1235002,1235003,1235004,1235007,1235009,1235016,1235019,1235033,1235045,1235056,1235061,1235075,1235108,1235128,1235134,1235138,1235246,1235406,1235409,1235416,1235507,1235550,CVE-2024-26924,CVE-2024-27397,CVE-2024-35839,CVE-2024-36908,CVE-2024-36915,CVE-2024-39480,CVE-2024-41042,CVE-2024-44934,CVE-2024-44996,CVE-2024-47678,CVE-2024-49854,CVE-2024-49884,CVE-2024-49915,CVE-2024-50016,CVE-2024-50018,CVE-2
024-50039,CVE-2024-50047,CVE-2024-50143,CVE-2024-50154,CVE-2024-50202,CVE-2024-50203,CVE-2024-50211,CVE-2024-50228,CVE-2024-50256,CVE-2024-50262,CVE-2024-50272,CVE-2024-50278,CVE-2024-50279,CVE-2024-50280,CVE-2024-53050,CVE-2024-53064,CVE-2024-53090,CVE-2024-53095,CVE-2024-53099,CVE-2024-53103,CVE-2024-53105,CVE-2024-53111,CVE-2024-53113,CVE-2024-53117,CVE-2024-53118,CVE-2024-53119,CVE-2024-53120,CVE-2024-53122,CVE-2024-53125,CVE-2024-53126,CVE-2024-53127,CVE-2024-53129,CVE-2024-53130,CVE-2024-53131,CVE-2024-53133,CVE-2024-53134,CVE-2024-53136,CVE-2024-53141,CVE-2024-53142,CVE-2024-53144,CVE-2024-53146,CVE-2024-53148,CVE-2024-53150,CVE-2024-53151,CVE-2024-53154,CVE-2024-53155,CVE-2024-53156,CVE-2024-53157,CVE-2024-53158,CVE-2024-53159,CVE-2024-53160,CVE-2024-53161,CVE-2024-53162,CVE-2024-53166,CVE-2024-53169,CVE-2024-53171,CVE-2024-53173,CVE-2024-53174,CVE-2024-53179,CVE-2024-53180,CVE-2024-53188,CVE-2024-53190,CVE-2024-53191,CVE-2024-53200,CVE-2024-53201,CVE-2024-53202,CVE-2024-532
06,CVE-2024-53207,CVE-2024-53208,CVE-2024-53209,CVE-2024-53210,CVE-2024-53213,CVE-2024-53214,CVE-2024-53215,CVE-2024-53216,CVE-2024-53217,CVE-2024-53222,CVE-2024-53224,CVE-2024-53229,CVE-2024-53234,CVE-2024-53237,CVE-2024-53240,CVE-2024-53241,CVE-2024-56536,CVE-2024-56539,CVE-2024-56549,CVE-2024-56551,CVE-2024-56562,CVE-2024-56566,CVE-2024-56567,CVE-2024-56576,CVE-2024-56582,CVE-2024-56599,CVE-2024-56604,CVE-2024-56605,CVE-2024-56645,CVE-2024-56667,CVE-2024-56752,CVE-2024-56754,CVE-2024-56755,CVE-2024-56756,CVE-2024-8805
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: netfilter: nf_tables: use timestamp to check for set element timeout (bsc#1224095).
- CVE-2024-35839: kABI fix for netfilter: bridge: replace physindev with physinif in nf_bridge_info (bsc#1224726).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
- CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809).
- CVE-2024-44996: vsock: fix recursive ->recvmsg calls (bsc#1230205).
- CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854).
- CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419).
- CVE-2024-50039: kABI: Restore deleted EXPORT_SYMBOL(__qdisc_calculate_pkt_len) (bsc#1231909).
- CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324).
- CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200).
- CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239).
- CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469).
- CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-53050: drm/i915/hdcp: Add encoder check in hdcp2_get_capability (bsc#1233546).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-53090: afs: Fix lock recursion (bsc#1233637).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53099: bpf: Check validity of link->type in bpf_link_show_fdinfo() (bsc#1233772).
- CVE-2024-53105: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() (bsc#1234069).
- CVE-2024-53111: mm/mremap: fix address wraparound in move_page_tables() (bsc#1234086).
- CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077).
- CVE-2024-53117: virtio/vsock: Improve MSG_ZEROCOPY error handling (bsc#1234079).
- CVE-2024-53118: vsock: Fix sk_error_queue memory leak (bsc#1234071).
- CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073).
- CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219).
- CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220).
- CVE-2024-53133: drm/amd/display: Handle dml allocation failure to avoid crash (bsc#1234221)
- CVE-2024-53134: pmdomain: imx93-blk-ctrl: correct remove path (bsc#1234159).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-53160: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu (bsc#1234810).
- CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53216: nfsd: fix UAF when access ex_uuid or ex_stats (bsc#1235003).
- CVE-2024-53222: zram: fix NULL pointer in comp_algorithm_show() (bsc#1234974).
- CVE-2024-53234: erofs: handle NONHEAD !delta[1] lclusters gracefully (bsc#1235045).
- CVE-2024-53240: xen/netfront: fix crash when removing device (XSA-465 bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912).
- CVE-2024-56566: mm/slub: Avoid list corruption when removing a slab from the full list (bsc#1235033).
- CVE-2024-56582: btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235128).
- CVE-2024-56599: wifi: ath10k: avoid NULL pointer error during sdio remove (bsc#1235138).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920).
The following non-security bugs were fixed:
- 9p: v9fs_fid_find: also lookup by inode if not found dentry (git-fixes).
- ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294)
- ACPI: PRM: Add PRM handler direct call support (jsc#PED-10467).
- ACPI: resource: Fix memory resource type union access (git-fixes).
- ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840 (stable-fixes).
- ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[] (stable-fixes).
- ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID (stable-fixes).
- ACPICA: events/evxfregn: do not release the ContextMutex that was never acquired (git-fixes).
- ALSA hda/realtek: Add quirk for Framework F111:000C (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on Acer Nitro 5 (stable-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- ALSA: seq: Check UMP support for midi_version change (git-fixes).
- ALSA: seq: oss: Fix races at processing SysEx messages (stable-fixes).
- ALSA: seq: ump: Fix seq port updates per FB info notify (git-fixes).
- ALSA: seq: ump: Use automatic cleanup of kfree() (stable-fixes).
- ALSA: seq: ump: Use guard() for locking (stable-fixes).
- ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5 (stable-fixes).
- ALSA: usb-audio: Notify xrun for low-latency mode (git-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- ALSA: usb-audio: US16x08: Initialize array before use (git-fixes).
- ASoC: Intel: sof_sdw: add quirk for Dell SKU 0B8C (stable-fixes).
- ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP (stable-fixes).
- ASoC: SOF: Remove libraries from topology lookups (git-fixes).
- ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 (stable-fixes).
- ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6 21M1CTO1WW (stable-fixes).
- ASoC: amd: yc: Fix the wrong return value (git-fixes).
- ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes).
- ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes).
- ASoC: amd: yc: fix internal mic on Redmi G 2022 (stable-fixes).
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes).
- ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes).
- ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes).
- ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes).
- ASoC: hdmi-codec: reorder channel allocation list (stable-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes).
- ASoC: nau8822: Lower debug print priority (stable-fixes).
- Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() (stable-fixes).
- Bluetooth: ISO: Reassociate a socket with an active BIS (stable-fixes).
- Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (stable-fixes).
- Bluetooth: MGMT: Fix possible deadlocks (git-fixes).
- Bluetooth: SCO: Add support for 16 bits transparent voice setting (git-fixes).
- Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables (stable-fixes).
- Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (stable-fixes).
- Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating (git-fixes).
- Bluetooth: iso: Fix recursive locking warning (git-fixes).
- Documentation: PM: Clarify pm_runtime_resume_and_get() return value (git-fixes).
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes).
- HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support (stable-fixes).
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes).
- NFSD: Async COPY result needs to return a write verifier (git-fixes).
- NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() (git-fixes).
- NFSD: Fix nfsd4_shutdown_copy() (git-fixes).
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes).
- NFSD: Prevent a potential integer overflow (git-fixes).
- NFSD: Remove a never-true comparison (git-fixes).
- NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point (git-fixes).
- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes).
- Octeontx2-pf: Free send queue buffers incase of leaf to inner (git-fixes).
- PCI/AER: Disable AER service on suspend (stable-fixes).
- PCI/MSI: Handle lack of irqdomain gracefully (git-fixes).
- PCI: Add 'reset_subordinate' to reset hierarchy below bridge (stable-fixes).
- PCI: Add ACS quirk for Broadcom BCM5760X NIC (stable-fixes).
- PCI: Add ACS quirk for Wangxun FF5xxx NICs (stable-fixes).
- PCI: Add T_PERST_CLK_US macro (git-fixes).
- PCI: Detect and trust built-in Thunderbolt chips (stable-fixes).
- PCI: Fix use-after-free of slot->bus on hot remove (stable-fixes).
- PCI: Use preserve_config in place of pci_flags (stable-fixes).
- PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() (stable-fixes).
- PCI: cadence: Set cdns_pcie_host_init() global (stable-fixes).
- PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads (stable-fixes).
- PCI: j721e: Add PCIe 4x lane selection support (stable-fixes).
- PCI: j721e: Add per platform maximum lane settings (stable-fixes).
- PCI: j721e: Add reset GPIO to struct j721e_pcie (stable-fixes).
- PCI: j721e: Add suspend and resume support (git-fixes).
- PCI: j721e: Use T_PERST_CLK_US macro (git-fixes).
- PCI: qcom: Add support for IPQ9574 (stable-fixes).
- PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs (stable-fixes).
- PCI: vmd: Set devices to D0 before enabling PM L1 Substates (stable-fixes).
- RAS/AMD/ATL: Translate normalized to system physical addresses using PRM (jsc#PED-10467).
- RDMA/bnxt_re: Add check for path mtu in modify_qp (git-fixes)
- RDMA/bnxt_re: Avoid initializing the software queue for user queues (git-fixes)
- RDMA/bnxt_re: Avoid sending the modify QP workaround for latest adapters (git-fixes)
- RDMA/bnxt_re: Disable use of reserved wqes (git-fixes)
- RDMA/bnxt_re: Fix max_qp_wrs reported (git-fixes)
- RDMA/bnxt_re: Fix reporting hw_ver in query_device (git-fixes)
- RDMA/bnxt_re: Fix the check for 9060 condition (git-fixes)
- RDMA/bnxt_re: Fix the locking while accessing the QP table (git-fixes)
- RDMA/bnxt_re: Remove always true dattr validity check (git-fixes)
- RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes)
- RDMA/hns: Fix accessing invalid dip_ctx during destroying QP (git-fixes)
- RDMA/hns: Fix mapping error of zero-hop WQE buffer (git-fixes)
- RDMA/hns: Fix missing flush CQE for DWQE (git-fixes)
- RDMA/hns: Fix warning storm caused by invalid input in IO path (git-fixes)
- RDMA/mlx5: Enforce same type port association for multiport RoCE (git-fixes)
- RDMA/rtrs: Ensure 'ib_sge list' is accessible (git-fixes)
- RDMA/uverbs: Prevent integer overflow issue (git-fixes)
- Revert 'block/mq-deadline: use correct way to throttling write requests' (bsc#1234146).
- Revert 'btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128)'
- Revert 'igb: Disable threaded IRQ for igb_msix_other' (git-fixes).
- Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413)
- Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413)
- Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413)
- Revert 'unicode: Do not special case ignorable code points' (stable-fixes).
- SUNRPC: make sure cache entry active before cache_show (git-fixes).
- SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT (git-fixes).
- USB: serial: option: add MediaTek T7XX compositions (stable-fixes).
- USB: serial: option: add MeiG Smart SLM770A (stable-fixes).
- USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (stable-fixes).
- USB: serial: option: add TCL IK512 MBIM & ECM (stable-fixes).
- USB: serial: option: add Telit FE910C04 rmnet compositions (stable-fixes).
- accel/habanalabs/gaudi2: unsecure tpc count registers (stable-fixes).
- accel/habanalabs: export dma-buf only if size/offset multiples of PAGE_SIZE (stable-fixes).
- accel/habanalabs: fix debugfs files permissions (stable-fixes).
- accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings (stable-fixes).
- acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (git-fixes).
- af_unix: Call manage_oob() for every skb in unix_stream_read_generic() (bsc#1234725).
- afs: Automatically generate trace tag enums (git-fixes).
- afs: Fix missing subdir edit when renamed between parent dirs (git-fixes).
- amdgpu/uvd: get ring reference from rq scheduler (git-fixes).
- arch: Introduce arch_{,try_}_cmpxchg128{,_local}() (bsc#1220773).
- arch: Remove cmpxchg_double (bsc#1220773).
- arch: consolidate arch_irq_work_raise prototypes (git-fixes).
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605)
- arm64: Force position-independent veneers (git-fixes).
- arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes).
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes).
- batman-adv: Do not let TT changes list grows indefinitely (git-fixes).
- batman-adv: Do not send uninitialized TT changes (git-fixes).
- batman-adv: Remove uninitialized data in full table TT response (git-fixes).
- blk-cgroup: Fix UAF in blkcg_unpin_online() (bsc#1234726).
- blk-core: use pr_warn_ratelimited() in bio_check_ro() (bsc#1234139).
- blk-iocost: Fix an UBSAN shift-out-of-bounds warning (bsc#1234144).
- blk-iocost: do not WARN if iocg was already offlined (bsc#1234147).
- blk-throttle: fix lockdep warning of 'cgroup_mutex or RCU read lock required!' (bsc#1234140).
- block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() (bsc#1234149).
- block, bfq: do not break merge chain in bfq_split_bfqq() (bsc#1234150).
- block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234160).
- block, bfq: fix procress reference leakage for bfqq in merge chain (bsc#1234280).
- block, bfq: fix uaf for accessing waker_bfqq after splitting (bsc#1234279).
- block/mq-deadline: Fix the tag reservation code (bsc#1234148).
- block: Call .limit_depth() after .hctx has been set (bsc#1234148).
- block: Fix where bio IO priority gets set (bsc#1234145).
- block: prevent an integer overflow in bvec_try_merge_hw_page (bsc#1234142).
- block: update the stable_writes flag in bdev_add (bsc#1234141).
- bnxt_en: Fix receive ring space parameters when XDP is active (git-fixes).
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes).
- bnxt_en: Set backplane link modes correctly for ethtool (git-fixes).
- bpf, x86: Fix PROBE_MEM runtime load check (git-fixes).
- bpf: verifier: prevent userspace memory access (git-fixes).
- btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128)
- can: gs_usb: add VID/PID for Xylanta SAINT3 product family (stable-fixes).
- can: j1939: fix error in J1939 documentation (stable-fixes).
- checkpatch: always parse orig_commit in fixes tag (git-fixes).
- checkpatch: check for missing Fixes tags (stable-fixes).
- clocksource/drivers/timer-ti-dm: Fix child node refcount handling (git-fixes).
- clocksource/drivers:sp804: Make user selectable (git-fixes).
- counter: stm32-timer-cnt: Add check for clk_enable() (git-fixes).
- counter: ti-ecap-capture: Add check for clk_enable() (git-fixes).
- crypto: qat - disable IOV in adf_dev_stop() (git-fixes).
- crypto: x86/sha256 - Add parentheses around macros' single arguments (stable-fixes).
- cyrpto/b128ops: Remove struct u128 (bsc#1220773).
- devlink: Fix length of eswitch inline-mode (git-fixes).
- dma-buf: fix dma_fence_array_signaled v4 (stable-fixes).
- dma-debug: fix a possible deadlock on radix_lock (stable-fixes).
- dmaengine: apple-admac: Avoid accessing registers in probe (git-fixes).
- dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (git-fixes).
- dmaengine: dw: Select only supported masters for ACPI devices (git-fixes).
- dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357).
- dmaengine: mv_xor: fix child node refcount handling in early exit (git-fixes).
- dmaengine: tegra: Return correct DMA status when paused (git-fixes).
- driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link (stable-fixes).
- driver core: fw_devlink: Improve logs for cycle detection (stable-fixes).
- driver core: fw_devlink: Stop trying to optimize cycle detection logic (git-fixes).
- drivers: net: ionic: add missed debugfs cleanup to ionic_probe() error path (git-fixes).
- drm/amd/display: Add HDR workaround for specific eDP (stable-fixes).
- drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw (stable-fixes).
- drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes).
- drm/amd/display: Avoid overflow assignment in link_dp_cts (stable-fixes).
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes).
- drm/amd/display: Revert Avoid overflow assignment (stable-fixes).
- drm/amd/display: Use gpuvm_min_page_size_kbytes for DML2 surfaces (stable-fixes).
- drm/amd/pm: fix the high voltage issue after unload (stable-fixes).
- drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu v13.0.7 (stable-fixes).
- drm/amdgpu/gfx10: use rlc safe mode for soft recovery (stable-fixes).
- drm/amdgpu/gfx11: use rlc safe mode for soft recovery (stable-fixes).
- drm/amdgpu/gfx9: properly handle error ints on all pipes (stable-fixes).
- drm/amdgpu/gfx9: use rlc safe mode for soft recovery (stable-fixes).
- drm/amdgpu/hdp5.2: do a posting read when flushing HDP (stable-fixes).
- drm/amdgpu/pm: Remove gpu_od if it's an empty directory (stable-fixes).
- drm/amdgpu/umsch: do not execute umsch test when GPU is in reset/suspend (stable-fixes).
- drm/amdgpu/umsch: reinitialize write pointer in hw init (stable-fixes).
- drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3 (stable-fixes).
- drm/amdgpu: Block MMR_READ IOCTL in reset (stable-fixes).
- drm/amdgpu: Dereference the ATCS ACPI buffer (stable-fixes).
- drm/amdgpu: add raven1 gfxoff quirk (stable-fixes).
- drm/amdgpu: add smu 14.0.1 discovery support (stable-fixes).
- drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih (stable-fixes).
- drm/amdgpu: differentiate external rev id for gfx 11.5.0 (stable-fixes).
- drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes).
- drm/amdgpu: do not access invalid sched (git-fixes).
- drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes).
- drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes).
- drm/amdgpu: fix usage slab after free (stable-fixes).
- drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes).
- drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr (stable-fixes).
- drm/amdgpu: set the right AMDGPU sg segment limitation (stable-fixes).
- drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov (stable-fixes).
- drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes).
- drm/amdkfd: Use device based logging for errors (stable-fixes).
- drm/amdkfd: Use the correct wptr size (stable-fixes).
- drm/amdkfd: pause autosuspend when creating pdd (stable-fixes).
- drm/bridge: adv7511_audio: Update Audio InfoFrame properly (git-fixes).
- drm/bridge: it6505: Enable module autoloading (stable-fixes).
- drm/bridge: it6505: Fix inverted reset polarity (git-fixes).
- drm/bridge: it6505: update usleep_range for RC circuit charge time (stable-fixes).
- drm/display: Fix building with GCC 15 (stable-fixes).
- drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (stable-fixes).
- drm/dp_mst: Fix MST sideband message body length check (stable-fixes).
- drm/dp_mst: Fix resetting msg rx state after topology removal (git-fixes).
- drm/dp_mst: Verify request type in the corresponding down message reply (stable-fixes).
- drm/etnaviv: flush shader L1 cache after user commandstream (stable-fixes).
- drm/i915/dg1: Fix power gate sequence (git-fixes).
- drm/i915: Fix NULL pointer dereference in capture_engine (git-fixes).
- drm/i915: Fix memory leak by correcting cache object name in error handler (git-fixes).
- drm/mcde: Enable module autoloading (stable-fixes).
- drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() (stable-fixes).
- drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 (stable-fixes).
- drm/panel: novatek-nt35950: fix return value check in nt35950_probe() (git-fixes).
- drm/panel: simple: Add Microchip AC69T88A LVDS Display panel (stable-fixes).
- drm/printer: Allow NULL data in devcoredump printer (stable-fixes).
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes).
- drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() (stable-fixes).
- drm/radeon: Fix spurious unplug event on radeon HDMI (git-fixes).
- drm/radeon: add helper rdev_to_drm(rdev) (stable-fixes).
- drm/radeon: change rdev->ddev to rdev_to_drm(rdev) (stable-fixes).
- drm/sched: memset() 'job' in drm_sched_job_init() (stable-fixes).
- drm/vc4: hdmi: Avoid log spam for audio start failure (stable-fixes).
- drm/vc4: hvs: Set AXI panic modes for the HVS (stable-fixes).
- drm: adv7511: Drop dsi single lane support (git-fixes).
- drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (git-fixes).
- drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK (stable-fixes).
- drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes).
- erofs: avoid debugging output for (de)compressed data (git-fixes).
- exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes).
- ext4: add a new helper to check if es must be kept (bsc#1234170).
- ext4: add correct group descriptors and reserved GDT blocks to system zone (bsc#1234164).
- ext4: add missed brelse in update_backups (bsc#1234171).
- ext4: allow for the last group to be marked as trimmed (bsc#1234278).
- ext4: avoid buffer_head leak in ext4_mark_inode_used() (bsc#1234191).
- ext4: avoid excessive credit estimate in ext4_tmpfile() (bsc#1234180).
- ext4: avoid negative min_clusters in find_group_orlov() (bsc#1234193).
- ext4: avoid overlapping preallocations due to overflow (bsc#1234162).
- ext4: avoid potential buffer_head leak in __ext4_new_inode() (bsc#1234192).
- ext4: avoid writing unitialized memory to disk in EA inodes (bsc#1234187).
- ext4: check the extent status again before inserting delalloc block (bsc#1234186).
- ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard (bsc#1234190).
- ext4: convert to exclusive lock while inserting delalloc extents (bsc#1234178).
- ext4: correct best extent lstart adjustment logic (bsc#1234179).
- ext4: correct grp validation in ext4_mb_good_group (bsc#1234163).
- ext4: correct return value of ext4_convert_meta_bg (bsc#1234172).
- ext4: correct the hole length returned by ext4_map_blocks() (bsc#1234178).
- ext4: correct the start block of counting reserved clusters (bsc#1234169).
- ext4: do not let fstrim block system suspend (https://bugzilla.kernel.org/show_bug.cgi?id=216322 bsc#1234166).
- ext4: do not trim the group with corrupted block bitmap (bsc#1234177).
- ext4: factor out __es_alloc_extent() and __es_free_extent() (bsc#1234170).
- ext4: factor out a common helper to query extent map (bsc#1234186).
- ext4: fix inconsistent between segment fstrim and full fstrim (bsc#1234176).
- ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() (bsc#1234188).
- ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() (bsc#1234188).
- ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() (bsc#1234188).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix potential unnitialized variable (bsc#1234183).
- ext4: fix race between writepages and remount (bsc#1234168).
- ext4: fix rec_len verify error (bsc#1234167).
- ext4: fix slab-use-after-free in ext4_es_insert_extent() (bsc#1234170).
- ext4: fix uninitialized variable in ext4_inlinedir_to_tree (bsc#1234185).
- ext4: forbid commit inconsistent quota data when errors=remount-ro (bsc#1234178).
- ext4: make ext4_es_insert_delayed_block() return void (bsc#1234170).
- ext4: make ext4_es_insert_extent() return void (bsc#1234170).
- ext4: make ext4_es_remove_extent() return void (bsc#1234170).
- ext4: make ext4_zeroout_es() return void (bsc#1234170).
- ext4: make sure allocate pending entry not fail (bsc#1234170).
- ext4: mark buffer new if it is unwritten to avoid stale data exposure (bsc#1234175).
- ext4: move 'ix' sanity check to corrent position (bsc#1234174).
- ext4: move setting of trimmed bit into ext4_try_to_trim_range() (bsc#1234165).
- ext4: nested locking for xattr inode (bsc#1234189).
- ext4: propagate errors from ext4_find_extent() in ext4_insert_range() (bsc#1234194).
- ext4: refactor ext4_da_map_blocks() (bsc#1234178).
- ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (bsc#1234173).
- ext4: remove the redundant folio_wait_stable() (bsc#1234184).
- ext4: set the type of max_zeroout to unsigned int to avoid overflow (bsc#1234182).
- ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow (bsc#1234181).
- ext4: use pre-allocated es in __es_insert_extent() (bsc#1234170).
- ext4: use pre-allocated es in __es_remove_extent() (bsc#1234170).
- ext4: using nofail preallocation in ext4_es_insert_delayed_block() (bsc#1234170).
- ext4: using nofail preallocation in ext4_es_insert_extent() (bsc#1234170).
- ext4: using nofail preallocation in ext4_es_remove_extent() (bsc#1234170).
- filemap: Fix bounds checking in filemap_read() (bsc#1234209).
- filemap: add a per-mapping stable writes flag (bsc#1234141).
- firmware: arm_scmi: Reject clear channel request on A2P (stable-fixes).
- fs-writeback: do not requeue a clean inode having skipped pages (bsc#1234200).
- fs/writeback: bail out if there is no more inodes for IO and queued once (bsc#1234207).
- fsnotify: fix sending inotify event with unexpected filename (bsc#1234198).
- genirq/cpuhotplug: Retry with cpu_online_mask when migration fails (git-fixes).
- genirq/cpuhotplug: Skip suspended interrupts when restoring affinity (git-fixes).
- genirq/irqdesc: Honor caller provided affinity in alloc_desc() (git-fixes).
- gpio: grgpio: Add NULL check in grgpio_probe (git-fixes).
- gpio: grgpio: use a helper variable to store the address of ofdev->dev (stable-fixes).
- hfsplus: do not query the device logical block size multiple times (git-fixes).
- hvc/xen: fix console unplug (git-fixes).
- hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (git-fixes).
- hvc/xen: fix event channel handling for secondary consoles (git-fixes).
- hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list (stable-fixes).
- hwmon: (pmbus/core) clear faults after setting smbalert mask (git-fixes).
- hwmon: (pmbus_core) Allow to hook PMBUS_SMBALERT_MASK (stable-fixes).
- hwmon: (tmp513) Do not use 'proxy' headers (stable-fixes).
- hwmon: (tmp513) Fix Current Register value interpretation (git-fixes).
- hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit Registers (git-fixes).
- hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit Registers (git-fixes).
- hwmon: (tmp513) Simplify with dev_err_probe() (stable-fixes).
- hwmon: (tmp513) Use SI constants from units.h (stable-fixes).
- i2c: imx: add imx7d compatible string for applying erratum ERR007805 (git-fixes).
- i2c: microchip-core: actually use repeated sends (git-fixes).
- i2c: microchip-core: fix 'ghost' detections (git-fixes).
- i2c: pnx: Fix timeout in wait functions (git-fixes).
- i2c: riic: Always round-up when calculating bus period (git-fixes).
- i40e: Fix handling changed priv flags (git-fixes).
- i915/guc: Accumulate active runtime on gt reset (git-fixes).
- i915/guc: Ensure busyness counter increases motonically (git-fixes).
- i915/guc: Reset engine utilization buffer before registration (git-fixes).
- ice: Unbind the workqueue (bsc#1234989)
- ice: change q_index variable type to s16 to store -1 value (git-fixes).
- ice: consistently use q_idx in ice_vc_cfg_qs_msg() (git-fixes).
- ice: fix PHY Clock Recovery availability check (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- igb: Fix potential invalid memory access in igb_init_module() (git-fixes).
- iio: magnetometer: yas530: use signed integer type for clamp limits (git-fixes).
- instrumentation: Wire up cmpxchg128() (bsc#1220773).
- io_uring/rw: avoid punting to io-wq directly (git-fixes).
- io_uring/tctx: work around xa_store() allocation error issue (git-fixes).
- io_uring: Fix registered ring file refcount leak (git-fixes).
- io_uring: always lock __io_cqring_overflow_flush (git-fixes).
- io_uring: check if iowq is killed before queuing (git-fixes).
- iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables (git-fixes).
- irqflags: Explicitly ignore lockdep_hrtimer_exit() argument (git-fixes).
- isofs: handle CDs with bad root inode but good Joliet root directory (bsc#1234199).
- ixgbe: downgrade logging of unsupported VF API version to debug (git-fixes).
- ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5 (git-fixes).
- jffs2: Fix rtime decompressor (git-fixes).
- jffs2: Prevent rtime decompress memory corruption (git-fixes).
- jffs2: fix use of uninitialized variable (git-fixes).
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes).
- jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes).
- jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes).
- jfs: fix shift-out-of-bounds in dbSplit (git-fixes).
- jfs: xattr: check invalid xattr size more strictly (git-fixes).
- kABI workaround for struct drm_dp_mst_topology_mgr (git-fixes).
- kabi/severities: make vcap_find_actionfield PASS (bsc#1220773)
- kasan: make report_lock a raw spinlock (git-fixes).
- kdb: Fix buffer overflow during tab-complete (bsc#1234652).
- kdb: Fix console handling when editing and tab-completing commands (bsc#1234655).
- kdb: Merge identical case statements in kdb_read() (bsc#1234657).
- kdb: Use format-specifiers rather than memset() for padding in kdb_read() (bsc#1234658).
- kdb: Use format-strings rather than '\0' injection in kdb_read() (bsc#1234654).
- kdb: Use the passed prompt in kdb_position_cursor() (bsc#1234654).
- kdb: address -Wformat-security warnings (bsc#1234659).
- kgdb: Flush console before entering kgdb on panic (bsc#1234651).
- leds: class: Protect brightness_show() with led_cdev->led_access mutex (stable-fixes).
- linux/dmaengine.h: fix a few kernel-doc warnings (git-fixes).
- locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() (bsc#1220773 git-fix).
- loop: fix the the direct I/O support check when used on top of block devices (bsc#1234143).
- mac80211: fix user-power when emulating chanctx (stable-fixes).
- media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 (stable-fixes).
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (git-fixes).
- media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera (stable-fixes).
- media: uvcvideo: RealSense D421 Depth module metadata (stable-fixes).
- mfd: da9052-spi: Change read-mask to write-mask (git-fixes).
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices (git-fixes).
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (git-fixes).
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device (git-fixes).
- mm/filemap: avoid buffered read/write race to read inconsistent data (bsc#1234204).
- mm/readahead: do not allow order-1 folio (bsc#1234205).
- mm/readahead: limit page cache size in page_cache_ra_order() (bsc#1234208).
- mmc: core: Add SD card quirk for broken poweroff notification (stable-fixes).
- mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting (git-fixes).
- mmc: mtk-sd: fix devm_clk_get_optional usage (stable-fixes).
- mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED (stable-fixes).
- mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet (stable-fixes).
- mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (git-fixes).
- mtd: diskonchip: Cast an operand to prevent potential overflow (git-fixes).
- mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes).
- mtd: hyperbus: rpc-if: Convert to platform remove callback returning void (stable-fixes).
- mtd: rawnand: arasan: Fix double assertion of chip-select (git-fixes).
- mtd: rawnand: arasan: Fix missing de-registration of NAND (git-fixes).
- mtd: rawnand: fix double free in atmel_pmecc_create_user() (git-fixes).
- net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (git-fixes).
- net/ipv6: release expired exception dst cached in socket (bsc#1216813).
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes).
- net/mlx5e: Remove workaround to avoid syndrome for internal port (git-fixes).
- net/mlx5e: clear xdp features on non-uplink representors (git-fixes).
- net/qed: allow old cards not supporting 'num_images' to work (git-fixes).
- net: Return error from sk_stream_wait_connect() if sk_wait_event() fails (git-fixes).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- net: usb: qmi_wwan: add Quectel RG650V (stable-fixes).
- nfs: ignore SB_RDONLY when mounting nfs (git-fixes).
- nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (git-fixes).
- nfsd: make sure exp active before svc_export_show (git-fixes).
- nfsd: release svc_expkey/svc_export with rcu_work (git-fixes).
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- nilfs2: fix buffer head leaks in calls to truncate_inode_pages() (git-fixes).
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes).
- nilfs2: prevent use of deleted inode (git-fixes).
- nvme-pci: 512 byte aligned dma pool segment quirk (git-fixes).
- nvme-rdma: unquiesce admin_q before destroy it (git-fixes).
- nvme-tcp: fix the memleak while create new ctrl failed (git-fixes).
- nvme/multipath: Fix RCU list traversal to use SRCU primitive (git-fixes).
- nvme: apple: fix device reference counting (git-fixes).
- nvme: fix metadata handling in nvme-passthrough (git-fixes).
- nvmet-loop: avoid using mutex in IO hotpath (git-fixes).
- ocfs2: fix uninitialized value in ocfs2_file_read_iter() (git-fixes).
- ocfs2: free inode when ocfs2_get_init_inode() fails (git-fixes).
- of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() (git-fixes).
- of: Fix error path in of_parse_phandle_with_args_map() (git-fixes).
- of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (git-fixes).
- of: address: Report error on resource bounds overflow (stable-fixes).
- parisc: Raise minimal GCC version (bsc#1220773).
- parisc: Raise minimal GCC version to 12.0.0 (bsc#1220773 git-fix).
- percpu: Add {raw,this}_cpu_try_cmpxchg() (bsc#1220773).
- percpu: Fix self-assignment of __old in raw_cpu_generic_try_cmpxchg() (bsc#1220773 git-fix).
- percpu: Wire up cmpxchg128 (bsc#1220773).
- phy: core: Fix an OF node refcount leakage in _of_phy_get() (git-fixes).
- phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (git-fixes).
- phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider (git-fixes).
- phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (git-fixes).
- phy: core: Fix that API devm_phy_put() fails to release the phy (git-fixes).
- phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP (git-fixes).
- phy: rockchip: naneng-combphy: fix phy reset (git-fixes).
- phy: usb: Toggle the PHY power during init (git-fixes).
- pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (git-fixes).
- pinctrl: qcom-pmic-gpio: add support for PM8937 (stable-fixes).
- pinctrl: qcom: spmi-mpp: Add PM8937 compatible (stable-fixes).
- pinmux: Use sequential access to access desc->pinmux data (stable-fixes).
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).
- platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (stable-fixes).
- platform/x86: dell-smbios-base: Extends support to Alienware products (stable-fixes).
- platform/x86: dell-wmi-base: Handle META key Lock/Unlock events (stable-fixes).
- platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect fan speed (stable-fixes).
- power: supply: gpio-charger: Fix set charge current limits (git-fixes).
- powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active (bsc#1235108).
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes).
- quota: Fix rcu annotations of inode dquot pointers (bsc#1234197).
- quota: explicitly forbid quota files from being encrypted (bsc#1234196).
- quota: flush quota_release_work upon quota writeback (bsc#1234195).
- quota: simplify drop_dquot_ref() (bsc#1234197).
- readahead: use ilog2 instead of a while loop in page_cache_ra_order() (bsc#1234208).
- regmap: Use correct format specifier for logging range errors (stable-fixes).
- regulator: rk808: Add apply_bit for BUCK3 on RK809 (stable-fixes).
- rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454)
- rtc: cmos: avoid taking rtc_lock for extended period of time (stable-fixes).
- s390/cio: Do not unregister the subchannel based on DNV (git-fixes).
- s390/cpum_sf: Convert to cmpxchg128() (bsc#1220773).
- s390/cpum_sf: Handle CPU hotplug remove during sampling (git-fixes).
- s390/cpum_sf: Remove WARN_ON_ONCE statements (git-fixes).
- s390/facility: Disable compile time optimization for decompressor code (git-fixes).
- s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (git-fixes).
- s390/pageattr: Implement missing kernel_page_present() (git-fixes).
- scatterlist: fix incorrect func name in kernel-doc (git-fixes).
- sched/numa: fix memory leak due to the overwritten vma->numab_state (git fixes (sched/numa)).
- scsi: lpfc: Add handling for LS_RJT reason explanation authentication required (bsc#1235409).
- scsi: lpfc: Add support for large fw object application layer reads (bsc#1235409).
- scsi: lpfc: Change lpfc_nodelist save_flags member into a bitmask (bsc#1235409).
- scsi: lpfc: Copyright updates for 14.4.0.7 patches (bsc#1235409).
- scsi: lpfc: Delete NLP_TARGET_REMOVE flag due to obsolete usage (bsc#1235409).
- scsi: lpfc: Modify handling of ADISC based on ndlp state and RPI registration (bsc#1235409).
- scsi: lpfc: Redefine incorrect type in lpfc_create_device_data() (bsc#1235409).
- scsi: lpfc: Restrict the REG_FCFI MAM field to FCoE adapters only (bsc#1235409).
- scsi: lpfc: Update definition of firmware configuration mbox cmds (bsc#1235409).
- scsi: lpfc: Update lpfc version to 14.4.0.7 (bsc#1235409).
- scsi: qla2xxx: Fix NVMe and NPIV connect issue (bsc#1235406).
- scsi: qla2xxx: Fix abort in bsg timeout (bsc#1235406).
- scsi: qla2xxx: Fix use after free on unload (bsc#1235406).
- scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt (bsc#1235406).
- scsi: qla2xxx: Remove the unused 'del_list_entry' field in struct fc_port (bsc#1235406).
- scsi: qla2xxx: Supported speed displayed incorrectly for VPorts (bsc#1235406).
- scsi: qla2xxx: Update version to 10.02.09.400-k (bsc#1235406).
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- selftests/bpf: Test PROBE_MEM of VSYSCALL_ADDR on x86-64 (git-fixes).
- serial: 8250_dw: Add Sophgo SG2044 quirk (stable-fixes).
- serial: 8250_dw: Do not use struct dw8250_data outside of 8250_dw (git-fixes).
- serial: 8250_dw: Replace ACPI device check by a quirk (git-fixes).
- serial: 8250_fintek: Add support for F81216E (stable-fixes).
- serial: Do not hold the port lock when setting rx-during-tx GPIO (git-fixes).
- serial: amba-pl011: Fix RX stall when DMA is used (git-fixes).
- serial: amba-pl011: Use port lock wrappers (stable-fixes).
- serial: amba-pl011: fix build regression (git-fixes).
- serial: do not use uninitialized value in uart_poll_init() (git-fixes).
- serial: imx: only set receiver level if it is zero (git-fixes).
- serial: imx: set receiver level before starting uart (git-fixes).
- serial: qcom-geni: Do not cancel/abort if we can't get the port lock (git-fixes).
- serial: qcom-geni: disable interrupts during console writes (git-fixes).
- serial: qcom-geni: fix arg types for qcom_geni_serial_poll_bit() (git-fixes).
- serial: qcom-geni: fix console corruption (git-fixes).
- serial: qcom-geni: fix dma rx cancellation (git-fixes).
- serial: qcom-geni: fix false console tx restart (git-fixes).
- serial: qcom-geni: fix fifo polling timeout (git-fixes).
- serial: qcom-geni: fix hard lockup on buffer flush (git-fixes).
- serial: qcom-geni: fix polled console corruption (git-fixes).
- serial: qcom-geni: fix polled console initialisation (git-fixes).
- serial: qcom-geni: fix receiver enable (git-fixes).
- serial: qcom-geni: fix shutdown race (git-fixes).
- serial: qcom-geni: fix soft lockup on sw flow control and suspend (git-fixes).
- serial: qcom-geni: introduce qcom_geni_serial_poll_bitfield() (git-fixes).
- serial: qcom-geni: revert broken hibernation support (git-fixes).
- serial: stm32: Return IRQ_NONE in the ISR if no handling happend (git-fixes).
- serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled (git-fixes).
- slub: Replace cmpxchg_double() (bsc#1220773).
- slub: Replace cmpxchg_double() - KABI fix (bsc#1220773).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: fix issue described in bsc#1233642]
- soc/fsl: cpm: qmc: Convert to platform remove callback returning void (stable-fixes).
- soc: fsl: cpm1: qmc: Fix blank line and spaces (stable-fixes).
- soc: fsl: cpm1: qmc: Introduce qmc_init_resource() and its CPM1 version (stable-fixes).
- soc: fsl: cpm1: qmc: Introduce qmc_{init,exit}_xcc() and their CPM1 version (stable-fixes).
- soc: fsl: cpm1: qmc: Re-order probe() operations (stable-fixes).
- soc: fsl: cpm1: qmc: Set the ret error code on platform_get_irq() failure (git-fixes).
- soc: imx8m: Probe the SoC driver as platform driver (stable-fixes).
- soc: qcom: Add check devm_kasprintf() returned value (stable-fixes).
- soc: qcom: geni-se: Add M_TX_FIFO_NOT_EMPTY bit definition (git-fixes).
- soc: qcom: geni-se: add GP_LENGTH/IRQ_EN_SET/IRQ_EN_CLEAR registers (git-fixes).
- soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (git-fixes).
- spi: aspeed: Fix an error handling path in aspeed_spi_[read|write]_user() (git-fixes).
- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (git-fixes).
- sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (git-fixes).
- sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() (git-fixes).
- svcrdma: Address an integer overflow (git-fixes).
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes).
- swiotlb: Enforce page alignment in swiotlb_alloc() (git-fixes).
- swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE (git-fixes).
- thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens (stable-fixes).
- tools: hv: change permissions of NetworkManager configuration file (git-fixes).
- tpm/eventlog: Limit memory allocations for event logs with excessive size (bsc#1233260 bsc#1233259 bsc#1232421).
- tpm_tis_spi: Release chip select when flow control fails (bsc#1234338)
- tty: serial: kgdboc: Fix 8250_* kgdb over serial (git-fixes).
- types: Introduce [us]128 (bsc#1220773).
- ubifs: Correct the total block count by deducting journal reservation (git-fixes).
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes).
- udf: Fix lock ordering in udf_evict_inode() (bsc#1234238).
- udf: fix uninit-value use in udf_get_fileshortad (bsc#1234243).
- udf: prevent integer overflow in udf_bitmap_free_blocks() (bsc#1234239).
- udf: refactor inode_bmap() to handle error (bsc#1234242).
- udf: refactor udf_current_aext() to handle error (bsc#1234240).
- udf: refactor udf_next_aext() to handle error (bsc#1234241).
- udf: udftime: prevent overflow in udf_disk_stamp_to_time() (bsc#1234237).
- usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver (stable-fixes).
- usb: cdns3-ti: Add workaround for Errata i2409 (stable-fixes).
- usb: cdns3: Add quirk flag to enable suspend residency (stable-fixes).
- usb: chipidea: udc: handle USB Error Interrupt if IOC not set (stable-fixes).
- usb: dwc2: Fix HCD port connection race (git-fixes).
- usb: dwc2: Fix HCD resume (git-fixes).
- usb: dwc2: gadget: Do not write invalid mapped sg entries into dma_desc with iommu enabled (stable-fixes).
- usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature (git-fixes).
- usb: dwc3: ep0: Do not clear ep0 DWC3_EP_TRANSFER_STARTED (git-fixes).
- usb: dwc3: ep0: Do not reset resource alloc flag (git-fixes).
- usb: dwc3: ep0: Do not reset resource alloc flag (including ep0) (git-fixes).
- usb: dwc3: gadget: Rewrite endpoint allocation flow (stable-fixes).
- usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode (git-fixes).
- usb: ehci-hcd: fix call balance of clocks handling routines (git-fixes).
- usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (git-fixes).
- usb: host: max3421-hcd: Correctly abort a USB request (git-fixes).
- usb: typec: anx7411: fix OF node reference leaks in anx7411_typec_switch_probe() (git-fixes).
- usb: typec: anx7411: fix fwnode_handle reference leak (git-fixes).
- usb: typec: use cleanup facility for 'altmodes_node' (stable-fixes).
- vDPA/ifcvf: Fix pci_read_config_byte() return code handling (git-fixes).
- vdpa/mlx5: Fix PA offset with unaligned starting iotlb map (git-fixes).
- vdpa/mlx5: Fix suboptimal range on iotlb iteration (git-fixes).
- vdpa: solidrun: Fix UB bug with devres (git-fixes).
- vfs: fix readahead(2) on block devices (bsc#1234201).
- wifi: ath5k: add PCI ID for Arcadyan devices (git-fixes).
- wifi: ath5k: add PCI ID for SX76X (git-fixes).
- wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (stable-fixes).
- wifi: cfg80211: sme: init n_channels before channels[] access (git-fixes).
- wifi: cw1200: Fix potential NULL dereference (git-fixes).
- wifi: ipw2x00: libipw_rx_any(): fix bad alignment (stable-fixes).
- wifi: iwlwifi: mvm: Use the sync timepoint API in suspend (stable-fixes).
- wifi: mac80211: clean up 'ret' in sta_link_apply_parameters() (stable-fixes).
- wifi: mac80211: fix station NSS capability initialization order (git-fixes).
- wifi: mac80211: init cnt before accessing elem in ieee80211_copy_mbssid_beacon (git-fixes).
- wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one (git-fixes).
- wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures (stable-fixes).
- wifi: rtw89: check return value of ieee80211_probereq_get() for RNR (stable-fixes).
- workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker (bsc#1235416).
- writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs (bsc#1234203).
- x86,amd_iommu: Replace cmpxchg_double() (bsc#1220773).
- x86,intel_iommu: Replace cmpxchg_double() (bsc#1220773).
- x86/hyperv: Fix hv tsc page based sched_clock for hibernation (git-fixes).
- xfs: do not allocate COW extents when unsharing a hole (git-fixes).
- xfs: fix sb_spino_align checks for large fsblock sizes (git-fixes).
- xfs: remove unknown compat feature check in superblock write validation (git-fixes).
- xfs: return from xfs_symlink_verify early on V4 filesystems (git-fixes).
- xfs: sb_spino_align is not verified (git-fixes).
- xhci: Add usb cold attach (CAS) as a reason to resume root hub (git-fixes).
- xhci: Allow RPM on the USB controller (1022:43f7) by default (stable-fixes).
- xhci: fix possible null pointer deref during xhci urb enqueue (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:196-1
Released: Tue Jan 21 09:34:32 2025
Summary: Security update for dhcp
Type: security
Severity: moderate
References: 1192020
This update for dhcp fixes the following issues:
- Fixed dhcp not starting in case group nogroup is missing (bsc#1192020)
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:222-1
Released: Wed Jan 22 12:30:04 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:225-1
Released: Wed Jan 22 15:31:54 2025
Summary: Recommended update for vim
Type: recommended
Severity: moderate
References: 1234214,1234245,1234333
This update for vim fixes the following issues:
- Fix for migration problems related to 'xxd', a subpackages of vim (bsc#1234333 / bsc#1234214 / bsc#1234245).
Package 'xxd' has been obsoleted by Vim, as it provides the xxd
files directly.
However, because the 'Obsoletes' entry was versioned, depending on
which version of 'xxd' that is installed, the 'Obsoletes' isn't
actually triggered. Thus, there is a conflict between 'vim' and
'xxd' in these cases.
Fixing this by removing the version completely. The 'vim' package
should always replace 'xxd', even if people are migrating from an
older SLE15 service pack which has the exact same version.
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- containerd-ctr-1.7.23-150000.120.1 updated
- containerd-1.7.23-150000.120.1 updated
- dhcp-client-4.3.6.P1-150000.6.22.1 updated
- dhcp-4.3.6.P1-150000.6.22.1 updated
- docker-26.1.5_ce-150000.212.1 updated
- glibc-locale-base-2.38-150600.14.20.3 updated
- glibc-locale-2.38-150600.14.20.3 updated
- glibc-2.38-150600.14.20.3 updated
- grub2-i386-pc-2.12-150600.8.12.1 updated
- grub2-x86_64-efi-2.12-150600.8.12.1 updated
- grub2-2.12-150600.8.12.1 updated
- hwdata-0.390-150000.3.74.2 updated
- insserv-compat-0.1-4.6.1 added
- kdump-2.0.6+git19.ge6e33ae-150600.3.6.2 updated
- kernel-default-6.4.0-150600.23.33.1 updated
- libcurl4-8.6.0-150600.4.18.1 updated
- libnl-config-3.9.0-150600.15.4.4 updated
- libnl3-200-3.9.0-150600.15.4.4 updated
- libproxy1-0.5.3-150600.4.6.2 updated
- libpxbackend-1_0-0.5.3-150600.4.6.2 updated
- libsystemd0-254.21-150600.4.21.1 updated
- libudev1-254.21-150600.4.21.1 updated
- libzypp-17.35.16-150600.3.41.1 updated
- microsoft-dracut-config-0.0.4-150300.7.9.2 added
- permissions-20240826-150600.10.12.1 updated
- python3-Jinja2-2.10.1-150000.3.18.1 updated
- systemd-254.21-150600.4.21.1 updated
- udev-254.21-150600.4.21.1 updated
- vim-data-common-9.1.0836-150500.20.18.1 updated
- vim-9.1.0836-150500.20.18.1 updated
- xen-libs-4.18.4_02-150600.3.15.2 updated
- zypper-1.14.79-150600.10.19.1 updated
From sle-container-updates at lists.suse.com Fri Jan 24 08:02:18 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 24 Jan 2025 09:02:18 +0100 (CET)
Subject: SUSE-IU-2025:341-1: Security update of
suse-sles-15-sp6-chost-byos-v20250122-hvm-ssd-x86_64
Message-ID: <20250124080218.2CE65FBA0@maintenance.suse.de>
SUSE Image Update Advisory: suse-sles-15-sp6-chost-byos-v20250122-hvm-ssd-x86_64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:341-1
Image Tags : suse-sles-15-sp6-chost-byos-v20250122-hvm-ssd-x86_64:20250122
Image Release :
Severity : important
Type : security
References : 1012628 1027519 1065729 1082555 1082756 1189451 1192020 1194869
1203617 1214954 1215199 1216813 1217070 1217845 1218562 1218644
1219596 1219736 1219803 1220338 1220355 1220382 1220773 1221309
1222423 1222587 1222590 1223112 1223384 1223656 1223700 1223733
1223824 1223848 1224088 1224095 1224429 1224518 1224548 1224574
1224726 1224948 1225611 1225713 1225725 1225730 1225742 1225743
1225758 1225764 1225768 1225813 1225820 1225903 1226003 1226130
1226498 1226623 1226631 1226748 1226797 1226848 1226872 1227445
1227726 1227842 1228119 1228244 1228269 1228324 1228410 1228430
1228454 1228526 1228537 1228553 1228620 1228743 1228747 1228850
1228857 1229019 1229165 1229238 1229429 1229450 1229585 1229677
1229769 1229806 1229808 1229809 1229891 1230055 1230132 1230179
1230205 1230220 1230231 1230289 1230294 1230295 1230331 1230333
1230339 1230341 1230375 1230413 1230414 1230429 1230456 1230501
1230527 1230550 1230557 1230558 1230600 1230620 1230697 1230710
1230733 1230762 1230763 1230773 1230774 1230801 1230807 1230817
1230827 1230831 1230914 1230918 1230971 1231016 1231035 1231048
1231072 1231073 1231075 1231076 1231081 1231082 1231083 1231084
1231085 1231087 1231089 1231092 1231093 1231094 1231096 1231098
1231100 1231101 1231102 1231105 1231108 1231111 1231114 1231115
1231116 1231117 1231131 1231132 1231135 1231136 1231138 1231148
1231169 1231170 1231171 1231178 1231179 1231182 1231183 1231187
1231191 1231193 1231195 1231197 1231200 1231202 1231203 1231276
1231293 1231348 1231373 1231384 1231434 1231435 1231436 1231439
1231440 1231441 1231442 1231452 1231453 1231465 1231474 1231481
1231496 1231502 1231537 1231539 1231540 1231541 1231604 1231617
1231630 1231634 1231635 1231636 1231637 1231638 1231639 1231640
1231673 1231828 1231849 1231854 1231855 1231856 1231857 1231858
1231859 1231860 1231861 1231864 1231865 1231868 1231869 1231871
1231872 1231901 1231902 1231903 1231904 1231906 1231907 1231908
1231909 1231914 1231916 1231920 1231924 1231926 1231930 1231931
1231935 1231942 1231944 1231946 1231947 1231950 1231951 1231952
1231953 1231954 1231955 1231956 1231957 1231963 1231965 1231967
1231968 1231987 1231988 1231989 1231990 1231998 1232000 1232003
1232009 1232013 1232015 1232016 1232017 1232018 1232024 1232024
1232033 1232034 1232036 1232043 1232047 1232048 1232049 1232050
1232056 1232075 1232076 1232079 1232080 1232083 1232084 1232085
1232089 1232090 1232093 1232094 1232096 1232097 1232098 1232103
1232104 1232105 1232109 1232111 1232114 1232116 1232117 1232124
1232126 1232127 1232129 1232130 1232131 1232132 1232134 1232135
1232140 1232141 1232142 1232145 1232147 1232148 1232149 1232151
1232152 1232154 1232155 1232156 1232157 1232159 1232160 1232162
1232164 1232165 1232166 1232174 1232180 1232182 1232183 1232185
1232187 1232189 1232192 1232193 1232195 1232196 1232198 1232198
1232199 1232200 1232201 1232201 1232207 1232208 1232217 1232218
1232220 1232221 1232222 1232224 1232227 1232232 1232250 1232251
1232253 1232254 1232255 1232256 1232258 1232259 1232260 1232262
1232263 1232264 1232272 1232275 1232279 1232282 1232285 1232287
1232295 1232305 1232307 1232309 1232310 1232312 1232313 1232314
1232315 1232316 1232317 1232318 1232329 1232332 1232333 1232334
1232335 1232337 1232339 1232340 1232342 1232345 1232349 1232352
1232354 1232355 1232357 1232358 1232359 1232361 1232362 1232366
1232367 1232368 1232369 1232370 1232371 1232374 1232378 1232381
1232383 1232385 1232386 1232387 1232392 1232394 1232395 1232396
1232413 1232416 1232417 1232418 1232418 1232419 1232420 1232421
1232424 1232427 1232432 1232435 1232436 1232436 1232442 1232446
1232483 1232494 1232498 1232499 1232500 1232501 1232502 1232503
1232504 1232505 1232506 1232507 1232511 1232519 1232520 1232529
1232552 1232573 1232623 1232626 1232627 1232628 1232629 1232704
1232757 1232768 1232819 1232823 1232844 1232860 1232869 1232870
1232873 1232876 1232877 1232878 1232880 1232881 1232884 1232885
1232887 1232888 1232890 1232892 1232894 1232896 1232897 1232905
1232907 1232914 1232919 1232925 1232926 1232928 1232935 1232999
1233029 1233032 1233035 1233036 1233038 1233041 1233044 1233049
1233050 1233051 1233056 1233057 1233061 1233062 1233063 1233065
1233067 1233070 1233070 1233073 1233074 1233088 1233091 1233092
1233096 1233097 1233100 1233103 1233104 1233105 1233106 1233107
1233108 1233110 1233111 1233113 1233114 1233115 1233117 1233119
1233123 1233125 1233127 1233129 1233130 1233132 1233135 1233176
1233179 1233185 1233188 1233189 1233191 1233193 1233197 1233200
1233201 1233203 1233204 1233205 1233206 1233207 1233208 1233209
1233210 1233211 1233212 1233216 1233217 1233219 1233226 1233238
1233239 1233241 1233244 1233253 1233255 1233259 1233260 1233293
1233298 1233305 1233320 1233324 1233328 1233350 1233443 1233452
1233453 1233454 1233456 1233457 1233458 1233460 1233461 1233462
1233463 1233464 1233465 1233467 1233468 1233468 1233469 1233471
1233476 1233478 1233479 1233481 1233484 1233485 1233487 1233490
1233491 1233523 1233524 1233540 1233546 1233547 1233548 1233550
1233552 1233553 1233554 1233555 1233557 1233558 1233560 1233561
1233564 1233566 1233567 1233568 1233570 1233572 1233573 1233577
1233580 1233637 1233640 1233641 1233642 1233642 1233721 1233754
1233756 1233769 1233771 1233772 1233819 1233837 1233977 1234009
1234011 1234012 1234015 1234024 1234025 1234039 1234040 1234041
1234042 1234043 1234044 1234045 1234046 1234069 1234071 1234072
1234073 1234075 1234076 1234077 1234078 1234079 1234081 1234083
1234085 1234086 1234087 1234093 1234098 1234108 1234121 1234139
1234140 1234141 1234142 1234143 1234144 1234145 1234146 1234147
1234148 1234149 1234150 1234153 1234155 1234156 1234158 1234159
1234160 1234161 1234162 1234163 1234164 1234165 1234166 1234167
1234168 1234169 1234170 1234171 1234172 1234173 1234174 1234175
1234176 1234177 1234178 1234179 1234180 1234181 1234182 1234183
1234184 1234185 1234186 1234187 1234188 1234189 1234190 1234191
1234192 1234193 1234194 1234195 1234196 1234197 1234198 1234199
1234200 1234201 1234203 1234204 1234205 1234207 1234208 1234209
1234214 1234219 1234220 1234221 1234223 1234237 1234238 1234239
1234240 1234241 1234242 1234243 1234245 1234278 1234279 1234280
1234281 1234282 1234282 1234294 1234333 1234338 1234357 1234381
1234454 1234464 1234605 1234651 1234652 1234654 1234655 1234657
1234658 1234659 1234665 1234668 1234690 1234708 1234725 1234726
1234749 1234809 1234810 1234811 1234826 1234827 1234829 1234832
1234834 1234843 1234845 1234846 1234848 1234853 1234855 1234856
1234884 1234889 1234891 1234899 1234900 1234905 1234907 1234909
1234911 1234912 1234916 1234918 1234920 1234921 1234922 1234929
1234930 1234937 1234940 1234948 1234950 1234952 1234960 1234962
1234963 1234968 1234969 1234970 1234971 1234973 1234974 1234989
1234999 1235002 1235003 1235004 1235007 1235009 1235016 1235019
1235033 1235045 1235056 1235061 1235075 1235097 1235108 1235128
1235134 1235138 1235151 1235246 1235406 1235409 1235416 1235507
1235550 CVE-2023-45142 CVE-2023-47108 CVE-2023-52766 CVE-2023-52778
CVE-2023-52800 CVE-2023-52881 CVE-2023-52917 CVE-2023-52918 CVE-2023-52919
CVE-2023-52920 CVE-2023-52921 CVE-2023-52922 CVE-2023-6270 CVE-2024-26596
CVE-2024-26703 CVE-2024-26741 CVE-2024-26758 CVE-2024-26761 CVE-2024-26767
CVE-2024-26782 CVE-2024-26864 CVE-2024-26924 CVE-2024-26943 CVE-2024-26953
CVE-2024-27017 CVE-2024-27026 CVE-2024-27043 CVE-2024-27397 CVE-2024-27407
CVE-2024-35839 CVE-2024-35888 CVE-2024-35980 CVE-2024-36000 CVE-2024-36031
CVE-2024-36244 CVE-2024-36484 CVE-2024-36883 CVE-2024-36886 CVE-2024-36905
CVE-2024-36908 CVE-2024-36915 CVE-2024-36920 CVE-2024-36927 CVE-2024-36954
CVE-2024-36968 CVE-2024-38576 CVE-2024-38577 CVE-2024-38589 CVE-2024-38599
CVE-2024-39480 CVE-2024-40914 CVE-2024-41016 CVE-2024-41023 CVE-2024-41031
CVE-2024-41042 CVE-2024-41047 CVE-2024-41082 CVE-2024-41110 CVE-2024-42102
CVE-2024-42145 CVE-2024-43374 CVE-2024-44932 CVE-2024-44934 CVE-2024-44958
CVE-2024-44964 CVE-2024-44995 CVE-2024-44996 CVE-2024-45016 CVE-2024-45025
CVE-2024-46678 CVE-2024-46680 CVE-2024-46681 CVE-2024-46721 CVE-2024-46754
CVE-2024-46765 CVE-2024-46766 CVE-2024-46770 CVE-2024-46775 CVE-2024-46777
CVE-2024-46788 CVE-2024-46797 CVE-2024-46800 CVE-2024-46802 CVE-2024-46803
CVE-2024-46804 CVE-2024-46805 CVE-2024-46806 CVE-2024-46807 CVE-2024-46809
CVE-2024-46810 CVE-2024-46811 CVE-2024-46812 CVE-2024-46813 CVE-2024-46814
CVE-2024-46815 CVE-2024-46816 CVE-2024-46817 CVE-2024-46818 CVE-2024-46819
CVE-2024-46821 CVE-2024-46825 CVE-2024-46826 CVE-2024-46827 CVE-2024-46828
CVE-2024-46830 CVE-2024-46831 CVE-2024-46834 CVE-2024-46835 CVE-2024-46836
CVE-2024-46840 CVE-2024-46841 CVE-2024-46842 CVE-2024-46843 CVE-2024-46845
CVE-2024-46846 CVE-2024-46848 CVE-2024-46849 CVE-2024-46851 CVE-2024-46852
CVE-2024-46853 CVE-2024-46854 CVE-2024-46855 CVE-2024-46857 CVE-2024-46859
CVE-2024-46860 CVE-2024-46861 CVE-2024-46864 CVE-2024-46870 CVE-2024-46871
CVE-2024-47658 CVE-2024-47660 CVE-2024-47661 CVE-2024-47662 CVE-2024-47663
CVE-2024-47664 CVE-2024-47665 CVE-2024-47666 CVE-2024-47667 CVE-2024-47668
CVE-2024-47669 CVE-2024-47670 CVE-2024-47671 CVE-2024-47672 CVE-2024-47673
CVE-2024-47674 CVE-2024-47675 CVE-2024-47678 CVE-2024-47679 CVE-2024-47681
CVE-2024-47682 CVE-2024-47684 CVE-2024-47685 CVE-2024-47686 CVE-2024-47687
CVE-2024-47688 CVE-2024-47692 CVE-2024-47693 CVE-2024-47695 CVE-2024-47696
CVE-2024-47697 CVE-2024-47698 CVE-2024-47699 CVE-2024-47701 CVE-2024-47702
CVE-2024-47703 CVE-2024-47704 CVE-2024-47705 CVE-2024-47706 CVE-2024-47707
CVE-2024-47709 CVE-2024-47710 CVE-2024-47712 CVE-2024-47713 CVE-2024-47714
CVE-2024-47715 CVE-2024-47718 CVE-2024-47719 CVE-2024-47720 CVE-2024-47723
CVE-2024-47727 CVE-2024-47728 CVE-2024-47730 CVE-2024-47731 CVE-2024-47732
CVE-2024-47735 CVE-2024-47737 CVE-2024-47738 CVE-2024-47739 CVE-2024-47741
CVE-2024-47742 CVE-2024-47743 CVE-2024-47744 CVE-2024-47745 CVE-2024-47747
CVE-2024-47748 CVE-2024-47749 CVE-2024-47750 CVE-2024-47751 CVE-2024-47752
CVE-2024-47753 CVE-2024-47754 CVE-2024-47756 CVE-2024-47757 CVE-2024-47814
CVE-2024-49850 CVE-2024-49851 CVE-2024-49852 CVE-2024-49853 CVE-2024-49854
CVE-2024-49855 CVE-2024-49858 CVE-2024-49860 CVE-2024-49861 CVE-2024-49862
CVE-2024-49863 CVE-2024-49864 CVE-2024-49866 CVE-2024-49867 CVE-2024-49868
CVE-2024-49870 CVE-2024-49871 CVE-2024-49874 CVE-2024-49875 CVE-2024-49877
CVE-2024-49878 CVE-2024-49879 CVE-2024-49881 CVE-2024-49882 CVE-2024-49883
CVE-2024-49884 CVE-2024-49884 CVE-2024-49886 CVE-2024-49888 CVE-2024-49890
CVE-2024-49891 CVE-2024-49892 CVE-2024-49894 CVE-2024-49895 CVE-2024-49896
CVE-2024-49897 CVE-2024-49898 CVE-2024-49899 CVE-2024-49900 CVE-2024-49901
CVE-2024-49902 CVE-2024-49903 CVE-2024-49905 CVE-2024-49906 CVE-2024-49907
CVE-2024-49908 CVE-2024-49909 CVE-2024-49911 CVE-2024-49912 CVE-2024-49913
CVE-2024-49914 CVE-2024-49915 CVE-2024-49917 CVE-2024-49918 CVE-2024-49919
CVE-2024-49920 CVE-2024-49921 CVE-2024-49922 CVE-2024-49923 CVE-2024-49925
CVE-2024-49928 CVE-2024-49929 CVE-2024-49930 CVE-2024-49931 CVE-2024-49933
CVE-2024-49934 CVE-2024-49935 CVE-2024-49936 CVE-2024-49937 CVE-2024-49938
CVE-2024-49939 CVE-2024-49944 CVE-2024-49945 CVE-2024-49946 CVE-2024-49947
CVE-2024-49949 CVE-2024-49950 CVE-2024-49952 CVE-2024-49953 CVE-2024-49954
CVE-2024-49955 CVE-2024-49957 CVE-2024-49958 CVE-2024-49959 CVE-2024-49960
CVE-2024-49961 CVE-2024-49962 CVE-2024-49963 CVE-2024-49965 CVE-2024-49966
CVE-2024-49967 CVE-2024-49968 CVE-2024-49969 CVE-2024-49972 CVE-2024-49973
CVE-2024-49974 CVE-2024-49975 CVE-2024-49976 CVE-2024-49981 CVE-2024-49982
CVE-2024-49983 CVE-2024-49985 CVE-2024-49986 CVE-2024-49987 CVE-2024-49989
CVE-2024-49991 CVE-2024-49993 CVE-2024-49995 CVE-2024-49996 CVE-2024-50000
CVE-2024-50001 CVE-2024-50002 CVE-2024-50003 CVE-2024-50004 CVE-2024-50006
CVE-2024-50007 CVE-2024-50008 CVE-2024-50009 CVE-2024-50012 CVE-2024-50013
CVE-2024-50014 CVE-2024-50015 CVE-2024-50016 CVE-2024-50017 CVE-2024-50018
CVE-2024-50019 CVE-2024-50020 CVE-2024-50021 CVE-2024-50022 CVE-2024-50023
CVE-2024-50024 CVE-2024-50025 CVE-2024-50026 CVE-2024-50027 CVE-2024-50028
CVE-2024-50031 CVE-2024-50033 CVE-2024-50035 CVE-2024-50039 CVE-2024-50040
CVE-2024-50041 CVE-2024-50042 CVE-2024-50044 CVE-2024-50045 CVE-2024-50046
CVE-2024-50047 CVE-2024-50047 CVE-2024-50048 CVE-2024-50049 CVE-2024-50055
CVE-2024-50058 CVE-2024-50059 CVE-2024-50060 CVE-2024-50061 CVE-2024-50062
CVE-2024-50063 CVE-2024-50064 CVE-2024-50067 CVE-2024-50069 CVE-2024-50073
CVE-2024-50074 CVE-2024-50075 CVE-2024-50076 CVE-2024-50077 CVE-2024-50078
CVE-2024-50080 CVE-2024-50081 CVE-2024-50082 CVE-2024-50084 CVE-2024-50087
CVE-2024-50088 CVE-2024-50089 CVE-2024-50093 CVE-2024-50095 CVE-2024-50096
CVE-2024-50098 CVE-2024-50099 CVE-2024-50100 CVE-2024-50101 CVE-2024-50102
CVE-2024-50103 CVE-2024-50108 CVE-2024-50110 CVE-2024-50115 CVE-2024-50116
CVE-2024-50117 CVE-2024-50121 CVE-2024-50124 CVE-2024-50125 CVE-2024-50127
CVE-2024-50128 CVE-2024-50130 CVE-2024-50131 CVE-2024-50134 CVE-2024-50135
CVE-2024-50136 CVE-2024-50138 CVE-2024-50139 CVE-2024-50141 CVE-2024-50143
CVE-2024-50145 CVE-2024-50146 CVE-2024-50147 CVE-2024-50148 CVE-2024-50150
CVE-2024-50153 CVE-2024-50154 CVE-2024-50154 CVE-2024-50155 CVE-2024-50156
CVE-2024-50157 CVE-2024-50158 CVE-2024-50159 CVE-2024-50160 CVE-2024-50166
CVE-2024-50167 CVE-2024-50169 CVE-2024-50171 CVE-2024-50172 CVE-2024-50175
CVE-2024-50176 CVE-2024-50177 CVE-2024-50179 CVE-2024-50180 CVE-2024-50181
CVE-2024-50182 CVE-2024-50183 CVE-2024-50184 CVE-2024-50186 CVE-2024-50187
CVE-2024-50188 CVE-2024-50189 CVE-2024-50192 CVE-2024-50194 CVE-2024-50195
CVE-2024-50196 CVE-2024-50198 CVE-2024-50200 CVE-2024-50201 CVE-2024-50202
CVE-2024-50203 CVE-2024-50205 CVE-2024-50208 CVE-2024-50209 CVE-2024-50210
CVE-2024-50211 CVE-2024-50215 CVE-2024-50216 CVE-2024-50218 CVE-2024-50221
CVE-2024-50224 CVE-2024-50225 CVE-2024-50228 CVE-2024-50229 CVE-2024-50230
CVE-2024-50231 CVE-2024-50232 CVE-2024-50233 CVE-2024-50234 CVE-2024-50235
CVE-2024-50236 CVE-2024-50237 CVE-2024-50240 CVE-2024-50245 CVE-2024-50246
CVE-2024-50248 CVE-2024-50249 CVE-2024-50250 CVE-2024-50252 CVE-2024-50255
CVE-2024-50256 CVE-2024-50257 CVE-2024-50261 CVE-2024-50262 CVE-2024-50264
CVE-2024-50265 CVE-2024-50267 CVE-2024-50268 CVE-2024-50269 CVE-2024-50271
CVE-2024-50272 CVE-2024-50273 CVE-2024-50274 CVE-2024-50275 CVE-2024-50276
CVE-2024-50278 CVE-2024-50279 CVE-2024-50279 CVE-2024-50280 CVE-2024-50282
CVE-2024-50287 CVE-2024-50289 CVE-2024-50290 CVE-2024-50292 CVE-2024-50295
CVE-2024-50296 CVE-2024-50298 CVE-2024-50301 CVE-2024-50302 CVE-2024-53042
CVE-2024-53043 CVE-2024-53045 CVE-2024-53048 CVE-2024-53050 CVE-2024-53051
CVE-2024-53052 CVE-2024-53055 CVE-2024-53056 CVE-2024-53058 CVE-2024-53059
CVE-2024-53060 CVE-2024-53061 CVE-2024-53063 CVE-2024-53064 CVE-2024-53066
CVE-2024-53068 CVE-2024-53072 CVE-2024-53074 CVE-2024-53076 CVE-2024-53079
CVE-2024-53081 CVE-2024-53082 CVE-2024-53085 CVE-2024-53088 CVE-2024-53090
CVE-2024-53093 CVE-2024-53094 CVE-2024-53095 CVE-2024-53095 CVE-2024-53096
CVE-2024-53099 CVE-2024-53100 CVE-2024-53101 CVE-2024-53103 CVE-2024-53104
CVE-2024-53105 CVE-2024-53106 CVE-2024-53108 CVE-2024-53110 CVE-2024-53111
CVE-2024-53112 CVE-2024-53113 CVE-2024-53114 CVE-2024-53117 CVE-2024-53118
CVE-2024-53119 CVE-2024-53120 CVE-2024-53121 CVE-2024-53122 CVE-2024-53125
CVE-2024-53126 CVE-2024-53127 CVE-2024-53129 CVE-2024-53130 CVE-2024-53131
CVE-2024-53133 CVE-2024-53134 CVE-2024-53136 CVE-2024-53138 CVE-2024-53141
CVE-2024-53142 CVE-2024-53144 CVE-2024-53146 CVE-2024-53148 CVE-2024-53150
CVE-2024-53151 CVE-2024-53154 CVE-2024-53155 CVE-2024-53156 CVE-2024-53157
CVE-2024-53158 CVE-2024-53159 CVE-2024-53160 CVE-2024-53161 CVE-2024-53162
CVE-2024-53166 CVE-2024-53169 CVE-2024-53171 CVE-2024-53173 CVE-2024-53174
CVE-2024-53179 CVE-2024-53180 CVE-2024-53188 CVE-2024-53190 CVE-2024-53191
CVE-2024-53200 CVE-2024-53201 CVE-2024-53202 CVE-2024-53206 CVE-2024-53207
CVE-2024-53208 CVE-2024-53209 CVE-2024-53210 CVE-2024-53213 CVE-2024-53214
CVE-2024-53215 CVE-2024-53216 CVE-2024-53217 CVE-2024-53222 CVE-2024-53224
CVE-2024-53229 CVE-2024-53234 CVE-2024-53237 CVE-2024-53240 CVE-2024-53241
CVE-2024-53241 CVE-2024-56326 CVE-2024-56536 CVE-2024-56539 CVE-2024-56549
CVE-2024-56551 CVE-2024-56562 CVE-2024-56566 CVE-2024-56567 CVE-2024-56576
CVE-2024-56582 CVE-2024-56599 CVE-2024-56604 CVE-2024-56605 CVE-2024-56645
CVE-2024-56667 CVE-2024-56752 CVE-2024-56754 CVE-2024-56755 CVE-2024-56756
CVE-2024-8805
-----------------------------------------------------------------
The container suse-sles-15-sp6-chost-byos-v20250122-hvm-ssd-x86_64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4318-1
Released: Fri Dec 13 16:33:37 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1012628,1065729,1082555,1194869,1215199,1217845,1218562,1218644,1219596,1219803,1220355,1220382,1221309,1222423,1222587,1222590,1223112,1223384,1223656,1223700,1223733,1223824,1223848,1224088,1224429,1224518,1224548,1224574,1224948,1225611,1225713,1225725,1225730,1225742,1225764,1225768,1225813,1225903,1226003,1226130,1226498,1226623,1226631,1226748,1226797,1226848,1226872,1227726,1227842,1228119,1228244,1228269,1228410,1228430,1228454,1228537,1228620,1228743,1228747,1228850,1228857,1229019,1229165,1229429,1229450,1229585,1229677,1229769,1229808,1229891,1230055,1230132,1230179,1230220,1230231,1230289,1230295,1230339,1230341,1230375,1230414,1230429,1230456,1230501,1230527,1230550,1230557,1230558,1230600,1230620,1230710,1230733,1230762,1230763,1230773,1230774,1230801,1230807,1230817,1230827,1230831,1230914,1230918,1230971,1231016,1231035,1231072,1231073,1231075,1231076,1231081,1231082,1231083,1231084,1231085,1231087,1231089,1231092,1231093,1231094,1231096,1231098,1231100,1
231101,1231102,1231105,1231108,1231111,1231114,1231115,1231116,1231117,1231131,1231132,1231135,1231136,1231138,1231148,1231169,1231170,1231171,1231178,1231179,1231182,1231183,1231187,1231191,1231193,1231195,1231197,1231200,1231202,1231203,1231276,1231293,1231384,1231434,1231435,1231436,1231439,1231440,1231441,1231442,1231452,1231453,1231465,1231474,1231481,1231496,1231502,1231537,1231539,1231540,1231541,1231617,1231630,1231634,1231635,1231636,1231637,1231638,1231639,1231640,1231673,1231828,1231849,1231855,1231856,1231857,1231858,1231859,1231860,1231861,1231864,1231865,1231868,1231869,1231871,1231872,1231901,1231902,1231903,1231904,1231906,1231907,1231908,1231914,1231916,1231920,1231924,1231926,1231930,1231931,1231935,1231942,1231944,1231946,1231947,1231950,1231951,1231952,1231953,1231954,1231955,1231956,1231957,1231965,1231967,1231968,1231987,1231988,1231989,1231990,1231998,1232000,1232003,1232009,1232013,1232015,1232016,1232017,1232018,1232033,1232034,1232036,1232043,1232047,123204
8,1232049,1232050,1232056,1232075,1232076,1232079,1232080,1232083,1232084,1232085,1232089,1232090,1232093,1232094,1232096,1232097,1232098,1232103,1232104,1232105,1232109,1232111,1232114,1232116,1232117,1232124,1232126,1232127,1232129,1232130,1232131,1232132,1232134,1232135,1232140,1232141,1232142,1232145,1232147,1232148,1232149,1232151,1232152,1232154,1232155,1232156,1232157,1232159,1232160,1232162,1232164,1232165,1232166,1232174,1232180,1232182,1232183,1232185,1232187,1232189,1232192,1232195,1232196,1232198,1232199,1232200,1232201,1232207,1232208,1232217,1232218,1232220,1232221,1232222,1232224,1232232,1232250,1232251,1232253,1232254,1232255,1232256,1232258,1232259,1232260,1232262,1232263,1232264,1232272,1232275,1232279,1232282,1232285,1232287,1232295,1232305,1232307,1232309,1232310,1232312,1232313,1232314,1232315,1232316,1232317,1232318,1232329,1232332,1232333,1232334,1232335,1232337,1232339,1232340,1232342,1232345,1232349,1232352,1232354,1232355,1232357,1232358,1232359,1232361,123
2362,1232366,1232367,1232368,1232369,1232370,1232371,1232374,1232378,1232381,1232383,1232385,1232386,1232387,1232392,1232394,1232395,1232396,1232413,1232416,1232417,1232418,1232424,1232427,1232432,1232435,1232436,1232442,1232446,1232483,1232494,1232498,1232499,1232500,1232501,1232502,1232503,1232504,1232505,1232506,1232507,1232511,1232519,1232520,1232529,1232552,1232623,1232626,1232627,1232628,1232629,1232704,1232757,1232768,1232819,1232823,1232860,1232869,1232870,1232873,1232876,1232877,1232878,1232880,1232881,1232884,1232885,1232887,1232888,1232890,1232892,1232894,1232896,1232897,1232905,1232907,1232914,1232919,1232925,1232926,1232928,1232935,1233029,1233032,1233035,1233036,1233041,1233044,1233049,1233050,1233051,1233056,1233057,1233061,1233062,1233063,1233065,1233067,1233070,1233073,1233074,1233088,1233091,1233092,1233097,1233100,1233103,1233104,1233105,1233106,1233107,1233108,1233110,1233111,1233113,1233114,1233115,1233117,1233119,1233123,1233125,1233127,1233129,1233130,1233132,
1233135,1233176,1233179,1233185,1233188,1233189,1233191,1233193,1233197,1233201,1233203,1233205,1233206,1233207,1233208,1233209,1233210,1233211,1233212,1233216,1233217,1233219,1233226,1233238,1233241,1233244,1233253,1233255,1233293,1233298,1233305,1233320,1233350,1233443,1233452,1233453,1233454,1233456,1233457,1233458,1233460,1233462,1233463,1233464,1233465,1233468,1233471,1233476,1233478,1233479,1233481,1233484,1233485,1233487,1233490,1233491,1233523,1233524,1233540,1233547,1233548,1233550,1233552,1233553,1233554,1233555,1233557,1233560,1233561,1233564,1233566,1233567,1233568,1233570,1233572,1233573,1233577,1233580,1233640,1233641,1233642,1233721,1233754,1233756,1233769,1233771,1233977,1234009,1234011,1234012,1234025,1234039,1234040,1234041,1234042,1234043,1234044,1234045,1234046,1234072,1234078,1234081,1234083,1234085,1234087,1234093,1234098,1234108,1234121,1234223,CVE-2023-52766,CVE-2023-52778,CVE-2023-52800,CVE-2023-52881,CVE-2023-52917,CVE-2023-52918,CVE-2023-52919,CVE-2023-529
20,CVE-2023-52921,CVE-2023-52922,CVE-2023-6270,CVE-2024-26596,CVE-2024-26703,CVE-2024-26741,CVE-2024-26758,CVE-2024-26761,CVE-2024-26767,CVE-2024-26782,CVE-2024-26864,CVE-2024-26943,CVE-2024-26953,CVE-2024-27017,CVE-2024-27026,CVE-2024-27043,CVE-2024-27407,CVE-2024-35888,CVE-2024-35980,CVE-2024-36000,CVE-2024-36031,CVE-2024-36244,CVE-2024-36484,CVE-2024-36883,CVE-2024-36886,CVE-2024-36905,CVE-2024-36920,CVE-2024-36927,CVE-2024-36954,CVE-2024-36968,CVE-2024-38576,CVE-2024-38577,CVE-2024-38589,CVE-2024-38599,CVE-2024-40914,CVE-2024-41016,CVE-2024-41023,CVE-2024-41031,CVE-2024-41047,CVE-2024-41082,CVE-2024-42102,CVE-2024-42145,CVE-2024-44932,CVE-2024-44958,CVE-2024-44964,CVE-2024-44995,CVE-2024-45016,CVE-2024-45025,CVE-2024-46678,CVE-2024-46680,CVE-2024-46681,CVE-2024-46721,CVE-2024-46754,CVE-2024-46765,CVE-2024-46766,CVE-2024-46770,CVE-2024-46775,CVE-2024-46777,CVE-2024-46788,CVE-2024-46797,CVE-2024-46800,CVE-2024-46802,CVE-2024-46803,CVE-2024-46804,CVE-2024-46805,CVE-2024-46806,CVE-2
024-46807,CVE-2024-46809,CVE-2024-46810,CVE-2024-46811,CVE-2024-46812,CVE-2024-46813,CVE-2024-46814,CVE-2024-46815,CVE-2024-46816,CVE-2024-46817,CVE-2024-46818,CVE-2024-46819,CVE-2024-46821,CVE-2024-46825,CVE-2024-46826,CVE-2024-46827,CVE-2024-46828,CVE-2024-46830,CVE-2024-46831,CVE-2024-46834,CVE-2024-46835,CVE-2024-46836,CVE-2024-46840,CVE-2024-46841,CVE-2024-46842,CVE-2024-46843,CVE-2024-46845,CVE-2024-46846,CVE-2024-46848,CVE-2024-46849,CVE-2024-46851,CVE-2024-46852,CVE-2024-46853,CVE-2024-46854,CVE-2024-46855,CVE-2024-46857,CVE-2024-46859,CVE-2024-46860,CVE-2024-46861,CVE-2024-46864,CVE-2024-46870,CVE-2024-46871,CVE-2024-47658,CVE-2024-47660,CVE-2024-47661,CVE-2024-47662,CVE-2024-47663,CVE-2024-47664,CVE-2024-47665,CVE-2024-47666,CVE-2024-47667,CVE-2024-47668,CVE-2024-47669,CVE-2024-47670,CVE-2024-47671,CVE-2024-47672,CVE-2024-47673,CVE-2024-47674,CVE-2024-47675,CVE-2024-47679,CVE-2024-47681,CVE-2024-47682,CVE-2024-47684,CVE-2024-47685,CVE-2024-47686,CVE-2024-47687,CVE-2024-476
88,CVE-2024-47692,CVE-2024-47693,CVE-2024-47695,CVE-2024-47696,CVE-2024-47697,CVE-2024-47698,CVE-2024-47699,CVE-2024-47701,CVE-2024-47702,CVE-2024-47703,CVE-2024-47704,CVE-2024-47705,CVE-2024-47706,CVE-2024-47707,CVE-2024-47709,CVE-2024-47710,CVE-2024-47712,CVE-2024-47713,CVE-2024-47714,CVE-2024-47715,CVE-2024-47718,CVE-2024-47719,CVE-2024-47720,CVE-2024-47723,CVE-2024-47727,CVE-2024-47728,CVE-2024-47730,CVE-2024-47731,CVE-2024-47732,CVE-2024-47735,CVE-2024-47737,CVE-2024-47738,CVE-2024-47739,CVE-2024-47741,CVE-2024-47742,CVE-2024-47743,CVE-2024-47744,CVE-2024-47745,CVE-2024-47747,CVE-2024-47748,CVE-2024-47749,CVE-2024-47750,CVE-2024-47751,CVE-2024-47752,CVE-2024-47753,CVE-2024-47754,CVE-2024-47756,CVE-2024-47757,CVE-2024-49850,CVE-2024-49851,CVE-2024-49852,CVE-2024-49853,CVE-2024-49855,CVE-2024-49858,CVE-2024-49860,CVE-2024-49861,CVE-2024-49862,CVE-2024-49863,CVE-2024-49864,CVE-2024-49866,CVE-2024-49867,CVE-2024-49868,CVE-2024-49870,CVE-2024-49871,CVE-2024-49874,CVE-2024-49875,CVE-
2024-49877,CVE-2024-49878,CVE-2024-49879,CVE-2024-49881,CVE-2024-49882,CVE-2024-49883,CVE-2024-49884,CVE-2024-49886,CVE-2024-49888,CVE-2024-49890,CVE-2024-49891,CVE-2024-49892,CVE-2024-49894,CVE-2024-49895,CVE-2024-49896,CVE-2024-49897,CVE-2024-49898,CVE-2024-49899,CVE-2024-49900,CVE-2024-49901,CVE-2024-49902,CVE-2024-49903,CVE-2024-49905,CVE-2024-49906,CVE-2024-49907,CVE-2024-49908,CVE-2024-49909,CVE-2024-49911,CVE-2024-49912,CVE-2024-49913,CVE-2024-49914,CVE-2024-49917,CVE-2024-49918,CVE-2024-49919,CVE-2024-49920,CVE-2024-49921,CVE-2024-49922,CVE-2024-49923,CVE-2024-49925,CVE-2024-49928,CVE-2024-49929,CVE-2024-49930,CVE-2024-49931,CVE-2024-49933,CVE-2024-49934,CVE-2024-49935,CVE-2024-49936,CVE-2024-49937,CVE-2024-49938,CVE-2024-49939,CVE-2024-49944,CVE-2024-49945,CVE-2024-49946,CVE-2024-49947,CVE-2024-49949,CVE-2024-49950,CVE-2024-49952,CVE-2024-49953,CVE-2024-49954,CVE-2024-49955,CVE-2024-49957,CVE-2024-49958,CVE-2024-49959,CVE-2024-49960,CVE-2024-49961,CVE-2024-49962,CVE-2024-49
963,CVE-2024-49965,CVE-2024-49966,CVE-2024-49967,CVE-2024-49968,CVE-2024-49969,CVE-2024-49972,CVE-2024-49973,CVE-2024-49974,CVE-2024-49975,CVE-2024-49976,CVE-2024-49981,CVE-2024-49982,CVE-2024-49983,CVE-2024-49985,CVE-2024-49986,CVE-2024-49987,CVE-2024-49989,CVE-2024-49991,CVE-2024-49993,CVE-2024-49995,CVE-2024-49996,CVE-2024-50000,CVE-2024-50001,CVE-2024-50002,CVE-2024-50003,CVE-2024-50004,CVE-2024-50006,CVE-2024-50007,CVE-2024-50008,CVE-2024-50009,CVE-2024-50012,CVE-2024-50013,CVE-2024-50014,CVE-2024-50015,CVE-2024-50017,CVE-2024-50019,CVE-2024-50020,CVE-2024-50021,CVE-2024-50022,CVE-2024-50023,CVE-2024-50024,CVE-2024-50025,CVE-2024-50026,CVE-2024-50027,CVE-2024-50028,CVE-2024-50031,CVE-2024-50033,CVE-2024-50035,CVE-2024-50040,CVE-2024-50041,CVE-2024-50042,CVE-2024-50044,CVE-2024-50045,CVE-2024-50046,CVE-2024-50047,CVE-2024-50048,CVE-2024-50049,CVE-2024-50055,CVE-2024-50058,CVE-2024-50059,CVE-2024-50060,CVE-2024-50061,CVE-2024-50062,CVE-2024-50063,CVE-2024-50064,CVE-2024-50067,CVE
-2024-50069,CVE-2024-50073,CVE-2024-50074,CVE-2024-50075,CVE-2024-50076,CVE-2024-50077,CVE-2024-50078,CVE-2024-50080,CVE-2024-50081,CVE-2024-50082,CVE-2024-50084,CVE-2024-50087,CVE-2024-50088,CVE-2024-50089,CVE-2024-50093,CVE-2024-50095,CVE-2024-50096,CVE-2024-50098,CVE-2024-50099,CVE-2024-50100,CVE-2024-50101,CVE-2024-50102,CVE-2024-50103,CVE-2024-50108,CVE-2024-50110,CVE-2024-50115,CVE-2024-50116,CVE-2024-50117,CVE-2024-50121,CVE-2024-50124,CVE-2024-50125,CVE-2024-50127,CVE-2024-50128,CVE-2024-50130,CVE-2024-50131,CVE-2024-50134,CVE-2024-50135,CVE-2024-50136,CVE-2024-50138,CVE-2024-50139,CVE-2024-50141,CVE-2024-50145,CVE-2024-50146,CVE-2024-50147,CVE-2024-50148,CVE-2024-50150,CVE-2024-50153,CVE-2024-50154,CVE-2024-50155,CVE-2024-50156,CVE-2024-50157,CVE-2024-50158,CVE-2024-50159,CVE-2024-50160,CVE-2024-50166,CVE-2024-50167,CVE-2024-50169,CVE-2024-50171,CVE-2024-50172,CVE-2024-50175,CVE-2024-50176,CVE-2024-50177,CVE-2024-50179,CVE-2024-50180,CVE-2024-50181,CVE-2024-50182,CVE-2024-5
0183,CVE-2024-50184,CVE-2024-50186,CVE-2024-50187,CVE-2024-50188,CVE-2024-50189,CVE-2024-50192,CVE-2024-50194,CVE-2024-50195,CVE-2024-50196,CVE-2024-50198,CVE-2024-50200,CVE-2024-50201,CVE-2024-50205,CVE-2024-50208,CVE-2024-50209,CVE-2024-50210,CVE-2024-50215,CVE-2024-50216,CVE-2024-50218,CVE-2024-50221,CVE-2024-50224,CVE-2024-50225,CVE-2024-50229,CVE-2024-50230,CVE-2024-50231,CVE-2024-50232,CVE-2024-50233,CVE-2024-50234,CVE-2024-50235,CVE-2024-50236,CVE-2024-50237,CVE-2024-50240,CVE-2024-50245,CVE-2024-50246,CVE-2024-50248,CVE-2024-50249,CVE-2024-50250,CVE-2024-50252,CVE-2024-50255,CVE-2024-50257,CVE-2024-50261,CVE-2024-50264,CVE-2024-50265,CVE-2024-50267,CVE-2024-50268,CVE-2024-50269,CVE-2024-50271,CVE-2024-50273,CVE-2024-50274,CVE-2024-50275,CVE-2024-50276,CVE-2024-50279,CVE-2024-50282,CVE-2024-50287,CVE-2024-50289,CVE-2024-50290,CVE-2024-50292,CVE-2024-50295,CVE-2024-50296,CVE-2024-50298,CVE-2024-50301,CVE-2024-50302,CVE-2024-53042,CVE-2024-53043,CVE-2024-53045,CVE-2024-53048,CV
E-2024-53051,CVE-2024-53052,CVE-2024-53055,CVE-2024-53056,CVE-2024-53058,CVE-2024-53059,CVE-2024-53060,CVE-2024-53061,CVE-2024-53063,CVE-2024-53066,CVE-2024-53068,CVE-2024-53072,CVE-2024-53074,CVE-2024-53076,CVE-2024-53079,CVE-2024-53081,CVE-2024-53082,CVE-2024-53085,CVE-2024-53088,CVE-2024-53093,CVE-2024-53094,CVE-2024-53095,CVE-2024-53096,CVE-2024-53100,CVE-2024-53101,CVE-2024-53104,CVE-2024-53106,CVE-2024-53108,CVE-2024-53110,CVE-2024-53112,CVE-2024-53114,CVE-2024-53121,CVE-2024-53138
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2023-52778: mptcp: deal with large GSO size (bsc#1224948).
- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).
- CVE-2023-6270: aoe: fix the potential use-after-free problem in more places (bsc#1218562).
- CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events (bsc#1220355).
- CVE-2024-26741: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished() (bsc#1222587).
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
- CVE-2024-27017: netfilter: nft_set_pipapo: walk over current view on netlink dump (bsc#1223733).
- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
- CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).
- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).
- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
- CVE-2024-36927: ipv4: Fix uninit-value access in __ip_make_skb() (bsc#1225813).
- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
- CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130).
- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
- CVE-2024-40914: mm/huge_memory: do not unpoison huge_zero_folio (bsc#1227842).
- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
- CVE-2024-41031: mm/filemap: skip to create PMD-sized page cache if needed (bsc#1228454).
- CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620).
- CVE-2024-42102: Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (bsc#1233132).
- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).
- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).
- CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).
- CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing driver (bsc#1230557).
- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
- CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).
- CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807).
- CVE-2024-46766: ice: move netif_queue_set_napi to rtnl-protected sections (bsc#1230762).
- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).
- CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).
- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).
- CVE-2024-46828: sched: sch_cake: fix bulk flow accounting logic for host fairness (bsc#1231114).
- CVE-2024-46831: net: microchip: vcap: Fix use-after-free error in kunit test (bsc#1231117).
- CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096).
- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).
- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).
- CVE-2024-46843: scsi: ufs: core: Remove SCSI host only if added (bsc#1231100).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).
- CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).
- CVE-2024-46870: drm/amd/display: Disable DMCUB timeout for DCN35 (bsc#1231435).
- CVE-2024-47658: crypto: stm32/cryp - call finalize with bh disabled (bsc#1231436).
- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).
- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).
- CVE-2024-47687: vdpa/mlx5: Fix invalid mr resource destroy (bsc#1232003).
- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).
- CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920).
- CVE-2024-47703: bpf, lsm: add check for BPF LSM return value (bsc#1231946).
- CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944).
- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).
- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).
- CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116).
- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).
- CVE-2024-47731: drivers/perf: Fix ali_drw_pmu driver interrupt status clearing (bsc#1232117).
- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).
- CVE-2024-47741: btrfs: fix race setting file private on concurrent lseek using same fd (bsc#1231869).
- CVE-2024-47745: mm: call the security_mmap_file() LSM hook in remap_file_pages() (bsc#1232135).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47752: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning (bsc#1232130).
- CVE-2024-47753: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning (bsc#1231868).
- CVE-2024-47754: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning (bsc#1232131).
- CVE-2024-49852: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (bsc#1232819).
- CVE-2024-49864: rxrpc: Fix a race between socket set up and I/O thread creation (bsc#1232256).
- CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232262).
- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).
- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).
- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).
- CVE-2024-49888: bpf: Fix a sdiv overflow issue (bsc#1232208).
- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).
- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220).
- CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354).
- CVE-2024-49895: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (bsc#1232352).
- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).
- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).
- CVE-2024-49898: drm/amd/display: Check null-initialized variables (bsc#1232222).
- CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).
- CVE-2024-49907: drm/amd/display: Check null pointers before using dc->clk_mgr (bsc#1232334).
- CVE-2024-49908: drm/amd/display: Add null check for 'afb' in amdgpu_dm_update_cursor (bsc#1232335).
- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).
- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).
- CVE-2024-49912: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (bsc#1232367).
- CVE-2024-49913: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (bsc#1232307).
- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369).
- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965).
- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).
- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).
- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).
- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).
- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).
- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).
- CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).
- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
- CVE-2024-49953: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice (bsc#1232156).
- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).
- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).
- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).
- CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49972: drm/amd/display: Deallocate DML memory if allocation fails (bsc#1232315).
- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).
- CVE-2024-49986: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors (bsc#1232093).
- CVE-2024-49987: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) (bsc#1232258).
- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).
- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).
- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).
- CVE-2024-50003: drm/amd/display: Fix system hang while resume with TBT monitor (bsc#1232385).
- CVE-2024-50004: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 (bsc#1232396).
- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318).
- CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node (bsc#1232386).
- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
- CVE-2024-50015: ext4: dax: fix overflowing extents beyond inode size when partially writing (bsc#1232079).
- CVE-2024-50020: ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() (bsc#1231989).
- CVE-2024-50021: ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() (bsc#1231957).
- CVE-2024-50022: device-dax: correct pgoff align in dax_set_mapping() (bsc#1231956).
- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
- CVE-2024-50027: thermal: core: Free tzp copy along with the thermal zone (bsc#1231951).
- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).
- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).
- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).
- CVE-2024-50040: igb: Do not bring the device up after non-fatal error (bsc#1231908).
- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).
- CVE-2024-50042: ice: Fix increasing MSI-X on VF (bsc#1231906).
- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).
- CVE-2024-50046: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).
- CVE-2024-50060: io_uring: check if we need to reschedule during overflow flush (bsc#1232417).
- CVE-2024-50063: bpf: Prevent tail call between progs attached to different hooks (bsc#1232435).
- CVE-2024-50064: zram: free secondary algorithms names (bsc#1231901).
- CVE-2024-50080: ublk: do not allow user copy for unprivileged device (bsc#1232502).
- CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501).
- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).
- CVE-2024-50084: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() (bsc#1232494).
- CVE-2024-50087: btrfs: fix uninitialized pointer free on read_alloc_one_name() error (bsc#1232499).
- CVE-2024-50088: btrfs: fix uninitialized pointer free in add_inode_ref() (bsc#1232498).
- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).
- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232926).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-50130: netfilter: bpf: must hold reference on net namespace (bsc#1232894).
- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
- CVE-2024-50139: KVM: arm64: Fix shift-out-of-bounds bug (bsc#1233062).
- CVE-2024-50145: octeon_ep: add SKB allocation failures handling in __octep_oq_process_rx() (bsc#1233044).
- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).
- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).
- CVE-2024-50169: vsock: Update rx_bytes on read_skb() (bsc#1233320).
- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).
- CVE-2024-50177: drm/amd/display: fix a UBSAN warning in DML2.1 (bsc#1233115).
- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).
- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).
- CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110).
- CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106).
- CVE-2024-50195: posix-clock: Fix missing timespec64 check in pc_clock_settime() (bsc#1233103).
- CVE-2024-50225: btrfs: fix error propagation of split bios (bsc#1233193).
- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).
- CVE-2024-50245: fs/ntfs3: Fix possible deadlock in mi_read (bsc#1233203).
- CVE-2024-50246: fs/ntfs3: Add rough attr alloc_size check (bsc#1233207).
- CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks (bsc#1233226).
- CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (bsc#1233201).
- CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233244).
- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50275: arm64/sve: Discard stale CPU state when handling SVE traps (bsc#1233464).
- CVE-2024-50276: net: vertexcom: mse102x: Fix possible double free of TX skb (bsc#1233465).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).
- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).
- CVE-2024-53042: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (bsc#1233540).
- CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523).
- CVE-2024-53048: ice: fix crash on probe for DPLL enabled E810 LOM (bsc#1233721).
- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).
- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).
- CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233573).
- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
- CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active (bsc#1234078).
- CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting (bsc#1234223).
The following non-security bugs were fixed:
- 9p: explicitly deny setlease attempts (git-fixes).
- ACPI: CPPC: Add support for setting EPP register in FFH (stable-fixes).
- ACPI: CPPC: Fix _CPC register setting issue (git-fixes).
- ACPI: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).
- ACPI: EC: Do not release locks during operation region accesses (stable-fixes).
- ACPI: PAD: fix crash in exit_round_robin() (stable-fixes).
- ACPI: PRM: Clean up guid type in struct prm_handler_info (git-fixes).
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes).
- ACPI: battery: Fix possible crash when unregistering a battery hook (git-fixes).
- ACPI: battery: Simplify battery hook locking (stable-fixes).
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes).
- ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes).
- ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes).
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes).
- ACPICA: iasl: handle empty connection_node (stable-fixes).
- ALSA/hda: intel-sdw-acpi: cleanup sdw_intel_scan_controller (stable-fixes).
- ALSA/hda: intel-sdw-acpi: fetch fwnode once in sdw_intel_scan_controller() (stable-fixes).
- ALSA/hda: intel-sdw-acpi: simplify sdw-master-count property read (stable-fixes).
- ALSA: 6fire: Release resources at card release (git-fixes).
- ALSA: Reorganize kerneldoc parameter names (stable-fixes).
- ALSA: ac97: bus: Fix the mistake in the comment (git-fixes).
- ALSA: asihpi: Fix potential OOB array access (stable-fixes).
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ALSA: core: add isascii() check to card ID generator (stable-fixes).
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes).
- ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes).
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes).
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes).
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes).
- ALSA: hda/conexant: fix Z60MR100 startup pop issue (stable-fixes).
- ALSA: hda/conexant: fix some typos (stable-fixes).
- ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes).
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (bsc#1219803).
- ALSA: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes).
- ALSA: hda/realtek - update set GPIO3 to default for Thinkpad with ALC1318 (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes).
- ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes).
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes).
- ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (stable-fixes).
- ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG) (stable-fixes).
- ALSA: hda/realtek: Apply quirk for Medion E15433 (bsc#1233298).
- ALSA: hda/realtek: Enable mic on Vaio VJFH52 (stable-fixes).
- ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8 (stable-fixes).
- ALSA: hda/realtek: Enable speaker pins for Medion E15443 platform (bsc#1233298).
- ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (bsc#1233298).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes).
- ALSA: hda/realtek: Fix the push button function for the ALC257 (git-fixes).
- ALSA: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes).
- ALSA: hda/realtek: Refactor and simplify Samsung Galaxy Book init (stable-fixes).
- ALSA: hda/realtek: Set PCBeep to default value for ALC274 (stable-fixes).
- ALSA: hda/realtek: Update ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Update ALC256 depop procedure (git-fixes).
- ALSA: hda/realtek: Update default depop procedure (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes).
- ALSA: hda/realtek: tas2781: Fix ROG ALLY X audio (stable-fixes).
- ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop (stable-fixes).
- ALSA: hda/tas2781: Add new quirk for Lenovo, ASUS, Dell projects (stable-fixes).
- ALSA: hda/tas2781: select CRC32 instead of CRC32_SARWATE (git-fixes).
- ALSA: hda: Poll jack events for LS7A HD-Audio (stable-fixes).
- ALSA: hda: Show the codec quirk info at probing (stable-fixes).
- ALSA: hda: Sound support for HP Spectre x360 16 inch model 2024 (stable-fixes).
- ALSA: hda: tas2781: Fix missing setup at runtime PM (bsc#1230132).
- ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes).
- ALSA: ice1712: Remove redundant code in stac9460_dac_vol_put (stable-fixes).
- ALSA: line6: add hw monitor volume control to POD HD500X (stable-fixes).
- ALSA: line6: update contact information (stable-fixes).
- ALSA: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes).
- ALSA: pcm: Add sanity NULL check for the default mmap fault handler (stable-fixes).
- ALSA: silence integer wrapping warning (stable-fixes).
- ALSA: ump: Fix evaluation of MIDI 1.0 FB info (git-fixes).
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ALSA: usb-audio: Add Pioneer DJ/AlphaTheta DJM-A9 Mixer (stable-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes).
- ALSA: usb-audio: Add input value sanity checks for standard types (stable-fixes).
- ALSA: usb-audio: Add logitech Audio profile quirk (stable-fixes).
- ALSA: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes).
- ALSA: usb-audio: Add quirk for HP 320 FHD Webcam (bsc#1232768).
- ALSA: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).
- ALSA: usb-audio: Define macros for quirk table entries (stable-fixes).
- ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry (stable-fixes).
- ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes).
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (stable-fixes).
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (git-fixes).
- ALSA: usb-audio: Make mic volume workarounds globally applicable (stable-fixes).
- ALSA: usb-audio: Replace complex quirk lines with macros (stable-fixes).
- ALSA: usb-audio: Use snprintf instead of sprintf in build_mixer_unit_ctl (stable-fixes).
- ALSA: usb-audio: add mixer mapping for Corsair HS80 (stable-fixes).
- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ASoC: Intel: avs: da7219: Remove suspend_pre() and resume_post() (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec (stable-fixes).
- ASoC: Intel: sst: Fix used of uninitialized ctx to log an error (git-fixes).
- ASoC: Intel: sst: Support LPE0F28 ACPI HID (stable-fixes).
- ASoC: SOF: Add i2s bt dai configuration support for AMD platforms (bsc#1233305).
- ASoC: SOF: Add support for configuring PDM interface from topology (bsc#1233305).
- ASoC: SOF: Deprecate invalid enums in IPC3 (bsc#1233305).
- ASoC: SOF: IPC4: get pipeline priority from topology (bsc#1233305).
- ASoC: SOF: IPC4: synchronize fw_config_params with fw definitions (bsc#1233305).
- ASoC: SOF: Refactor sof_i2s_tokens reading to update acpbt dai (bsc#1233305).
- ASoC: SOF: Rename amd_bt sof_dai_type (bsc#1233305).
- ASoC: SOF: Wire up buffer flags (bsc#1233305).
- ASoC: SOF: add alignment for topology header file struct definition (bsc#1233305).
- ASoC: SOF: align topology header file with sof topology header (bsc#1233305).
- ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index (git-fixes).
- ASoC: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai() (git-fixes).
- ASoC: SOF: ipc4-control: Add support for ALSA enum control (bsc#1233305).
- ASoC: SOF: ipc4-control: Add support for ALSA switch control (bsc#1233305).
- ASoC: SOF: ipc4-mtrace: move debug slot related definitions to header.h (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add deep buffer size to debug prints (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add definition for generic switch/enum control (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add module ID print during module set up (bsc#1233305).
- ASoC: SOF: ipc4-topology: Helper to find an swidget by module/instance id (bsc#1233305).
- ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (bsc#1233305).
- ASoC: SOF: ipc4-topology: change chain_dma handling in dai_config (bsc#1233305).
- ASoC: SOF: ipc4-topology: export sof_ipc4_copier_is_single_format (bsc#1233305).
- ASoC: SOF: ipc4-topology: set config_length based on device_count (bsc#1233305).
- ASoC: SOF: ipc4: Add data struct for module notification message from firmware (bsc#1233305).
- ASoC: SOF: ipc4: Add new message type: SOF_IPC4_GLB_LOAD_LIBRARY_PREPARE (bsc#1233305).
- ASoC: SOF: sof-client-probes-ipc4: Set param_size extension bits (git-fixes).
- ASoC: SOF: topology: Parse DAI type token for dspless mode (bsc#1233305).
- ASoC: SOF: topology: dynamically allocate and store DAI widget->private (bsc#1233305).
- ASoC: amd: yc: Add quirk for ASUS Vivobook S15 M3502RA (stable-fixes).
- ASoC: amd: yc: Add quirk for HP Dragonfly pro one (stable-fixes).
- ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes).
- ASoC: amd: yc: Fix non-functional mic on ASUS E1404FA (stable-fixes).
- ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 (stable-fixes).
- ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 (stable-fixes).
- ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized (git-fixes).
- ASoC: audio-graph-card2: Purge absent supplies for device tree nodes (stable-fixes).
- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes).
- ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).
- ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() (stable-fixes).
- ASoC: codecs: wsa883x: Handle reading version failure (stable-fixes).
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes).
- ASoC: dapm: fix bounds checker error in dapm_widget_list_create (git-fixes).
- ASoC: fsl_micfil: Add sample rate constraint (stable-fixes).
- ASoC: fsl_micfil: fix regmap_write_bits usage (git-fixes).
- ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes).
- ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes).
- ASoC: max98388: Fix missing increment of variable slot_found (git-fixes).
- ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec (git-fixes).
- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes).
- ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c (git-fixes).
- ASoC: rt722-sdca: increase clk_stop_timeout to fix clock stop issue (stable-fixes).
- ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes).
- ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (stable-fixes).
- ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (stable-fixes).
- ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip (stable-fixes).
- ASoC: tas2781: Use of_property_read_reg() (stable-fixes).
- Bluetooth: Call iso_exit() on module unload (git-fixes).
- Bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes).
- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes).
- Bluetooth: Remove debugfs directory on module init failure (git-fixes).
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes).
- Bluetooth: btintel: Direct exception event to bluetooth stack (git-fixes).
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test (bsc#1230557)
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 (stable-fixes).
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes).
- Bluetooth: fix use-after-free in device_for_each_child() (git-fixes).
- Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes).
- Bluetooth: hci_core: Fix calling mgmt_device_connected (git-fixes).
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes).
- HID: Ignore battery for all ELAN I2C-HID devices (stable-fixes).
- HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes).
- HID: core: zero-initialize the report buffer (git-fixes).
- HID: i2c-hid: Remove I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV quirk (stable-fixes).
- HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes).
- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes).
- HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes).
- HID: multitouch: Add support for B2402FVA track point (stable-fixes).
- HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes).
- HID: multitouch: Add support for lenovo Y9000P Touchpad (stable-fixes).
- HID: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes).
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes).
- HID: wacom: fix when get product name maybe null pointer (git-fixes).
- Input: adp5589-keys - fix NULL pointer dereference (git-fixes).
- Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).
- Input: edt-ft5x06 - fix regmap leak when probe fails (git-fixes).
- Input: hideep - add missing dependency on REGMAP_I2C (git-fixes).
- Input: hycon-hy46xx - add missing dependency on REGMAP_I2C (git-fixes).
- Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (stable-fixes).
- Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (stable-fixes).
- Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (stable-fixes).
- Input: xpad - add GameSir T4 Kaleid Controller support (git-fixes).
- Input: xpad - add GameSir VID for Xbox One controllers (git-fixes).
- Input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller (git-fixes).
- Input: xpad - add support for MSI Claw A1M (git-fixes).
- Input: xpad - add support for Machenike G5 Pro Controller (git-fixes).
- Input: xpad - fix support for some third-party controllers (git-fixes).
- Input: xpad - sort xpad_device by vendor and product ID (git-fixes).
- Input: xpad - spelling fixes for 'Xbox' (git-fixes).
- KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes).
- KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells (bsc#1215199).
- KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests (bsc#1215199).
- KVM: PPC: Book3S HV: remove unused varible (bsc#1194869).
- KVM: SEV-ES: Fix svm_get_msr()/svm_set_msr() for KVM_SEV_ES_INIT guests (bsc#1232207).
- KVM: SEV-ES: Prevent MSR access post VMSA encryption (bsc#1232207).
- KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes).
- KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock (git-fixes).
- KVM: VMX: Also clear SGX EDECCSSA in KVM CPU caps when SGX is disabled (git-fixes).
- KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid (git-fixes).
- KVM: Write the per-page 'segment' when clearing (part of) a guest page (git-fixes).
- KVM: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232626).
- KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231276).
- KVM: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232623).
- KVM: x86/mmu: Skip emulation on page fault iff 1+ SPs were unprotected (git-fixes).
- KVM: x86/mmu: Trigger unprotect logic only on write-protection page faults (git-fixes).
- KVM: x86: Dedup fastpath MSR post-handling logic (git-fixes).
- KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits (git-fixes).
- KVM: x86: Exit to userspace if fastpath triggers one on instruction skip (git-fixes).
- KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() (git-fixes).
- KVM: x86: Re-enter guest if WRMSR(X2APIC_ICR) fastpath is successful (git-fixes).
- KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).
- NFS: Avoid unnecessary rescanning of the per-server delegation list (git-fixes).
- NFS: remove revoked delegation from server's delegation list (git-fixes).
- NFSD: Fix NFSv4's PUTPUBFH operation (git-fixes).
- NFSD: Mark filecache 'down' if init fails (git-fixes).
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- NFSv4: Fix clearing of layout segments in layoutreturn (git-fixes).
- PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes).
- PCI: Add T_PVPERL macro (git-fixes).
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes).
- PCI: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019).
- PCI: Fix reset_method_store() memory leak (git-fixes).
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes).
- PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes).
- PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes).
- PCI: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes).
- PCI: keystone: Set mode as Root Complex for 'ti,keystone-pcie' compatible (git-fixes).
- PCI: rockchip-ep: Fix address translation unit programming (git-fixes).
- RAS/AMD/ATL: Add amd_atl pr_fmt() prefix (jsc#PED-10559).
- RAS/AMD/ATL: Expand helpers for adding and removing base and hole (jsc#PED-10559).
- RAS/AMD/ATL: Implement DF 4.5 NP2 denormalization (jsc#PED-10559).
- RAS/AMD/ATL: Read DRAM hole base early (jsc#PED-10559).
- RAS/AMD/ATL: Validate address map when information is gathered (jsc#PED-10559).
- RDMA/bnxt_re: Add a check for memory allocation (git-fixes)
- RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop (git-fixes)
- RDMA/bnxt_re: Change the sequence of updating the CQ toggle value (git-fixes)
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)
- RDMA/bnxt_re: Fix incorrect dereference of srq in async event (git-fixes)
- RDMA/bnxt_re: Fix out of bound check (git-fixes)
- RDMA/bnxt_re: Fix the GID table length (git-fixes)
- RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)
- RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes)
- RDMA/bnxt_re: Return more meaningful error (git-fixes)
- RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes)
- RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes)
- RDMA/cxgb4: Dump vendor specific QP details (git-fixes)
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)
- RDMA/hns: Add mutex_destroy() (git-fixes)
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)
- RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)
- RDMA/hns: Fix cpu stuck caused by printings during reset (git-fixes)
- RDMA/hns: Fix different dgids mapping to the same dip_idx (git-fixes)
- RDMA/hns: Fix flush cqe error when racing with destroy qp (git-fixes)
- RDMA/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)
- RDMA/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)
- RDMA/hns: Use macro instead of magic number (git-fixes)
- RDMA/irdma: Fix misspelling of 'accept*' (git-fixes)
- RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes)
- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes).
- RDMA/mana_ib: use the correct page table index based on hardware page size (git-fixes).
- RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults (git-fixes)
- RDMA/mlx5: Move events notifier registration to be after device registration (git-fixes)
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)
- RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes).
- RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)
- RDMA/rxe: Fix the qp flush warnings in req (git-fixes)
- RDMA/rxe: Set queue pair cur_qp_state when being queried (git-fixes)
- RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES (git-fixes)
- RDMA/srpt: Make slab cache names unique (git-fixes)
- Revert 'ALSA: hda/conexant: Mute speakers at suspend / shutdown' (bsc#1228269).
- Revert 'ALSA: hda: Conditionally use snooping for AMD HDMI' (stable-fixes).
- Revert 'KEYS: encrypted: Add check for strsep' (git-fixes).
- Revert 'KVM: PPC: Book3S HV Nested: Stop forwarding all HFUs to L1' (bsc#1215199).
- Revert 'RDMA/core: Fix ENODEV error for iWARP test over vlan' (git-fixes)
- Revert 'cgroup: Fix memory leak caused by missing cgroup_bpf_offline' (bsc#1234108).
- Revert 'cpufreq: brcmstb-avs-cpufreq: Fix initial command check' (stable-fixes).
- Revert 'driver core: Fix uevent_show() vs driver detach race' (git-fixes).
- Revert 'ixgbe: Manual AN-37 for troublesome link partners for X550 SFI' (git-fixes).
- Revert 'mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K' (git-fixes).
- Revert 'ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path' (git-fixes).
- Revert 'usb: gadget: composite: fix OS descriptors w_value logic' (git-fixes).
- Revert 'wifi: iwlwifi: remove retry loops in start' (git-fixes).
- SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes).
- SUNRPC: Fixup gss_status tracepoint error output (git-fixes).
- SUNRPC: Remove BUG_ON call sites (git-fixes).
- SUNRPC: clnt.c: Remove misleading comment (git-fixes).
- USB: appledisplay: close race between probe and completion handler (git-fixes).
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes).
- USB: chaoskey: fail open after removal (git-fixes).
- USB: gadget: dummy-hcd: Fix 'task hung' problem (git-fixes).
- USB: misc: cypress_cy7c63: check for short transfer (git-fixes).
- USB: misc: yurex: fix race between read and write (git-fixes).
- USB: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes).
- USB: serial: io_edgeport: fix use after free in debug printk (git-fixes).
- USB: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes).
- USB: serial: option: add Quectel RG650V (stable-fixes).
- USB: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes).
- USB: serial: option: add support for Quectel EG916Q-GL (stable-fixes).
- USB: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes).
- accel/qaic: Fix the for loop used to walk SG table (git-fixes).
- accel: Use XArray instead of IDR for minors (jsc#PED-11580).
- acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (git-fixes).
- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).
- aes-gcm-p10: Use the correct bit to test for P10 (bsc#1232704).
- amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes).
- apparmor: fix 'Do simple duplicate message elimination' (git-fixes).
- apparmor: test: Fix memory leak for aa_unpack_strdup() (git-fixes).
- apparmor: use kvfree_sensitive to free data->data (git-fixes).
- arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (git-fixes)
- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes)
- arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay (git-fixes)
- arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay (git-fixes)
- arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs (git-fixes)
- arm64: dts: imx8qxp: Add VPU subsystem file (git-fixes)
- arm64: dts: imx93: add nvmem property for eqos (git-fixes)
- arm64: dts: imx93: add nvmem property for fec1 (git-fixes)
- arm64: dts: imx93: add ocotp node (git-fixes)
- arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus (git-fixes)
- arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes (git-fixes)
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes)
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes)
- arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo (git-fixes)
- arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes (git-fixes)
- arm64: dts: rockchip: Fix rt5651 compatible value on (git-fixes)
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 (git-fixes)
- arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node (git-fixes)
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma (git-fixes)
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes)
- arm64: dts: rockchip: Remove undocumented supports-emmc property (git-fixes)
- arm64: dts: rockchip: fix i2c2 pinctrl-names property on (git-fixes)
- arm64: dts: rockchip: remove num-slots property from (git-fixes)
- arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone (git-fixes)
- arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a (git-fixes).
- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)
- arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS (git-fixes).
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)
- arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes)
- arm64: tegra: Move AGX Orin nodes to correct location (git-fixes)
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)
- ata: libata: Set DID_TIME_OUT for commands that actually timed out (git-fixes).
- ata: libata: avoid superfluous disk spin down + spin up during hibernation (git-fixes).
- audit: do not WARN_ON_ONCE(!current->mm) in audit_exe_compare() (git-fixes).
- audit: do not take task_lock() in audit_exe_compare() code path (git-fixes).
- block: print symbolic error name instead of error code (bsc#1231872).
- block: sed-opal: add ioctl IOC_OPAL_SET_SID_PW (bsc#1229677).
- bnxt_en: Cap the size of HWRM_PORT_PHY_QCFG forwarded response (git-fixes).
- bnxt_en: Fix error recovery for 5760X (P7) chips (git-fixes).
- bnxt_en: Fix the PCI-AER routines (git-fixes).
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes).
- bnxt_en: refactor reset close code (git-fixes).
- bpf, arm64: Fix address emission with tag-based KASAN enabled (git-fixes)
- bpf, arm64: Remove garbage frame for struct_ops trampoline (git-fixes)
- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).
- bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes).
- bpf, sockmap: SK_DROP on attempted redirects of unsupported af_vsock (git-fixes).
- bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes).
- bpf, vsock: Drop static vsock_bpf_prot initialization (git-fixes).
- bpf, x64: Remove tail call detection (git-fixes).
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes).
- bpf: Fail verification for sign-extension of packet data/data_end/data_meta (git-fixes).
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes).
- bpf: Fix error message on kfunc arg type mismatch (git-fixes).
- bpf: Fix helper writes to read-only maps (git-fixes).
- bpf: Fix tailcall cases in test_bpf (git-fixes).
- bpf: Fix truncation bug in coerce_reg_to_size_sx() (git-fixes).
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes).
- bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes).
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes).
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes).
- btf, scripts: rust: drop is_rust_module.sh (bsc#1230414 bsc#1229450).
- btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io() (bsc#1233193)
- btrfs: send: fix invalid clone operation for file that got its size decreased (git-fixes).
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes).
- can: c_can: fix {rx,tx}_errors statistics (git-fixes).
- can: dev: can_set_termination(): allow sleeping GPIOs (git-fixes).
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: hi311x: hi3110_can_ist(): fix potential use-after-free (git-fixes).
- can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics (git-fixes).
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: j1939: j1939_session_new(): fix skb reference counting (git-fixes).
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation (git-fixes).
- can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6 (git-fixes).
- can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes (git-fixes).
- can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode (stable-fixes).
- can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes).
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes).
- ceph: fix cap ref leak via netfs init_request (bsc#1231384).
- cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108).
- clk: bcm: bcm53573: fix OF node leak in init (stable-fixes).
- clk: clk-apple-nco: Add NULL check in applnco_probe (git-fixes).
- clk: clk-axi-clkgen: make sure to enable the AXI bus clock (git-fixes).
- clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (stable-fixes).
- clk: imx: clk-scu: fix clk enable state save and restore (git-fixes).
- clk: imx: fracn-gppll: correct PLL initialization flow (git-fixes).
- clk: imx: fracn-gppll: fix pll power up (git-fixes).
- clk: imx: lpcg-scu: SW workaround for errata (e10858) (git-fixes).
- clk: qcom: clk-alpha-pll: drop lucid-evo pll enabled warning (git-fixes).
- clk: qcom: clk-alpha-pll: fix lucid 5lpe pll enabled check (git-fixes).
- clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (git-fixes).
- clk: renesas: rzg2l: Fix FOUTPOSTDIV clk (git-fixes).
- clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset (git-fixes).
- comedi: Flush partial mappings in error case (git-fixes).
- comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes).
- config: Disable LAM on x86 (bsc#1217845).
- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes).
- cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() (git-fixes).
- cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() (git-fixes).
- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() (git-fixes).
- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() (git-fixes).
- cpufreq: loongson2: Unregister platform_driver on failure (git-fixes).
- cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() (git-fixes).
- crypto: aes-gcm-p10 - Use the correct bit to test for P10 (bsc#1232704).
- crypto: api - Fix liveliness check in crypto_alg_tested (stable-fixes).
- crypto: bcm - add error check in the ahash_hmac_init function (git-fixes).
- crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes).
- crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes).
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes).
- crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes).
- crypto: hisilicon/qm - flush all work before driver removed (bsc#1232075)
- crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes).
- crypto: octeontx - Fix authenc setkey (stable-fixes).
- crypto: octeontx* - Select CRYPTO_AUTHENC (git-fixes).
- crypto: octeontx2 - Fix authenc setkey (stable-fixes).
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (git-fixes).
- crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMD and re-enable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Re-write AES/GCM stitched implementation (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Register modules as SIMD (bsc#1230501 ltc#208632).
- crypto: qat - remove check after debugfs_create_dir() (git-fixes).
- crypto: qat - remove faulty arbiter config reset (git-fixes).
- crypto: qat/qat_4xxx - fix off by one in uof_get_name() (git-fixes).
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes).
- cxgb4: Properly lock TX queue for the selftest (git-fixes).
- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).
- cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes).
- cxl: downgrade a warning message to debug level in cxl_probe_component_regs() (bsc#1229165).
- dcache: keep dentry_hashtable or d_hash_shift even when not used (git-fixes).
- debugfs: fix automount d_fsdata usage (git-fixes).
- devlink: Fix command annotation documentation (git-fixes).
- dma-fence: Fix reference leak on fence merge failure path (git-fixes).
- dma-fence: Use kernel's sort for merging fences (git-fixes).
- dmaengine: sh: rz-dmac: handle configs where one address is zero (git-fixes).
- dmaengine: ti: k3-udma: Set EOP for all TRs in cyclic BCDMA transfer (git-fixes).
- doc: rcu: update printed dynticks counter bits (git-fixes).
- driver core: bus: Fix double free in driver API bus_register() (stable-fixes).
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes).
- drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() (git-fixes).
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes).
- drm/amd/display: Add HDMI DSC native YCbCr422 support (stable-fixes).
- drm/amd/display: Add disable timeout option (bsc#1231435)
- drm/amd/display: Adjust VSDB parser for replay feature (stable-fixes).
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944)
- drm/amd/display: Check null pointer before dereferencing se (stable-fixes).
- drm/amd/display: Clean up dsc blocks in accelerated mode (stable-fixes).
- drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (stable-fixes).
- drm/amd/display: Fix brightness level not retained over reboot (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp (git-fixes).
- drm/amd/display: Remove a redundant check in authenticated_dp (stable-fixes).
- drm/amd/display: Revert 'Check HDCP returned status' (stable-fixes).
- drm/amd/display: Round calculated vtotal (stable-fixes).
- drm/amd/display: Skip to enable dsc if it has been off (stable-fixes).
- drm/amd/display: Validate backlight caps are sane (stable-fixes).
- drm/amd/pm: Vangogh: Fix kernel memory out of bounds write (git-fixes).
- drm/amd: Add some missing straps from NBIO 7.11.0 (git-fixes).
- drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes).
- drm/amd: Guard against bad data for ATIF ACPI method (git-fixes).
- drm/amdgpu/swsmu: Only force workload setup on init (git-fixes).
- drm/amdgpu/vcn: enable AV1 on both instances (stable-fixes).
- drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes).
- drm/amdgpu: Adjust debugfs register access permissions (stable-fixes).
- drm/amdgpu: Fix DPX valid mode check on GC 9.4.3 (git-fixes).
- drm/amdgpu: Fix JPEG v4.0.3 register write (git-fixes).
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes).
- drm/amdgpu: fix check in gmc_v9_0_get_vm_pte() (git-fixes).
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes).
- drm/amdkfd: Accounting pdd vram_usage for svm (stable-fixes).
- drm/amdkfd: Fix wrong usage of INIT_WORK() (git-fixes).
- drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: it6505: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: tc358767: Fix link properties discovery (git-fixes).
- drm/bridge: tc358768: Fix DSI command tx (git-fixes).
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes).
- drm/etnaviv: hold GPU lock across perfmon sampling (git-fixes).
- drm/i915/gem: fix bitwise and logical AND mixup (git-fixes).
- drm/i915/hdcp: fix connector refcounting (git-fixes).
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/mediatek: Fix child node refcount handling in early exit (git-fixes).
- drm/mediatek: Fix get efuse issue for MT8188 DPTX (git-fixes).
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes).
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes).
- drm/msm/dpu: check for overflow in _dpu_crtc_setup_lm_bounds() (git-fixes).
- drm/msm/dpu: do not always program merge_3d block (git-fixes).
- drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 (git-fixes).
- drm/msm/dpu: drop LM_3 / LM_4 on SDM845 (git-fixes).
- drm/msm/dpu: make sure phys resources are properly initialized (git-fixes).
- drm/msm/dpu: move CRTC resource assignment to dpu_encoder_virt_atomic_check (git-fixes).
- drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block (git-fixes).
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes).
- drm/msm/dsi: improve/fix dsc pclk calculation (git-fixes).
- drm/msm/gpu: Check the status of registration to PM QoS (git-fixes).
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes).
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes).
- drm/msm: Fix some typos in comment (git-fixes).
- drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() (git-fixes).
- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).
- drm/omap: Fix possible NULL dereference (git-fixes).
- drm/panfrost: Add missing OPP table refcnt decremental (git-fixes).
- drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes).
- drm/radeon: Fix encoder->possible_clones (git-fixes).
- drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes).
- drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes).
- drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job (git-fixes).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- drm/sti: avoid potential dereference of error pointers (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes).
- drm/v3d: Address race-condition in MMU flush (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them (git-fixes).
- drm/v3d: Stop the active perfmon before being destroyed (git-fixes).
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes).
- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush (git-fixes).
- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load (git-fixes).
- drm/vc4: Stop the active perfmon before being destroyed (git-fixes).
- drm/vc4: hdmi: Avoid hang with debug registers when suspended (git-fixes).
- drm/vc4: hvs: Correct logic on stopping an HVS channel (git-fixes).
- drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes).
- drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes).
- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes).
- drm/vkms: Drop unnecessary call to drm_crtc_cleanup() (git-fixes).
- drm/vmwgfx: Handle surface check failure correctly (git-fixes).
- drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes).
- drm: Expand max DRM device number to full MINORBITS (jsc#PED-11580).
- drm: Use XArray instead of IDR for minors (jsc#PED-11580).
- drm: use ATOMIC64_INIT() for atomic64_t (git-fixes).
- drm: xlnx: zynqmp_dpsub: fix hotplug detection (git-fixes).
- drm: zynqmp_kms: Unplug DRM device before removal (git-fixes).
- e1000e: Fix S0ix residency on corporate systems (git-fixes).
- e1000e: Remove Meteor Lake SMBUS workarounds (git-fixes).
- e1000e: change I219 (19) devices to ADP (git-fixes).
- e1000e: fix force smbus during suspend flow (git-fixes).
- e1000e: move force SMBUS near the end of enable_ulp function (git-fixes).
- efi/libstub: Free correct pointer on failure (git-fixes).
- efi/libstub: fix efi_parse_options() ignoring the default command line (git-fixes).
- efi/libstub: zboot.lds: Discard .discard sections (stable-fixes).
- efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465).
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes).
- eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes).
- ext4: do not track ranges in fast_commit if inode has inlined data (bsc#1231635).
- ext4: fix fast commit inode enqueueing during a full journal commit (bsc#1231636).
- ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() (bsc#1231637).
- ext4: fix possible tid_t sequence overflows (bsc#1231634).
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- ext4: fix unttached inode after power cut with orphan file feature enabled (bsc#1234009).
- ext4: mark fc as ineligible using an handle in ext4_xattr_set() (bsc#1231640).
- ext4: use handle to mark fc as ineligible in __track_dentry_update() (bsc#1231639).
- f2fs: get out of a repeat loop when getting a locked data page (bsc#1234011).
- fat: fix uninitialized variable (git-fixes).
- fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (stable-fixes).
- fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (git-fixes).
- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).
- fgraph: Change the name of cpuhp state to 'fgraph:online' (git-fixes).
- fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes).
- fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes).
- filemap: remove use of wait bookmarks (bsc#1224088).
- firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (git-fixes).
- firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() (git-fixes).
- firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (git-fixes).
- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (git-fixes).
- firmware: google: Unregister driver_info on failure (git-fixes).
- firmware_loader: Fix possible resource leak in fw_log_firmware_info() (git-fixes).
- fs/9p: drop inodes immediately on non-.L too (git-fixes).
- fs/9p: fix the cache always being enabled on files with qid flags (git-fixes).
- fs/ntfs3: Add more attributes checks in mi_enum_attr() (bsc#1233207)
- fs/ntfs3: Fixed overflow check in mi_enum_attr() (bsc#1233207)
- fs/ntfs3: Sequential field availability check in mi_enum_attr() (bsc#1233207)
- fs: Fix uninitialized value issue in from_kuid and from_kgid (git-fixes).
- genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes).
- goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes).
- gpio: aspeed: Add the flush write to ensure the write complete (git-fixes).
- gpio: aspeed: Use devm_clk api to manage clock source (git-fixes).
- gpio: davinci: fix lazy disable (git-fixes).
- gpio: exar: set value when external pull-up or pull-down is present (git-fixes).
- gpio: zevio: Add missed label initialisation (git-fixes).
- gve: Fix XDP TX completion handling when counters overflow (git-fixes).
- gve: Fix an edge case for TSO skb validity check (git-fixes).
- gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes).
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes).
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes).
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (adt7470) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (max16065) Fix alarm attributes (git-fixes).
- hwmon: (max16065) Remove use of i2c_match_id() (stable-fixes).
- hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (nct6775) add G15CF to ASUS WMI monitoring list (stable-fixes).
- hwmon: (nct6775-core) Fix overflows seen when writing limit attributes (git-fixes).
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes).
- hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature (git-fixes).
- i2c: core: Setup i2c_adapter runtime-pm before calling device_add() (git-fixes).
- i2c: core: fix lockdep warning for sparsely nested adapter chain (git-fixes).
- i2c: cpm: Remove linux,i2c-index conversion from be32 (git-fixes).
- i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set (git-fixes).
- i2c: exynos5: Calculate t_scl_l, t_scl_h according to i2c spec (git-fixes).
- i2c: i801: Add lis3lv02d for Dell Precision 3540 (git-fixes).
- i2c: i801: Add lis3lv02d for Dell XPS 15 7590 (git-fixes).
- i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes).
- i2c: i801: add helper i801_restore_regs (git-fixes).
- i2c: ismt: kill transaction in hardware on timeout (git-fixes).
- i2c: ocores: Move system PM hooks to the NOIRQ phase (git-fixes).
- i2c: ocores: Remove #ifdef guards for PM related functions (git-fixes).
- i2c: omap: switch to NOIRQ_SYSTEM_SLEEP_PM_OPS() and RUNTIME_PM_OPS() (git-fixes).
- i2c: omap: wakeup the controller during suspend() callback (git-fixes).
- i2c: rcar: properly format a debug output (git-fixes).
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes).
- i2c: stm32f7: perform most of irq job in threaded handler (git-fixes).
- i2c: synquacer: Deal with optional PCLK correctly (git-fixes).
- i2c: synquacer: Remove a clk reference from struct synquacer_i2c (stable-fixes).
- i2c: xiic: Try re-initialization on bus busy timeout (git-fixes).
- i2c: xiic: improve error message when transfer fails to start (stable-fixes).
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes).
- i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (stable-fixes).
- i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- i40e: Fix XDP program unloading while removing the driver (git-fixes).
- i40e: Report MFS in decimal base instead of hex (git-fixes).
- i40e: fix race condition by adding filter's intermediate sync state (git-fixes).
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes).
- iavf: Fix TC config comparison with existing adapter TC config (git-fixes).
- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).
- ice: Fix checking for unsupported keys on non-tunnel device (git-fixes).
- ice: Fix lldp packets dropping after changing the number of channels (git-fixes).
- ice: Fix netif_is_ice() in Safe Mode (git-fixes).
- ice: Fix package download algorithm (git-fixes).
- ice: Fix recipe read procedure (git-fixes).
- ice: Fix reset handler (git-fixes).
- ice: Flush FDB entries before reset (git-fixes).
- ice: Interpret .set_channels() input differently (git-fixes).
- ice: Rebuild TC queues on VSI queue reconfiguration (git-fixes).
- ice: Reject pin requests with unsupported flags (git-fixes).
- ice: add flag to distinguish reset from .ndo_bpf in XDP rings config (git-fixes).
- ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (git-fixes).
- ice: avoid IRQ collision to fix init failure on ACPI S3 resume (git-fixes).
- ice: clear port vlan config during reset (git-fixes).
- ice: disallow DPLL_PIN_STATE_SELECTABLE for dpll output pins (git-fixes).
- ice: do not bring the VSI up, if it was down before the XDP setup (git-fixes).
- ice: do not busy wait for Rx queue disable in ice_qp_dis() (git-fixes).
- ice: fix 200G PHY types to link speed mapping (git-fixes).
- ice: fix 200G link speed message log (git-fixes).
- ice: fix ICE_LAST_OFFSET formula (git-fixes).
- ice: fix VLAN replay after reset (git-fixes).
- ice: fix VSI lists confusion when adding VLANs (git-fixes).
- ice: fix accounting for filters shared by multiple VSIs (git-fixes).
- ice: fix accounting if a VLAN already exists (git-fixes).
- ice: fix iteration of TLVs in Preserved Fields Area (git-fixes).
- ice: fix page reuse when PAGE_SIZE is over 8k (git-fixes).
- ice: fix reads from NVM Shadow RAM on E830 and E825-C devices (git-fixes).
- ice: fix truesize operations for PAGE_SIZE >= 8192 (git-fixes).
- ice: implement AQ download pkg retry (git-fixes).
- ice: map XDP queues to vectors in ice_vsi_map_rings_to_vectors() (git-fixes).
- ice: remove af_xdp_zc_qps bitmap (git-fixes).
- ice: replace synchronize_rcu with synchronize_net (git-fixes).
- ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes).
- ice: set correct dst VSI in only LAN filters (git-fixes).
- ice: tc: allow zero flags in parsing tc flower (git-fixes).
- ice: tc: check src_vsi in case of traffic from VF (git-fixes).
- ice: use proper macro for testing bit (git-fixes).
- idpf: Interpret .set_channels() input differently (git-fixes).
- idpf: avoid bloating &idpf_q_vector with big %NR_CPUS (git-fixes).
- idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes).
- idpf: do not skip over ethtool tcp-data-split setting (git-fixes).
- idpf: fix UAFs when destroying the queues (git-fixes).
- idpf: fix memleak in vport interrupt configuration (git-fixes).
- idpf: fix memory leaks and crashes while performing a soft reset (git-fixes).
- ieee802154: Fix build error (git-fixes).
- igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes).
- igb: Disable threaded IRQ for igb_msix_other (git-fixes).
- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).
- igc: Fix double reset adapter triggered from a single taprio cmd (git-fixes).
- igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (git-fixes).
- igc: Fix qbv tx latency by setting gtxoffset (git-fixes).
- igc: Fix qbv_config_change_errors logics (git-fixes).
- igc: Fix reset adapter logics when tx mode change (git-fixes).
- igc: Unlock on error in igc_io_resume() (git-fixes).
- iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() (git-fixes).
- iio: accel: bma400: Fix uninitialized variable field_value in tap event handling (git-fixes).
- iio: accel: kx022a: Fix raw read format (git-fixes).
- iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes).
- iio: adc: ad7606: Fix typo in the driver name (git-fixes).
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes).
- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes).
- iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig (git-fixes).
- iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig (git-fixes).
- iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() (git-fixes).
- iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() (git-fixes).
- iio: gts: Fix uninitialized symbol 'ret' (git-fixes).
- iio: gts: fix infinite loop for gain_to_scaletables() (git-fixes).
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes).
- iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes).
- iio: light: opt3001: add missing full-scale range value (git-fixes).
- iio: light: veml6030: fix ALS sensor resolution (git-fixes).
- iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes).
- iio: light: veml6030: fix microlux value calculation (git-fixes).
- iio: magnetometer: ak8975: Convert enum->pointer for data in the match tables (stable-fixes).
- iio: magnetometer: ak8975: Fix 'Unexpected device' error (git-fixes).
- iio: magnetometer: ak8975: drop incorrect AK09116 compatible (git-fixes).
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- ima: fix buffer overrun in ima_eventdigest_init_common (git-fixes).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- intel_idle: add Granite Rapids Xeon support (bsc#1231630).
- intel_idle: fix ACPI _CST matching for newer Xeon platforms (bsc#1231630).
- io_uring/eventfd: move to more idiomatic RCU free usage (git-fixes).
- io_uring/io-wq: do not allow pinning outside of cpuset (git-fixes).
- io_uring/io-wq: inherit cpuset of cgroup in io worker (git-fixes).
- io_uring/net: harden multishot termination case for recv (git-fixes).
- io_uring/rw: fix cflags posting for single issue multishot read (git-fixes).
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (git-fixes).
- io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN (git-fixes).
- io_uring/sqpoll: close race on waiting for sqring entries (git-fixes).
- io_uring/sqpoll: do not allow pinning outside of cpuset (git-fixes).
- io_uring/sqpoll: do not put cpumask on stack (git-fixes).
- io_uring/sqpoll: retain test for whether the CPU is valid (git-fixes).
- io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL (git-fixes).
- iommu/amd: Allocate the page table root using GFP_KERNEL (git-fixes).
- iommu/amd: Do not set the D bit on AMD v2 table entries (git-fixes).
- iommu/amd: Fix typo of , instead of ; (git-fixes).
- iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes).
- iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (git-fixes).
- iommufd: Check the domain owner of the parent before creating a nesting domain (git-fixes).
- iommufd: Protect against overflow of ALIGN() during iova allocation (git-fixes).
- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes).
- jbd2: Move j_transaction_overhead_buffers into a hole (bsc#1234042).
- jbd2: avoid infinite transaction commit loop (bsc#1234039).
- jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (bsc#1234043).
- jbd2: avoid mount failed when commit block is partial submitted (bsc#1234040).
- jbd2: correct the printing of write_flags in jbd2_write_superblock() (bsc#1234045).
- jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit (bsc#1231638).
- jbd2: fix kernel-doc for j_transaction_overhead_buffers (bsc#1234042).
- jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (bsc#1234044).
- jbd2: fix soft lockup in journal_finish_inode_data_buffers() (bsc#1234046).
- jbd2: make jbd2_journal_get_max_txn_bufs() internal (bsc#1234041).
- jbd2: precompute number of transaction descriptor blocks (bsc#1234042).
- jfs: Fix sanity check in dbMount (git-fixes).
- jfs: Fix uaf in dbFreeBits (git-fixes).
- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).
- jfs: check if leafidx greater than num leaves per dmap tree (git-fixes).
- jump_label: Fix static_key_slow_dec() yet again (git-fixes).
- kABI fix of VM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).
- kABI: Restore exported __arm_smccc_sve_check (git-fixes)
- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).
- kABI: bpf: struct bpf_insn_acces_aux kABI workaround (git-fixes).
- kabi, mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes kabi).
- kasan: Fix Software Tag-Based KASAN with GCC (git-fixes).
- kasan: move checks to do_strncpy_from_user (git-fixes).
- kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450).
- kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450).
- kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450).
- kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450).
- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450).
- kconfig: qconf: fix buffer overflow in debug links (git-fixes).
- kernel-binary: Enable livepatch package only when livepatch is enabled (bsc#1218644).
- kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y (git-fixes).
- keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (git-fixes).
- keys: Fix overwrite of key expiration on instantiation (git-fixes).
- kthread: unpark only parked kthread (git-fixes).
- leds: lp55xx: Remove redundant test for invalid channel number (git-fixes).
- lib/xarray: introduce a new helper xas_get_order (bsc#1231617).
- lib: string_helpers: silence snprintf() output truncation warning (git-fixes).
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes).
- macsec: do not increment counters for an unrelated SA (git-fixes).
- mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() (git-fixes).
- maple_tree: correct tree corruption on spanning store (git-fixes).
- maple_tree: fix alloc node fail issue (git-fixes).
- maple_tree: refine mas_store_root() on storing NULL (git-fixes).
- media: adv7604: prevent underflow condition when reporting colorspace (git-fixes).
- media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: amphion: Set video drvdata before register video device (git-fixes).
- media: ar0521: do not overflow when checking PLL values (git-fixes).
- media: atomisp: Add check for rgby_data memory allocation failure (git-fixes).
- media: bttv: use audio defaults for winfast2000 (git-fixes).
- media: core: v4l2-ioctl: check if ioctl is known to avoid NULL name (git-fixes).
- media: cx24116: prevent overflows on SNR calculus (git-fixes).
- media: dvb_frontend: do not play tricks with underflow values (git-fixes).
- media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (stable-fixes).
- media: dvbdev: prevent the risk of out of memory access (git-fixes).
- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (git-fixes).
- media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: i2c: imx335: Enable regulator supplies (stable-fixes).
- media: i2c: tc358743: Fix crash in the probe error path when using polling (git-fixes).
- media: imx-jpeg: Ensure power suppliers be suspended before detach them (git-fixes).
- media: imx-jpeg: Set video drvdata before register video device (git-fixes).
- media: imx335: Fix reset-gpio handling (git-fixes).
- media: mantis: remove orphan mantis_core.h (git-fixes).
- media: mtk-jpeg: Fix null-ptr-deref during unload module (git-fixes).
- media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning (git-fixes).
- media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (git-fixes).
- media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available (git-fixes).
- media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes).
- media: s5p-jpeg: prevent buffer overflows (git-fixes).
- media: stb0899_algo: initialize cfr before using it (git-fixes).
- media: ts2020: fix null-ptr-deref in ts2020_probe() (git-fixes).
- media: uvcvideo: Require entities to have a non-zero unique ID (git-fixes).
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (git-fixes).
- media: uvcvideo: Stop stream during unregister (git-fixes).
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes).
- media: v4l2-tpg: prevent the risk of a division by zero (git-fixes).
- media: vb2: Fix comment (git-fixes).
- media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes).
- media: videobuf2: fix typo: vb2_dbuf -> vb2_qbuf (git-fixes).
- media: wl128x: Fix atomicity violation in fmc_send_cmd() (git-fixes).
- mei: use kvmalloc for read buffer (git-fixes).
- mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes).
- mfd: rt5033: Fix missing regmap_del_irq_chip() (git-fixes).
- mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (git-fixes).
- minmax: avoid overly complex min()/max() macro arguments in xen (git-fixes).
- minmax: scsi: fix mis-use of 'clamp()' in sr.c (git-fixes).
- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).
- mlx5: avoid truncating error message (git-fixes).
- mlx5: stop warning for 64KB pages (git-fixes).
- mlxbf_gige: disable RX filters until RX path initialized (git-fixes).
- mm/filemap: optimize filemap folio adding (bsc#1231617).
- mm/filemap: return early if failed to allocate memory for split (bsc#1231617).
- mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012).
- mm: avoid unsafe VMA hook invocation when error arises on mmap hook (git-fixes).
- mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point (git-fixes).
- mm: mmap: no need to call khugepaged_enter_vma() for stack (jsc#PED-10978).
- mm: move dummy_vm_ops out of a header (git-fixes prerequisity).
- mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes).
- mm: refactor map_deny_write_exec() (git-fixes).
- mm: resolve faulty mmap_region() error path behaviour (git-fixes).
- mm: unconditionally close VMAs on error (git-fixes).
- mmc: core: Further prevent card detect during shutdown (git-fixes).
- mmc: mmc_spi: drop buggy snprintf() (git-fixes).
- mmc: sunxi-mmc: Fix A100 compatible description (git-fixes).
- modpost: fix acpi MODULE_DEVICE_TABLE built with mismatched endianness (git-fixes).
- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (git-fixes).
- modpost: remove incorrect code in do_eisa_entry() (git-fixes).
- module: abort module loading when sysfs setup suffer errors (git-fixes).
- mtd: rawnand: atmel: Fix possible memory leak (git-fixes).
- mtd: spi-nor: core: replace dummy buswidth from addr to data (git-fixes).
- nbd: fix race between timeout and normal completion (bsc#1230918).
- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes).
- net/mlx5: Added cond_resched() to crdump collection (git-fixes).
- net/mlx5: Check capability for fw_reset (git-fixes).
- net/mlx5: Check for invalid vector index on EQ creation (git-fixes).
- net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes).
- net/mlx5: Fix command bitmask initialization (git-fixes).
- net/mlx5: Fix error handling in irq_pool_request_irq (git-fixes).
- net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes).
- net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes).
- net/mlx5: Stop waiting for PCI if pci channel is offline (git-fixes).
- net/mlx5: Unregister notifier on eswitch init failure (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes).
- net/mlx5e: Add missing link mode to ptys2ext_ethtool_map (git-fixes).
- net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes).
- net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes).
- net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes).
- net/mlx5e: Do not call cleanup on profile rollback failure (git-fixes).
- net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes).
- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).
- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes).
- net/mlx5e: Require mlx5 tc classifier action support for IPsec prio capability (git-fixes).
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes).
- net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891).
- net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289).
- net: mdio-ipq4019: add missing error check (git-fixes).
- net: phy: Remove LED entry from LEDs list on unregister (git-fixes).
- net: phy: bcm84881: Fix some error handling paths (git-fixes).
- net: phy: dp83822: Fix reset pin definitions (git-fixes).
- net: phy: dp83869: fix memory corruption when enabling fiber (git-fixes).
- net: phy: ti: add PHY_RST_AFTER_CLK_EN flag (git-fixes).
- net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() (git-fixes).
- net: qede: use return from qede_parse_actions() (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flower (git-fixes).
- net: relax socket state check at accept time (git-fixes).
- net: stmmac: dwmac-tegra: Fix link bring-up sequence (git-fixes)
- net: sysfs: Fix /sys/class/net/<iface> path for statistics (git-fixes).
- net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes).
- net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (git-fixes).
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes).
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes).
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes).
- net: usb: usbnet: fix name regression (get-fixes).
- net: usb: usbnet: fix race in probe failure (git-fixes).
- net: wwan: fix global oob in wwan_rtnl_policy (git-fixes).
- net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() (git-fixes).
- net: xfrm: preserve kabi for xfrm_state (bsc#1233754).
- netdevsim: copy addresses for both in and out paths (git-fixes).
- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes).
- netfilter: nf_tables: missing iterator type in lookup walk (git-fixes).
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).
- nfs: avoid i_lock contention in nfs_clear_invalid_mapping (git-fixes).
- nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes).
- nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes).
- nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (git-fixes).
- nfsd: enable NFSv2 caused by upstream commit (bsc#1230914).
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).
- nfsd: fix refcount leak when file is unhashed after being found (git-fixes).
- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes).
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234121).
- nfsd: return -EINVAL when namelen is 0 (git-fixes).
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes).
- nilfs2: fix potential deadlock with newly created symlinks (git-fixes).
- nouveau/dmem: Fix privileged error in copy engine channel (git-fixes).
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes).
- nouveau/dp: handle retries for AUX CH transfers with GSP (git-fixes).
- nouveau/gsp: Avoid addressing beyond end of rpc->entries (stable-fixes).
- nouveau: fw: sync dma after setup is called (git-fixes).
- nouveau: handle EBUSY and EAGAIN for GSP aux errors (git-fixes).
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- ntfs3: Add bounds checking to mi_enum_attr() (bsc#1233207)
- nvme-fabrics: fix kernel crash while shutting down controller (git-fixes).
- nvme-loop: flush off pending I/O while shutting down loop controller (git-fixes).
- nvme-multipath: suppress partition scan until the disk is ready (bsc#1228244).
- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).
- nvme-pci: fix race condition between reset and nvme_dev_disable() (git-fixes).
- nvme-pci: qdepth 1 quirk (git-fixes).
- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).
- nvme-pci: set doorbell config before unquiescing (git-fixes).
- nvme/host: Fix RCU list traversal to use SRCU primitive (git-fixes).
- nvme: disable CC.CRIME (NVME_CC_CRIME) (jsc#PED-9901).
- nvme: null terminate nvme_tls_attrs (git-fixes).
- nvme: re-fix error-handling for io_uring nvme-passthrough (git-fixes).
- nvme: tcp: avoid race between queue_lock lock and destroy (git-fixes).
- nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes).
- ocfs2: fix UBSAN warning in ocfs2_verify_volume() (git-fixes).
- ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes).
- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes).
- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes).
- ocfs2: uncache inode which has failed entering the group (git-fixes).
- of: Add cleanup.h based auto release via __free(device_node) markings (bsc#1232386)
- parport: Proper fix for array out-of-bounds access (git-fixes).
- phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check (git-fixes).
- phy: qcom: qmp-combo: move driver data initialisation earlier (git-fixes).
- phy: qcom: qmp-usb: fix NULL-deref on runtime suspend (git-fixes).
- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).
- phy: ti: phy-j721e-wiz: fix usxgmii configuration (git-fixes).
- pinctrl: apple: check devm_kasprintf() returned value (git-fixes).
- pinctrl: k210: Undef K210_PC_DEFAULT (git-fixes).
- pinctrl: ocelot: fix system hang on level based interrupts (stable-fixes).
- pinctrl: qcom: spmi: fix debugfs drive strength (git-fixes).
- pinctrl: zynqmp: drop excess struct member description (git-fixes).
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes).
- platform/x86/amd/pmc: Detect when STB is not available (git-fixes).
- platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (git-fixes).
- platform/x86: dell-sysman: add support for alienware products (stable-fixes).
- platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes).
- platform/x86: lenovo-ymc: Ignore the 0x0 state (stable-fixes).
- platform/x86: panasonic-laptop: Return errno correctly in show callback (git-fixes).
- platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes).
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098).
- power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes).
- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).
- power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes).
- power: supply: rt9471: Fix wrong WDT function regfield declaration (git-fixes).
- power: supply: rt9471: Use IC status regfield to report real charger status (git-fixes).
- powercap: intel_rapl: Fix off by one in get_rpi() (git-fixes).
- powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869).
- powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0 (bsc#1215199).
- powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869).
- powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869).
- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).
- powerpc/code-patching: Add generic memory patching (bsc#1194869).
- powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869).
- powerpc/crypto: do not build aes-gcm-p10 by default (bsc#1230501 ltc#208632).
- powerpc/crypto: fix missing skcipher dependency for aes-gcm-p10 (bsc#1230501 ltc#208632).
- powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() (bsc#1215199).
- powerpc/fadump: Refactor and prepare fadump_cma_init for late init (bsc#1215199).
- powerpc/kexec: Fix return of uninitialized variable (bsc#1194869).
- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).
- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).
- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869).
- powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869).
- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869).
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869).
- powerpc/pseries: Use correct data types from pseries_hp_errorlog struct (bsc#1215199).
- powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869).
- powerpc/vdso: Inconditionally use CFUNC macro (bsc#1215199).
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869).
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- printk: Add notation to console_srcu locking (bsc#1232183).
- pwm: imx-tpm: Use correct MODULO value for EPWM mode (git-fixes).
- qed: avoid truncating work queue length (git-fixes).
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631).
- rcu: Fix buffer overflow in print_cpu_stall_info() (bsc#1226623).
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- regmap: irq: Set lockdep class for hierarchical IRQ domains (git-fixes).
- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK.
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation (bsc#1218644).
- rpmsg: glink: Handle rejected intent request better (git-fixes).
- rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes).
- rtc: abx80x: Fix WDT bit position of the status register (git-fixes).
- rtc: bbnsm: add remove hook (git-fixes).
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes).
- rtc: rzn1: fix BCD to rtc_time conversion errors (git-fixes).
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- runtime constants: add default dummy infrastructure (git-fixes).
- runtime constants: add x86 architecture support (git-fixes).
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747).
- s390/pci: Handle PCI error codes other than 0x3a (git-fixes bsc#1232629).
- s390/sclp: Deactivate sclp after all its users (git-fixes bsc#1232628).
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232627).
- scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes).
- scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers (git-fixes).
- scsi: Remove scsi device no_start_on_resume flag (git-fixes).
- scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes).
- scsi: cdrom: kABI: fix cdrom_dev_ops change (git-fixes).
- scsi: core: Disable CDL by default (git-fixes).
- scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING (git-fixes).
- scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes).
- scsi: core: Handle devices which return an unusually large VPD page count (git-fixes).
- scsi: core: alua: I/O errors for ALUA state transitions (git-fixes).
- scsi: fnic: Move flush_work initialization out of if block (bsc#1230055).
- scsi: hisi_sas: Handle the NCQ error returned by D2H frame (git-fixes).
- scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes).
- scsi: kABI: restore no_start_on_resume to scsi_device (git-fixes).
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes).
- scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes).
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757).
- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757).
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757).
- scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Remove trailing space after \n newline (bsc#1232757).
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (bsc#1232757 bsc#1228119).
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757).
- scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757).
- scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes).
- scsi: mac_scsi: Refactor polling loop (git-fixes).
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes).
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (git-fixes).
- scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings (git-fixes).
- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).
- scsi: mpi3mr: Validate SAS port assignments (git-fixes).
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: pm8001: Do not overwrite PCI queue mapping (git-fixes).
- scsi: pm80xx: Set phy->enable_completion only when we wait for it (git-fixes).
- scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes).
- scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes).
- scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress (git-fixes).
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes).
- scsi: smartpqi: correct stream detection (git-fixes).
- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes).
- scsi: spi: Fix sshdr use (git-fixes).
- scsi: sr: Fix unintentional arithmetic wraparound (git-fixes).
- scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes).
- security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes).
- selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes).
- selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes).
- selftests/bpf: Add test for sign extension in coerce_subreg_to_size_sx() (git-fixes).
- selftests/bpf: Add test for truncation after sign extension in coerce_reg_to_size_sx() (git-fixes).
- selftests/bpf: Add tests for ldsx of pkt data/data_end/data_meta accesses (git-fixes).
- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes).
- selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes).
- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes).
- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).
- serial: imx: Update mctrl old_status on RTSD interrupt (git-fixes).
- serial: protect uart_port_dtr_rts() in uart_shutdown() too (stable-fixes).
- signal: Replace BUG_ON()s (bsc#1234093).
- soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() (git-fixes).
- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (git-fixes).
- soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- soundwire: intel_bus_common: enable interrupts before exiting reset (stable-fixes).
- spi: Fix acpi deferred irq probe (git-fixes).
- spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes).
- spi: atmel-quadspi: Fix wrong register value written to MR (git-fixes).
- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).
- spi: mtk-snfi: fix kerneldoc for mtk_snand_is_page_ops() (git-fixes).
- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).
- spi: spi-fsl-dspi: Fix crash when not using GPIO chip select (git-fixes).
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- spi: tegra210-quad: Avoid shift-out-of-bounds (git-fixes).
- splice: always fsnotify_access(in), fsnotify_modify(out) on success (git-fixes).
- splice: fsnotify_access(fd)/fsnotify_modify(fd) in vmsplice (git-fixes).
- splice: fsnotify_access(in), fsnotify_modify(out) on success in tee (git-fixes).
- srcu: Fix callbacks acceleration mishandling (git-fixes).
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes).
- sumversion: Fix a memory leak in get_src_version() (git-fixes).
- supported.conf: mark nhpoly1305 module as supported (bsc#1231035).
- supported.conf: mark ultravisor userspace access as supported (bsc#1232090).
- task_work: add kerneldoc annotation for 'data' argument (git-fixes).
- tcp: Fix refcnt handling in __inet_hash_connect() (git-fixes).
- thermal: core: Initialize thermal zones before registering them (git-fixes).
- thermal: int3400: Fix reading of current_uuid for active policy (git-fixes).
- thermal: intel: int340x: processor: Fix warning during module unload (git-fixes).
- thunderbolt: Honor TMU requirements in the domain when setting TMU mode (stable-fixes).
- thunderbolt: Improve DisplayPort tunnel setup process to be more robust (stable-fixes).
- tools/lib/thermal: Fix sampling handler context ptr (git-fixes).
- tools/power turbostat: Fix trailing '\n' parsing (git-fixes).
- tools/power turbostat: Increase the limit for fd opened (bsc#1233119).
- tools: hv: rm .*.cmd when make clean (git-fixes).
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes).
- tpm: fix signed/unsigned bug when checking event logs (git-fixes).
- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).
- tracing/osnoise: Fix build when timerlat is not enabled (git-fixes).
- tracing/osnoise: Skip running osnoise if all instances are off (git-fixes).
- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (git-fixes).
- tracing/osnoise: Use a cpumask to know what threads are kthreads (git-fixes).
- tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() (git-fixes).
- tracing/timerlat: Add user-space interface (git-fixes).
- tracing/timerlat: Drop interface_lock in stop_kthread() (git-fixes).
- tracing/timerlat: Fix a race during cpuhp processing (git-fixes).
- tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (git-fixes).
- tracing/timerlat: Move hrtimer_init to timerlat_fd open() (git-fixes).
- tracing/timerlat: Only clear timer if a kthread exists (git-fixes).
- tracing: Consider the NULL character when validating the event length (git-fixes).
- tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler (git-fixes).
- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (stable-fixes).
- u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file (git-fixes).
- ubifs: Fix adding orphan entry twice for the same inode (git-fixes).
- ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes).
- ubifs: add check for crypto_shash_tfm_digest (git-fixes).
- ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes).
- ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460).
- unicode: Do not special case ignorable code points (stable-fixes).
- unicode: Fix utf8_load() error path (git-fixes).
- uprobe: avoid out-of-bounds memory access of fetching args (git-fixes).
- uprobes: encapsulate preparation of uprobe args buffer (git-fixes).
- uprobes: introduce the global struct vm_special_mapping xol_mapping (bsc#1231114).
- uprobes: turn xol_area->pages into xol_area->page (bsc#1231114).
- usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes).
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes).
- usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG (git-fixes).
- usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes).
- usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes).
- usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes).
- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).
- usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes).
- usb: gadget: core: force synchronous registration (git-fixes).
- usb: gadget: dummy_hcd: Set transfer interval to 1 microframe (stable-fixes).
- usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler (stable-fixes).
- usb: gadget: dummy_hcd: execute hrtimer callback in softirq context (git-fixes).
- usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usb: gadget: f_uac2: fix non-newline-terminated function name (stable-fixes).
- usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store (git-fixes).
- usb: musb: Fix hardware lockup on first Rx endpoint request (git-fixes).
- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes).
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes).
- usb: typec: altmode should keep reference to parent (git-fixes).
- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes).
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes).
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes).
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes).
- usb: xhci: Fix problem with xhci resume from suspend (stable-fixes).
- usb: xhci: fix loss of data on Cadence xHC (git-fixes).
- usb: yurex: make waiting on yurex_write interruptible (git-fixes).
- usbip: tools: Fix detach_port() invalid port error path (git-fixes).
- usbnet: fix cyclical race on disconnect with work queue (git-fixes).
- vdpa: Fix an error handling path in eni_vdpa_probe() (git-fixes).
- vdpa_sim_blk: Fix the potential leak of mgmt_dev (git-fixes).
- vdpa_sim_blk: allocate the buffer zeroed (git-fixes).
- vduse: avoid using __GFP_NOFAIL (git-fixes).
- vfs: dcache: move hashlen_hash() from callers into d_hash() (git-fixes).
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes).
- vhost_vdpa: assign irq bypass producer token correctly (git-fixes).
- virtio_console: fix misc probe bugs (git-fixes).
- vmalloc: modify the alloc_vmap_area() error message for better diagnostics (jsc#PED-10978).
- vmxnet3: Add XDP support (bsc#1226498).
- vmxnet3: Fix missing reserved tailroom (bsc#1226498).
- vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame (bsc#1226498).
- vmxnet3: add command to allow disabling of offloads (bsc#1226498).
- vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498).
- vmxnet3: prepare for version 9 changes (bsc#1226498).
- vmxnet3: update to version 9 (bsc#1226498).
- vsock: Update msg_count on read_skb() (git-fixes).
- vt: prevent kernel-infoleak in con_font_get() (git-fixes).
- watchdog: apple: Actually flush writes after requesting watchdog restart (git-fixes).
- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes).
- watchdog: rti: of: honor timeout-sec property (git-fixes).
- wifi: ath10k: Fix memory leak in management tx (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes).
- wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR (git-fixes).
- wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes).
- wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath12k: Skip Rx TID cleanup for self peer (git-fixes).
- wifi: ath12k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath12k: fix crash when unbinding (git-fixes).
- wifi: ath12k: fix warning when unbinding (git-fixes).
- wifi: ath12k: remove msdu_end structure for WCN7850 (git-fixes).
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes).
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes).
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes).
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes).
- wifi: brcmfmac: release 'root' node in all execution paths (git-fixes).
- wifi: cfg80211: Set correct chandef when starting CAC (stable-fixes).
- wifi: cfg80211: clear wdev->cqm_config pointer on free (git-fixes).
- wifi: cw1200: Fix potential NULL dereference (git-fixes).
- wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes).
- wifi: iwlegacy: Fix 'field-spanning write' warning in il_enqueue_hcmd() (git-fixes).
- wifi: iwlwifi: allow only CN mcc from WRDD (stable-fixes).
- wifi: iwlwifi: config: label 'gl' devices as discrete (git-fixes).
- wifi: iwlwifi: mvm: Fix a race in scan abort flow (stable-fixes).
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes).
- wifi: iwlwifi: mvm: avoid NULL pointer dereference (stable-fixes).
- wifi: iwlwifi: mvm: do not add default link in fw restart flow (git-fixes).
- wifi: iwlwifi: mvm: do not leak a link on AP removal (git-fixes).
- wifi: iwlwifi: mvm: drop wrong STA selection in TX (stable-fixes).
- wifi: iwlwifi: mvm: use correct key iteration (stable-fixes).
- wifi: iwlwifi: remove AX101, AX201 and AX203 support from LNL (stable-fixes).
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes).
- wifi: mac80211: fix RCU list iterations (stable-fixes).
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes).
- wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation (stable-fixes).
- wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable (stable-fixes).
- wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes).
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c (stable-fixes).
- wifi: rtw88: Fix USB/SDIO devices not transmitting beacons (git-fixes).
- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).
- wifi: rtw89: avoid reading out of bounds when loading TX power FW elements (stable-fixes).
- wifi: rtw89: avoid to add interface to list twice when SER (stable-fixes).
- wifi: rtw89: correct base HT rate mask for firmware (stable-fixes).
- wifi: wfx: Fix error handling in wfx_core_init() (git-fixes).
- x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1233443).
- x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load (git-fixes).
- x86/Documentation: Indent 'note::' directive for protocol version number note (git-fixes).
- x86/PCI: Check pcie_find_root_port() return for NULL (git-fixes).
- x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h (git-fixes).
- x86/apic: Always explicitly disarm TSC-deadline timer (git-fixes).
- x86/apic: Make x2apic_disable() work correctly (git-fixes).
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).
- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).
- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).
- x86/entry: Remove unwanted instrumentation in common_interrupt() (git-fixes).
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).
- x86/microcode/intel: Remove unnecessary cache writeback and invalidation (git-fixes).
- x86/mm: Use IPIs to synchronize LAM enablement (git-fixes).
- x86/resctrl: Annotate get_mem_config() functions as __init (git-fixes).
- x86/resctrl: Avoid overflow in MB settings in bw_validate() (git-fixes).
- x86/resctrl: Remove hard-coded memory bandwidth limit (git-fixes).
- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).
- x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (git-fixes).
- x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes).
- x86/tdx: Enable CPU topology enumeration (git-fixes).
- x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes).
- x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes).
- x86/traps: move kmsan check after instrumentation_begin (git-fixes).
- x86: Increase brk randomness entropy for 64-bit systems (git-fixes).
- x86: do the user address masking outside the user access area (git-fixes).
- x86: fix off-by-one in access_ok() (git-fixes).
- x86: fix user address masking non-canonical speculation issue (git-fixes).
- x86: make the masked_user_access_begin() macro use its argument only once (git-fixes).
- x86: support user address masking instead of non-speculative conditional (git-fixes).
- xfrm: Export symbol xfrm_dev_state_delete (bsc#1233754).
- xfrm: Fix unregister netdevice hang on hardware offload (bsc#1233754).
- xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 (git-fixes).
- xfs: check shortform attr entry flags specifically (git-fixes).
- xfs: convert delayed extents to unwritten when zeroing post eof blocks (git-fixes).
- xfs: fix finding a last resort AG in xfs_filestream_pick_ag (git-fixes).
- xfs: fix freeing speculative preallocations for preallocated files (git-fixes).
- xfs: make sure sb_fdblocks is non-negative (git-fixes).
- xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional (git-fixes).
- xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset (git-fixes).
- xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent (git-fixes).
- xfs: validate recovered name buffers when recovering xattr items (git-fixes).
- xhci: Add a quirk for writing ERST in high-low order (git-fixes).
- xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes).
- xhci: Fix incorrect stream context type macro (git-fixes).
- xhci: Mitigate failed set dequeue pointer commands (git-fixes).
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes).
- xhci: tegra: fix checked USB2 port number (git-fixes).
- zonefs: Improve error handling (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4330-1
Released: Mon Dec 16 14:17:15 2024
Summary: Security update for vim
Type: security
Severity: low
References: 1229238,1231373,CVE-2024-43374,CVE-2024-47814
This update for vim fixes the following issues:
- CVE-2024-47814: Fixed use-after-free when closing buffers in Vim (bsc#1231373)
- CVE-2024-43374: Fixed use-after-free in alist_add() (bsc#1229238)
Other fixes:
- Updated to version 9.1.0836
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4337-1
Released: Tue Dec 17 08:17:39 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1231048,1232844
This update for systemd fixes the following issues:
- udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4360-1
Released: Tue Dec 17 15:35:28 2024
Summary: Security update for docker
Type: security
Severity: important
References: 1217070,1228324,1228553,1229806,1230294,1230331,1230333,1231348,1232999,1233819,CVE-2023-45142,CVE-2023-47108,CVE-2024-41110
This update for docker fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
.
Some notable changelogs from the last update:
*
*
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Allow a parallel docker-stable RPM to exists in repositories.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)
- Mark docker-buildx as required since classic 'docker build' has been
deprecated since Docker 23.0. (bsc#1230331)
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
(bsc#1230333)
- Update to Docker 26.1.5-ce. See upstream changelog online at
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070 bsc#1229806
* CVE-2023-45142. bsc#1228553 bsc#1229806
- Update to Docker 26.1.4-ce. See upstream changelog online at
- Update to Docker 26.1.0-ce. See upstream changelog online at
- Update --add-runtime to point to correct binary path.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4363-1
Released: Tue Dec 17 16:12:41 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update v0.390
* Update pci and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2024:4377-1
Released: Thu Dec 19 07:10:53 2024
Summary: Feature update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: feature
Severity: low
References: 1232024
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Add amazon-dracut-config, google-dracut-config, microsoft-dracut-config to Public Cloud 15-SP[3-6] channels (bsc#1232024)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4384-1
Released: Thu Dec 19 09:05:33 2024
Summary: Recommended update for grub2
Type: recommended
Severity: moderate
References: 1231604,1232573
This update for grub2 fixes the following issues:
- xen-debug Subpackage Created: Debug files (with the .module suffix) previously included in the main xen package have
been moved to a separate xen-debug subpackage (bsc#1232573)
- minix Filesystem Misdetection Fixed: Addressed an issue where leftover data on disk could cause a misdetection and
errors (bsc#1231604)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4402-1
Released: Fri Dec 20 16:41:09 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4410-1
Released: Mon Dec 23 12:19:40 2024
Summary: Recommended update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: recommended
Severity: moderate
References: 1234708
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Fix support level to L3 (bsc#1234708)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:29-1
Released: Tue Jan 7 11:41:20 2025
Summary: Security update for python-Jinja2
Type: security
Severity: important
References: 1234809,CVE-2024-56326
This update for python-Jinja2 fixes the following issues:
- CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:73-1
Released: Mon Jan 13 07:10:00 2025
Summary: Recommended update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: recommended
Severity: moderate
References: 1232024
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Add amazon-dracut-config, google-dracut-config, microsoft-dracut-config to MicroOS 5.1, 5.2 and Micro 5.3, 5.4, 5.5 channels (bsc#1232024)
- Move dracut config files to usr/lib/ dir
- Add provides and conflicts on generic name dracut-instance-change-config
- Rename config for nvme for consistency
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:75-1
Released: Mon Jan 13 10:34:23 2025
Summary: Recommended update for kdump
Type: recommended
Severity: moderate
References: 1234845
This update for kdump fixes the following issue:
- Version update kdump-2.0.6+git19.ge6e33ae:
* allow negative KDUMP_KEEP_OLD_DUMPS (bsc#1234845).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:76-1
Released: Mon Jan 13 10:42:05 2025
Summary: Recommended update for containerd
Type: recommended
Severity: moderate
References:
This update for containerd fixes the following issues:
containerd was updated from version 1.7.21 to 1.7.23:
- Changes in version 1.7.23:
* Highlights:
+ Added error definition aliases
+ Allow proxy plugins to have capabilities
+ Revert a previous errdefs package migration
* Container Runtime Interface (CRI):
+ Added check for CNI plugins before tearing down pod network
* Image Distribution:
+ Fixed the race condition during GC of snapshots when client retries
* Full Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.23
- Changes in version 1.7.22:
* Highlights:
+ Build and Release Toolchain
+ Updated Go (go1.22.7 and go1.23.1)
* Container Runtime Interface (CRI):
+ Added a fix for decreasing cumulative stats
* Runtime:
+ Fixed bug where init exits were being dropped
+ Update runc binary to 1.1.14
* Full Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.22
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:79-1
Released: Mon Jan 13 12:50:24 2025
Summary: Recommended update for libnl3, ovpn-dco, openVPN
Type: recommended
Severity: moderate
References: 1082756,1189451
This update for libnl3, ovpn-dco, openVPN fixes the following issue:
- Update libnl to release 3.9
- Create Multibuild Environment to support openVPN Data Channel Offload (openvpn-dco package)(#PED-8305)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:142-1
Released: Thu Jan 16 14:20:08 2025
Summary: Security update for xen
Type: security
Severity: moderate
References: 1027519,1234282,CVE-2024-53241
This update for xen fixes the following issues:
- CVE-2024-53241: Xen hypercall page unsafe against speculative attacks (bsc#1234282).
Bug fixes:
- Update to Xen 4.18.4 security bug fix release (bsc#1027519)
* x86: Prefer ACPI reboot over UEFI ResetSystem() run time service call
* No other changes mentioned in upstream changelog, sources, or webpage
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:151-1
Released: Thu Jan 16 20:44:56 2025
Summary: Recommended update for libproxy
Type: recommended
Severity: moderate
References: 1234940,1235097
This update for libproxy fixes the following issues:
- Properly handle empty proxy ignore entry (bsc#1234940).
- Ignore invalid proxy URI to suppress GUri warnings (bsc#1235097).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:154-1
Released: Fri Jan 17 10:15:08 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1214954,1216813,1220773,1224095,1224726,1225743,1225758,1225820,1227445,1228526,1229809,1230205,1230413,1230697,1231854,1231909,1231963,1232193,1232198,1232201,1232418,1232419,1232420,1232421,1232436,1233038,1233070,1233096,1233200,1233204,1233239,1233259,1233260,1233324,1233328,1233461,1233467,1233468,1233469,1233546,1233558,1233637,1233642,1233772,1233837,1234024,1234069,1234071,1234073,1234075,1234076,1234077,1234079,1234086,1234139,1234140,1234141,1234142,1234143,1234144,1234145,1234146,1234147,1234148,1234149,1234150,1234153,1234155,1234156,1234158,1234159,1234160,1234161,1234162,1234163,1234164,1234165,1234166,1234167,1234168,1234169,1234170,1234171,1234172,1234173,1234174,1234175,1234176,1234177,1234178,1234179,1234180,1234181,1234182,1234183,1234184,1234185,1234186,1234187,1234188,1234189,1234190,1234191,1234192,1234193,1234194,1234195,1234196,1234197,1234198,1234199,1234200,1234201,1234203,1234204,1234205,1234207,1234208,1234209,1234219,1234220,1234221,1234237,1
234238,1234239,1234240,1234241,1234242,1234243,1234278,1234279,1234280,1234281,1234282,1234294,1234338,1234357,1234381,1234454,1234464,1234605,1234651,1234652,1234654,1234655,1234657,1234658,1234659,1234668,1234690,1234725,1234726,1234810,1234811,1234826,1234827,1234829,1234832,1234834,1234843,1234846,1234848,1234853,1234855,1234856,1234884,1234889,1234891,1234899,1234900,1234905,1234907,1234909,1234911,1234912,1234916,1234918,1234920,1234921,1234922,1234929,1234930,1234937,1234948,1234950,1234952,1234960,1234962,1234963,1234968,1234969,1234970,1234971,1234973,1234974,1234989,1234999,1235002,1235003,1235004,1235007,1235009,1235016,1235019,1235033,1235045,1235056,1235061,1235075,1235108,1235128,1235134,1235138,1235246,1235406,1235409,1235416,1235507,1235550,CVE-2024-26924,CVE-2024-27397,CVE-2024-35839,CVE-2024-36908,CVE-2024-36915,CVE-2024-39480,CVE-2024-41042,CVE-2024-44934,CVE-2024-44996,CVE-2024-47678,CVE-2024-49854,CVE-2024-49884,CVE-2024-49915,CVE-2024-50016,CVE-2024-50018,CVE-2
024-50039,CVE-2024-50047,CVE-2024-50143,CVE-2024-50154,CVE-2024-50202,CVE-2024-50203,CVE-2024-50211,CVE-2024-50228,CVE-2024-50256,CVE-2024-50262,CVE-2024-50272,CVE-2024-50278,CVE-2024-50279,CVE-2024-50280,CVE-2024-53050,CVE-2024-53064,CVE-2024-53090,CVE-2024-53095,CVE-2024-53099,CVE-2024-53103,CVE-2024-53105,CVE-2024-53111,CVE-2024-53113,CVE-2024-53117,CVE-2024-53118,CVE-2024-53119,CVE-2024-53120,CVE-2024-53122,CVE-2024-53125,CVE-2024-53126,CVE-2024-53127,CVE-2024-53129,CVE-2024-53130,CVE-2024-53131,CVE-2024-53133,CVE-2024-53134,CVE-2024-53136,CVE-2024-53141,CVE-2024-53142,CVE-2024-53144,CVE-2024-53146,CVE-2024-53148,CVE-2024-53150,CVE-2024-53151,CVE-2024-53154,CVE-2024-53155,CVE-2024-53156,CVE-2024-53157,CVE-2024-53158,CVE-2024-53159,CVE-2024-53160,CVE-2024-53161,CVE-2024-53162,CVE-2024-53166,CVE-2024-53169,CVE-2024-53171,CVE-2024-53173,CVE-2024-53174,CVE-2024-53179,CVE-2024-53180,CVE-2024-53188,CVE-2024-53190,CVE-2024-53191,CVE-2024-53200,CVE-2024-53201,CVE-2024-53202,CVE-2024-532
06,CVE-2024-53207,CVE-2024-53208,CVE-2024-53209,CVE-2024-53210,CVE-2024-53213,CVE-2024-53214,CVE-2024-53215,CVE-2024-53216,CVE-2024-53217,CVE-2024-53222,CVE-2024-53224,CVE-2024-53229,CVE-2024-53234,CVE-2024-53237,CVE-2024-53240,CVE-2024-53241,CVE-2024-56536,CVE-2024-56539,CVE-2024-56549,CVE-2024-56551,CVE-2024-56562,CVE-2024-56566,CVE-2024-56567,CVE-2024-56576,CVE-2024-56582,CVE-2024-56599,CVE-2024-56604,CVE-2024-56605,CVE-2024-56645,CVE-2024-56667,CVE-2024-56752,CVE-2024-56754,CVE-2024-56755,CVE-2024-56756,CVE-2024-8805
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: netfilter: nf_tables: use timestamp to check for set element timeout (bsc#1224095).
- CVE-2024-35839: kABI fix for netfilter: bridge: replace physindev with physinif in nf_bridge_info (bsc#1224726).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
- CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809).
- CVE-2024-44996: vsock: fix recursive ->recvmsg calls (bsc#1230205).
- CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854).
- CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419).
- CVE-2024-50039: kABI: Restore deleted EXPORT_SYMBOL(__qdisc_calculate_pkt_len) (bsc#1231909).
- CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324).
- CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200).
- CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239).
- CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469).
- CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-53050: drm/i915/hdcp: Add encoder check in hdcp2_get_capability (bsc#1233546).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-53090: afs: Fix lock recursion (bsc#1233637).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53099: bpf: Check validity of link->type in bpf_link_show_fdinfo() (bsc#1233772).
- CVE-2024-53105: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() (bsc#1234069).
- CVE-2024-53111: mm/mremap: fix address wraparound in move_page_tables() (bsc#1234086).
- CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077).
- CVE-2024-53117: virtio/vsock: Improve MSG_ZEROCOPY error handling (bsc#1234079).
- CVE-2024-53118: vsock: Fix sk_error_queue memory leak (bsc#1234071).
- CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073).
- CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219).
- CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220).
- CVE-2024-53133: drm/amd/display: Handle dml allocation failure to avoid crash (bsc#1234221)
- CVE-2024-53134: pmdomain: imx93-blk-ctrl: correct remove path (bsc#1234159).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-53160: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu (bsc#1234810).
- CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53216: nfsd: fix UAF when access ex_uuid or ex_stats (bsc#1235003).
- CVE-2024-53222: zram: fix NULL pointer in comp_algorithm_show() (bsc#1234974).
- CVE-2024-53234: erofs: handle NONHEAD !delta[1] lclusters gracefully (bsc#1235045).
- CVE-2024-53240: xen/netfront: fix crash when removing device (XSA-465 bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912).
- CVE-2024-56566: mm/slub: Avoid list corruption when removing a slab from the full list (bsc#1235033).
- CVE-2024-56582: btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235128).
- CVE-2024-56599: wifi: ath10k: avoid NULL pointer error during sdio remove (bsc#1235138).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920).
The following non-security bugs were fixed:
- 9p: v9fs_fid_find: also lookup by inode if not found dentry (git-fixes).
- ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294)
- ACPI: PRM: Add PRM handler direct call support (jsc#PED-10467).
- ACPI: resource: Fix memory resource type union access (git-fixes).
- ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840 (stable-fixes).
- ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[] (stable-fixes).
- ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID (stable-fixes).
- ACPICA: events/evxfregn: do not release the ContextMutex that was never acquired (git-fixes).
- ALSA hda/realtek: Add quirk for Framework F111:000C (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on Acer Nitro 5 (stable-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- ALSA: seq: Check UMP support for midi_version change (git-fixes).
- ALSA: seq: oss: Fix races at processing SysEx messages (stable-fixes).
- ALSA: seq: ump: Fix seq port updates per FB info notify (git-fixes).
- ALSA: seq: ump: Use automatic cleanup of kfree() (stable-fixes).
- ALSA: seq: ump: Use guard() for locking (stable-fixes).
- ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5 (stable-fixes).
- ALSA: usb-audio: Notify xrun for low-latency mode (git-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- ALSA: usb-audio: US16x08: Initialize array before use (git-fixes).
- ASoC: Intel: sof_sdw: add quirk for Dell SKU 0B8C (stable-fixes).
- ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP (stable-fixes).
- ASoC: SOF: Remove libraries from topology lookups (git-fixes).
- ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 (stable-fixes).
- ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6 21M1CTO1WW (stable-fixes).
- ASoC: amd: yc: Fix the wrong return value (git-fixes).
- ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes).
- ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes).
- ASoC: amd: yc: fix internal mic on Redmi G 2022 (stable-fixes).
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes).
- ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes).
- ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes).
- ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes).
- ASoC: hdmi-codec: reorder channel allocation list (stable-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes).
- ASoC: nau8822: Lower debug print priority (stable-fixes).
- Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() (stable-fixes).
- Bluetooth: ISO: Reassociate a socket with an active BIS (stable-fixes).
- Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (stable-fixes).
- Bluetooth: MGMT: Fix possible deadlocks (git-fixes).
- Bluetooth: SCO: Add support for 16 bits transparent voice setting (git-fixes).
- Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables (stable-fixes).
- Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (stable-fixes).
- Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating (git-fixes).
- Bluetooth: iso: Fix recursive locking warning (git-fixes).
- Documentation: PM: Clarify pm_runtime_resume_and_get() return value (git-fixes).
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes).
- HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support (stable-fixes).
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes).
- NFSD: Async COPY result needs to return a write verifier (git-fixes).
- NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() (git-fixes).
- NFSD: Fix nfsd4_shutdown_copy() (git-fixes).
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes).
- NFSD: Prevent a potential integer overflow (git-fixes).
- NFSD: Remove a never-true comparison (git-fixes).
- NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point (git-fixes).
- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes).
- Octeontx2-pf: Free send queue buffers incase of leaf to inner (git-fixes).
- PCI/AER: Disable AER service on suspend (stable-fixes).
- PCI/MSI: Handle lack of irqdomain gracefully (git-fixes).
- PCI: Add 'reset_subordinate' to reset hierarchy below bridge (stable-fixes).
- PCI: Add ACS quirk for Broadcom BCM5760X NIC (stable-fixes).
- PCI: Add ACS quirk for Wangxun FF5xxx NICs (stable-fixes).
- PCI: Add T_PERST_CLK_US macro (git-fixes).
- PCI: Detect and trust built-in Thunderbolt chips (stable-fixes).
- PCI: Fix use-after-free of slot->bus on hot remove (stable-fixes).
- PCI: Use preserve_config in place of pci_flags (stable-fixes).
- PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() (stable-fixes).
- PCI: cadence: Set cdns_pcie_host_init() global (stable-fixes).
- PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads (stable-fixes).
- PCI: j721e: Add PCIe 4x lane selection support (stable-fixes).
- PCI: j721e: Add per platform maximum lane settings (stable-fixes).
- PCI: j721e: Add reset GPIO to struct j721e_pcie (stable-fixes).
- PCI: j721e: Add suspend and resume support (git-fixes).
- PCI: j721e: Use T_PERST_CLK_US macro (git-fixes).
- PCI: qcom: Add support for IPQ9574 (stable-fixes).
- PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs (stable-fixes).
- PCI: vmd: Set devices to D0 before enabling PM L1 Substates (stable-fixes).
- RAS/AMD/ATL: Translate normalized to system physical addresses using PRM (jsc#PED-10467).
- RDMA/bnxt_re: Add check for path mtu in modify_qp (git-fixes)
- RDMA/bnxt_re: Avoid initializing the software queue for user queues (git-fixes)
- RDMA/bnxt_re: Avoid sending the modify QP workaround for latest adapters (git-fixes)
- RDMA/bnxt_re: Disable use of reserved wqes (git-fixes)
- RDMA/bnxt_re: Fix max_qp_wrs reported (git-fixes)
- RDMA/bnxt_re: Fix reporting hw_ver in query_device (git-fixes)
- RDMA/bnxt_re: Fix the check for 9060 condition (git-fixes)
- RDMA/bnxt_re: Fix the locking while accessing the QP table (git-fixes)
- RDMA/bnxt_re: Remove always true dattr validity check (git-fixes)
- RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes)
- RDMA/hns: Fix accessing invalid dip_ctx during destroying QP (git-fixes)
- RDMA/hns: Fix mapping error of zero-hop WQE buffer (git-fixes)
- RDMA/hns: Fix missing flush CQE for DWQE (git-fixes)
- RDMA/hns: Fix warning storm caused by invalid input in IO path (git-fixes)
- RDMA/mlx5: Enforce same type port association for multiport RoCE (git-fixes)
- RDMA/rtrs: Ensure 'ib_sge list' is accessible (git-fixes)
- RDMA/uverbs: Prevent integer overflow issue (git-fixes)
- Revert 'block/mq-deadline: use correct way to throttling write requests' (bsc#1234146).
- Revert 'btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128)'
- Revert 'igb: Disable threaded IRQ for igb_msix_other' (git-fixes).
- Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413)
- Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413)
- Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413)
- Revert 'unicode: Do not special case ignorable code points' (stable-fixes).
- SUNRPC: make sure cache entry active before cache_show (git-fixes).
- SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT (git-fixes).
- USB: serial: option: add MediaTek T7XX compositions (stable-fixes).
- USB: serial: option: add MeiG Smart SLM770A (stable-fixes).
- USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (stable-fixes).
- USB: serial: option: add TCL IK512 MBIM & ECM (stable-fixes).
- USB: serial: option: add Telit FE910C04 rmnet compositions (stable-fixes).
- accel/habanalabs/gaudi2: unsecure tpc count registers (stable-fixes).
- accel/habanalabs: export dma-buf only if size/offset multiples of PAGE_SIZE (stable-fixes).
- accel/habanalabs: fix debugfs files permissions (stable-fixes).
- accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings (stable-fixes).
- acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (git-fixes).
- af_unix: Call manage_oob() for every skb in unix_stream_read_generic() (bsc#1234725).
- afs: Automatically generate trace tag enums (git-fixes).
- afs: Fix missing subdir edit when renamed between parent dirs (git-fixes).
- amdgpu/uvd: get ring reference from rq scheduler (git-fixes).
- arch: Introduce arch_{,try_}_cmpxchg128{,_local}() (bsc#1220773).
- arch: Remove cmpxchg_double (bsc#1220773).
- arch: consolidate arch_irq_work_raise prototypes (git-fixes).
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605)
- arm64: Force position-independent veneers (git-fixes).
- arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes).
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes).
- batman-adv: Do not let TT changes list grows indefinitely (git-fixes).
- batman-adv: Do not send uninitialized TT changes (git-fixes).
- batman-adv: Remove uninitialized data in full table TT response (git-fixes).
- blk-cgroup: Fix UAF in blkcg_unpin_online() (bsc#1234726).
- blk-core: use pr_warn_ratelimited() in bio_check_ro() (bsc#1234139).
- blk-iocost: Fix an UBSAN shift-out-of-bounds warning (bsc#1234144).
- blk-iocost: do not WARN if iocg was already offlined (bsc#1234147).
- blk-throttle: fix lockdep warning of 'cgroup_mutex or RCU read lock required!' (bsc#1234140).
- block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() (bsc#1234149).
- block, bfq: do not break merge chain in bfq_split_bfqq() (bsc#1234150).
- block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234160).
- block, bfq: fix procress reference leakage for bfqq in merge chain (bsc#1234280).
- block, bfq: fix uaf for accessing waker_bfqq after splitting (bsc#1234279).
- block/mq-deadline: Fix the tag reservation code (bsc#1234148).
- block: Call .limit_depth() after .hctx has been set (bsc#1234148).
- block: Fix where bio IO priority gets set (bsc#1234145).
- block: prevent an integer overflow in bvec_try_merge_hw_page (bsc#1234142).
- block: update the stable_writes flag in bdev_add (bsc#1234141).
- bnxt_en: Fix receive ring space parameters when XDP is active (git-fixes).
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes).
- bnxt_en: Set backplane link modes correctly for ethtool (git-fixes).
- bpf, x86: Fix PROBE_MEM runtime load check (git-fixes).
- bpf: verifier: prevent userspace memory access (git-fixes).
- btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128)
- can: gs_usb: add VID/PID for Xylanta SAINT3 product family (stable-fixes).
- can: j1939: fix error in J1939 documentation (stable-fixes).
- checkpatch: always parse orig_commit in fixes tag (git-fixes).
- checkpatch: check for missing Fixes tags (stable-fixes).
- clocksource/drivers/timer-ti-dm: Fix child node refcount handling (git-fixes).
- clocksource/drivers:sp804: Make user selectable (git-fixes).
- counter: stm32-timer-cnt: Add check for clk_enable() (git-fixes).
- counter: ti-ecap-capture: Add check for clk_enable() (git-fixes).
- crypto: qat - disable IOV in adf_dev_stop() (git-fixes).
- crypto: x86/sha256 - Add parentheses around macros' single arguments (stable-fixes).
- cyrpto/b128ops: Remove struct u128 (bsc#1220773).
- devlink: Fix length of eswitch inline-mode (git-fixes).
- dma-buf: fix dma_fence_array_signaled v4 (stable-fixes).
- dma-debug: fix a possible deadlock on radix_lock (stable-fixes).
- dmaengine: apple-admac: Avoid accessing registers in probe (git-fixes).
- dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (git-fixes).
- dmaengine: dw: Select only supported masters for ACPI devices (git-fixes).
- dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357).
- dmaengine: mv_xor: fix child node refcount handling in early exit (git-fixes).
- dmaengine: tegra: Return correct DMA status when paused (git-fixes).
- driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link (stable-fixes).
- driver core: fw_devlink: Improve logs for cycle detection (stable-fixes).
- driver core: fw_devlink: Stop trying to optimize cycle detection logic (git-fixes).
- drivers: net: ionic: add missed debugfs cleanup to ionic_probe() error path (git-fixes).
- drm/amd/display: Add HDR workaround for specific eDP (stable-fixes).
- drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw (stable-fixes).
- drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes).
- drm/amd/display: Avoid overflow assignment in link_dp_cts (stable-fixes).
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes).
- drm/amd/display: Revert Avoid overflow assignment (stable-fixes).
- drm/amd/display: Use gpuvm_min_page_size_kbytes for DML2 surfaces (stable-fixes).
- drm/amd/pm: fix the high voltage issue after unload (stable-fixes).
- drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu v13.0.7 (stable-fixes).
- drm/amdgpu/gfx10: use rlc safe mode for soft recovery (stable-fixes).
- drm/amdgpu/gfx11: use rlc safe mode for soft recovery (stable-fixes).
- drm/amdgpu/gfx9: properly handle error ints on all pipes (stable-fixes).
- drm/amdgpu/gfx9: use rlc safe mode for soft recovery (stable-fixes).
- drm/amdgpu/hdp5.2: do a posting read when flushing HDP (stable-fixes).
- drm/amdgpu/pm: Remove gpu_od if it's an empty directory (stable-fixes).
- drm/amdgpu/umsch: do not execute umsch test when GPU is in reset/suspend (stable-fixes).
- drm/amdgpu/umsch: reinitialize write pointer in hw init (stable-fixes).
- drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3 (stable-fixes).
- drm/amdgpu: Block MMR_READ IOCTL in reset (stable-fixes).
- drm/amdgpu: Dereference the ATCS ACPI buffer (stable-fixes).
- drm/amdgpu: add raven1 gfxoff quirk (stable-fixes).
- drm/amdgpu: add smu 14.0.1 discovery support (stable-fixes).
- drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih (stable-fixes).
- drm/amdgpu: differentiate external rev id for gfx 11.5.0 (stable-fixes).
- drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes).
- drm/amdgpu: do not access invalid sched (git-fixes).
- drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes).
- drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes).
- drm/amdgpu: fix usage slab after free (stable-fixes).
- drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes).
- drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr (stable-fixes).
- drm/amdgpu: set the right AMDGPU sg segment limitation (stable-fixes).
- drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov (stable-fixes).
- drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes).
- drm/amdkfd: Use device based logging for errors (stable-fixes).
- drm/amdkfd: Use the correct wptr size (stable-fixes).
- drm/amdkfd: pause autosuspend when creating pdd (stable-fixes).
- drm/bridge: adv7511_audio: Update Audio InfoFrame properly (git-fixes).
- drm/bridge: it6505: Enable module autoloading (stable-fixes).
- drm/bridge: it6505: Fix inverted reset polarity (git-fixes).
- drm/bridge: it6505: update usleep_range for RC circuit charge time (stable-fixes).
- drm/display: Fix building with GCC 15 (stable-fixes).
- drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (stable-fixes).
- drm/dp_mst: Fix MST sideband message body length check (stable-fixes).
- drm/dp_mst: Fix resetting msg rx state after topology removal (git-fixes).
- drm/dp_mst: Verify request type in the corresponding down message reply (stable-fixes).
- drm/etnaviv: flush shader L1 cache after user commandstream (stable-fixes).
- drm/i915/dg1: Fix power gate sequence (git-fixes).
- drm/i915: Fix NULL pointer dereference in capture_engine (git-fixes).
- drm/i915: Fix memory leak by correcting cache object name in error handler (git-fixes).
- drm/mcde: Enable module autoloading (stable-fixes).
- drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() (stable-fixes).
- drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 (stable-fixes).
- drm/panel: novatek-nt35950: fix return value check in nt35950_probe() (git-fixes).
- drm/panel: simple: Add Microchip AC69T88A LVDS Display panel (stable-fixes).
- drm/printer: Allow NULL data in devcoredump printer (stable-fixes).
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes).
- drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() (stable-fixes).
- drm/radeon: Fix spurious unplug event on radeon HDMI (git-fixes).
- drm/radeon: add helper rdev_to_drm(rdev) (stable-fixes).
- drm/radeon: change rdev->ddev to rdev_to_drm(rdev) (stable-fixes).
- drm/sched: memset() 'job' in drm_sched_job_init() (stable-fixes).
- drm/vc4: hdmi: Avoid log spam for audio start failure (stable-fixes).
- drm/vc4: hvs: Set AXI panic modes for the HVS (stable-fixes).
- drm: adv7511: Drop dsi single lane support (git-fixes).
- drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (git-fixes).
- drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK (stable-fixes).
- drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes).
- erofs: avoid debugging output for (de)compressed data (git-fixes).
- exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes).
- ext4: add a new helper to check if es must be kept (bsc#1234170).
- ext4: add correct group descriptors and reserved GDT blocks to system zone (bsc#1234164).
- ext4: add missed brelse in update_backups (bsc#1234171).
- ext4: allow for the last group to be marked as trimmed (bsc#1234278).
- ext4: avoid buffer_head leak in ext4_mark_inode_used() (bsc#1234191).
- ext4: avoid excessive credit estimate in ext4_tmpfile() (bsc#1234180).
- ext4: avoid negative min_clusters in find_group_orlov() (bsc#1234193).
- ext4: avoid overlapping preallocations due to overflow (bsc#1234162).
- ext4: avoid potential buffer_head leak in __ext4_new_inode() (bsc#1234192).
- ext4: avoid writing unitialized memory to disk in EA inodes (bsc#1234187).
- ext4: check the extent status again before inserting delalloc block (bsc#1234186).
- ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard (bsc#1234190).
- ext4: convert to exclusive lock while inserting delalloc extents (bsc#1234178).
- ext4: correct best extent lstart adjustment logic (bsc#1234179).
- ext4: correct grp validation in ext4_mb_good_group (bsc#1234163).
- ext4: correct return value of ext4_convert_meta_bg (bsc#1234172).
- ext4: correct the hole length returned by ext4_map_blocks() (bsc#1234178).
- ext4: correct the start block of counting reserved clusters (bsc#1234169).
- ext4: do not let fstrim block system suspend (https://bugzilla.kernel.org/show_bug.cgi?id=216322 bsc#1234166).
- ext4: do not trim the group with corrupted block bitmap (bsc#1234177).
- ext4: factor out __es_alloc_extent() and __es_free_extent() (bsc#1234170).
- ext4: factor out a common helper to query extent map (bsc#1234186).
- ext4: fix inconsistent between segment fstrim and full fstrim (bsc#1234176).
- ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() (bsc#1234188).
- ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() (bsc#1234188).
- ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() (bsc#1234188).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix potential unnitialized variable (bsc#1234183).
- ext4: fix race between writepages and remount (bsc#1234168).
- ext4: fix rec_len verify error (bsc#1234167).
- ext4: fix slab-use-after-free in ext4_es_insert_extent() (bsc#1234170).
- ext4: fix uninitialized variable in ext4_inlinedir_to_tree (bsc#1234185).
- ext4: forbid commit inconsistent quota data when errors=remount-ro (bsc#1234178).
- ext4: make ext4_es_insert_delayed_block() return void (bsc#1234170).
- ext4: make ext4_es_insert_extent() return void (bsc#1234170).
- ext4: make ext4_es_remove_extent() return void (bsc#1234170).
- ext4: make ext4_zeroout_es() return void (bsc#1234170).
- ext4: make sure allocate pending entry not fail (bsc#1234170).
- ext4: mark buffer new if it is unwritten to avoid stale data exposure (bsc#1234175).
- ext4: move 'ix' sanity check to corrent position (bsc#1234174).
- ext4: move setting of trimmed bit into ext4_try_to_trim_range() (bsc#1234165).
- ext4: nested locking for xattr inode (bsc#1234189).
- ext4: propagate errors from ext4_find_extent() in ext4_insert_range() (bsc#1234194).
- ext4: refactor ext4_da_map_blocks() (bsc#1234178).
- ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (bsc#1234173).
- ext4: remove the redundant folio_wait_stable() (bsc#1234184).
- ext4: set the type of max_zeroout to unsigned int to avoid overflow (bsc#1234182).
- ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow (bsc#1234181).
- ext4: use pre-allocated es in __es_insert_extent() (bsc#1234170).
- ext4: use pre-allocated es in __es_remove_extent() (bsc#1234170).
- ext4: using nofail preallocation in ext4_es_insert_delayed_block() (bsc#1234170).
- ext4: using nofail preallocation in ext4_es_insert_extent() (bsc#1234170).
- ext4: using nofail preallocation in ext4_es_remove_extent() (bsc#1234170).
- filemap: Fix bounds checking in filemap_read() (bsc#1234209).
- filemap: add a per-mapping stable writes flag (bsc#1234141).
- firmware: arm_scmi: Reject clear channel request on A2P (stable-fixes).
- fs-writeback: do not requeue a clean inode having skipped pages (bsc#1234200).
- fs/writeback: bail out if there is no more inodes for IO and queued once (bsc#1234207).
- fsnotify: fix sending inotify event with unexpected filename (bsc#1234198).
- genirq/cpuhotplug: Retry with cpu_online_mask when migration fails (git-fixes).
- genirq/cpuhotplug: Skip suspended interrupts when restoring affinity (git-fixes).
- genirq/irqdesc: Honor caller provided affinity in alloc_desc() (git-fixes).
- gpio: grgpio: Add NULL check in grgpio_probe (git-fixes).
- gpio: grgpio: use a helper variable to store the address of ofdev->dev (stable-fixes).
- hfsplus: do not query the device logical block size multiple times (git-fixes).
- hvc/xen: fix console unplug (git-fixes).
- hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (git-fixes).
- hvc/xen: fix event channel handling for secondary consoles (git-fixes).
- hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list (stable-fixes).
- hwmon: (pmbus/core) clear faults after setting smbalert mask (git-fixes).
- hwmon: (pmbus_core) Allow to hook PMBUS_SMBALERT_MASK (stable-fixes).
- hwmon: (tmp513) Do not use 'proxy' headers (stable-fixes).
- hwmon: (tmp513) Fix Current Register value interpretation (git-fixes).
- hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit Registers (git-fixes).
- hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit Registers (git-fixes).
- hwmon: (tmp513) Simplify with dev_err_probe() (stable-fixes).
- hwmon: (tmp513) Use SI constants from units.h (stable-fixes).
- i2c: imx: add imx7d compatible string for applying erratum ERR007805 (git-fixes).
- i2c: microchip-core: actually use repeated sends (git-fixes).
- i2c: microchip-core: fix 'ghost' detections (git-fixes).
- i2c: pnx: Fix timeout in wait functions (git-fixes).
- i2c: riic: Always round-up when calculating bus period (git-fixes).
- i40e: Fix handling changed priv flags (git-fixes).
- i915/guc: Accumulate active runtime on gt reset (git-fixes).
- i915/guc: Ensure busyness counter increases motonically (git-fixes).
- i915/guc: Reset engine utilization buffer before registration (git-fixes).
- ice: Unbind the workqueue (bsc#1234989)
- ice: change q_index variable type to s16 to store -1 value (git-fixes).
- ice: consistently use q_idx in ice_vc_cfg_qs_msg() (git-fixes).
- ice: fix PHY Clock Recovery availability check (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- igb: Fix potential invalid memory access in igb_init_module() (git-fixes).
- iio: magnetometer: yas530: use signed integer type for clamp limits (git-fixes).
- instrumentation: Wire up cmpxchg128() (bsc#1220773).
- io_uring/rw: avoid punting to io-wq directly (git-fixes).
- io_uring/tctx: work around xa_store() allocation error issue (git-fixes).
- io_uring: Fix registered ring file refcount leak (git-fixes).
- io_uring: always lock __io_cqring_overflow_flush (git-fixes).
- io_uring: check if iowq is killed before queuing (git-fixes).
- iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables (git-fixes).
- irqflags: Explicitly ignore lockdep_hrtimer_exit() argument (git-fixes).
- isofs: handle CDs with bad root inode but good Joliet root directory (bsc#1234199).
- ixgbe: downgrade logging of unsupported VF API version to debug (git-fixes).
- ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5 (git-fixes).
- jffs2: Fix rtime decompressor (git-fixes).
- jffs2: Prevent rtime decompress memory corruption (git-fixes).
- jffs2: fix use of uninitialized variable (git-fixes).
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes).
- jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes).
- jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes).
- jfs: fix shift-out-of-bounds in dbSplit (git-fixes).
- jfs: xattr: check invalid xattr size more strictly (git-fixes).
- kABI workaround for struct drm_dp_mst_topology_mgr (git-fixes).
- kabi/severities: make vcap_find_actionfield PASS (bsc#1220773)
- kasan: make report_lock a raw spinlock (git-fixes).
- kdb: Fix buffer overflow during tab-complete (bsc#1234652).
- kdb: Fix console handling when editing and tab-completing commands (bsc#1234655).
- kdb: Merge identical case statements in kdb_read() (bsc#1234657).
- kdb: Use format-specifiers rather than memset() for padding in kdb_read() (bsc#1234658).
- kdb: Use format-strings rather than '\0' injection in kdb_read() (bsc#1234654).
- kdb: Use the passed prompt in kdb_position_cursor() (bsc#1234654).
- kdb: address -Wformat-security warnings (bsc#1234659).
- kgdb: Flush console before entering kgdb on panic (bsc#1234651).
- leds: class: Protect brightness_show() with led_cdev->led_access mutex (stable-fixes).
- linux/dmaengine.h: fix a few kernel-doc warnings (git-fixes).
- locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() (bsc#1220773 git-fix).
- loop: fix the the direct I/O support check when used on top of block devices (bsc#1234143).
- mac80211: fix user-power when emulating chanctx (stable-fixes).
- media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 (stable-fixes).
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (git-fixes).
- media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera (stable-fixes).
- media: uvcvideo: RealSense D421 Depth module metadata (stable-fixes).
- mfd: da9052-spi: Change read-mask to write-mask (git-fixes).
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices (git-fixes).
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (git-fixes).
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device (git-fixes).
- mm/filemap: avoid buffered read/write race to read inconsistent data (bsc#1234204).
- mm/readahead: do not allow order-1 folio (bsc#1234205).
- mm/readahead: limit page cache size in page_cache_ra_order() (bsc#1234208).
- mmc: core: Add SD card quirk for broken poweroff notification (stable-fixes).
- mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting (git-fixes).
- mmc: mtk-sd: fix devm_clk_get_optional usage (stable-fixes).
- mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED (stable-fixes).
- mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet (stable-fixes).
- mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (git-fixes).
- mtd: diskonchip: Cast an operand to prevent potential overflow (git-fixes).
- mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes).
- mtd: hyperbus: rpc-if: Convert to platform remove callback returning void (stable-fixes).
- mtd: rawnand: arasan: Fix double assertion of chip-select (git-fixes).
- mtd: rawnand: arasan: Fix missing de-registration of NAND (git-fixes).
- mtd: rawnand: fix double free in atmel_pmecc_create_user() (git-fixes).
- net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (git-fixes).
- net/ipv6: release expired exception dst cached in socket (bsc#1216813).
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes).
- net/mlx5e: Remove workaround to avoid syndrome for internal port (git-fixes).
- net/mlx5e: clear xdp features on non-uplink representors (git-fixes).
- net/qed: allow old cards not supporting 'num_images' to work (git-fixes).
- net: Return error from sk_stream_wait_connect() if sk_wait_event() fails (git-fixes).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- net: usb: qmi_wwan: add Quectel RG650V (stable-fixes).
- nfs: ignore SB_RDONLY when mounting nfs (git-fixes).
- nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (git-fixes).
- nfsd: make sure exp active before svc_export_show (git-fixes).
- nfsd: release svc_expkey/svc_export with rcu_work (git-fixes).
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- nilfs2: fix buffer head leaks in calls to truncate_inode_pages() (git-fixes).
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes).
- nilfs2: prevent use of deleted inode (git-fixes).
- nvme-pci: 512 byte aligned dma pool segment quirk (git-fixes).
- nvme-rdma: unquiesce admin_q before destroy it (git-fixes).
- nvme-tcp: fix the memleak while create new ctrl failed (git-fixes).
- nvme/multipath: Fix RCU list traversal to use SRCU primitive (git-fixes).
- nvme: apple: fix device reference counting (git-fixes).
- nvme: fix metadata handling in nvme-passthrough (git-fixes).
- nvmet-loop: avoid using mutex in IO hotpath (git-fixes).
- ocfs2: fix uninitialized value in ocfs2_file_read_iter() (git-fixes).
- ocfs2: free inode when ocfs2_get_init_inode() fails (git-fixes).
- of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() (git-fixes).
- of: Fix error path in of_parse_phandle_with_args_map() (git-fixes).
- of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (git-fixes).
- of: address: Report error on resource bounds overflow (stable-fixes).
- parisc: Raise minimal GCC version (bsc#1220773).
- parisc: Raise minimal GCC version to 12.0.0 (bsc#1220773 git-fix).
- percpu: Add {raw,this}_cpu_try_cmpxchg() (bsc#1220773).
- percpu: Fix self-assignment of __old in raw_cpu_generic_try_cmpxchg() (bsc#1220773 git-fix).
- percpu: Wire up cmpxchg128 (bsc#1220773).
- phy: core: Fix an OF node refcount leakage in _of_phy_get() (git-fixes).
- phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (git-fixes).
- phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider (git-fixes).
- phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (git-fixes).
- phy: core: Fix that API devm_phy_put() fails to release the phy (git-fixes).
- phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP (git-fixes).
- phy: rockchip: naneng-combphy: fix phy reset (git-fixes).
- phy: usb: Toggle the PHY power during init (git-fixes).
- pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (git-fixes).
- pinctrl: qcom-pmic-gpio: add support for PM8937 (stable-fixes).
- pinctrl: qcom: spmi-mpp: Add PM8937 compatible (stable-fixes).
- pinmux: Use sequential access to access desc->pinmux data (stable-fixes).
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).
- platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (stable-fixes).
- platform/x86: dell-smbios-base: Extends support to Alienware products (stable-fixes).
- platform/x86: dell-wmi-base: Handle META key Lock/Unlock events (stable-fixes).
- platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect fan speed (stable-fixes).
- power: supply: gpio-charger: Fix set charge current limits (git-fixes).
- powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active (bsc#1235108).
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes).
- quota: Fix rcu annotations of inode dquot pointers (bsc#1234197).
- quota: explicitly forbid quota files from being encrypted (bsc#1234196).
- quota: flush quota_release_work upon quota writeback (bsc#1234195).
- quota: simplify drop_dquot_ref() (bsc#1234197).
- readahead: use ilog2 instead of a while loop in page_cache_ra_order() (bsc#1234208).
- regmap: Use correct format specifier for logging range errors (stable-fixes).
- regulator: rk808: Add apply_bit for BUCK3 on RK809 (stable-fixes).
- rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454)
- rtc: cmos: avoid taking rtc_lock for extended period of time (stable-fixes).
- s390/cio: Do not unregister the subchannel based on DNV (git-fixes).
- s390/cpum_sf: Convert to cmpxchg128() (bsc#1220773).
- s390/cpum_sf: Handle CPU hotplug remove during sampling (git-fixes).
- s390/cpum_sf: Remove WARN_ON_ONCE statements (git-fixes).
- s390/facility: Disable compile time optimization for decompressor code (git-fixes).
- s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (git-fixes).
- s390/pageattr: Implement missing kernel_page_present() (git-fixes).
- scatterlist: fix incorrect func name in kernel-doc (git-fixes).
- sched/numa: fix memory leak due to the overwritten vma->numab_state (git fixes (sched/numa)).
- scsi: lpfc: Add handling for LS_RJT reason explanation authentication required (bsc#1235409).
- scsi: lpfc: Add support for large fw object application layer reads (bsc#1235409).
- scsi: lpfc: Change lpfc_nodelist save_flags member into a bitmask (bsc#1235409).
- scsi: lpfc: Copyright updates for 14.4.0.7 patches (bsc#1235409).
- scsi: lpfc: Delete NLP_TARGET_REMOVE flag due to obsolete usage (bsc#1235409).
- scsi: lpfc: Modify handling of ADISC based on ndlp state and RPI registration (bsc#1235409).
- scsi: lpfc: Redefine incorrect type in lpfc_create_device_data() (bsc#1235409).
- scsi: lpfc: Restrict the REG_FCFI MAM field to FCoE adapters only (bsc#1235409).
- scsi: lpfc: Update definition of firmware configuration mbox cmds (bsc#1235409).
- scsi: lpfc: Update lpfc version to 14.4.0.7 (bsc#1235409).
- scsi: qla2xxx: Fix NVMe and NPIV connect issue (bsc#1235406).
- scsi: qla2xxx: Fix abort in bsg timeout (bsc#1235406).
- scsi: qla2xxx: Fix use after free on unload (bsc#1235406).
- scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt (bsc#1235406).
- scsi: qla2xxx: Remove the unused 'del_list_entry' field in struct fc_port (bsc#1235406).
- scsi: qla2xxx: Supported speed displayed incorrectly for VPorts (bsc#1235406).
- scsi: qla2xxx: Update version to 10.02.09.400-k (bsc#1235406).
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- selftests/bpf: Test PROBE_MEM of VSYSCALL_ADDR on x86-64 (git-fixes).
- serial: 8250_dw: Add Sophgo SG2044 quirk (stable-fixes).
- serial: 8250_dw: Do not use struct dw8250_data outside of 8250_dw (git-fixes).
- serial: 8250_dw: Replace ACPI device check by a quirk (git-fixes).
- serial: 8250_fintek: Add support for F81216E (stable-fixes).
- serial: Do not hold the port lock when setting rx-during-tx GPIO (git-fixes).
- serial: amba-pl011: Fix RX stall when DMA is used (git-fixes).
- serial: amba-pl011: Use port lock wrappers (stable-fixes).
- serial: amba-pl011: fix build regression (git-fixes).
- serial: do not use uninitialized value in uart_poll_init() (git-fixes).
- serial: imx: only set receiver level if it is zero (git-fixes).
- serial: imx: set receiver level before starting uart (git-fixes).
- serial: qcom-geni: Do not cancel/abort if we can't get the port lock (git-fixes).
- serial: qcom-geni: disable interrupts during console writes (git-fixes).
- serial: qcom-geni: fix arg types for qcom_geni_serial_poll_bit() (git-fixes).
- serial: qcom-geni: fix console corruption (git-fixes).
- serial: qcom-geni: fix dma rx cancellation (git-fixes).
- serial: qcom-geni: fix false console tx restart (git-fixes).
- serial: qcom-geni: fix fifo polling timeout (git-fixes).
- serial: qcom-geni: fix hard lockup on buffer flush (git-fixes).
- serial: qcom-geni: fix polled console corruption (git-fixes).
- serial: qcom-geni: fix polled console initialisation (git-fixes).
- serial: qcom-geni: fix receiver enable (git-fixes).
- serial: qcom-geni: fix shutdown race (git-fixes).
- serial: qcom-geni: fix soft lockup on sw flow control and suspend (git-fixes).
- serial: qcom-geni: introduce qcom_geni_serial_poll_bitfield() (git-fixes).
- serial: qcom-geni: revert broken hibernation support (git-fixes).
- serial: stm32: Return IRQ_NONE in the ISR if no handling happend (git-fixes).
- serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled (git-fixes).
- slub: Replace cmpxchg_double() (bsc#1220773).
- slub: Replace cmpxchg_double() - KABI fix (bsc#1220773).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: fix issue described in bsc#1233642]
- soc/fsl: cpm: qmc: Convert to platform remove callback returning void (stable-fixes).
- soc: fsl: cpm1: qmc: Fix blank line and spaces (stable-fixes).
- soc: fsl: cpm1: qmc: Introduce qmc_init_resource() and its CPM1 version (stable-fixes).
- soc: fsl: cpm1: qmc: Introduce qmc_{init,exit}_xcc() and their CPM1 version (stable-fixes).
- soc: fsl: cpm1: qmc: Re-order probe() operations (stable-fixes).
- soc: fsl: cpm1: qmc: Set the ret error code on platform_get_irq() failure (git-fixes).
- soc: imx8m: Probe the SoC driver as platform driver (stable-fixes).
- soc: qcom: Add check devm_kasprintf() returned value (stable-fixes).
- soc: qcom: geni-se: Add M_TX_FIFO_NOT_EMPTY bit definition (git-fixes).
- soc: qcom: geni-se: add GP_LENGTH/IRQ_EN_SET/IRQ_EN_CLEAR registers (git-fixes).
- soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (git-fixes).
- spi: aspeed: Fix an error handling path in aspeed_spi_[read|write]_user() (git-fixes).
- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (git-fixes).
- sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (git-fixes).
- sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() (git-fixes).
- svcrdma: Address an integer overflow (git-fixes).
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes).
- swiotlb: Enforce page alignment in swiotlb_alloc() (git-fixes).
- swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE (git-fixes).
- thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens (stable-fixes).
- tools: hv: change permissions of NetworkManager configuration file (git-fixes).
- tpm/eventlog: Limit memory allocations for event logs with excessive size (bsc#1233260 bsc#1233259 bsc#1232421).
- tpm_tis_spi: Release chip select when flow control fails (bsc#1234338)
- tty: serial: kgdboc: Fix 8250_* kgdb over serial (git-fixes).
- types: Introduce [us]128 (bsc#1220773).
- ubifs: Correct the total block count by deducting journal reservation (git-fixes).
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes).
- udf: Fix lock ordering in udf_evict_inode() (bsc#1234238).
- udf: fix uninit-value use in udf_get_fileshortad (bsc#1234243).
- udf: prevent integer overflow in udf_bitmap_free_blocks() (bsc#1234239).
- udf: refactor inode_bmap() to handle error (bsc#1234242).
- udf: refactor udf_current_aext() to handle error (bsc#1234240).
- udf: refactor udf_next_aext() to handle error (bsc#1234241).
- udf: udftime: prevent overflow in udf_disk_stamp_to_time() (bsc#1234237).
- usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver (stable-fixes).
- usb: cdns3-ti: Add workaround for Errata i2409 (stable-fixes).
- usb: cdns3: Add quirk flag to enable suspend residency (stable-fixes).
- usb: chipidea: udc: handle USB Error Interrupt if IOC not set (stable-fixes).
- usb: dwc2: Fix HCD port connection race (git-fixes).
- usb: dwc2: Fix HCD resume (git-fixes).
- usb: dwc2: gadget: Do not write invalid mapped sg entries into dma_desc with iommu enabled (stable-fixes).
- usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature (git-fixes).
- usb: dwc3: ep0: Do not clear ep0 DWC3_EP_TRANSFER_STARTED (git-fixes).
- usb: dwc3: ep0: Do not reset resource alloc flag (git-fixes).
- usb: dwc3: ep0: Do not reset resource alloc flag (including ep0) (git-fixes).
- usb: dwc3: gadget: Rewrite endpoint allocation flow (stable-fixes).
- usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode (git-fixes).
- usb: ehci-hcd: fix call balance of clocks handling routines (git-fixes).
- usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (git-fixes).
- usb: host: max3421-hcd: Correctly abort a USB request (git-fixes).
- usb: typec: anx7411: fix OF node reference leaks in anx7411_typec_switch_probe() (git-fixes).
- usb: typec: anx7411: fix fwnode_handle reference leak (git-fixes).
- usb: typec: use cleanup facility for 'altmodes_node' (stable-fixes).
- vDPA/ifcvf: Fix pci_read_config_byte() return code handling (git-fixes).
- vdpa/mlx5: Fix PA offset with unaligned starting iotlb map (git-fixes).
- vdpa/mlx5: Fix suboptimal range on iotlb iteration (git-fixes).
- vdpa: solidrun: Fix UB bug with devres (git-fixes).
- vfs: fix readahead(2) on block devices (bsc#1234201).
- wifi: ath5k: add PCI ID for Arcadyan devices (git-fixes).
- wifi: ath5k: add PCI ID for SX76X (git-fixes).
- wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (stable-fixes).
- wifi: cfg80211: sme: init n_channels before channels[] access (git-fixes).
- wifi: cw1200: Fix potential NULL dereference (git-fixes).
- wifi: ipw2x00: libipw_rx_any(): fix bad alignment (stable-fixes).
- wifi: iwlwifi: mvm: Use the sync timepoint API in suspend (stable-fixes).
- wifi: mac80211: clean up 'ret' in sta_link_apply_parameters() (stable-fixes).
- wifi: mac80211: fix station NSS capability initialization order (git-fixes).
- wifi: mac80211: init cnt before accessing elem in ieee80211_copy_mbssid_beacon (git-fixes).
- wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one (git-fixes).
- wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures (stable-fixes).
- wifi: rtw89: check return value of ieee80211_probereq_get() for RNR (stable-fixes).
- workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker (bsc#1235416).
- writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs (bsc#1234203).
- x86,amd_iommu: Replace cmpxchg_double() (bsc#1220773).
- x86,intel_iommu: Replace cmpxchg_double() (bsc#1220773).
- x86/hyperv: Fix hv tsc page based sched_clock for hibernation (git-fixes).
- xfs: do not allocate COW extents when unsharing a hole (git-fixes).
- xfs: fix sb_spino_align checks for large fsblock sizes (git-fixes).
- xfs: remove unknown compat feature check in superblock write validation (git-fixes).
- xfs: return from xfs_symlink_verify early on V4 filesystems (git-fixes).
- xfs: sb_spino_align is not verified (git-fixes).
- xhci: Add usb cold attach (CAS) as a reason to resume root hub (git-fixes).
- xhci: Allow RPM on the USB controller (1022:43f7) by default (stable-fixes).
- xhci: fix possible null pointer deref during xhci urb enqueue (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:196-1
Released: Tue Jan 21 09:34:32 2025
Summary: Security update for dhcp
Type: security
Severity: moderate
References: 1192020
This update for dhcp fixes the following issues:
- Fixed dhcp not starting in case group nogroup is missing (bsc#1192020)
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:222-1
Released: Wed Jan 22 12:30:04 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:225-1
Released: Wed Jan 22 15:31:54 2025
Summary: Recommended update for vim
Type: recommended
Severity: moderate
References: 1234214,1234245,1234333
This update for vim fixes the following issues:
- Fix for migration problems related to 'xxd', a subpackages of vim (bsc#1234333 / bsc#1234214 / bsc#1234245).
Package 'xxd' has been obsoleted by Vim, as it provides the xxd
files directly.
However, because the 'Obsoletes' entry was versioned, depending on
which version of 'xxd' that is installed, the 'Obsoletes' isn't
actually triggered. Thus, there is a conflict between 'vim' and
'xxd' in these cases.
Fixing this by removing the version completely. The 'vim' package
should always replace 'xxd', even if people are migrating from an
older SLE15 service pack which has the exact same version.
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- amazon-dracut-config-0.0.4-150300.7.9.2 added
- containerd-ctr-1.7.23-150000.120.1 updated
- containerd-1.7.23-150000.120.1 updated
- dhcp-client-4.3.6.P1-150000.6.22.1 updated
- dhcp-4.3.6.P1-150000.6.22.1 updated
- docker-26.1.5_ce-150000.212.1 updated
- glibc-locale-base-2.38-150600.14.20.3 updated
- glibc-locale-2.38-150600.14.20.3 updated
- glibc-2.38-150600.14.20.3 updated
- grub2-i386-pc-2.12-150600.8.12.1 updated
- grub2-x86_64-efi-2.12-150600.8.12.1 updated
- grub2-x86_64-xen-2.12-150600.8.12.1 updated
- grub2-2.12-150600.8.12.1 updated
- hwdata-0.390-150000.3.74.2 updated
- kdump-2.0.6+git19.ge6e33ae-150600.3.6.2 updated
- kernel-default-6.4.0-150600.23.33.1 updated
- libcurl4-8.6.0-150600.4.18.1 updated
- libnl-config-3.9.0-150600.15.4.4 updated
- libnl3-200-3.9.0-150600.15.4.4 updated
- libproxy1-0.5.3-150600.4.6.2 updated
- libpxbackend-1_0-0.5.3-150600.4.6.2 updated
- libsystemd0-254.21-150600.4.21.1 updated
- libudev1-254.21-150600.4.21.1 updated
- libzypp-17.35.16-150600.3.41.1 updated
- permissions-20240826-150600.10.12.1 updated
- python3-Jinja2-2.10.1-150000.3.18.1 updated
- systemd-254.21-150600.4.21.1 updated
- udev-254.21-150600.4.21.1 updated
- vim-data-common-9.1.0836-150500.20.18.1 updated
- vim-9.1.0836-150500.20.18.1 updated
- xen-libs-4.18.4_02-150600.3.15.2 updated
- xen-tools-domU-4.18.4_02-150600.3.15.2 updated
- zypper-1.14.79-150600.10.19.1 updated
From sle-container-updates at lists.suse.com Sat Jan 18 08:14:12 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 18 Jan 2025 09:14:12 +0100 (CET)
Subject: SUSE-CU-2025:303-1: Security update of
suse/hpc/warewulf4-x86_64/sle-hpc-node
Message-ID: <20250118081412.AEA8FF78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/hpc/warewulf4-x86_64/sle-hpc-node
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:303-1
Container Tags : suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6 , suse/hpc/warewulf4-x86_64/sle-hpc-node:15.6.17.5.88 , suse/hpc/warewulf4-x86_64/sle-hpc-node:latest
Container Release : 17.5.88
Severity : important
Type : security
References : 1214954 1216813 1220773 1224095 1224726 1225743 1225758 1225820
1227445 1228526 1229809 1230205 1230413 1230697 1231854 1231909
1231963 1232193 1232198 1232201 1232418 1232419 1232420 1232421
1232436 1233038 1233070 1233096 1233200 1233204 1233239 1233259
1233260 1233324 1233328 1233461 1233467 1233468 1233469 1233546
1233558 1233637 1233642 1233772 1233837 1234024 1234069 1234071
1234073 1234075 1234076 1234077 1234079 1234086 1234139 1234140
1234141 1234142 1234143 1234144 1234145 1234146 1234147 1234148
1234149 1234150 1234153 1234155 1234156 1234158 1234159 1234160
1234161 1234162 1234163 1234164 1234165 1234166 1234167 1234168
1234169 1234170 1234171 1234172 1234173 1234174 1234175 1234176
1234177 1234178 1234179 1234180 1234181 1234182 1234183 1234184
1234185 1234186 1234187 1234188 1234189 1234190 1234191 1234192
1234193 1234194 1234195 1234196 1234197 1234198 1234199 1234200
1234201 1234203 1234204 1234205 1234207 1234208 1234209 1234219
1234220 1234221 1234237 1234238 1234239 1234240 1234241 1234242
1234243 1234278 1234279 1234280 1234281 1234282 1234294 1234338
1234357 1234381 1234454 1234464 1234605 1234651 1234652 1234654
1234655 1234657 1234658 1234659 1234665 1234668 1234690 1234725
1234726 1234810 1234811 1234826 1234827 1234829 1234832 1234834
1234843 1234846 1234848 1234853 1234855 1234856 1234884 1234889
1234891 1234899 1234900 1234905 1234907 1234909 1234911 1234912
1234916 1234918 1234920 1234921 1234922 1234929 1234930 1234937
1234948 1234950 1234952 1234960 1234962 1234963 1234968 1234969
1234970 1234971 1234973 1234974 1234989 1234999 1235002 1235003
1235004 1235007 1235009 1235016 1235019 1235033 1235045 1235056
1235061 1235075 1235108 1235128 1235134 1235138 1235246 1235406
1235409 1235416 1235507 1235550 CVE-2024-26924 CVE-2024-27397
CVE-2024-35839 CVE-2024-36908 CVE-2024-36915 CVE-2024-39480 CVE-2024-41042
CVE-2024-44934 CVE-2024-44996 CVE-2024-47678 CVE-2024-49854 CVE-2024-49884
CVE-2024-49915 CVE-2024-50016 CVE-2024-50018 CVE-2024-50039 CVE-2024-50047
CVE-2024-50143 CVE-2024-50154 CVE-2024-50202 CVE-2024-50203 CVE-2024-50211
CVE-2024-50228 CVE-2024-50256 CVE-2024-50262 CVE-2024-50272 CVE-2024-50278
CVE-2024-50279 CVE-2024-50280 CVE-2024-53050 CVE-2024-53064 CVE-2024-53090
CVE-2024-53095 CVE-2024-53099 CVE-2024-53103 CVE-2024-53105 CVE-2024-53111
CVE-2024-53113 CVE-2024-53117 CVE-2024-53118 CVE-2024-53119 CVE-2024-53120
CVE-2024-53122 CVE-2024-53125 CVE-2024-53126 CVE-2024-53127 CVE-2024-53129
CVE-2024-53130 CVE-2024-53131 CVE-2024-53133 CVE-2024-53134 CVE-2024-53136
CVE-2024-53141 CVE-2024-53142 CVE-2024-53144 CVE-2024-53146 CVE-2024-53148
CVE-2024-53150 CVE-2024-53151 CVE-2024-53154 CVE-2024-53155 CVE-2024-53156
CVE-2024-53157 CVE-2024-53158 CVE-2024-53159 CVE-2024-53160 CVE-2024-53161
CVE-2024-53162 CVE-2024-53166 CVE-2024-53169 CVE-2024-53171 CVE-2024-53173
CVE-2024-53174 CVE-2024-53179 CVE-2024-53180 CVE-2024-53188 CVE-2024-53190
CVE-2024-53191 CVE-2024-53200 CVE-2024-53201 CVE-2024-53202 CVE-2024-53206
CVE-2024-53207 CVE-2024-53208 CVE-2024-53209 CVE-2024-53210 CVE-2024-53213
CVE-2024-53214 CVE-2024-53215 CVE-2024-53216 CVE-2024-53217 CVE-2024-53222
CVE-2024-53224 CVE-2024-53229 CVE-2024-53234 CVE-2024-53237 CVE-2024-53240
CVE-2024-53241 CVE-2024-56536 CVE-2024-56539 CVE-2024-56549 CVE-2024-56551
CVE-2024-56562 CVE-2024-56566 CVE-2024-56567 CVE-2024-56576 CVE-2024-56582
CVE-2024-56599 CVE-2024-56604 CVE-2024-56605 CVE-2024-56645 CVE-2024-56667
CVE-2024-56752 CVE-2024-56754 CVE-2024-56755 CVE-2024-56756 CVE-2024-8805
-----------------------------------------------------------------
The container suse/hpc/warewulf4-x86_64/sle-hpc-node was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:154-1
Released: Fri Jan 17 10:15:08 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1214954,1216813,1220773,1224095,1224726,1225743,1225758,1225820,1227445,1228526,1229809,1230205,1230413,1230697,1231854,1231909,1231963,1232193,1232198,1232201,1232418,1232419,1232420,1232421,1232436,1233038,1233070,1233096,1233200,1233204,1233239,1233259,1233260,1233324,1233328,1233461,1233467,1233468,1233469,1233546,1233558,1233637,1233642,1233772,1233837,1234024,1234069,1234071,1234073,1234075,1234076,1234077,1234079,1234086,1234139,1234140,1234141,1234142,1234143,1234144,1234145,1234146,1234147,1234148,1234149,1234150,1234153,1234155,1234156,1234158,1234159,1234160,1234161,1234162,1234163,1234164,1234165,1234166,1234167,1234168,1234169,1234170,1234171,1234172,1234173,1234174,1234175,1234176,1234177,1234178,1234179,1234180,1234181,1234182,1234183,1234184,1234185,1234186,1234187,1234188,1234189,1234190,1234191,1234192,1234193,1234194,1234195,1234196,1234197,1234198,1234199,1234200,1234201,1234203,1234204,1234205,1234207,1234208,1234209,1234219,1234220,1234221,1234237,1
234238,1234239,1234240,1234241,1234242,1234243,1234278,1234279,1234280,1234281,1234282,1234294,1234338,1234357,1234381,1234454,1234464,1234605,1234651,1234652,1234654,1234655,1234657,1234658,1234659,1234668,1234690,1234725,1234726,1234810,1234811,1234826,1234827,1234829,1234832,1234834,1234843,1234846,1234848,1234853,1234855,1234856,1234884,1234889,1234891,1234899,1234900,1234905,1234907,1234909,1234911,1234912,1234916,1234918,1234920,1234921,1234922,1234929,1234930,1234937,1234948,1234950,1234952,1234960,1234962,1234963,1234968,1234969,1234970,1234971,1234973,1234974,1234989,1234999,1235002,1235003,1235004,1235007,1235009,1235016,1235019,1235033,1235045,1235056,1235061,1235075,1235108,1235128,1235134,1235138,1235246,1235406,1235409,1235416,1235507,1235550,CVE-2024-26924,CVE-2024-27397,CVE-2024-35839,CVE-2024-36908,CVE-2024-36915,CVE-2024-39480,CVE-2024-41042,CVE-2024-44934,CVE-2024-44996,CVE-2024-47678,CVE-2024-49854,CVE-2024-49884,CVE-2024-49915,CVE-2024-50016,CVE-2024-50018,CVE-2
024-50039,CVE-2024-50047,CVE-2024-50143,CVE-2024-50154,CVE-2024-50202,CVE-2024-50203,CVE-2024-50211,CVE-2024-50228,CVE-2024-50256,CVE-2024-50262,CVE-2024-50272,CVE-2024-50278,CVE-2024-50279,CVE-2024-50280,CVE-2024-53050,CVE-2024-53064,CVE-2024-53090,CVE-2024-53095,CVE-2024-53099,CVE-2024-53103,CVE-2024-53105,CVE-2024-53111,CVE-2024-53113,CVE-2024-53117,CVE-2024-53118,CVE-2024-53119,CVE-2024-53120,CVE-2024-53122,CVE-2024-53125,CVE-2024-53126,CVE-2024-53127,CVE-2024-53129,CVE-2024-53130,CVE-2024-53131,CVE-2024-53133,CVE-2024-53134,CVE-2024-53136,CVE-2024-53141,CVE-2024-53142,CVE-2024-53144,CVE-2024-53146,CVE-2024-53148,CVE-2024-53150,CVE-2024-53151,CVE-2024-53154,CVE-2024-53155,CVE-2024-53156,CVE-2024-53157,CVE-2024-53158,CVE-2024-53159,CVE-2024-53160,CVE-2024-53161,CVE-2024-53162,CVE-2024-53166,CVE-2024-53169,CVE-2024-53171,CVE-2024-53173,CVE-2024-53174,CVE-2024-53179,CVE-2024-53180,CVE-2024-53188,CVE-2024-53190,CVE-2024-53191,CVE-2024-53200,CVE-2024-53201,CVE-2024-53202,CVE-2024-532
06,CVE-2024-53207,CVE-2024-53208,CVE-2024-53209,CVE-2024-53210,CVE-2024-53213,CVE-2024-53214,CVE-2024-53215,CVE-2024-53216,CVE-2024-53217,CVE-2024-53222,CVE-2024-53224,CVE-2024-53229,CVE-2024-53234,CVE-2024-53237,CVE-2024-53240,CVE-2024-53241,CVE-2024-56536,CVE-2024-56539,CVE-2024-56549,CVE-2024-56551,CVE-2024-56562,CVE-2024-56566,CVE-2024-56567,CVE-2024-56576,CVE-2024-56582,CVE-2024-56599,CVE-2024-56604,CVE-2024-56605,CVE-2024-56645,CVE-2024-56667,CVE-2024-56752,CVE-2024-56754,CVE-2024-56755,CVE-2024-56756,CVE-2024-8805
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: netfilter: nf_tables: use timestamp to check for set element timeout (bsc#1224095).
- CVE-2024-35839: kABI fix for netfilter: bridge: replace physindev with physinif in nf_bridge_info (bsc#1224726).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
- CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809).
- CVE-2024-44996: vsock: fix recursive ->recvmsg calls (bsc#1230205).
- CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854).
- CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419).
- CVE-2024-50039: kABI: Restore deleted EXPORT_SYMBOL(__qdisc_calculate_pkt_len) (bsc#1231909).
- CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324).
- CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200).
- CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239).
- CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469).
- CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-53050: drm/i915/hdcp: Add encoder check in hdcp2_get_capability (bsc#1233546).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-53090: afs: Fix lock recursion (bsc#1233637).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53099: bpf: Check validity of link->type in bpf_link_show_fdinfo() (bsc#1233772).
- CVE-2024-53105: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() (bsc#1234069).
- CVE-2024-53111: mm/mremap: fix address wraparound in move_page_tables() (bsc#1234086).
- CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077).
- CVE-2024-53117: virtio/vsock: Improve MSG_ZEROCOPY error handling (bsc#1234079).
- CVE-2024-53118: vsock: Fix sk_error_queue memory leak (bsc#1234071).
- CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073).
- CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219).
- CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220).
- CVE-2024-53133: drm/amd/display: Handle dml allocation failure to avoid crash (bsc#1234221)
- CVE-2024-53134: pmdomain: imx93-blk-ctrl: correct remove path (bsc#1234159).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-53160: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu (bsc#1234810).
- CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53216: nfsd: fix UAF when access ex_uuid or ex_stats (bsc#1235003).
- CVE-2024-53222: zram: fix NULL pointer in comp_algorithm_show() (bsc#1234974).
- CVE-2024-53234: erofs: handle NONHEAD !delta[1] lclusters gracefully (bsc#1235045).
- CVE-2024-53240: xen/netfront: fix crash when removing device (XSA-465 bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912).
- CVE-2024-56566: mm/slub: Avoid list corruption when removing a slab from the full list (bsc#1235033).
- CVE-2024-56582: btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235128).
- CVE-2024-56599: wifi: ath10k: avoid NULL pointer error during sdio remove (bsc#1235138).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920).
The following non-security bugs were fixed:
- 9p: v9fs_fid_find: also lookup by inode if not found dentry (git-fixes).
- ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294)
- ACPI: PRM: Add PRM handler direct call support (jsc#PED-10467).
- ACPI: resource: Fix memory resource type union access (git-fixes).
- ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840 (stable-fixes).
- ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[] (stable-fixes).
- ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID (stable-fixes).
- ACPICA: events/evxfregn: do not release the ContextMutex that was never acquired (git-fixes).
- ALSA hda/realtek: Add quirk for Framework F111:000C (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on Acer Nitro 5 (stable-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- ALSA: seq: Check UMP support for midi_version change (git-fixes).
- ALSA: seq: oss: Fix races at processing SysEx messages (stable-fixes).
- ALSA: seq: ump: Fix seq port updates per FB info notify (git-fixes).
- ALSA: seq: ump: Use automatic cleanup of kfree() (stable-fixes).
- ALSA: seq: ump: Use guard() for locking (stable-fixes).
- ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5 (stable-fixes).
- ALSA: usb-audio: Notify xrun for low-latency mode (git-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- ALSA: usb-audio: US16x08: Initialize array before use (git-fixes).
- ASoC: Intel: sof_sdw: add quirk for Dell SKU 0B8C (stable-fixes).
- ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP (stable-fixes).
- ASoC: SOF: Remove libraries from topology lookups (git-fixes).
- ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 (stable-fixes).
- ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6 21M1CTO1WW (stable-fixes).
- ASoC: amd: yc: Fix the wrong return value (git-fixes).
- ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes).
- ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes).
- ASoC: amd: yc: fix internal mic on Redmi G 2022 (stable-fixes).
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes).
- ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes).
- ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes).
- ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes).
- ASoC: hdmi-codec: reorder channel allocation list (stable-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes).
- ASoC: nau8822: Lower debug print priority (stable-fixes).
- Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() (stable-fixes).
- Bluetooth: ISO: Reassociate a socket with an active BIS (stable-fixes).
- Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (stable-fixes).
- Bluetooth: MGMT: Fix possible deadlocks (git-fixes).
- Bluetooth: SCO: Add support for 16 bits transparent voice setting (git-fixes).
- Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables (stable-fixes).
- Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (stable-fixes).
- Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating (git-fixes).
- Bluetooth: iso: Fix recursive locking warning (git-fixes).
- Documentation: PM: Clarify pm_runtime_resume_and_get() return value (git-fixes).
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes).
- HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support (stable-fixes).
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes).
- NFSD: Async COPY result needs to return a write verifier (git-fixes).
- NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() (git-fixes).
- NFSD: Fix nfsd4_shutdown_copy() (git-fixes).
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes).
- NFSD: Prevent a potential integer overflow (git-fixes).
- NFSD: Remove a never-true comparison (git-fixes).
- NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point (git-fixes).
- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes).
- Octeontx2-pf: Free send queue buffers incase of leaf to inner (git-fixes).
- PCI/AER: Disable AER service on suspend (stable-fixes).
- PCI/MSI: Handle lack of irqdomain gracefully (git-fixes).
- PCI: Add 'reset_subordinate' to reset hierarchy below bridge (stable-fixes).
- PCI: Add ACS quirk for Broadcom BCM5760X NIC (stable-fixes).
- PCI: Add ACS quirk for Wangxun FF5xxx NICs (stable-fixes).
- PCI: Add T_PERST_CLK_US macro (git-fixes).
- PCI: Detect and trust built-in Thunderbolt chips (stable-fixes).
- PCI: Fix use-after-free of slot->bus on hot remove (stable-fixes).
- PCI: Use preserve_config in place of pci_flags (stable-fixes).
- PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() (stable-fixes).
- PCI: cadence: Set cdns_pcie_host_init() global (stable-fixes).
- PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads (stable-fixes).
- PCI: j721e: Add PCIe 4x lane selection support (stable-fixes).
- PCI: j721e: Add per platform maximum lane settings (stable-fixes).
- PCI: j721e: Add reset GPIO to struct j721e_pcie (stable-fixes).
- PCI: j721e: Add suspend and resume support (git-fixes).
- PCI: j721e: Use T_PERST_CLK_US macro (git-fixes).
- PCI: qcom: Add support for IPQ9574 (stable-fixes).
- PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs (stable-fixes).
- PCI: vmd: Set devices to D0 before enabling PM L1 Substates (stable-fixes).
- RAS/AMD/ATL: Translate normalized to system physical addresses using PRM (jsc#PED-10467).
- RDMA/bnxt_re: Add check for path mtu in modify_qp (git-fixes)
- RDMA/bnxt_re: Avoid initializing the software queue for user queues (git-fixes)
- RDMA/bnxt_re: Avoid sending the modify QP workaround for latest adapters (git-fixes)
- RDMA/bnxt_re: Disable use of reserved wqes (git-fixes)
- RDMA/bnxt_re: Fix max_qp_wrs reported (git-fixes)
- RDMA/bnxt_re: Fix reporting hw_ver in query_device (git-fixes)
- RDMA/bnxt_re: Fix the check for 9060 condition (git-fixes)
- RDMA/bnxt_re: Fix the locking while accessing the QP table (git-fixes)
- RDMA/bnxt_re: Remove always true dattr validity check (git-fixes)
- RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes)
- RDMA/hns: Fix accessing invalid dip_ctx during destroying QP (git-fixes)
- RDMA/hns: Fix mapping error of zero-hop WQE buffer (git-fixes)
- RDMA/hns: Fix missing flush CQE for DWQE (git-fixes)
- RDMA/hns: Fix warning storm caused by invalid input in IO path (git-fixes)
- RDMA/mlx5: Enforce same type port association for multiport RoCE (git-fixes)
- RDMA/rtrs: Ensure 'ib_sge list' is accessible (git-fixes)
- RDMA/uverbs: Prevent integer overflow issue (git-fixes)
- Revert 'block/mq-deadline: use correct way to throttling write requests' (bsc#1234146).
- Revert 'btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128)'
- Revert 'igb: Disable threaded IRQ for igb_msix_other' (git-fixes).
- Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413)
- Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413)
- Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413)
- Revert 'unicode: Do not special case ignorable code points' (stable-fixes).
- SUNRPC: make sure cache entry active before cache_show (git-fixes).
- SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT (git-fixes).
- USB: serial: option: add MediaTek T7XX compositions (stable-fixes).
- USB: serial: option: add MeiG Smart SLM770A (stable-fixes).
- USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (stable-fixes).
- USB: serial: option: add TCL IK512 MBIM & ECM (stable-fixes).
- USB: serial: option: add Telit FE910C04 rmnet compositions (stable-fixes).
- accel/habanalabs/gaudi2: unsecure tpc count registers (stable-fixes).
- accel/habanalabs: export dma-buf only if size/offset multiples of PAGE_SIZE (stable-fixes).
- accel/habanalabs: fix debugfs files permissions (stable-fixes).
- accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings (stable-fixes).
- acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (git-fixes).
- af_unix: Call manage_oob() for every skb in unix_stream_read_generic() (bsc#1234725).
- afs: Automatically generate trace tag enums (git-fixes).
- afs: Fix missing subdir edit when renamed between parent dirs (git-fixes).
- amdgpu/uvd: get ring reference from rq scheduler (git-fixes).
- arch: Introduce arch_{,try_}_cmpxchg128{,_local}() (bsc#1220773).
- arch: Remove cmpxchg_double (bsc#1220773).
- arch: consolidate arch_irq_work_raise prototypes (git-fixes).
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605)
- arm64: Force position-independent veneers (git-fixes).
- arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes).
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes).
- batman-adv: Do not let TT changes list grows indefinitely (git-fixes).
- batman-adv: Do not send uninitialized TT changes (git-fixes).
- batman-adv: Remove uninitialized data in full table TT response (git-fixes).
- blk-cgroup: Fix UAF in blkcg_unpin_online() (bsc#1234726).
- blk-core: use pr_warn_ratelimited() in bio_check_ro() (bsc#1234139).
- blk-iocost: Fix an UBSAN shift-out-of-bounds warning (bsc#1234144).
- blk-iocost: do not WARN if iocg was already offlined (bsc#1234147).
- blk-throttle: fix lockdep warning of 'cgroup_mutex or RCU read lock required!' (bsc#1234140).
- block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() (bsc#1234149).
- block, bfq: do not break merge chain in bfq_split_bfqq() (bsc#1234150).
- block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234160).
- block, bfq: fix procress reference leakage for bfqq in merge chain (bsc#1234280).
- block, bfq: fix uaf for accessing waker_bfqq after splitting (bsc#1234279).
- block/mq-deadline: Fix the tag reservation code (bsc#1234148).
- block: Call .limit_depth() after .hctx has been set (bsc#1234148).
- block: Fix where bio IO priority gets set (bsc#1234145).
- block: prevent an integer overflow in bvec_try_merge_hw_page (bsc#1234142).
- block: update the stable_writes flag in bdev_add (bsc#1234141).
- bnxt_en: Fix receive ring space parameters when XDP is active (git-fixes).
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes).
- bnxt_en: Set backplane link modes correctly for ethtool (git-fixes).
- bpf, x86: Fix PROBE_MEM runtime load check (git-fixes).
- bpf: verifier: prevent userspace memory access (git-fixes).
- btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128)
- can: gs_usb: add VID/PID for Xylanta SAINT3 product family (stable-fixes).
- can: j1939: fix error in J1939 documentation (stable-fixes).
- checkpatch: always parse orig_commit in fixes tag (git-fixes).
- checkpatch: check for missing Fixes tags (stable-fixes).
- clocksource/drivers/timer-ti-dm: Fix child node refcount handling (git-fixes).
- clocksource/drivers:sp804: Make user selectable (git-fixes).
- counter: stm32-timer-cnt: Add check for clk_enable() (git-fixes).
- counter: ti-ecap-capture: Add check for clk_enable() (git-fixes).
- crypto: qat - disable IOV in adf_dev_stop() (git-fixes).
- crypto: x86/sha256 - Add parentheses around macros' single arguments (stable-fixes).
- cyrpto/b128ops: Remove struct u128 (bsc#1220773).
- devlink: Fix length of eswitch inline-mode (git-fixes).
- dma-buf: fix dma_fence_array_signaled v4 (stable-fixes).
- dma-debug: fix a possible deadlock on radix_lock (stable-fixes).
- dmaengine: apple-admac: Avoid accessing registers in probe (git-fixes).
- dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (git-fixes).
- dmaengine: dw: Select only supported masters for ACPI devices (git-fixes).
- dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357).
- dmaengine: mv_xor: fix child node refcount handling in early exit (git-fixes).
- dmaengine: tegra: Return correct DMA status when paused (git-fixes).
- driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link (stable-fixes).
- driver core: fw_devlink: Improve logs for cycle detection (stable-fixes).
- driver core: fw_devlink: Stop trying to optimize cycle detection logic (git-fixes).
- drivers: net: ionic: add missed debugfs cleanup to ionic_probe() error path (git-fixes).
- drm/amd/display: Add HDR workaround for specific eDP (stable-fixes).
- drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw (stable-fixes).
- drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes).
- drm/amd/display: Avoid overflow assignment in link_dp_cts (stable-fixes).
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes).
- drm/amd/display: Revert Avoid overflow assignment (stable-fixes).
- drm/amd/display: Use gpuvm_min_page_size_kbytes for DML2 surfaces (stable-fixes).
- drm/amd/pm: fix the high voltage issue after unload (stable-fixes).
- drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu v13.0.7 (stable-fixes).
- drm/amdgpu/gfx10: use rlc safe mode for soft recovery (stable-fixes).
- drm/amdgpu/gfx11: use rlc safe mode for soft recovery (stable-fixes).
- drm/amdgpu/gfx9: properly handle error ints on all pipes (stable-fixes).
- drm/amdgpu/gfx9: use rlc safe mode for soft recovery (stable-fixes).
- drm/amdgpu/hdp5.2: do a posting read when flushing HDP (stable-fixes).
- drm/amdgpu/pm: Remove gpu_od if it's an empty directory (stable-fixes).
- drm/amdgpu/umsch: do not execute umsch test when GPU is in reset/suspend (stable-fixes).
- drm/amdgpu/umsch: reinitialize write pointer in hw init (stable-fixes).
- drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3 (stable-fixes).
- drm/amdgpu: Block MMR_READ IOCTL in reset (stable-fixes).
- drm/amdgpu: Dereference the ATCS ACPI buffer (stable-fixes).
- drm/amdgpu: add raven1 gfxoff quirk (stable-fixes).
- drm/amdgpu: add smu 14.0.1 discovery support (stable-fixes).
- drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih (stable-fixes).
- drm/amdgpu: differentiate external rev id for gfx 11.5.0 (stable-fixes).
- drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes).
- drm/amdgpu: do not access invalid sched (git-fixes).
- drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes).
- drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes).
- drm/amdgpu: fix usage slab after free (stable-fixes).
- drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes).
- drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr (stable-fixes).
- drm/amdgpu: set the right AMDGPU sg segment limitation (stable-fixes).
- drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov (stable-fixes).
- drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes).
- drm/amdkfd: Use device based logging for errors (stable-fixes).
- drm/amdkfd: Use the correct wptr size (stable-fixes).
- drm/amdkfd: pause autosuspend when creating pdd (stable-fixes).
- drm/bridge: adv7511_audio: Update Audio InfoFrame properly (git-fixes).
- drm/bridge: it6505: Enable module autoloading (stable-fixes).
- drm/bridge: it6505: Fix inverted reset polarity (git-fixes).
- drm/bridge: it6505: update usleep_range for RC circuit charge time (stable-fixes).
- drm/display: Fix building with GCC 15 (stable-fixes).
- drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (stable-fixes).
- drm/dp_mst: Fix MST sideband message body length check (stable-fixes).
- drm/dp_mst: Fix resetting msg rx state after topology removal (git-fixes).
- drm/dp_mst: Verify request type in the corresponding down message reply (stable-fixes).
- drm/etnaviv: flush shader L1 cache after user commandstream (stable-fixes).
- drm/i915/dg1: Fix power gate sequence (git-fixes).
- drm/i915: Fix NULL pointer dereference in capture_engine (git-fixes).
- drm/i915: Fix memory leak by correcting cache object name in error handler (git-fixes).
- drm/mcde: Enable module autoloading (stable-fixes).
- drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() (stable-fixes).
- drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 (stable-fixes).
- drm/panel: novatek-nt35950: fix return value check in nt35950_probe() (git-fixes).
- drm/panel: simple: Add Microchip AC69T88A LVDS Display panel (stable-fixes).
- drm/printer: Allow NULL data in devcoredump printer (stable-fixes).
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes).
- drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() (stable-fixes).
- drm/radeon: Fix spurious unplug event on radeon HDMI (git-fixes).
- drm/radeon: add helper rdev_to_drm(rdev) (stable-fixes).
- drm/radeon: change rdev->ddev to rdev_to_drm(rdev) (stable-fixes).
- drm/sched: memset() 'job' in drm_sched_job_init() (stable-fixes).
- drm/vc4: hdmi: Avoid log spam for audio start failure (stable-fixes).
- drm/vc4: hvs: Set AXI panic modes for the HVS (stable-fixes).
- drm: adv7511: Drop dsi single lane support (git-fixes).
- drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (git-fixes).
- drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK (stable-fixes).
- drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes).
- erofs: avoid debugging output for (de)compressed data (git-fixes).
- exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes).
- ext4: add a new helper to check if es must be kept (bsc#1234170).
- ext4: add correct group descriptors and reserved GDT blocks to system zone (bsc#1234164).
- ext4: add missed brelse in update_backups (bsc#1234171).
- ext4: allow for the last group to be marked as trimmed (bsc#1234278).
- ext4: avoid buffer_head leak in ext4_mark_inode_used() (bsc#1234191).
- ext4: avoid excessive credit estimate in ext4_tmpfile() (bsc#1234180).
- ext4: avoid negative min_clusters in find_group_orlov() (bsc#1234193).
- ext4: avoid overlapping preallocations due to overflow (bsc#1234162).
- ext4: avoid potential buffer_head leak in __ext4_new_inode() (bsc#1234192).
- ext4: avoid writing unitialized memory to disk in EA inodes (bsc#1234187).
- ext4: check the extent status again before inserting delalloc block (bsc#1234186).
- ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard (bsc#1234190).
- ext4: convert to exclusive lock while inserting delalloc extents (bsc#1234178).
- ext4: correct best extent lstart adjustment logic (bsc#1234179).
- ext4: correct grp validation in ext4_mb_good_group (bsc#1234163).
- ext4: correct return value of ext4_convert_meta_bg (bsc#1234172).
- ext4: correct the hole length returned by ext4_map_blocks() (bsc#1234178).
- ext4: correct the start block of counting reserved clusters (bsc#1234169).
- ext4: do not let fstrim block system suspend (https://bugzilla.kernel.org/show_bug.cgi?id=216322 bsc#1234166).
- ext4: do not trim the group with corrupted block bitmap (bsc#1234177).
- ext4: factor out __es_alloc_extent() and __es_free_extent() (bsc#1234170).
- ext4: factor out a common helper to query extent map (bsc#1234186).
- ext4: fix inconsistent between segment fstrim and full fstrim (bsc#1234176).
- ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() (bsc#1234188).
- ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() (bsc#1234188).
- ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() (bsc#1234188).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix potential unnitialized variable (bsc#1234183).
- ext4: fix race between writepages and remount (bsc#1234168).
- ext4: fix rec_len verify error (bsc#1234167).
- ext4: fix slab-use-after-free in ext4_es_insert_extent() (bsc#1234170).
- ext4: fix uninitialized variable in ext4_inlinedir_to_tree (bsc#1234185).
- ext4: forbid commit inconsistent quota data when errors=remount-ro (bsc#1234178).
- ext4: make ext4_es_insert_delayed_block() return void (bsc#1234170).
- ext4: make ext4_es_insert_extent() return void (bsc#1234170).
- ext4: make ext4_es_remove_extent() return void (bsc#1234170).
- ext4: make ext4_zeroout_es() return void (bsc#1234170).
- ext4: make sure allocate pending entry not fail (bsc#1234170).
- ext4: mark buffer new if it is unwritten to avoid stale data exposure (bsc#1234175).
- ext4: move 'ix' sanity check to corrent position (bsc#1234174).
- ext4: move setting of trimmed bit into ext4_try_to_trim_range() (bsc#1234165).
- ext4: nested locking for xattr inode (bsc#1234189).
- ext4: propagate errors from ext4_find_extent() in ext4_insert_range() (bsc#1234194).
- ext4: refactor ext4_da_map_blocks() (bsc#1234178).
- ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (bsc#1234173).
- ext4: remove the redundant folio_wait_stable() (bsc#1234184).
- ext4: set the type of max_zeroout to unsigned int to avoid overflow (bsc#1234182).
- ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow (bsc#1234181).
- ext4: use pre-allocated es in __es_insert_extent() (bsc#1234170).
- ext4: use pre-allocated es in __es_remove_extent() (bsc#1234170).
- ext4: using nofail preallocation in ext4_es_insert_delayed_block() (bsc#1234170).
- ext4: using nofail preallocation in ext4_es_insert_extent() (bsc#1234170).
- ext4: using nofail preallocation in ext4_es_remove_extent() (bsc#1234170).
- filemap: Fix bounds checking in filemap_read() (bsc#1234209).
- filemap: add a per-mapping stable writes flag (bsc#1234141).
- firmware: arm_scmi: Reject clear channel request on A2P (stable-fixes).
- fs-writeback: do not requeue a clean inode having skipped pages (bsc#1234200).
- fs/writeback: bail out if there is no more inodes for IO and queued once (bsc#1234207).
- fsnotify: fix sending inotify event with unexpected filename (bsc#1234198).
- genirq/cpuhotplug: Retry with cpu_online_mask when migration fails (git-fixes).
- genirq/cpuhotplug: Skip suspended interrupts when restoring affinity (git-fixes).
- genirq/irqdesc: Honor caller provided affinity in alloc_desc() (git-fixes).
- gpio: grgpio: Add NULL check in grgpio_probe (git-fixes).
- gpio: grgpio: use a helper variable to store the address of ofdev->dev (stable-fixes).
- hfsplus: do not query the device logical block size multiple times (git-fixes).
- hvc/xen: fix console unplug (git-fixes).
- hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (git-fixes).
- hvc/xen: fix event channel handling for secondary consoles (git-fixes).
- hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list (stable-fixes).
- hwmon: (pmbus/core) clear faults after setting smbalert mask (git-fixes).
- hwmon: (pmbus_core) Allow to hook PMBUS_SMBALERT_MASK (stable-fixes).
- hwmon: (tmp513) Do not use 'proxy' headers (stable-fixes).
- hwmon: (tmp513) Fix Current Register value interpretation (git-fixes).
- hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit Registers (git-fixes).
- hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit Registers (git-fixes).
- hwmon: (tmp513) Simplify with dev_err_probe() (stable-fixes).
- hwmon: (tmp513) Use SI constants from units.h (stable-fixes).
- i2c: imx: add imx7d compatible string for applying erratum ERR007805 (git-fixes).
- i2c: microchip-core: actually use repeated sends (git-fixes).
- i2c: microchip-core: fix 'ghost' detections (git-fixes).
- i2c: pnx: Fix timeout in wait functions (git-fixes).
- i2c: riic: Always round-up when calculating bus period (git-fixes).
- i40e: Fix handling changed priv flags (git-fixes).
- i915/guc: Accumulate active runtime on gt reset (git-fixes).
- i915/guc: Ensure busyness counter increases motonically (git-fixes).
- i915/guc: Reset engine utilization buffer before registration (git-fixes).
- ice: Unbind the workqueue (bsc#1234989)
- ice: change q_index variable type to s16 to store -1 value (git-fixes).
- ice: consistently use q_idx in ice_vc_cfg_qs_msg() (git-fixes).
- ice: fix PHY Clock Recovery availability check (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- igb: Fix potential invalid memory access in igb_init_module() (git-fixes).
- iio: magnetometer: yas530: use signed integer type for clamp limits (git-fixes).
- instrumentation: Wire up cmpxchg128() (bsc#1220773).
- io_uring/rw: avoid punting to io-wq directly (git-fixes).
- io_uring/tctx: work around xa_store() allocation error issue (git-fixes).
- io_uring: Fix registered ring file refcount leak (git-fixes).
- io_uring: always lock __io_cqring_overflow_flush (git-fixes).
- io_uring: check if iowq is killed before queuing (git-fixes).
- iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables (git-fixes).
- irqflags: Explicitly ignore lockdep_hrtimer_exit() argument (git-fixes).
- isofs: handle CDs with bad root inode but good Joliet root directory (bsc#1234199).
- ixgbe: downgrade logging of unsupported VF API version to debug (git-fixes).
- ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5 (git-fixes).
- jffs2: Fix rtime decompressor (git-fixes).
- jffs2: Prevent rtime decompress memory corruption (git-fixes).
- jffs2: fix use of uninitialized variable (git-fixes).
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes).
- jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes).
- jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes).
- jfs: fix shift-out-of-bounds in dbSplit (git-fixes).
- jfs: xattr: check invalid xattr size more strictly (git-fixes).
- kABI workaround for struct drm_dp_mst_topology_mgr (git-fixes).
- kabi/severities: make vcap_find_actionfield PASS (bsc#1220773)
- kasan: make report_lock a raw spinlock (git-fixes).
- kdb: Fix buffer overflow during tab-complete (bsc#1234652).
- kdb: Fix console handling when editing and tab-completing commands (bsc#1234655).
- kdb: Merge identical case statements in kdb_read() (bsc#1234657).
- kdb: Use format-specifiers rather than memset() for padding in kdb_read() (bsc#1234658).
- kdb: Use format-strings rather than '\0' injection in kdb_read() (bsc#1234654).
- kdb: Use the passed prompt in kdb_position_cursor() (bsc#1234654).
- kdb: address -Wformat-security warnings (bsc#1234659).
- kgdb: Flush console before entering kgdb on panic (bsc#1234651).
- leds: class: Protect brightness_show() with led_cdev->led_access mutex (stable-fixes).
- linux/dmaengine.h: fix a few kernel-doc warnings (git-fixes).
- locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() (bsc#1220773 git-fix).
- loop: fix the the direct I/O support check when used on top of block devices (bsc#1234143).
- mac80211: fix user-power when emulating chanctx (stable-fixes).
- media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 (stable-fixes).
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (git-fixes).
- media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera (stable-fixes).
- media: uvcvideo: RealSense D421 Depth module metadata (stable-fixes).
- mfd: da9052-spi: Change read-mask to write-mask (git-fixes).
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices (git-fixes).
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (git-fixes).
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device (git-fixes).
- mm/filemap: avoid buffered read/write race to read inconsistent data (bsc#1234204).
- mm/readahead: do not allow order-1 folio (bsc#1234205).
- mm/readahead: limit page cache size in page_cache_ra_order() (bsc#1234208).
- mmc: core: Add SD card quirk for broken poweroff notification (stable-fixes).
- mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting (git-fixes).
- mmc: mtk-sd: fix devm_clk_get_optional usage (stable-fixes).
- mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED (stable-fixes).
- mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet (stable-fixes).
- mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (git-fixes).
- mtd: diskonchip: Cast an operand to prevent potential overflow (git-fixes).
- mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes).
- mtd: hyperbus: rpc-if: Convert to platform remove callback returning void (stable-fixes).
- mtd: rawnand: arasan: Fix double assertion of chip-select (git-fixes).
- mtd: rawnand: arasan: Fix missing de-registration of NAND (git-fixes).
- mtd: rawnand: fix double free in atmel_pmecc_create_user() (git-fixes).
- net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (git-fixes).
- net/ipv6: release expired exception dst cached in socket (bsc#1216813).
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes).
- net/mlx5e: Remove workaround to avoid syndrome for internal port (git-fixes).
- net/mlx5e: clear xdp features on non-uplink representors (git-fixes).
- net/qed: allow old cards not supporting 'num_images' to work (git-fixes).
- net: Return error from sk_stream_wait_connect() if sk_wait_event() fails (git-fixes).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- net: usb: qmi_wwan: add Quectel RG650V (stable-fixes).
- nfs: ignore SB_RDONLY when mounting nfs (git-fixes).
- nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (git-fixes).
- nfsd: make sure exp active before svc_export_show (git-fixes).
- nfsd: release svc_expkey/svc_export with rcu_work (git-fixes).
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- nilfs2: fix buffer head leaks in calls to truncate_inode_pages() (git-fixes).
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes).
- nilfs2: prevent use of deleted inode (git-fixes).
- nvme-pci: 512 byte aligned dma pool segment quirk (git-fixes).
- nvme-rdma: unquiesce admin_q before destroy it (git-fixes).
- nvme-tcp: fix the memleak while create new ctrl failed (git-fixes).
- nvme/multipath: Fix RCU list traversal to use SRCU primitive (git-fixes).
- nvme: apple: fix device reference counting (git-fixes).
- nvme: fix metadata handling in nvme-passthrough (git-fixes).
- nvmet-loop: avoid using mutex in IO hotpath (git-fixes).
- ocfs2: fix uninitialized value in ocfs2_file_read_iter() (git-fixes).
- ocfs2: free inode when ocfs2_get_init_inode() fails (git-fixes).
- of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() (git-fixes).
- of: Fix error path in of_parse_phandle_with_args_map() (git-fixes).
- of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (git-fixes).
- of: address: Report error on resource bounds overflow (stable-fixes).
- parisc: Raise minimal GCC version (bsc#1220773).
- parisc: Raise minimal GCC version to 12.0.0 (bsc#1220773 git-fix).
- percpu: Add {raw,this}_cpu_try_cmpxchg() (bsc#1220773).
- percpu: Fix self-assignment of __old in raw_cpu_generic_try_cmpxchg() (bsc#1220773 git-fix).
- percpu: Wire up cmpxchg128 (bsc#1220773).
- phy: core: Fix an OF node refcount leakage in _of_phy_get() (git-fixes).
- phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (git-fixes).
- phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider (git-fixes).
- phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (git-fixes).
- phy: core: Fix that API devm_phy_put() fails to release the phy (git-fixes).
- phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP (git-fixes).
- phy: rockchip: naneng-combphy: fix phy reset (git-fixes).
- phy: usb: Toggle the PHY power during init (git-fixes).
- pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (git-fixes).
- pinctrl: qcom-pmic-gpio: add support for PM8937 (stable-fixes).
- pinctrl: qcom: spmi-mpp: Add PM8937 compatible (stable-fixes).
- pinmux: Use sequential access to access desc->pinmux data (stable-fixes).
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).
- platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (stable-fixes).
- platform/x86: dell-smbios-base: Extends support to Alienware products (stable-fixes).
- platform/x86: dell-wmi-base: Handle META key Lock/Unlock events (stable-fixes).
- platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect fan speed (stable-fixes).
- power: supply: gpio-charger: Fix set charge current limits (git-fixes).
- powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active (bsc#1235108).
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes).
- quota: Fix rcu annotations of inode dquot pointers (bsc#1234197).
- quota: explicitly forbid quota files from being encrypted (bsc#1234196).
- quota: flush quota_release_work upon quota writeback (bsc#1234195).
- quota: simplify drop_dquot_ref() (bsc#1234197).
- readahead: use ilog2 instead of a while loop in page_cache_ra_order() (bsc#1234208).
- regmap: Use correct format specifier for logging range errors (stable-fixes).
- regulator: rk808: Add apply_bit for BUCK3 on RK809 (stable-fixes).
- rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454)
- rtc: cmos: avoid taking rtc_lock for extended period of time (stable-fixes).
- s390/cio: Do not unregister the subchannel based on DNV (git-fixes).
- s390/cpum_sf: Convert to cmpxchg128() (bsc#1220773).
- s390/cpum_sf: Handle CPU hotplug remove during sampling (git-fixes).
- s390/cpum_sf: Remove WARN_ON_ONCE statements (git-fixes).
- s390/facility: Disable compile time optimization for decompressor code (git-fixes).
- s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (git-fixes).
- s390/pageattr: Implement missing kernel_page_present() (git-fixes).
- scatterlist: fix incorrect func name in kernel-doc (git-fixes).
- sched/numa: fix memory leak due to the overwritten vma->numab_state (git fixes (sched/numa)).
- scsi: lpfc: Add handling for LS_RJT reason explanation authentication required (bsc#1235409).
- scsi: lpfc: Add support for large fw object application layer reads (bsc#1235409).
- scsi: lpfc: Change lpfc_nodelist save_flags member into a bitmask (bsc#1235409).
- scsi: lpfc: Copyright updates for 14.4.0.7 patches (bsc#1235409).
- scsi: lpfc: Delete NLP_TARGET_REMOVE flag due to obsolete usage (bsc#1235409).
- scsi: lpfc: Modify handling of ADISC based on ndlp state and RPI registration (bsc#1235409).
- scsi: lpfc: Redefine incorrect type in lpfc_create_device_data() (bsc#1235409).
- scsi: lpfc: Restrict the REG_FCFI MAM field to FCoE adapters only (bsc#1235409).
- scsi: lpfc: Update definition of firmware configuration mbox cmds (bsc#1235409).
- scsi: lpfc: Update lpfc version to 14.4.0.7 (bsc#1235409).
- scsi: qla2xxx: Fix NVMe and NPIV connect issue (bsc#1235406).
- scsi: qla2xxx: Fix abort in bsg timeout (bsc#1235406).
- scsi: qla2xxx: Fix use after free on unload (bsc#1235406).
- scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt (bsc#1235406).
- scsi: qla2xxx: Remove the unused 'del_list_entry' field in struct fc_port (bsc#1235406).
- scsi: qla2xxx: Supported speed displayed incorrectly for VPorts (bsc#1235406).
- scsi: qla2xxx: Update version to 10.02.09.400-k (bsc#1235406).
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- selftests/bpf: Test PROBE_MEM of VSYSCALL_ADDR on x86-64 (git-fixes).
- serial: 8250_dw: Add Sophgo SG2044 quirk (stable-fixes).
- serial: 8250_dw: Do not use struct dw8250_data outside of 8250_dw (git-fixes).
- serial: 8250_dw: Replace ACPI device check by a quirk (git-fixes).
- serial: 8250_fintek: Add support for F81216E (stable-fixes).
- serial: Do not hold the port lock when setting rx-during-tx GPIO (git-fixes).
- serial: amba-pl011: Fix RX stall when DMA is used (git-fixes).
- serial: amba-pl011: Use port lock wrappers (stable-fixes).
- serial: amba-pl011: fix build regression (git-fixes).
- serial: do not use uninitialized value in uart_poll_init() (git-fixes).
- serial: imx: only set receiver level if it is zero (git-fixes).
- serial: imx: set receiver level before starting uart (git-fixes).
- serial: qcom-geni: Do not cancel/abort if we can't get the port lock (git-fixes).
- serial: qcom-geni: disable interrupts during console writes (git-fixes).
- serial: qcom-geni: fix arg types for qcom_geni_serial_poll_bit() (git-fixes).
- serial: qcom-geni: fix console corruption (git-fixes).
- serial: qcom-geni: fix dma rx cancellation (git-fixes).
- serial: qcom-geni: fix false console tx restart (git-fixes).
- serial: qcom-geni: fix fifo polling timeout (git-fixes).
- serial: qcom-geni: fix hard lockup on buffer flush (git-fixes).
- serial: qcom-geni: fix polled console corruption (git-fixes).
- serial: qcom-geni: fix polled console initialisation (git-fixes).
- serial: qcom-geni: fix receiver enable (git-fixes).
- serial: qcom-geni: fix shutdown race (git-fixes).
- serial: qcom-geni: fix soft lockup on sw flow control and suspend (git-fixes).
- serial: qcom-geni: introduce qcom_geni_serial_poll_bitfield() (git-fixes).
- serial: qcom-geni: revert broken hibernation support (git-fixes).
- serial: stm32: Return IRQ_NONE in the ISR if no handling happend (git-fixes).
- serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled (git-fixes).
- slub: Replace cmpxchg_double() (bsc#1220773).
- slub: Replace cmpxchg_double() - KABI fix (bsc#1220773).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: fix issue described in bsc#1233642]
- soc/fsl: cpm: qmc: Convert to platform remove callback returning void (stable-fixes).
- soc: fsl: cpm1: qmc: Fix blank line and spaces (stable-fixes).
- soc: fsl: cpm1: qmc: Introduce qmc_init_resource() and its CPM1 version (stable-fixes).
- soc: fsl: cpm1: qmc: Introduce qmc_{init,exit}_xcc() and their CPM1 version (stable-fixes).
- soc: fsl: cpm1: qmc: Re-order probe() operations (stable-fixes).
- soc: fsl: cpm1: qmc: Set the ret error code on platform_get_irq() failure (git-fixes).
- soc: imx8m: Probe the SoC driver as platform driver (stable-fixes).
- soc: qcom: Add check devm_kasprintf() returned value (stable-fixes).
- soc: qcom: geni-se: Add M_TX_FIFO_NOT_EMPTY bit definition (git-fixes).
- soc: qcom: geni-se: add GP_LENGTH/IRQ_EN_SET/IRQ_EN_CLEAR registers (git-fixes).
- soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (git-fixes).
- spi: aspeed: Fix an error handling path in aspeed_spi_[read|write]_user() (git-fixes).
- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (git-fixes).
- sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (git-fixes).
- sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() (git-fixes).
- svcrdma: Address an integer overflow (git-fixes).
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes).
- swiotlb: Enforce page alignment in swiotlb_alloc() (git-fixes).
- swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE (git-fixes).
- thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens (stable-fixes).
- tools: hv: change permissions of NetworkManager configuration file (git-fixes).
- tpm/eventlog: Limit memory allocations for event logs with excessive size (bsc#1233260 bsc#1233259 bsc#1232421).
- tpm_tis_spi: Release chip select when flow control fails (bsc#1234338)
- tty: serial: kgdboc: Fix 8250_* kgdb over serial (git-fixes).
- types: Introduce [us]128 (bsc#1220773).
- ubifs: Correct the total block count by deducting journal reservation (git-fixes).
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes).
- udf: Fix lock ordering in udf_evict_inode() (bsc#1234238).
- udf: fix uninit-value use in udf_get_fileshortad (bsc#1234243).
- udf: prevent integer overflow in udf_bitmap_free_blocks() (bsc#1234239).
- udf: refactor inode_bmap() to handle error (bsc#1234242).
- udf: refactor udf_current_aext() to handle error (bsc#1234240).
- udf: refactor udf_next_aext() to handle error (bsc#1234241).
- udf: udftime: prevent overflow in udf_disk_stamp_to_time() (bsc#1234237).
- usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver (stable-fixes).
- usb: cdns3-ti: Add workaround for Errata i2409 (stable-fixes).
- usb: cdns3: Add quirk flag to enable suspend residency (stable-fixes).
- usb: chipidea: udc: handle USB Error Interrupt if IOC not set (stable-fixes).
- usb: dwc2: Fix HCD port connection race (git-fixes).
- usb: dwc2: Fix HCD resume (git-fixes).
- usb: dwc2: gadget: Do not write invalid mapped sg entries into dma_desc with iommu enabled (stable-fixes).
- usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature (git-fixes).
- usb: dwc3: ep0: Do not clear ep0 DWC3_EP_TRANSFER_STARTED (git-fixes).
- usb: dwc3: ep0: Do not reset resource alloc flag (git-fixes).
- usb: dwc3: ep0: Do not reset resource alloc flag (including ep0) (git-fixes).
- usb: dwc3: gadget: Rewrite endpoint allocation flow (stable-fixes).
- usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode (git-fixes).
- usb: ehci-hcd: fix call balance of clocks handling routines (git-fixes).
- usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (git-fixes).
- usb: host: max3421-hcd: Correctly abort a USB request (git-fixes).
- usb: typec: anx7411: fix OF node reference leaks in anx7411_typec_switch_probe() (git-fixes).
- usb: typec: anx7411: fix fwnode_handle reference leak (git-fixes).
- usb: typec: use cleanup facility for 'altmodes_node' (stable-fixes).
- vDPA/ifcvf: Fix pci_read_config_byte() return code handling (git-fixes).
- vdpa/mlx5: Fix PA offset with unaligned starting iotlb map (git-fixes).
- vdpa/mlx5: Fix suboptimal range on iotlb iteration (git-fixes).
- vdpa: solidrun: Fix UB bug with devres (git-fixes).
- vfs: fix readahead(2) on block devices (bsc#1234201).
- wifi: ath5k: add PCI ID for Arcadyan devices (git-fixes).
- wifi: ath5k: add PCI ID for SX76X (git-fixes).
- wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (stable-fixes).
- wifi: cfg80211: sme: init n_channels before channels[] access (git-fixes).
- wifi: cw1200: Fix potential NULL dereference (git-fixes).
- wifi: ipw2x00: libipw_rx_any(): fix bad alignment (stable-fixes).
- wifi: iwlwifi: mvm: Use the sync timepoint API in suspend (stable-fixes).
- wifi: mac80211: clean up 'ret' in sta_link_apply_parameters() (stable-fixes).
- wifi: mac80211: fix station NSS capability initialization order (git-fixes).
- wifi: mac80211: init cnt before accessing elem in ieee80211_copy_mbssid_beacon (git-fixes).
- wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one (git-fixes).
- wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures (stable-fixes).
- wifi: rtw89: check return value of ieee80211_probereq_get() for RNR (stable-fixes).
- workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker (bsc#1235416).
- writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs (bsc#1234203).
- x86,amd_iommu: Replace cmpxchg_double() (bsc#1220773).
- x86,intel_iommu: Replace cmpxchg_double() (bsc#1220773).
- x86/hyperv: Fix hv tsc page based sched_clock for hibernation (git-fixes).
- xfs: do not allocate COW extents when unsharing a hole (git-fixes).
- xfs: fix sb_spino_align checks for large fsblock sizes (git-fixes).
- xfs: remove unknown compat feature check in superblock write validation (git-fixes).
- xfs: return from xfs_symlink_verify early on V4 filesystems (git-fixes).
- xfs: sb_spino_align is not verified (git-fixes).
- xhci: Add usb cold attach (CAS) as a reason to resume root hub (git-fixes).
- xhci: Allow RPM on the USB controller (1022:43f7) by default (stable-fixes).
- xhci: fix possible null pointer deref during xhci urb enqueue (git-fixes).
The following package changes have been done:
- glibc-locale-base-2.38-150600.14.20.3 updated
- glibc-2.38-150600.14.20.3 updated
- kernel-default-6.4.0-150600.23.33.1 updated
From sle-container-updates at lists.suse.com Fri Jan 24 08:02:27 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 24 Jan 2025 09:02:27 +0100 (CET)
Subject: SUSE-IU-2025:342-1: Security update of
sles-15-sp6-chost-byos-v20250122-arm64
Message-ID: <20250124080227.6B2FFFBA0@maintenance.suse.de>
SUSE Image Update Advisory: sles-15-sp6-chost-byos-v20250122-arm64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:342-1
Image Tags : sles-15-sp6-chost-byos-v20250122-arm64:20250122
Image Release :
Severity : important
Type : security
References : 1012628 1027519 1065729 1082555 1082756 1189451 1194869 1203617
1214954 1215199 1216813 1217070 1217845 1218562 1218644 1219596
1219736 1219803 1220338 1220355 1220382 1220773 1221309 1222423
1222587 1222590 1223112 1223384 1223656 1223700 1223733 1223824
1223848 1224088 1224095 1224429 1224518 1224548 1224574 1224726
1224948 1225611 1225713 1225725 1225730 1225742 1225743 1225758
1225764 1225768 1225813 1225820 1225903 1226003 1226130 1226498
1226623 1226631 1226748 1226797 1226848 1226872 1227445 1227726
1227842 1228119 1228244 1228269 1228324 1228410 1228430 1228454
1228526 1228537 1228553 1228620 1228743 1228747 1228850 1228857
1229019 1229165 1229238 1229429 1229450 1229585 1229677 1229769
1229806 1229808 1229809 1229891 1230055 1230132 1230179 1230205
1230220 1230231 1230289 1230294 1230295 1230331 1230333 1230339
1230341 1230375 1230413 1230414 1230429 1230456 1230501 1230527
1230550 1230557 1230558 1230600 1230620 1230697 1230710 1230733
1230762 1230763 1230773 1230774 1230801 1230807 1230817 1230827
1230831 1230914 1230918 1230971 1231016 1231035 1231048 1231072
1231073 1231075 1231076 1231081 1231082 1231083 1231084 1231085
1231087 1231089 1231092 1231093 1231094 1231096 1231098 1231100
1231101 1231102 1231105 1231108 1231111 1231114 1231115 1231116
1231117 1231131 1231132 1231135 1231136 1231138 1231148 1231169
1231170 1231171 1231178 1231179 1231182 1231183 1231187 1231191
1231193 1231195 1231197 1231200 1231202 1231203 1231276 1231293
1231348 1231373 1231384 1231434 1231435 1231436 1231439 1231440
1231441 1231442 1231452 1231453 1231465 1231474 1231481 1231496
1231502 1231537 1231539 1231540 1231541 1231604 1231617 1231630
1231634 1231635 1231636 1231637 1231638 1231639 1231640 1231673
1231775 1231776 1231828 1231849 1231854 1231855 1231856 1231857
1231858 1231859 1231860 1231861 1231864 1231865 1231868 1231869
1231871 1231872 1231901 1231902 1231903 1231904 1231906 1231907
1231908 1231909 1231914 1231916 1231920 1231924 1231926 1231930
1231931 1231935 1231942 1231944 1231946 1231947 1231950 1231951
1231952 1231953 1231954 1231955 1231956 1231957 1231963 1231965
1231967 1231968 1231987 1231988 1231989 1231990 1231998 1232000
1232003 1232009 1232013 1232015 1232016 1232017 1232018 1232024
1232024 1232033 1232034 1232036 1232043 1232047 1232048 1232049
1232050 1232056 1232075 1232076 1232079 1232080 1232083 1232084
1232085 1232089 1232090 1232093 1232094 1232096 1232097 1232098
1232103 1232104 1232105 1232109 1232111 1232114 1232116 1232117
1232124 1232126 1232127 1232129 1232130 1232131 1232132 1232134
1232135 1232140 1232141 1232142 1232145 1232147 1232148 1232149
1232151 1232152 1232154 1232155 1232156 1232157 1232159 1232160
1232162 1232164 1232165 1232166 1232174 1232180 1232182 1232183
1232185 1232187 1232189 1232192 1232193 1232195 1232196 1232198
1232198 1232199 1232200 1232201 1232201 1232207 1232208 1232217
1232218 1232220 1232221 1232222 1232224 1232227 1232232 1232250
1232251 1232253 1232254 1232255 1232256 1232258 1232259 1232260
1232262 1232263 1232264 1232272 1232275 1232279 1232282 1232285
1232287 1232295 1232305 1232307 1232309 1232310 1232312 1232313
1232314 1232315 1232316 1232317 1232318 1232329 1232332 1232333
1232334 1232335 1232337 1232339 1232340 1232342 1232345 1232349
1232352 1232354 1232355 1232357 1232358 1232359 1232361 1232362
1232366 1232367 1232368 1232369 1232370 1232371 1232374 1232378
1232381 1232383 1232385 1232386 1232387 1232392 1232394 1232395
1232396 1232413 1232416 1232417 1232418 1232418 1232419 1232420
1232421 1232424 1232427 1232432 1232435 1232436 1232436 1232442
1232446 1232483 1232494 1232498 1232499 1232500 1232501 1232502
1232503 1232504 1232505 1232506 1232507 1232511 1232519 1232520
1232529 1232552 1232573 1232623 1232626 1232627 1232628 1232629
1232704 1232757 1232768 1232819 1232823 1232844 1232860 1232869
1232870 1232873 1232876 1232877 1232878 1232880 1232881 1232884
1232885 1232887 1232888 1232890 1232892 1232894 1232896 1232897
1232905 1232907 1232914 1232919 1232925 1232926 1232928 1232935
1232999 1233029 1233032 1233035 1233036 1233038 1233041 1233044
1233049 1233050 1233051 1233056 1233057 1233061 1233062 1233063
1233065 1233067 1233070 1233070 1233073 1233074 1233088 1233091
1233092 1233096 1233097 1233100 1233103 1233104 1233105 1233106
1233107 1233108 1233110 1233111 1233113 1233114 1233115 1233117
1233119 1233123 1233125 1233127 1233129 1233130 1233132 1233135
1233176 1233179 1233185 1233188 1233189 1233191 1233193 1233197
1233200 1233201 1233203 1233204 1233205 1233206 1233207 1233208
1233209 1233210 1233211 1233212 1233216 1233217 1233219 1233226
1233238 1233239 1233241 1233244 1233253 1233255 1233259 1233260
1233293 1233298 1233305 1233320 1233324 1233328 1233350 1233443
1233452 1233453 1233454 1233456 1233457 1233458 1233460 1233461
1233462 1233463 1233464 1233465 1233467 1233468 1233468 1233469
1233471 1233476 1233478 1233479 1233481 1233484 1233485 1233487
1233490 1233491 1233523 1233524 1233540 1233546 1233547 1233548
1233550 1233552 1233553 1233554 1233555 1233557 1233558 1233560
1233561 1233564 1233566 1233567 1233568 1233570 1233572 1233573
1233577 1233580 1233625 1233626 1233637 1233640 1233641 1233642
1233642 1233721 1233754 1233756 1233769 1233771 1233772 1233819
1233837 1233977 1234009 1234011 1234012 1234015 1234024 1234025
1234039 1234040 1234041 1234042 1234043 1234044 1234045 1234046
1234069 1234071 1234072 1234073 1234075 1234076 1234077 1234078
1234079 1234081 1234083 1234085 1234086 1234087 1234093 1234098
1234108 1234121 1234139 1234140 1234141 1234142 1234143 1234144
1234145 1234146 1234147 1234148 1234149 1234150 1234153 1234155
1234156 1234158 1234159 1234160 1234161 1234162 1234163 1234164
1234165 1234166 1234167 1234168 1234169 1234170 1234171 1234172
1234173 1234174 1234175 1234176 1234177 1234178 1234179 1234180
1234181 1234182 1234183 1234184 1234185 1234186 1234187 1234188
1234189 1234190 1234191 1234192 1234193 1234194 1234195 1234196
1234197 1234198 1234199 1234200 1234201 1234203 1234204 1234205
1234207 1234208 1234209 1234214 1234219 1234220 1234221 1234223
1234237 1234238 1234239 1234240 1234241 1234242 1234243 1234245
1234278 1234279 1234280 1234281 1234282 1234282 1234294 1234333
1234338 1234357 1234381 1234454 1234464 1234605 1234651 1234652
1234654 1234655 1234657 1234658 1234659 1234665 1234668 1234690
1234708 1234725 1234726 1234749 1234810 1234811 1234826 1234827
1234829 1234832 1234834 1234843 1234845 1234846 1234848 1234853
1234855 1234856 1234884 1234889 1234891 1234899 1234900 1234905
1234907 1234909 1234911 1234912 1234916 1234918 1234920 1234921
1234922 1234929 1234930 1234937 1234940 1234948 1234950 1234952
1234960 1234962 1234963 1234968 1234969 1234970 1234971 1234973
1234974 1234989 1234999 1235002 1235003 1235004 1235007 1235009
1235016 1235019 1235033 1235045 1235056 1235061 1235075 1235097
1235108 1235128 1235134 1235138 1235151 1235246 1235406 1235409
1235416 1235507 1235550 CVE-2023-45142 CVE-2023-47108 CVE-2023-52766
CVE-2023-52778 CVE-2023-52800 CVE-2023-52881 CVE-2023-52917 CVE-2023-52918
CVE-2023-52919 CVE-2023-52920 CVE-2023-52921 CVE-2023-52922 CVE-2023-6270
CVE-2024-26596 CVE-2024-26703 CVE-2024-26741 CVE-2024-26758 CVE-2024-26761
CVE-2024-26767 CVE-2024-26782 CVE-2024-26864 CVE-2024-26924 CVE-2024-26943
CVE-2024-26953 CVE-2024-27017 CVE-2024-27026 CVE-2024-27043 CVE-2024-27397
CVE-2024-27407 CVE-2024-35839 CVE-2024-35888 CVE-2024-35980 CVE-2024-36000
CVE-2024-36031 CVE-2024-36244 CVE-2024-36484 CVE-2024-36883 CVE-2024-36886
CVE-2024-36905 CVE-2024-36908 CVE-2024-36915 CVE-2024-36920 CVE-2024-36927
CVE-2024-36954 CVE-2024-36968 CVE-2024-38576 CVE-2024-38577 CVE-2024-38589
CVE-2024-38599 CVE-2024-39480 CVE-2024-40914 CVE-2024-41016 CVE-2024-41023
CVE-2024-41031 CVE-2024-41042 CVE-2024-41047 CVE-2024-41082 CVE-2024-41110
CVE-2024-42102 CVE-2024-42145 CVE-2024-43374 CVE-2024-44932 CVE-2024-44934
CVE-2024-44958 CVE-2024-44964 CVE-2024-44995 CVE-2024-44996 CVE-2024-45016
CVE-2024-45025 CVE-2024-46678 CVE-2024-46680 CVE-2024-46681 CVE-2024-46721
CVE-2024-46754 CVE-2024-46765 CVE-2024-46766 CVE-2024-46770 CVE-2024-46775
CVE-2024-46777 CVE-2024-46788 CVE-2024-46797 CVE-2024-46800 CVE-2024-46802
CVE-2024-46803 CVE-2024-46804 CVE-2024-46805 CVE-2024-46806 CVE-2024-46807
CVE-2024-46809 CVE-2024-46810 CVE-2024-46811 CVE-2024-46812 CVE-2024-46813
CVE-2024-46814 CVE-2024-46815 CVE-2024-46816 CVE-2024-46817 CVE-2024-46818
CVE-2024-46819 CVE-2024-46821 CVE-2024-46825 CVE-2024-46826 CVE-2024-46827
CVE-2024-46828 CVE-2024-46830 CVE-2024-46831 CVE-2024-46834 CVE-2024-46835
CVE-2024-46836 CVE-2024-46840 CVE-2024-46841 CVE-2024-46842 CVE-2024-46843
CVE-2024-46845 CVE-2024-46846 CVE-2024-46848 CVE-2024-46849 CVE-2024-46851
CVE-2024-46852 CVE-2024-46853 CVE-2024-46854 CVE-2024-46855 CVE-2024-46857
CVE-2024-46859 CVE-2024-46860 CVE-2024-46861 CVE-2024-46864 CVE-2024-46870
CVE-2024-46871 CVE-2024-47658 CVE-2024-47660 CVE-2024-47661 CVE-2024-47662
CVE-2024-47663 CVE-2024-47664 CVE-2024-47665 CVE-2024-47666 CVE-2024-47667
CVE-2024-47668 CVE-2024-47669 CVE-2024-47670 CVE-2024-47671 CVE-2024-47672
CVE-2024-47673 CVE-2024-47674 CVE-2024-47675 CVE-2024-47678 CVE-2024-47679
CVE-2024-47681 CVE-2024-47682 CVE-2024-47684 CVE-2024-47685 CVE-2024-47686
CVE-2024-47687 CVE-2024-47688 CVE-2024-47692 CVE-2024-47693 CVE-2024-47695
CVE-2024-47696 CVE-2024-47697 CVE-2024-47698 CVE-2024-47699 CVE-2024-47701
CVE-2024-47702 CVE-2024-47703 CVE-2024-47704 CVE-2024-47705 CVE-2024-47706
CVE-2024-47707 CVE-2024-47709 CVE-2024-47710 CVE-2024-47712 CVE-2024-47713
CVE-2024-47714 CVE-2024-47715 CVE-2024-47718 CVE-2024-47719 CVE-2024-47720
CVE-2024-47723 CVE-2024-47727 CVE-2024-47728 CVE-2024-47730 CVE-2024-47731
CVE-2024-47732 CVE-2024-47735 CVE-2024-47737 CVE-2024-47738 CVE-2024-47739
CVE-2024-47741 CVE-2024-47742 CVE-2024-47743 CVE-2024-47744 CVE-2024-47745
CVE-2024-47747 CVE-2024-47748 CVE-2024-47749 CVE-2024-47750 CVE-2024-47751
CVE-2024-47752 CVE-2024-47753 CVE-2024-47754 CVE-2024-47756 CVE-2024-47757
CVE-2024-47814 CVE-2024-49850 CVE-2024-49851 CVE-2024-49852 CVE-2024-49853
CVE-2024-49854 CVE-2024-49855 CVE-2024-49858 CVE-2024-49860 CVE-2024-49861
CVE-2024-49862 CVE-2024-49863 CVE-2024-49864 CVE-2024-49866 CVE-2024-49867
CVE-2024-49868 CVE-2024-49870 CVE-2024-49871 CVE-2024-49874 CVE-2024-49875
CVE-2024-49877 CVE-2024-49878 CVE-2024-49879 CVE-2024-49881 CVE-2024-49882
CVE-2024-49883 CVE-2024-49884 CVE-2024-49884 CVE-2024-49886 CVE-2024-49888
CVE-2024-49890 CVE-2024-49891 CVE-2024-49892 CVE-2024-49894 CVE-2024-49895
CVE-2024-49896 CVE-2024-49897 CVE-2024-49898 CVE-2024-49899 CVE-2024-49900
CVE-2024-49901 CVE-2024-49902 CVE-2024-49903 CVE-2024-49905 CVE-2024-49906
CVE-2024-49907 CVE-2024-49908 CVE-2024-49909 CVE-2024-49911 CVE-2024-49912
CVE-2024-49913 CVE-2024-49914 CVE-2024-49915 CVE-2024-49917 CVE-2024-49918
CVE-2024-49919 CVE-2024-49920 CVE-2024-49921 CVE-2024-49922 CVE-2024-49923
CVE-2024-49925 CVE-2024-49928 CVE-2024-49929 CVE-2024-49930 CVE-2024-49931
CVE-2024-49933 CVE-2024-49934 CVE-2024-49935 CVE-2024-49936 CVE-2024-49937
CVE-2024-49938 CVE-2024-49939 CVE-2024-49944 CVE-2024-49945 CVE-2024-49946
CVE-2024-49947 CVE-2024-49949 CVE-2024-49950 CVE-2024-49952 CVE-2024-49953
CVE-2024-49954 CVE-2024-49955 CVE-2024-49957 CVE-2024-49958 CVE-2024-49959
CVE-2024-49960 CVE-2024-49961 CVE-2024-49962 CVE-2024-49963 CVE-2024-49965
CVE-2024-49966 CVE-2024-49967 CVE-2024-49968 CVE-2024-49969 CVE-2024-49972
CVE-2024-49973 CVE-2024-49974 CVE-2024-49975 CVE-2024-49976 CVE-2024-49981
CVE-2024-49982 CVE-2024-49983 CVE-2024-49985 CVE-2024-49986 CVE-2024-49987
CVE-2024-49989 CVE-2024-49991 CVE-2024-49993 CVE-2024-49995 CVE-2024-49996
CVE-2024-50000 CVE-2024-50001 CVE-2024-50002 CVE-2024-50003 CVE-2024-50004
CVE-2024-50006 CVE-2024-50007 CVE-2024-50008 CVE-2024-50009 CVE-2024-50012
CVE-2024-50013 CVE-2024-50014 CVE-2024-50015 CVE-2024-50016 CVE-2024-50017
CVE-2024-50018 CVE-2024-50019 CVE-2024-50020 CVE-2024-50021 CVE-2024-50022
CVE-2024-50023 CVE-2024-50024 CVE-2024-50025 CVE-2024-50026 CVE-2024-50027
CVE-2024-50028 CVE-2024-50031 CVE-2024-50033 CVE-2024-50035 CVE-2024-50039
CVE-2024-50040 CVE-2024-50041 CVE-2024-50042 CVE-2024-50044 CVE-2024-50045
CVE-2024-50046 CVE-2024-50047 CVE-2024-50047 CVE-2024-50048 CVE-2024-50049
CVE-2024-50055 CVE-2024-50058 CVE-2024-50059 CVE-2024-50060 CVE-2024-50061
CVE-2024-50062 CVE-2024-50063 CVE-2024-50064 CVE-2024-50067 CVE-2024-50069
CVE-2024-50073 CVE-2024-50074 CVE-2024-50075 CVE-2024-50076 CVE-2024-50077
CVE-2024-50078 CVE-2024-50080 CVE-2024-50081 CVE-2024-50082 CVE-2024-50084
CVE-2024-50087 CVE-2024-50088 CVE-2024-50089 CVE-2024-50093 CVE-2024-50095
CVE-2024-50096 CVE-2024-50098 CVE-2024-50099 CVE-2024-50100 CVE-2024-50101
CVE-2024-50102 CVE-2024-50103 CVE-2024-50108 CVE-2024-50110 CVE-2024-50115
CVE-2024-50116 CVE-2024-50117 CVE-2024-50121 CVE-2024-50124 CVE-2024-50125
CVE-2024-50127 CVE-2024-50128 CVE-2024-50130 CVE-2024-50131 CVE-2024-50134
CVE-2024-50135 CVE-2024-50136 CVE-2024-50138 CVE-2024-50139 CVE-2024-50141
CVE-2024-50143 CVE-2024-50145 CVE-2024-50146 CVE-2024-50147 CVE-2024-50148
CVE-2024-50150 CVE-2024-50153 CVE-2024-50154 CVE-2024-50154 CVE-2024-50155
CVE-2024-50156 CVE-2024-50157 CVE-2024-50158 CVE-2024-50159 CVE-2024-50160
CVE-2024-50166 CVE-2024-50167 CVE-2024-50169 CVE-2024-50171 CVE-2024-50172
CVE-2024-50175 CVE-2024-50176 CVE-2024-50177 CVE-2024-50179 CVE-2024-50180
CVE-2024-50181 CVE-2024-50182 CVE-2024-50183 CVE-2024-50184 CVE-2024-50186
CVE-2024-50187 CVE-2024-50188 CVE-2024-50189 CVE-2024-50192 CVE-2024-50194
CVE-2024-50195 CVE-2024-50196 CVE-2024-50198 CVE-2024-50200 CVE-2024-50201
CVE-2024-50202 CVE-2024-50203 CVE-2024-50205 CVE-2024-50208 CVE-2024-50209
CVE-2024-50210 CVE-2024-50211 CVE-2024-50215 CVE-2024-50216 CVE-2024-50218
CVE-2024-50221 CVE-2024-50224 CVE-2024-50225 CVE-2024-50228 CVE-2024-50229
CVE-2024-50230 CVE-2024-50231 CVE-2024-50232 CVE-2024-50233 CVE-2024-50234
CVE-2024-50235 CVE-2024-50236 CVE-2024-50237 CVE-2024-50240 CVE-2024-50245
CVE-2024-50246 CVE-2024-50248 CVE-2024-50249 CVE-2024-50250 CVE-2024-50252
CVE-2024-50255 CVE-2024-50256 CVE-2024-50257 CVE-2024-50261 CVE-2024-50262
CVE-2024-50264 CVE-2024-50265 CVE-2024-50267 CVE-2024-50268 CVE-2024-50269
CVE-2024-50271 CVE-2024-50272 CVE-2024-50273 CVE-2024-50274 CVE-2024-50275
CVE-2024-50276 CVE-2024-50278 CVE-2024-50279 CVE-2024-50279 CVE-2024-50280
CVE-2024-50282 CVE-2024-50287 CVE-2024-50289 CVE-2024-50290 CVE-2024-50292
CVE-2024-50295 CVE-2024-50296 CVE-2024-50298 CVE-2024-50301 CVE-2024-50302
CVE-2024-53042 CVE-2024-53043 CVE-2024-53045 CVE-2024-53048 CVE-2024-53050
CVE-2024-53051 CVE-2024-53052 CVE-2024-53055 CVE-2024-53056 CVE-2024-53058
CVE-2024-53059 CVE-2024-53060 CVE-2024-53061 CVE-2024-53063 CVE-2024-53064
CVE-2024-53066 CVE-2024-53068 CVE-2024-53072 CVE-2024-53074 CVE-2024-53076
CVE-2024-53079 CVE-2024-53081 CVE-2024-53082 CVE-2024-53085 CVE-2024-53088
CVE-2024-53090 CVE-2024-53093 CVE-2024-53094 CVE-2024-53095 CVE-2024-53095
CVE-2024-53096 CVE-2024-53099 CVE-2024-53100 CVE-2024-53101 CVE-2024-53103
CVE-2024-53104 CVE-2024-53105 CVE-2024-53106 CVE-2024-53108 CVE-2024-53110
CVE-2024-53111 CVE-2024-53112 CVE-2024-53113 CVE-2024-53114 CVE-2024-53117
CVE-2024-53118 CVE-2024-53119 CVE-2024-53120 CVE-2024-53121 CVE-2024-53122
CVE-2024-53125 CVE-2024-53126 CVE-2024-53127 CVE-2024-53129 CVE-2024-53130
CVE-2024-53131 CVE-2024-53133 CVE-2024-53134 CVE-2024-53136 CVE-2024-53138
CVE-2024-53141 CVE-2024-53142 CVE-2024-53144 CVE-2024-53146 CVE-2024-53148
CVE-2024-53150 CVE-2024-53151 CVE-2024-53154 CVE-2024-53155 CVE-2024-53156
CVE-2024-53157 CVE-2024-53158 CVE-2024-53159 CVE-2024-53160 CVE-2024-53161
CVE-2024-53162 CVE-2024-53166 CVE-2024-53169 CVE-2024-53171 CVE-2024-53173
CVE-2024-53174 CVE-2024-53179 CVE-2024-53180 CVE-2024-53188 CVE-2024-53190
CVE-2024-53191 CVE-2024-53200 CVE-2024-53201 CVE-2024-53202 CVE-2024-53206
CVE-2024-53207 CVE-2024-53208 CVE-2024-53209 CVE-2024-53210 CVE-2024-53213
CVE-2024-53214 CVE-2024-53215 CVE-2024-53216 CVE-2024-53217 CVE-2024-53222
CVE-2024-53224 CVE-2024-53229 CVE-2024-53234 CVE-2024-53237 CVE-2024-53240
CVE-2024-53241 CVE-2024-53241 CVE-2024-56536 CVE-2024-56539 CVE-2024-56549
CVE-2024-56551 CVE-2024-56562 CVE-2024-56566 CVE-2024-56567 CVE-2024-56576
CVE-2024-56582 CVE-2024-56599 CVE-2024-56604 CVE-2024-56605 CVE-2024-56645
CVE-2024-56667 CVE-2024-56752 CVE-2024-56754 CVE-2024-56755 CVE-2024-56756
CVE-2024-8805
-----------------------------------------------------------------
The container sles-15-sp6-chost-byos-v20250122-arm64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4318-1
Released: Fri Dec 13 16:33:37 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1012628,1065729,1082555,1194869,1215199,1217845,1218562,1218644,1219596,1219803,1220355,1220382,1221309,1222423,1222587,1222590,1223112,1223384,1223656,1223700,1223733,1223824,1223848,1224088,1224429,1224518,1224548,1224574,1224948,1225611,1225713,1225725,1225730,1225742,1225764,1225768,1225813,1225903,1226003,1226130,1226498,1226623,1226631,1226748,1226797,1226848,1226872,1227726,1227842,1228119,1228244,1228269,1228410,1228430,1228454,1228537,1228620,1228743,1228747,1228850,1228857,1229019,1229165,1229429,1229450,1229585,1229677,1229769,1229808,1229891,1230055,1230132,1230179,1230220,1230231,1230289,1230295,1230339,1230341,1230375,1230414,1230429,1230456,1230501,1230527,1230550,1230557,1230558,1230600,1230620,1230710,1230733,1230762,1230763,1230773,1230774,1230801,1230807,1230817,1230827,1230831,1230914,1230918,1230971,1231016,1231035,1231072,1231073,1231075,1231076,1231081,1231082,1231083,1231084,1231085,1231087,1231089,1231092,1231093,1231094,1231096,1231098,1231100,1
231101,1231102,1231105,1231108,1231111,1231114,1231115,1231116,1231117,1231131,1231132,1231135,1231136,1231138,1231148,1231169,1231170,1231171,1231178,1231179,1231182,1231183,1231187,1231191,1231193,1231195,1231197,1231200,1231202,1231203,1231276,1231293,1231384,1231434,1231435,1231436,1231439,1231440,1231441,1231442,1231452,1231453,1231465,1231474,1231481,1231496,1231502,1231537,1231539,1231540,1231541,1231617,1231630,1231634,1231635,1231636,1231637,1231638,1231639,1231640,1231673,1231828,1231849,1231855,1231856,1231857,1231858,1231859,1231860,1231861,1231864,1231865,1231868,1231869,1231871,1231872,1231901,1231902,1231903,1231904,1231906,1231907,1231908,1231914,1231916,1231920,1231924,1231926,1231930,1231931,1231935,1231942,1231944,1231946,1231947,1231950,1231951,1231952,1231953,1231954,1231955,1231956,1231957,1231965,1231967,1231968,1231987,1231988,1231989,1231990,1231998,1232000,1232003,1232009,1232013,1232015,1232016,1232017,1232018,1232033,1232034,1232036,1232043,1232047,123204
8,1232049,1232050,1232056,1232075,1232076,1232079,1232080,1232083,1232084,1232085,1232089,1232090,1232093,1232094,1232096,1232097,1232098,1232103,1232104,1232105,1232109,1232111,1232114,1232116,1232117,1232124,1232126,1232127,1232129,1232130,1232131,1232132,1232134,1232135,1232140,1232141,1232142,1232145,1232147,1232148,1232149,1232151,1232152,1232154,1232155,1232156,1232157,1232159,1232160,1232162,1232164,1232165,1232166,1232174,1232180,1232182,1232183,1232185,1232187,1232189,1232192,1232195,1232196,1232198,1232199,1232200,1232201,1232207,1232208,1232217,1232218,1232220,1232221,1232222,1232224,1232232,1232250,1232251,1232253,1232254,1232255,1232256,1232258,1232259,1232260,1232262,1232263,1232264,1232272,1232275,1232279,1232282,1232285,1232287,1232295,1232305,1232307,1232309,1232310,1232312,1232313,1232314,1232315,1232316,1232317,1232318,1232329,1232332,1232333,1232334,1232335,1232337,1232339,1232340,1232342,1232345,1232349,1232352,1232354,1232355,1232357,1232358,1232359,1232361,123
2362,1232366,1232367,1232368,1232369,1232370,1232371,1232374,1232378,1232381,1232383,1232385,1232386,1232387,1232392,1232394,1232395,1232396,1232413,1232416,1232417,1232418,1232424,1232427,1232432,1232435,1232436,1232442,1232446,1232483,1232494,1232498,1232499,1232500,1232501,1232502,1232503,1232504,1232505,1232506,1232507,1232511,1232519,1232520,1232529,1232552,1232623,1232626,1232627,1232628,1232629,1232704,1232757,1232768,1232819,1232823,1232860,1232869,1232870,1232873,1232876,1232877,1232878,1232880,1232881,1232884,1232885,1232887,1232888,1232890,1232892,1232894,1232896,1232897,1232905,1232907,1232914,1232919,1232925,1232926,1232928,1232935,1233029,1233032,1233035,1233036,1233041,1233044,1233049,1233050,1233051,1233056,1233057,1233061,1233062,1233063,1233065,1233067,1233070,1233073,1233074,1233088,1233091,1233092,1233097,1233100,1233103,1233104,1233105,1233106,1233107,1233108,1233110,1233111,1233113,1233114,1233115,1233117,1233119,1233123,1233125,1233127,1233129,1233130,1233132,
1233135,1233176,1233179,1233185,1233188,1233189,1233191,1233193,1233197,1233201,1233203,1233205,1233206,1233207,1233208,1233209,1233210,1233211,1233212,1233216,1233217,1233219,1233226,1233238,1233241,1233244,1233253,1233255,1233293,1233298,1233305,1233320,1233350,1233443,1233452,1233453,1233454,1233456,1233457,1233458,1233460,1233462,1233463,1233464,1233465,1233468,1233471,1233476,1233478,1233479,1233481,1233484,1233485,1233487,1233490,1233491,1233523,1233524,1233540,1233547,1233548,1233550,1233552,1233553,1233554,1233555,1233557,1233560,1233561,1233564,1233566,1233567,1233568,1233570,1233572,1233573,1233577,1233580,1233640,1233641,1233642,1233721,1233754,1233756,1233769,1233771,1233977,1234009,1234011,1234012,1234025,1234039,1234040,1234041,1234042,1234043,1234044,1234045,1234046,1234072,1234078,1234081,1234083,1234085,1234087,1234093,1234098,1234108,1234121,1234223,CVE-2023-52766,CVE-2023-52778,CVE-2023-52800,CVE-2023-52881,CVE-2023-52917,CVE-2023-52918,CVE-2023-52919,CVE-2023-529
20,CVE-2023-52921,CVE-2023-52922,CVE-2023-6270,CVE-2024-26596,CVE-2024-26703,CVE-2024-26741,CVE-2024-26758,CVE-2024-26761,CVE-2024-26767,CVE-2024-26782,CVE-2024-26864,CVE-2024-26943,CVE-2024-26953,CVE-2024-27017,CVE-2024-27026,CVE-2024-27043,CVE-2024-27407,CVE-2024-35888,CVE-2024-35980,CVE-2024-36000,CVE-2024-36031,CVE-2024-36244,CVE-2024-36484,CVE-2024-36883,CVE-2024-36886,CVE-2024-36905,CVE-2024-36920,CVE-2024-36927,CVE-2024-36954,CVE-2024-36968,CVE-2024-38576,CVE-2024-38577,CVE-2024-38589,CVE-2024-38599,CVE-2024-40914,CVE-2024-41016,CVE-2024-41023,CVE-2024-41031,CVE-2024-41047,CVE-2024-41082,CVE-2024-42102,CVE-2024-42145,CVE-2024-44932,CVE-2024-44958,CVE-2024-44964,CVE-2024-44995,CVE-2024-45016,CVE-2024-45025,CVE-2024-46678,CVE-2024-46680,CVE-2024-46681,CVE-2024-46721,CVE-2024-46754,CVE-2024-46765,CVE-2024-46766,CVE-2024-46770,CVE-2024-46775,CVE-2024-46777,CVE-2024-46788,CVE-2024-46797,CVE-2024-46800,CVE-2024-46802,CVE-2024-46803,CVE-2024-46804,CVE-2024-46805,CVE-2024-46806,CVE-2
024-46807,CVE-2024-46809,CVE-2024-46810,CVE-2024-46811,CVE-2024-46812,CVE-2024-46813,CVE-2024-46814,CVE-2024-46815,CVE-2024-46816,CVE-2024-46817,CVE-2024-46818,CVE-2024-46819,CVE-2024-46821,CVE-2024-46825,CVE-2024-46826,CVE-2024-46827,CVE-2024-46828,CVE-2024-46830,CVE-2024-46831,CVE-2024-46834,CVE-2024-46835,CVE-2024-46836,CVE-2024-46840,CVE-2024-46841,CVE-2024-46842,CVE-2024-46843,CVE-2024-46845,CVE-2024-46846,CVE-2024-46848,CVE-2024-46849,CVE-2024-46851,CVE-2024-46852,CVE-2024-46853,CVE-2024-46854,CVE-2024-46855,CVE-2024-46857,CVE-2024-46859,CVE-2024-46860,CVE-2024-46861,CVE-2024-46864,CVE-2024-46870,CVE-2024-46871,CVE-2024-47658,CVE-2024-47660,CVE-2024-47661,CVE-2024-47662,CVE-2024-47663,CVE-2024-47664,CVE-2024-47665,CVE-2024-47666,CVE-2024-47667,CVE-2024-47668,CVE-2024-47669,CVE-2024-47670,CVE-2024-47671,CVE-2024-47672,CVE-2024-47673,CVE-2024-47674,CVE-2024-47675,CVE-2024-47679,CVE-2024-47681,CVE-2024-47682,CVE-2024-47684,CVE-2024-47685,CVE-2024-47686,CVE-2024-47687,CVE-2024-476
88,CVE-2024-47692,CVE-2024-47693,CVE-2024-47695,CVE-2024-47696,CVE-2024-47697,CVE-2024-47698,CVE-2024-47699,CVE-2024-47701,CVE-2024-47702,CVE-2024-47703,CVE-2024-47704,CVE-2024-47705,CVE-2024-47706,CVE-2024-47707,CVE-2024-47709,CVE-2024-47710,CVE-2024-47712,CVE-2024-47713,CVE-2024-47714,CVE-2024-47715,CVE-2024-47718,CVE-2024-47719,CVE-2024-47720,CVE-2024-47723,CVE-2024-47727,CVE-2024-47728,CVE-2024-47730,CVE-2024-47731,CVE-2024-47732,CVE-2024-47735,CVE-2024-47737,CVE-2024-47738,CVE-2024-47739,CVE-2024-47741,CVE-2024-47742,CVE-2024-47743,CVE-2024-47744,CVE-2024-47745,CVE-2024-47747,CVE-2024-47748,CVE-2024-47749,CVE-2024-47750,CVE-2024-47751,CVE-2024-47752,CVE-2024-47753,CVE-2024-47754,CVE-2024-47756,CVE-2024-47757,CVE-2024-49850,CVE-2024-49851,CVE-2024-49852,CVE-2024-49853,CVE-2024-49855,CVE-2024-49858,CVE-2024-49860,CVE-2024-49861,CVE-2024-49862,CVE-2024-49863,CVE-2024-49864,CVE-2024-49866,CVE-2024-49867,CVE-2024-49868,CVE-2024-49870,CVE-2024-49871,CVE-2024-49874,CVE-2024-49875,CVE-
2024-49877,CVE-2024-49878,CVE-2024-49879,CVE-2024-49881,CVE-2024-49882,CVE-2024-49883,CVE-2024-49884,CVE-2024-49886,CVE-2024-49888,CVE-2024-49890,CVE-2024-49891,CVE-2024-49892,CVE-2024-49894,CVE-2024-49895,CVE-2024-49896,CVE-2024-49897,CVE-2024-49898,CVE-2024-49899,CVE-2024-49900,CVE-2024-49901,CVE-2024-49902,CVE-2024-49903,CVE-2024-49905,CVE-2024-49906,CVE-2024-49907,CVE-2024-49908,CVE-2024-49909,CVE-2024-49911,CVE-2024-49912,CVE-2024-49913,CVE-2024-49914,CVE-2024-49917,CVE-2024-49918,CVE-2024-49919,CVE-2024-49920,CVE-2024-49921,CVE-2024-49922,CVE-2024-49923,CVE-2024-49925,CVE-2024-49928,CVE-2024-49929,CVE-2024-49930,CVE-2024-49931,CVE-2024-49933,CVE-2024-49934,CVE-2024-49935,CVE-2024-49936,CVE-2024-49937,CVE-2024-49938,CVE-2024-49939,CVE-2024-49944,CVE-2024-49945,CVE-2024-49946,CVE-2024-49947,CVE-2024-49949,CVE-2024-49950,CVE-2024-49952,CVE-2024-49953,CVE-2024-49954,CVE-2024-49955,CVE-2024-49957,CVE-2024-49958,CVE-2024-49959,CVE-2024-49960,CVE-2024-49961,CVE-2024-49962,CVE-2024-49
963,CVE-2024-49965,CVE-2024-49966,CVE-2024-49967,CVE-2024-49968,CVE-2024-49969,CVE-2024-49972,CVE-2024-49973,CVE-2024-49974,CVE-2024-49975,CVE-2024-49976,CVE-2024-49981,CVE-2024-49982,CVE-2024-49983,CVE-2024-49985,CVE-2024-49986,CVE-2024-49987,CVE-2024-49989,CVE-2024-49991,CVE-2024-49993,CVE-2024-49995,CVE-2024-49996,CVE-2024-50000,CVE-2024-50001,CVE-2024-50002,CVE-2024-50003,CVE-2024-50004,CVE-2024-50006,CVE-2024-50007,CVE-2024-50008,CVE-2024-50009,CVE-2024-50012,CVE-2024-50013,CVE-2024-50014,CVE-2024-50015,CVE-2024-50017,CVE-2024-50019,CVE-2024-50020,CVE-2024-50021,CVE-2024-50022,CVE-2024-50023,CVE-2024-50024,CVE-2024-50025,CVE-2024-50026,CVE-2024-50027,CVE-2024-50028,CVE-2024-50031,CVE-2024-50033,CVE-2024-50035,CVE-2024-50040,CVE-2024-50041,CVE-2024-50042,CVE-2024-50044,CVE-2024-50045,CVE-2024-50046,CVE-2024-50047,CVE-2024-50048,CVE-2024-50049,CVE-2024-50055,CVE-2024-50058,CVE-2024-50059,CVE-2024-50060,CVE-2024-50061,CVE-2024-50062,CVE-2024-50063,CVE-2024-50064,CVE-2024-50067,CVE
-2024-50069,CVE-2024-50073,CVE-2024-50074,CVE-2024-50075,CVE-2024-50076,CVE-2024-50077,CVE-2024-50078,CVE-2024-50080,CVE-2024-50081,CVE-2024-50082,CVE-2024-50084,CVE-2024-50087,CVE-2024-50088,CVE-2024-50089,CVE-2024-50093,CVE-2024-50095,CVE-2024-50096,CVE-2024-50098,CVE-2024-50099,CVE-2024-50100,CVE-2024-50101,CVE-2024-50102,CVE-2024-50103,CVE-2024-50108,CVE-2024-50110,CVE-2024-50115,CVE-2024-50116,CVE-2024-50117,CVE-2024-50121,CVE-2024-50124,CVE-2024-50125,CVE-2024-50127,CVE-2024-50128,CVE-2024-50130,CVE-2024-50131,CVE-2024-50134,CVE-2024-50135,CVE-2024-50136,CVE-2024-50138,CVE-2024-50139,CVE-2024-50141,CVE-2024-50145,CVE-2024-50146,CVE-2024-50147,CVE-2024-50148,CVE-2024-50150,CVE-2024-50153,CVE-2024-50154,CVE-2024-50155,CVE-2024-50156,CVE-2024-50157,CVE-2024-50158,CVE-2024-50159,CVE-2024-50160,CVE-2024-50166,CVE-2024-50167,CVE-2024-50169,CVE-2024-50171,CVE-2024-50172,CVE-2024-50175,CVE-2024-50176,CVE-2024-50177,CVE-2024-50179,CVE-2024-50180,CVE-2024-50181,CVE-2024-50182,CVE-2024-5
0183,CVE-2024-50184,CVE-2024-50186,CVE-2024-50187,CVE-2024-50188,CVE-2024-50189,CVE-2024-50192,CVE-2024-50194,CVE-2024-50195,CVE-2024-50196,CVE-2024-50198,CVE-2024-50200,CVE-2024-50201,CVE-2024-50205,CVE-2024-50208,CVE-2024-50209,CVE-2024-50210,CVE-2024-50215,CVE-2024-50216,CVE-2024-50218,CVE-2024-50221,CVE-2024-50224,CVE-2024-50225,CVE-2024-50229,CVE-2024-50230,CVE-2024-50231,CVE-2024-50232,CVE-2024-50233,CVE-2024-50234,CVE-2024-50235,CVE-2024-50236,CVE-2024-50237,CVE-2024-50240,CVE-2024-50245,CVE-2024-50246,CVE-2024-50248,CVE-2024-50249,CVE-2024-50250,CVE-2024-50252,CVE-2024-50255,CVE-2024-50257,CVE-2024-50261,CVE-2024-50264,CVE-2024-50265,CVE-2024-50267,CVE-2024-50268,CVE-2024-50269,CVE-2024-50271,CVE-2024-50273,CVE-2024-50274,CVE-2024-50275,CVE-2024-50276,CVE-2024-50279,CVE-2024-50282,CVE-2024-50287,CVE-2024-50289,CVE-2024-50290,CVE-2024-50292,CVE-2024-50295,CVE-2024-50296,CVE-2024-50298,CVE-2024-50301,CVE-2024-50302,CVE-2024-53042,CVE-2024-53043,CVE-2024-53045,CVE-2024-53048,CV
E-2024-53051,CVE-2024-53052,CVE-2024-53055,CVE-2024-53056,CVE-2024-53058,CVE-2024-53059,CVE-2024-53060,CVE-2024-53061,CVE-2024-53063,CVE-2024-53066,CVE-2024-53068,CVE-2024-53072,CVE-2024-53074,CVE-2024-53076,CVE-2024-53079,CVE-2024-53081,CVE-2024-53082,CVE-2024-53085,CVE-2024-53088,CVE-2024-53093,CVE-2024-53094,CVE-2024-53095,CVE-2024-53096,CVE-2024-53100,CVE-2024-53101,CVE-2024-53104,CVE-2024-53106,CVE-2024-53108,CVE-2024-53110,CVE-2024-53112,CVE-2024-53114,CVE-2024-53121,CVE-2024-53138
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2023-52778: mptcp: deal with large GSO size (bsc#1224948).
- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).
- CVE-2023-6270: aoe: fix the potential use-after-free problem in more places (bsc#1218562).
- CVE-2024-26596: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events (bsc#1220355).
- CVE-2024-26741: dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished() (bsc#1222587).
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
- CVE-2024-27017: netfilter: nft_set_pipapo: walk over current view on netlink dump (bsc#1223733).
- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
- CVE-2024-36000: mm/hugetlb: fix missing hugetlb_lock for resv uncharge (bsc#1224548).
- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).
- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
- CVE-2024-36927: ipv4: Fix uninit-value access in __ip_make_skb() (bsc#1225813).
- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
- CVE-2024-36968: Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (bsc#1226130).
- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
- CVE-2024-40914: mm/huge_memory: do not unpoison huge_zero_folio (bsc#1227842).
- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
- CVE-2024-41031: mm/filemap: skip to create PMD-sized page cache if needed (bsc#1228454).
- CVE-2024-41082: nvme-fabrics: use reserved tag for reg read/write command (bsc#1228620).
- CVE-2024-42102: Revert 'mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again' (bsc#1233132).
- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).
- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).
- CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).
- CVE-2024-46680: Bluetooth: btnxpuart: Fix random crash seen while removing driver (bsc#1230557).
- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
- CVE-2024-46721: pparmor: fix possible NULL pointer dereference (bsc#1230710)
- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).
- CVE-2024-46765: ice: protect XDP configuration with a mutex (bsc#1230807).
- CVE-2024-46766: ice: move netif_queue_set_napi to rtnl-protected sections (bsc#1230762).
- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).
- CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).
- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).
- CVE-2024-46828: sched: sch_cake: fix bulk flow accounting logic for host fairness (bsc#1231114).
- CVE-2024-46831: net: microchip: vcap: Fix use-after-free error in kunit test (bsc#1231117).
- CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096).
- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).
- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).
- CVE-2024-46843: scsi: ufs: core: Remove SCSI host only if added (bsc#1231100).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).
- CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).
- CVE-2024-46870: drm/amd/display: Disable DMCUB timeout for DCN35 (bsc#1231435).
- CVE-2024-47658: crypto: stm32/cryp - call finalize with bh disabled (bsc#1231436).
- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).
- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).
- CVE-2024-47687: vdpa/mlx5: Fix invalid mr resource destroy (bsc#1232003).
- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).
- CVE-2024-47701: ext4: avoid OOB when system.data xattr changes underneath the filesystem (bsc#1231920).
- CVE-2024-47703: bpf, lsm: add check for BPF LSM return value (bsc#1231946).
- CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944).
- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).
- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).
- CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116).
- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).
- CVE-2024-47731: drivers/perf: Fix ali_drw_pmu driver interrupt status clearing (bsc#1232117).
- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).
- CVE-2024-47741: btrfs: fix race setting file private on concurrent lseek using same fd (bsc#1231869).
- CVE-2024-47745: mm: call the security_mmap_file() LSM hook in remap_file_pages() (bsc#1232135).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47752: media: mediatek: vcodec: Fix H264 stateless decoder smatch warning (bsc#1232130).
- CVE-2024-47753: media: mediatek: vcodec: Fix VP8 stateless decoder smatch warning (bsc#1231868).
- CVE-2024-47754: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning (bsc#1232131).
- CVE-2024-49852: scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (bsc#1232819).
- CVE-2024-49864: rxrpc: Fix a race between socket set up and I/O thread creation (bsc#1232256).
- CVE-2024-49867: btrfs: wait for fixup workers before stopping cleaner kthread during umount (bsc#1232262).
- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).
- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).
- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).
- CVE-2024-49888: bpf: Fix a sdiv overflow issue (bsc#1232208).
- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).
- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220).
- CVE-2024-49894: drm/amd/display: Fix index out of bounds in degamma hardware format translation (bsc#1232354).
- CVE-2024-49895: drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (bsc#1232352).
- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).
- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).
- CVE-2024-49898: drm/amd/display: Check null-initialized variables (bsc#1232222).
- CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).
- CVE-2024-49907: drm/amd/display: Check null pointers before using dc->clk_mgr (bsc#1232334).
- CVE-2024-49908: drm/amd/display: Add null check for 'afb' in amdgpu_dm_update_cursor (bsc#1232335).
- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).
- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).
- CVE-2024-49912: drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (bsc#1232367).
- CVE-2024-49913: drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (bsc#1232307).
- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369).
- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965).
- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).
- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).
- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).
- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).
- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).
- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).
- CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).
- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
- CVE-2024-49953: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice (bsc#1232156).
- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).
- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).
- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).
- CVE-2024-49968: ext4: filesystems without casefold feature cannot be mounted with siphash (bsc#1232264).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49972: drm/amd/display: Deallocate DML memory if allocation fails (bsc#1232315).
- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).
- CVE-2024-49986: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors (bsc#1232093).
- CVE-2024-49987: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) (bsc#1232258).
- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).
- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).
- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).
- CVE-2024-50003: drm/amd/display: Fix system hang while resume with TBT monitor (bsc#1232385).
- CVE-2024-50004: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 (bsc#1232396).
- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318).
- CVE-2024-50012: cpufreq: Avoid a bad reference count on CPU node (bsc#1232386).
- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
- CVE-2024-50015: ext4: dax: fix overflowing extents beyond inode size when partially writing (bsc#1232079).
- CVE-2024-50020: ice: Fix improper handling of refcount in ice_sriov_set_msix_vec_count() (bsc#1231989).
- CVE-2024-50021: ice: Fix improper handling of refcount in ice_dpll_init_rclk_pins() (bsc#1231957).
- CVE-2024-50022: device-dax: correct pgoff align in dax_set_mapping() (bsc#1231956).
- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
- CVE-2024-50027: thermal: core: Free tzp copy along with the thermal zone (bsc#1231951).
- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).
- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).
- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).
- CVE-2024-50040: igb: Do not bring the device up after non-fatal error (bsc#1231908).
- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).
- CVE-2024-50042: ice: Fix increasing MSI-X on VF (bsc#1231906).
- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).
- CVE-2024-50046: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).
- CVE-2024-50060: io_uring: check if we need to reschedule during overflow flush (bsc#1232417).
- CVE-2024-50063: bpf: Prevent tail call between progs attached to different hooks (bsc#1232435).
- CVE-2024-50064: zram: free secondary algorithms names (bsc#1231901).
- CVE-2024-50080: ublk: do not allow user copy for unprivileged device (bsc#1232502).
- CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501).
- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).
- CVE-2024-50084: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() (bsc#1232494).
- CVE-2024-50087: btrfs: fix uninitialized pointer free on read_alloc_one_name() error (bsc#1232499).
- CVE-2024-50088: btrfs: fix uninitialized pointer free in add_inode_ref() (bsc#1232498).
- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).
- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50124: Bluetooth: ISO: Fix UAF on iso_sock_timeout (bsc#1232926).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-50130: netfilter: bpf: must hold reference on net namespace (bsc#1232894).
- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
- CVE-2024-50139: KVM: arm64: Fix shift-out-of-bounds bug (bsc#1233062).
- CVE-2024-50145: octeon_ep: add SKB allocation failures handling in __octep_oq_process_rx() (bsc#1233044).
- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).
- CVE-2024-50154: tcp/dccp: Do not use timer_pending() in reqsk_queue_unlink() (bsc#1233070).
- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).
- CVE-2024-50169: vsock: Update rx_bytes on read_skb() (bsc#1233320).
- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).
- CVE-2024-50177: drm/amd/display: fix a UBSAN warning in DML2.1 (bsc#1233115).
- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).
- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).
- CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110).
- CVE-2024-50192: irqchip/gic-v4: Do not allow a VMOVP on a dying VPE (bsc#1233106).
- CVE-2024-50195: posix-clock: Fix missing timespec64 check in pc_clock_settime() (bsc#1233103).
- CVE-2024-50225: btrfs: fix error propagation of split bios (bsc#1233193).
- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).
- CVE-2024-50245: fs/ntfs3: Fix possible deadlock in mi_read (bsc#1233203).
- CVE-2024-50246: fs/ntfs3: Add rough attr alloc_size check (bsc#1233207).
- CVE-2024-50250: fsdax: dax_unshare_iter needs to copy entire blocks (bsc#1233226).
- CVE-2024-50252: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (bsc#1233201).
- CVE-2024-50257: netfilter: Fix use-after-free in get_info() (bsc#1233244).
- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50275: arm64/sve: Discard stale CPU state when handling SVE traps (bsc#1233464).
- CVE-2024-50276: net: vertexcom: mse102x: Fix possible double free of TX skb (bsc#1233465).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).
- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).
- CVE-2024-53042: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() (bsc#1233540).
- CVE-2024-53043: mctp i2c: handle NULL header address (bsc#1233523).
- CVE-2024-53048: ice: fix crash on probe for DPLL enabled E810 LOM (bsc#1233721).
- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).
- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).
- CVE-2024-53082: virtio_net: Add hash_key_length check (bsc#1233573).
- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
- CVE-2024-53121: net/mlx5: fs, lock FTE when checking if active (bsc#1234078).
- CVE-2024-53138: net/mlx5e: kTLS, Fix incorrect page refcounting (bsc#1234223).
The following non-security bugs were fixed:
- 9p: explicitly deny setlease attempts (git-fixes).
- ACPI: CPPC: Add support for setting EPP register in FFH (stable-fixes).
- ACPI: CPPC: Fix _CPC register setting issue (git-fixes).
- ACPI: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).
- ACPI: EC: Do not release locks during operation region accesses (stable-fixes).
- ACPI: PAD: fix crash in exit_round_robin() (stable-fixes).
- ACPI: PRM: Clean up guid type in struct prm_handler_info (git-fixes).
- ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes).
- ACPI: battery: Fix possible crash when unregistering a battery hook (git-fixes).
- ACPI: battery: Simplify battery hook locking (stable-fixes).
- ACPI: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes).
- ACPI: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes).
- ACPI: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes).
- ACPI: video: Add force_vendor quirk for Panasonic Toughbook CF-18 (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes).
- ACPICA: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes).
- ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes).
- ACPICA: iasl: handle empty connection_node (stable-fixes).
- ALSA/hda: intel-sdw-acpi: cleanup sdw_intel_scan_controller (stable-fixes).
- ALSA/hda: intel-sdw-acpi: fetch fwnode once in sdw_intel_scan_controller() (stable-fixes).
- ALSA/hda: intel-sdw-acpi: simplify sdw-master-count property read (stable-fixes).
- ALSA: 6fire: Release resources at card release (git-fixes).
- ALSA: Reorganize kerneldoc parameter names (stable-fixes).
- ALSA: ac97: bus: Fix the mistake in the comment (git-fixes).
- ALSA: asihpi: Fix potential OOB array access (stable-fixes).
- ALSA: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ALSA: core: add isascii() check to card ID generator (stable-fixes).
- ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes).
- ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes).
- ALSA: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes).
- ALSA: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes).
- ALSA: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes).
- ALSA: hda/conexant: fix Z60MR100 startup pop issue (stable-fixes).
- ALSA: hda/conexant: fix some typos (stable-fixes).
- ALSA: hda/cs8409: Fix possible NULL dereference (git-fixes).
- ALSA: hda/generic: Unconditionally prefer preferred_dacs pairs (bsc#1219803).
- ALSA: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes).
- ALSA: hda/realtek - update set GPIO3 to default for Thinkpad with ALC1318 (git-fixes).
- ALSA: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes).
- ALSA: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes).
- ALSA: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes).
- ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 (stable-fixes).
- ALSA: hda/realtek: Add support for Samsung Galaxy Book3 360 (NP730QFG) (stable-fixes).
- ALSA: hda/realtek: Apply quirk for Medion E15433 (bsc#1233298).
- ALSA: hda/realtek: Enable mic on Vaio VJFH52 (stable-fixes).
- ALSA: hda/realtek: Enable mute and micmute LED on HP ProBook 430 G8 (stable-fixes).
- ALSA: hda/realtek: Enable speaker pins for Medion E15443 platform (bsc#1233298).
- ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max (bsc#1233298).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes).
- ALSA: hda/realtek: Fix the push button function for the ALC257 (git-fixes).
- ALSA: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes).
- ALSA: hda/realtek: Refactor and simplify Samsung Galaxy Book init (stable-fixes).
- ALSA: hda/realtek: Set PCBeep to default value for ALC274 (stable-fixes).
- ALSA: hda/realtek: Update ALC225 depop procedure (git-fixes).
- ALSA: hda/realtek: Update ALC256 depop procedure (git-fixes).
- ALSA: hda/realtek: Update default depop procedure (git-fixes).
- ALSA: hda/realtek: fix mute/micmute LED for HP mt645 G8 (stable-fixes).
- ALSA: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes).
- ALSA: hda/realtek: tas2781: Fix ROG ALLY X audio (stable-fixes).
- ALSA: hda/tas2781: Add new quirk for Lenovo Y990 Laptop (stable-fixes).
- ALSA: hda/tas2781: Add new quirk for Lenovo, ASUS, Dell projects (stable-fixes).
- ALSA: hda/tas2781: select CRC32 instead of CRC32_SARWATE (git-fixes).
- ALSA: hda: Poll jack events for LS7A HD-Audio (stable-fixes).
- ALSA: hda: Show the codec quirk info at probing (stable-fixes).
- ALSA: hda: Sound support for HP Spectre x360 16 inch model 2024 (stable-fixes).
- ALSA: hda: tas2781: Fix missing setup at runtime PM (bsc#1230132).
- ALSA: hdsp: Break infinite MIDI input flush loop (stable-fixes).
- ALSA: ice1712: Remove redundant code in stac9460_dac_vol_put (stable-fixes).
- ALSA: line6: add hw monitor volume control to POD HD500X (stable-fixes).
- ALSA: line6: update contact information (stable-fixes).
- ALSA: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes).
- ALSA: pcm: Add sanity NULL check for the default mmap fault handler (stable-fixes).
- ALSA: silence integer wrapping warning (stable-fixes).
- ALSA: ump: Fix evaluation of MIDI 1.0 FB info (git-fixes).
- ALSA: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ALSA: usb-audio: Add Pioneer DJ/AlphaTheta DJM-A9 Mixer (stable-fixes).
- ALSA: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes).
- ALSA: usb-audio: Add input value sanity checks for standard types (stable-fixes).
- ALSA: usb-audio: Add logitech Audio profile quirk (stable-fixes).
- ALSA: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes).
- ALSA: usb-audio: Add quirk for HP 320 FHD Webcam (bsc#1232768).
- ALSA: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).
- ALSA: usb-audio: Define macros for quirk table entries (stable-fixes).
- ALSA: usb-audio: Fix Yamaha P-125 Quirk Entry (stable-fixes).
- ALSA: usb-audio: Fix a DMA to stack memory bug (git-fixes).
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (stable-fixes).
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (git-fixes).
- ALSA: usb-audio: Make mic volume workarounds globally applicable (stable-fixes).
- ALSA: usb-audio: Replace complex quirk lines with macros (stable-fixes).
- ALSA: usb-audio: Use snprintf instead of sprintf in build_mixer_unit_ctl (stable-fixes).
- ALSA: usb-audio: add mixer mapping for Corsair HS80 (stable-fixes).
- ALSA: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes).
- ASoC: Intel: avs: da7219: Remove suspend_pre() and resume_post() (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet (stable-fixes).
- ASoC: Intel: bytcr_rt5640: Add support for non ACPI instantiated codec (stable-fixes).
- ASoC: Intel: sst: Fix used of uninitialized ctx to log an error (git-fixes).
- ASoC: Intel: sst: Support LPE0F28 ACPI HID (stable-fixes).
- ASoC: SOF: Add i2s bt dai configuration support for AMD platforms (bsc#1233305).
- ASoC: SOF: Add support for configuring PDM interface from topology (bsc#1233305).
- ASoC: SOF: Deprecate invalid enums in IPC3 (bsc#1233305).
- ASoC: SOF: IPC4: get pipeline priority from topology (bsc#1233305).
- ASoC: SOF: IPC4: synchronize fw_config_params with fw definitions (bsc#1233305).
- ASoC: SOF: Refactor sof_i2s_tokens reading to update acpbt dai (bsc#1233305).
- ASoC: SOF: Rename amd_bt sof_dai_type (bsc#1233305).
- ASoC: SOF: Wire up buffer flags (bsc#1233305).
- ASoC: SOF: add alignment for topology header file struct definition (bsc#1233305).
- ASoC: SOF: align topology header file with sof topology header (bsc#1233305).
- ASoC: SOF: ipc3-topology: Convert the topology pin index to ALH dai index (git-fixes).
- ASoC: SOF: ipc3-topology: fix resource leaks in sof_ipc3_widget_setup_comp_dai() (git-fixes).
- ASoC: SOF: ipc4-control: Add support for ALSA enum control (bsc#1233305).
- ASoC: SOF: ipc4-control: Add support for ALSA switch control (bsc#1233305).
- ASoC: SOF: ipc4-mtrace: move debug slot related definitions to header.h (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add deep buffer size to debug prints (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add definition for generic switch/enum control (bsc#1233305).
- ASoC: SOF: ipc4-topology: Add module ID print during module set up (bsc#1233305).
- ASoC: SOF: ipc4-topology: Helper to find an swidget by module/instance id (bsc#1233305).
- ASoC: SOF: ipc4-topology: Only handle dai_config with HW_PARAMS for ChainDMA (bsc#1233305).
- ASoC: SOF: ipc4-topology: change chain_dma handling in dai_config (bsc#1233305).
- ASoC: SOF: ipc4-topology: export sof_ipc4_copier_is_single_format (bsc#1233305).
- ASoC: SOF: ipc4-topology: set config_length based on device_count (bsc#1233305).
- ASoC: SOF: ipc4: Add data struct for module notification message from firmware (bsc#1233305).
- ASoC: SOF: ipc4: Add new message type: SOF_IPC4_GLB_LOAD_LIBRARY_PREPARE (bsc#1233305).
- ASoC: SOF: sof-client-probes-ipc4: Set param_size extension bits (git-fixes).
- ASoC: SOF: topology: Parse DAI type token for dspless mode (bsc#1233305).
- ASoC: SOF: topology: dynamically allocate and store DAI widget->private (bsc#1233305).
- ASoC: amd: yc: Add quirk for ASUS Vivobook S15 M3502RA (stable-fixes).
- ASoC: amd: yc: Add quirk for HP Dragonfly pro one (stable-fixes).
- ASoC: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes).
- ASoC: amd: yc: Fix non-functional mic on ASUS E1404FA (stable-fixes).
- ASoC: amd: yc: Support dmic on another model of Lenovo Thinkpad E14 Gen 6 (stable-fixes).
- ASoC: amd: yc: fix internal mic on Xiaomi Book Pro 14 2022 (stable-fixes).
- ASoC: atmel: mchp-pdmc: Skip ALSA restoration if substream runtime is uninitialized (git-fixes).
- ASoC: audio-graph-card2: Purge absent supplies for device tree nodes (stable-fixes).
- ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes).
- ASoC: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).
- ASoC: codecs: rt5640: Always disable IRQs from rt5640_cancel_work() (stable-fixes).
- ASoC: codecs: wsa883x: Handle reading version failure (stable-fixes).
- ASoC: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes).
- ASoC: dapm: fix bounds checker error in dapm_widget_list_create (git-fixes).
- ASoC: fsl_micfil: Add sample rate constraint (stable-fixes).
- ASoC: fsl_micfil: fix regmap_write_bits usage (git-fixes).
- ASoC: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes).
- ASoC: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes).
- ASoC: max98388: Fix missing increment of variable slot_found (git-fixes).
- ASoC: mediatek: mt8188-mt6359: Remove hardcoded dmic codec (git-fixes).
- ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- ASoC: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes).
- ASoC: rt722-sdca: Remove logically deadcode in rt722-sdca.c (git-fixes).
- ASoC: rt722-sdca: increase clk_stop_timeout to fix clock stop issue (stable-fixes).
- ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes).
- ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() (stable-fixes).
- ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() (stable-fixes).
- ASoC: tas2781: Add new driver version for tas2563 & tas2781 qfn chip (stable-fixes).
- ASoC: tas2781: Use of_property_read_reg() (stable-fixes).
- Bluetooth: Call iso_exit() on module unload (git-fixes).
- Bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes).
- Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes).
- Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes).
- Bluetooth: Remove debugfs directory on module init failure (git-fixes).
- Bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes).
- Bluetooth: btintel: Direct exception event to bluetooth stack (git-fixes).
- Bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test (bsc#1230557)
- Bluetooth: btusb: Add Realtek RTL8852C support ID 0x0489:0xe122 (stable-fixes).
- Bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes).
- Bluetooth: fix use-after-free in device_for_each_child() (git-fixes).
- Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes).
- Bluetooth: hci_core: Fix calling mgmt_device_connected (git-fixes).
- Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes).
- HID: Ignore battery for all ELAN I2C-HID devices (stable-fixes).
- HID: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes).
- HID: core: zero-initialize the report buffer (git-fixes).
- HID: i2c-hid: Remove I2C_HID_QUIRK_SET_PWR_WAKEUP_DEV quirk (stable-fixes).
- HID: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes).
- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes).
- HID: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes).
- HID: multitouch: Add support for B2402FVA track point (stable-fixes).
- HID: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes).
- HID: multitouch: Add support for lenovo Y9000P Touchpad (stable-fixes).
- HID: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes).
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes).
- HID: wacom: fix when get product name maybe null pointer (git-fixes).
- Input: adp5589-keys - fix NULL pointer dereference (git-fixes).
- Input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).
- Input: edt-ft5x06 - fix regmap leak when probe fails (git-fixes).
- Input: hideep - add missing dependency on REGMAP_I2C (git-fixes).
- Input: hycon-hy46xx - add missing dependency on REGMAP_I2C (git-fixes).
- Input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (stable-fixes).
- Input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (stable-fixes).
- Input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (stable-fixes).
- Input: xpad - add GameSir T4 Kaleid Controller support (git-fixes).
- Input: xpad - add GameSir VID for Xbox One controllers (git-fixes).
- Input: xpad - add support for 8BitDo Ultimate 2C Wireless Controller (git-fixes).
- Input: xpad - add support for MSI Claw A1M (git-fixes).
- Input: xpad - add support for Machenike G5 Pro Controller (git-fixes).
- Input: xpad - fix support for some third-party controllers (git-fixes).
- Input: xpad - sort xpad_device by vendor and product ID (git-fixes).
- Input: xpad - spelling fixes for 'Xbox' (git-fixes).
- KVM: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes).
- KVM: PPC: Book3S HV: Avoid returning to nested hypervisor on pending doorbells (bsc#1215199).
- KVM: PPC: Book3S HV: Stop using vc->dpdes for nested KVM guests (bsc#1215199).
- KVM: PPC: Book3S HV: remove unused varible (bsc#1194869).
- KVM: SEV-ES: Fix svm_get_msr()/svm_set_msr() for KVM_SEV_ES_INIT guests (bsc#1232207).
- KVM: SEV-ES: Prevent MSR access post VMSA encryption (bsc#1232207).
- KVM: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes).
- KVM: Use dedicated mutex to protect kvm_usage_count to avoid deadlock (git-fixes).
- KVM: VMX: Also clear SGX EDECCSSA in KVM CPU caps when SGX is disabled (git-fixes).
- KVM: VMX: Set PFERR_GUEST_{FINAL,PAGE}_MASK if and only if the GVA is valid (git-fixes).
- KVM: Write the per-page 'segment' when clearing (part of) a guest page (git-fixes).
- KVM: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232626).
- KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231276).
- KVM: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232623).
- KVM: x86/mmu: Skip emulation on page fault iff 1+ SPs were unprotected (git-fixes).
- KVM: x86/mmu: Trigger unprotect logic only on write-protection page faults (git-fixes).
- KVM: x86: Dedup fastpath MSR post-handling logic (git-fixes).
- KVM: x86: Enforce x2APIC's must-be-zero reserved ICR bits (git-fixes).
- KVM: x86: Exit to userspace if fastpath triggers one on instruction skip (git-fixes).
- KVM: x86: Move x2APIC ICR helper above kvm_apic_write_nodecode() (git-fixes).
- KVM: x86: Re-enter guest if WRMSR(X2APIC_ICR) fastpath is successful (git-fixes).
- KVM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).
- NFS: Avoid unnecessary rescanning of the per-server delegation list (git-fixes).
- NFS: remove revoked delegation from server's delegation list (git-fixes).
- NFSD: Fix NFSv4's PUTPUBFH operation (git-fixes).
- NFSD: Mark filecache 'down' if init fails (git-fixes).
- NFSv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- NFSv4: Fix clearing of layout segments in layoutreturn (git-fixes).
- PCI: Add ACS quirk for Qualcomm SA8775P (stable-fixes).
- PCI: Add T_PVPERL macro (git-fixes).
- PCI: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes).
- PCI: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019).
- PCI: Fix reset_method_store() memory leak (git-fixes).
- PCI: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes).
- PCI: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes).
- PCI: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes).
- PCI: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes).
- PCI: keystone: Set mode as Root Complex for 'ti,keystone-pcie' compatible (git-fixes).
- PCI: rockchip-ep: Fix address translation unit programming (git-fixes).
- RAS/AMD/ATL: Add amd_atl pr_fmt() prefix (jsc#PED-10559).
- RAS/AMD/ATL: Expand helpers for adding and removing base and hole (jsc#PED-10559).
- RAS/AMD/ATL: Implement DF 4.5 NP2 denormalization (jsc#PED-10559).
- RAS/AMD/ATL: Read DRAM hole base early (jsc#PED-10559).
- RAS/AMD/ATL: Validate address map when information is gathered (jsc#PED-10559).
- RDMA/bnxt_re: Add a check for memory allocation (git-fixes)
- RDMA/bnxt_re: Avoid CPU lockups due fifo occupancy check loop (git-fixes)
- RDMA/bnxt_re: Change the sequence of updating the CQ toggle value (git-fixes)
- RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)
- RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)
- RDMA/bnxt_re: Fix a possible memory leak (git-fixes)
- RDMA/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)
- RDMA/bnxt_re: Fix incorrect dereference of srq in async event (git-fixes)
- RDMA/bnxt_re: Fix out of bound check (git-fixes)
- RDMA/bnxt_re: Fix the GID table length (git-fixes)
- RDMA/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)
- RDMA/bnxt_re: Fix the usage of control path spin locks (git-fixes)
- RDMA/bnxt_re: Return more meaningful error (git-fixes)
- RDMA/bnxt_re: synchronize the qp-handle table array (git-fixes)
- RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes)
- RDMA/cxgb4: Dump vendor specific QP details (git-fixes)
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)
- RDMA/hns: Add mutex_destroy() (git-fixes)
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)
- RDMA/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)
- RDMA/hns: Fix cpu stuck caused by printings during reset (git-fixes)
- RDMA/hns: Fix different dgids mapping to the same dip_idx (git-fixes)
- RDMA/hns: Fix flush cqe error when racing with destroy qp (git-fixes)
- RDMA/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)
- RDMA/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)
- RDMA/hns: Use macro instead of magic number (git-fixes)
- RDMA/irdma: Fix misspelling of 'accept*' (git-fixes)
- RDMA/mad: Improve handling of timed out WRs of mad agent (git-fixes)
- RDMA/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes).
- RDMA/mana_ib: use the correct page table index based on hardware page size (git-fixes).
- RDMA/mlx5: Enforce umem boundaries for explicit ODP page faults (git-fixes)
- RDMA/mlx5: Move events notifier registration to be after device registration (git-fixes)
- RDMA/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)
- RDMA/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes).
- RDMA/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)
- RDMA/rxe: Fix the qp flush warnings in req (git-fixes)
- RDMA/rxe: Set queue pair cur_qp_state when being queried (git-fixes)
- RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES (git-fixes)
- RDMA/srpt: Make slab cache names unique (git-fixes)
- Revert 'ALSA: hda/conexant: Mute speakers at suspend / shutdown' (bsc#1228269).
- Revert 'ALSA: hda: Conditionally use snooping for AMD HDMI' (stable-fixes).
- Revert 'KEYS: encrypted: Add check for strsep' (git-fixes).
- Revert 'KVM: PPC: Book3S HV Nested: Stop forwarding all HFUs to L1' (bsc#1215199).
- Revert 'RDMA/core: Fix ENODEV error for iWARP test over vlan' (git-fixes)
- Revert 'cgroup: Fix memory leak caused by missing cgroup_bpf_offline' (bsc#1234108).
- Revert 'cpufreq: brcmstb-avs-cpufreq: Fix initial command check' (stable-fixes).
- Revert 'driver core: Fix uevent_show() vs driver detach race' (git-fixes).
- Revert 'ixgbe: Manual AN-37 for troublesome link partners for X550 SFI' (git-fixes).
- Revert 'mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K' (git-fixes).
- Revert 'ubifs: ubifs_symlink: Fix memleak of inode->i_link in error path' (git-fixes).
- Revert 'usb: gadget: composite: fix OS descriptors w_value logic' (git-fixes).
- Revert 'wifi: iwlwifi: remove retry loops in start' (git-fixes).
- SUNRPC: Fix integer overflow in decode_rc_list() (git-fixes).
- SUNRPC: Fixup gss_status tracepoint error output (git-fixes).
- SUNRPC: Remove BUG_ON call sites (git-fixes).
- SUNRPC: clnt.c: Remove misleading comment (git-fixes).
- USB: appledisplay: close race between probe and completion handler (git-fixes).
- USB: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes).
- USB: chaoskey: fail open after removal (git-fixes).
- USB: gadget: dummy-hcd: Fix 'task hung' problem (git-fixes).
- USB: misc: cypress_cy7c63: check for short transfer (git-fixes).
- USB: misc: yurex: fix race between read and write (git-fixes).
- USB: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes).
- USB: serial: io_edgeport: fix use after free in debug printk (git-fixes).
- USB: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes).
- USB: serial: option: add Quectel RG650V (stable-fixes).
- USB: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes).
- USB: serial: option: add support for Quectel EG916Q-GL (stable-fixes).
- USB: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes).
- accel/qaic: Fix the for loop used to walk SG table (git-fixes).
- accel: Use XArray instead of IDR for minors (jsc#PED-11580).
- acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() (git-fixes).
- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).
- aes-gcm-p10: Use the correct bit to test for P10 (bsc#1232704).
- amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes).
- apparmor: fix 'Do simple duplicate message elimination' (git-fixes).
- apparmor: test: Fix memory leak for aa_unpack_strdup() (git-fixes).
- apparmor: use kvfree_sensitive to free data->data (git-fixes).
- arm64: Subscribe Microsoft Azure Cobalt 100 to erratum 3194386 (git-fixes)
- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes)
- arm64: dts: freescale: imx8mm-verdin: Fix SD regulator startup delay (git-fixes)
- arm64: dts: freescale: imx8mp-verdin: Fix SD regulator startup delay (git-fixes)
- arm64: dts: imx8-ss-vpu: Fix imx8qm VPU IRQs (git-fixes)
- arm64: dts: imx8qxp: Add VPU subsystem file (git-fixes)
- arm64: dts: imx93: add nvmem property for eqos (git-fixes)
- arm64: dts: imx93: add nvmem property for fec1 (git-fixes)
- arm64: dts: imx93: add ocotp node (git-fixes)
- arm64: dts: rockchip: Add DTS for FriendlyARM NanoPi R2S Plus (git-fixes)
- arm64: dts: rockchip: Correct GPIO polarity on brcm BT nodes (git-fixes)
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes)
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes)
- arm64: dts: rockchip: Fix bluetooth properties on rk3566 box demo (git-fixes)
- arm64: dts: rockchip: Fix reset-gpios property on brcm BT nodes (git-fixes)
- arm64: dts: rockchip: Fix rt5651 compatible value on (git-fixes)
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-eaidk-610 (git-fixes)
- arm64: dts: rockchip: Fix wakeup prop names on PineNote BT node (git-fixes)
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma (git-fixes)
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes)
- arm64: dts: rockchip: Remove undocumented supports-emmc property (git-fixes)
- arm64: dts: rockchip: fix i2c2 pinctrl-names property on (git-fixes)
- arm64: dts: rockchip: remove num-slots property from (git-fixes)
- arm64: dts: rockchip: remove orphaned pinctrl-names from pinephone (git-fixes)
- arm64: errata: Enable the AC03_CPU_38 workaround for ampere1a (git-fixes).
- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)
- arm64: fix selection of HAVE_DYNAMIC_FTRACE_WITH_ARGS (git-fixes).
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)
- arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes)
- arm64: tegra: Move AGX Orin nodes to correct location (git-fixes)
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)
- ata: libata: Set DID_TIME_OUT for commands that actually timed out (git-fixes).
- ata: libata: avoid superfluous disk spin down + spin up during hibernation (git-fixes).
- audit: do not WARN_ON_ONCE(!current->mm) in audit_exe_compare() (git-fixes).
- audit: do not take task_lock() in audit_exe_compare() code path (git-fixes).
- block: print symbolic error name instead of error code (bsc#1231872).
- block: sed-opal: add ioctl IOC_OPAL_SET_SID_PW (bsc#1229677).
- bnxt_en: Cap the size of HWRM_PORT_PHY_QCFG forwarded response (git-fixes).
- bnxt_en: Fix error recovery for 5760X (P7) chips (git-fixes).
- bnxt_en: Fix the PCI-AER routines (git-fixes).
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes).
- bnxt_en: refactor reset close code (git-fixes).
- bpf, arm64: Fix address emission with tag-based KASAN enabled (git-fixes)
- bpf, arm64: Remove garbage frame for struct_ops trampoline (git-fixes)
- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).
- bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes).
- bpf, sockmap: SK_DROP on attempted redirects of unsupported af_vsock (git-fixes).
- bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes).
- bpf, vsock: Drop static vsock_bpf_prot initialization (git-fixes).
- bpf, x64: Remove tail call detection (git-fixes).
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes).
- bpf: Fail verification for sign-extension of packet data/data_end/data_meta (git-fixes).
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes).
- bpf: Fix error message on kfunc arg type mismatch (git-fixes).
- bpf: Fix helper writes to read-only maps (git-fixes).
- bpf: Fix tailcall cases in test_bpf (git-fixes).
- bpf: Fix truncation bug in coerce_reg_to_size_sx() (git-fixes).
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes).
- bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes).
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes).
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes).
- btf, scripts: rust: drop is_rust_module.sh (bsc#1230414 bsc#1229450).
- btrfs: merge btrfs_orig_bbio_end_io() into btrfs_bio_end_io() (bsc#1233193)
- btrfs: send: fix invalid clone operation for file that got its size decreased (git-fixes).
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes).
- can: c_can: fix {rx,tx}_errors statistics (git-fixes).
- can: dev: can_set_termination(): allow sleeping GPIOs (git-fixes).
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: hi311x: hi3110_can_ist(): fix potential use-after-free (git-fixes).
- can: hi311x: hi3110_can_ist(): fix {rx,tx}_errors statistics (git-fixes).
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: j1939: j1939_session_new(): fix skb reference counting (git-fixes).
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: mcp251xfd: mcp251xfd_get_tef_len(): fix length calculation (git-fixes).
- can: mcp251xfd: mcp251xfd_get_tef_len(): work around erratum DS80000789E 6 (git-fixes).
- can: mcp251xfd: mcp251xfd_ring_alloc(): fix coalescing configuration when switching CAN modes (git-fixes).
- can: netlink: avoid call to do_set_data_bittiming callback with stale can_priv::ctrlmode (stable-fixes).
- can: sja1000: sja1000_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes).
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes).
- ceph: fix cap ref leak via netfs init_request (bsc#1231384).
- cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108).
- clk: bcm: bcm53573: fix OF node leak in init (stable-fixes).
- clk: clk-apple-nco: Add NULL check in applnco_probe (git-fixes).
- clk: clk-axi-clkgen: make sure to enable the AXI bus clock (git-fixes).
- clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (stable-fixes).
- clk: imx: clk-scu: fix clk enable state save and restore (git-fixes).
- clk: imx: fracn-gppll: correct PLL initialization flow (git-fixes).
- clk: imx: fracn-gppll: fix pll power up (git-fixes).
- clk: imx: lpcg-scu: SW workaround for errata (e10858) (git-fixes).
- clk: qcom: clk-alpha-pll: drop lucid-evo pll enabled warning (git-fixes).
- clk: qcom: clk-alpha-pll: fix lucid 5lpe pll enabled check (git-fixes).
- clk: qcom: gcc-qcs404: fix initial rate of GPLL3 (git-fixes).
- clk: renesas: rzg2l: Fix FOUTPOSTDIV clk (git-fixes).
- clk: sunxi-ng: d1: Fix PLL_AUDIO0 preset (git-fixes).
- comedi: Flush partial mappings in error case (git-fixes).
- comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes).
- config: Disable LAM on x86 (bsc#1217845).
- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes).
- cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() (git-fixes).
- cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() (git-fixes).
- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_cost() (git-fixes).
- cpufreq: CPPC: Fix wrong return value in cppc_get_cpu_power() (git-fixes).
- cpufreq: loongson2: Unregister platform_driver on failure (git-fixes).
- cpufreq: mediatek-hw: Fix wrong return value in mtk_cpufreq_get_cpu_power() (git-fixes).
- crypto: aes-gcm-p10 - Use the correct bit to test for P10 (bsc#1232704).
- crypto: api - Fix liveliness check in crypto_alg_tested (stable-fixes).
- crypto: bcm - add error check in the ahash_hmac_init function (git-fixes).
- crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes).
- crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes).
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes).
- crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes).
- crypto: hisilicon/qm - flush all work before driver removed (bsc#1232075)
- crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes).
- crypto: octeontx - Fix authenc setkey (stable-fixes).
- crypto: octeontx* - Select CRYPTO_AUTHENC (git-fixes).
- crypto: octeontx2 - Fix authenc setkey (stable-fixes).
- crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (git-fixes).
- crypto: powerpc/p10-aes-gcm - Add dependency on CRYPTO_SIMD and re-enable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Disable CRYPTO_AES_GCM_P10 (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Re-write AES/GCM stitched implementation (bsc#1230501 ltc#208632).
- crypto: powerpc/p10-aes-gcm - Register modules as SIMD (bsc#1230501 ltc#208632).
- crypto: qat - remove check after debugfs_create_dir() (git-fixes).
- crypto: qat - remove faulty arbiter config reset (git-fixes).
- crypto: qat/qat_4xxx - fix off by one in uof_get_name() (git-fixes).
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes).
- cxgb4: Properly lock TX queue for the selftest (git-fixes).
- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).
- cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes).
- cxl: downgrade a warning message to debug level in cxl_probe_component_regs() (bsc#1229165).
- dcache: keep dentry_hashtable or d_hash_shift even when not used (git-fixes).
- debugfs: fix automount d_fsdata usage (git-fixes).
- devlink: Fix command annotation documentation (git-fixes).
- dma-fence: Fix reference leak on fence merge failure path (git-fixes).
- dma-fence: Use kernel's sort for merging fences (git-fixes).
- dmaengine: sh: rz-dmac: handle configs where one address is zero (git-fixes).
- dmaengine: ti: k3-udma: Set EOP for all TRs in cyclic BCDMA transfer (git-fixes).
- doc: rcu: update printed dynticks counter bits (git-fixes).
- driver core: bus: Fix double free in driver API bus_register() (stable-fixes).
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes).
- drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() (git-fixes).
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes).
- drm/amd/display: Add HDMI DSC native YCbCr422 support (stable-fixes).
- drm/amd/display: Add disable timeout option (bsc#1231435)
- drm/amd/display: Adjust VSDB parser for replay feature (stable-fixes).
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944)
- drm/amd/display: Check null pointer before dereferencing se (stable-fixes).
- drm/amd/display: Clean up dsc blocks in accelerated mode (stable-fixes).
- drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (stable-fixes).
- drm/amd/display: Fix brightness level not retained over reboot (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe (git-fixes).
- drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp (git-fixes).
- drm/amd/display: Remove a redundant check in authenticated_dp (stable-fixes).
- drm/amd/display: Revert 'Check HDCP returned status' (stable-fixes).
- drm/amd/display: Round calculated vtotal (stable-fixes).
- drm/amd/display: Skip to enable dsc if it has been off (stable-fixes).
- drm/amd/display: Validate backlight caps are sane (stable-fixes).
- drm/amd/pm: Vangogh: Fix kernel memory out of bounds write (git-fixes).
- drm/amd: Add some missing straps from NBIO 7.11.0 (git-fixes).
- drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes).
- drm/amd: Guard against bad data for ATIF ACPI method (git-fixes).
- drm/amdgpu/swsmu: Only force workload setup on init (git-fixes).
- drm/amdgpu/vcn: enable AV1 on both instances (stable-fixes).
- drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes).
- drm/amdgpu: Adjust debugfs register access permissions (stable-fixes).
- drm/amdgpu: Fix DPX valid mode check on GC 9.4.3 (git-fixes).
- drm/amdgpu: Fix JPEG v4.0.3 register write (git-fixes).
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes).
- drm/amdgpu: fix check in gmc_v9_0_get_vm_pte() (git-fixes).
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes).
- drm/amdkfd: Accounting pdd vram_usage for svm (stable-fixes).
- drm/amdkfd: Fix wrong usage of INIT_WORK() (git-fixes).
- drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: it6505: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: tc358767: Fix link properties discovery (git-fixes).
- drm/bridge: tc358768: Fix DSI command tx (git-fixes).
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes).
- drm/etnaviv: hold GPU lock across perfmon sampling (git-fixes).
- drm/i915/gem: fix bitwise and logical AND mixup (git-fixes).
- drm/i915/hdcp: fix connector refcounting (git-fixes).
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/mediatek: Fix child node refcount handling in early exit (git-fixes).
- drm/mediatek: Fix get efuse issue for MT8188 DPTX (git-fixes).
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes).
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes).
- drm/msm/dpu: check for overflow in _dpu_crtc_setup_lm_bounds() (git-fixes).
- drm/msm/dpu: do not always program merge_3d block (git-fixes).
- drm/msm/dpu: drop LM_3 / LM_4 on MSM8998 (git-fixes).
- drm/msm/dpu: drop LM_3 / LM_4 on SDM845 (git-fixes).
- drm/msm/dpu: make sure phys resources are properly initialized (git-fixes).
- drm/msm/dpu: move CRTC resource assignment to dpu_encoder_virt_atomic_check (git-fixes).
- drm/msm/dpu: on SDM845 move DSPP_3 to LM_5 block (git-fixes).
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes).
- drm/msm/dsi: improve/fix dsc pclk calculation (git-fixes).
- drm/msm/gpu: Check the status of registration to PM QoS (git-fixes).
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes).
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes).
- drm/msm: Fix some typos in comment (git-fixes).
- drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() (git-fixes).
- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).
- drm/omap: Fix possible NULL dereference (git-fixes).
- drm/panfrost: Add missing OPP table refcnt decremental (git-fixes).
- drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes).
- drm/radeon: Fix encoder->possible_clones (git-fixes).
- drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes).
- drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes).
- drm/sched: Always wake up correct scheduler in drm_sched_entity_push_job (git-fixes).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- drm/sti: avoid potential dereference of error pointers (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes).
- drm/v3d: Address race-condition in MMU flush (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them (git-fixes).
- drm/v3d: Stop the active perfmon before being destroyed (git-fixes).
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes).
- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_atomic_flush (git-fixes).
- drm/vc4: Match drm_dev_enter and exit calls in vc4_hvs_lut_load (git-fixes).
- drm/vc4: Stop the active perfmon before being destroyed (git-fixes).
- drm/vc4: hdmi: Avoid hang with debug registers when suspended (git-fixes).
- drm/vc4: hvs: Correct logic on stopping an HVS channel (git-fixes).
- drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes).
- drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes).
- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes).
- drm/vkms: Drop unnecessary call to drm_crtc_cleanup() (git-fixes).
- drm/vmwgfx: Handle surface check failure correctly (git-fixes).
- drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes).
- drm: Expand max DRM device number to full MINORBITS (jsc#PED-11580).
- drm: Use XArray instead of IDR for minors (jsc#PED-11580).
- drm: use ATOMIC64_INIT() for atomic64_t (git-fixes).
- drm: xlnx: zynqmp_dpsub: fix hotplug detection (git-fixes).
- drm: zynqmp_kms: Unplug DRM device before removal (git-fixes).
- e1000e: Fix S0ix residency on corporate systems (git-fixes).
- e1000e: Remove Meteor Lake SMBUS workarounds (git-fixes).
- e1000e: change I219 (19) devices to ADP (git-fixes).
- e1000e: fix force smbus during suspend flow (git-fixes).
- e1000e: move force SMBUS near the end of enable_ulp function (git-fixes).
- efi/libstub: Free correct pointer on failure (git-fixes).
- efi/libstub: fix efi_parse_options() ignoring the default command line (git-fixes).
- efi/libstub: zboot.lds: Discard .discard sections (stable-fixes).
- efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465).
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes).
- eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes).
- ext4: do not track ranges in fast_commit if inode has inlined data (bsc#1231635).
- ext4: fix fast commit inode enqueueing during a full journal commit (bsc#1231636).
- ext4: fix incorrect tid assumption in ext4_fc_mark_ineligible() (bsc#1231637).
- ext4: fix possible tid_t sequence overflows (bsc#1231634).
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- ext4: fix unttached inode after power cut with orphan file feature enabled (bsc#1234009).
- ext4: mark fc as ineligible using an handle in ext4_xattr_set() (bsc#1231640).
- ext4: use handle to mark fc as ineligible in __track_dentry_update() (bsc#1231639).
- f2fs: get out of a repeat loop when getting a locked data page (bsc#1234011).
- fat: fix uninitialized variable (git-fixes).
- fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (stable-fixes).
- fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() (git-fixes).
- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).
- fgraph: Change the name of cpuhp state to 'fgraph:online' (git-fixes).
- fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes).
- fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes).
- filemap: remove use of wait bookmarks (bsc#1224088).
- firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (git-fixes).
- firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup() (git-fixes).
- firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (git-fixes).
- firmware: arm_sdei: Fix the input parameter of cpuhp_remove_state() (git-fixes).
- firmware: google: Unregister driver_info on failure (git-fixes).
- firmware_loader: Fix possible resource leak in fw_log_firmware_info() (git-fixes).
- fs/9p: drop inodes immediately on non-.L too (git-fixes).
- fs/9p: fix the cache always being enabled on files with qid flags (git-fixes).
- fs/ntfs3: Add more attributes checks in mi_enum_attr() (bsc#1233207)
- fs/ntfs3: Fixed overflow check in mi_enum_attr() (bsc#1233207)
- fs/ntfs3: Sequential field availability check in mi_enum_attr() (bsc#1233207)
- fs: Fix uninitialized value issue in from_kuid and from_kgid (git-fixes).
- genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes).
- goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes).
- gpio: aspeed: Add the flush write to ensure the write complete (git-fixes).
- gpio: aspeed: Use devm_clk api to manage clock source (git-fixes).
- gpio: davinci: fix lazy disable (git-fixes).
- gpio: exar: set value when external pull-up or pull-down is present (git-fixes).
- gpio: zevio: Add missed label initialisation (git-fixes).
- gve: Fix XDP TX completion handling when counters overflow (git-fixes).
- gve: Fix an edge case for TSO skb validity check (git-fixes).
- gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes).
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes).
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes).
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (adt7470) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (max16065) Fix alarm attributes (git-fixes).
- hwmon: (max16065) Remove use of i2c_match_id() (stable-fixes).
- hwmon: (mc34vr500) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (nct6775) add G15CF to ASUS WMI monitoring list (stable-fixes).
- hwmon: (nct6775-core) Fix overflows seen when writing limit attributes (git-fixes).
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes).
- hwmon: intel-m10-bmc-hwmon: relabel Columbiaville to CVL Die Temperature (git-fixes).
- i2c: core: Setup i2c_adapter runtime-pm before calling device_add() (git-fixes).
- i2c: core: fix lockdep warning for sparsely nested adapter chain (git-fixes).
- i2c: cpm: Remove linux,i2c-index conversion from be32 (git-fixes).
- i2c: designware: do not hold SCL low when I2C_DYNAMIC_TAR_UPDATE is not set (git-fixes).
- i2c: exynos5: Calculate t_scl_l, t_scl_h according to i2c spec (git-fixes).
- i2c: i801: Add lis3lv02d for Dell Precision 3540 (git-fixes).
- i2c: i801: Add lis3lv02d for Dell XPS 15 7590 (git-fixes).
- i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes).
- i2c: i801: add helper i801_restore_regs (git-fixes).
- i2c: ismt: kill transaction in hardware on timeout (git-fixes).
- i2c: ocores: Move system PM hooks to the NOIRQ phase (git-fixes).
- i2c: ocores: Remove #ifdef guards for PM related functions (git-fixes).
- i2c: omap: switch to NOIRQ_SYSTEM_SLEEP_PM_OPS() and RUNTIME_PM_OPS() (git-fixes).
- i2c: omap: wakeup the controller during suspend() callback (git-fixes).
- i2c: rcar: properly format a debug output (git-fixes).
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes).
- i2c: stm32f7: perform most of irq job in threaded handler (git-fixes).
- i2c: synquacer: Deal with optional PCLK correctly (git-fixes).
- i2c: synquacer: Remove a clk reference from struct synquacer_i2c (stable-fixes).
- i2c: xiic: Try re-initialization on bus busy timeout (git-fixes).
- i2c: xiic: improve error message when transfer fails to start (stable-fixes).
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes).
- i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (stable-fixes).
- i3c: master: svc: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- i40e: Fix XDP program unloading while removing the driver (git-fixes).
- i40e: Report MFS in decimal base instead of hex (git-fixes).
- i40e: fix race condition by adding filter's intermediate sync state (git-fixes).
- iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes).
- iavf: Fix TC config comparison with existing adapter TC config (git-fixes).
- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).
- ice: Fix checking for unsupported keys on non-tunnel device (git-fixes).
- ice: Fix lldp packets dropping after changing the number of channels (git-fixes).
- ice: Fix netif_is_ice() in Safe Mode (git-fixes).
- ice: Fix package download algorithm (git-fixes).
- ice: Fix recipe read procedure (git-fixes).
- ice: Fix reset handler (git-fixes).
- ice: Flush FDB entries before reset (git-fixes).
- ice: Interpret .set_channels() input differently (git-fixes).
- ice: Rebuild TC queues on VSI queue reconfiguration (git-fixes).
- ice: Reject pin requests with unsupported flags (git-fixes).
- ice: add flag to distinguish reset from .ndo_bpf in XDP rings config (git-fixes).
- ice: add missing WRITE_ONCE when clearing ice_rx_ring::xdp_prog (git-fixes).
- ice: avoid IRQ collision to fix init failure on ACPI S3 resume (git-fixes).
- ice: clear port vlan config during reset (git-fixes).
- ice: disallow DPLL_PIN_STATE_SELECTABLE for dpll output pins (git-fixes).
- ice: do not bring the VSI up, if it was down before the XDP setup (git-fixes).
- ice: do not busy wait for Rx queue disable in ice_qp_dis() (git-fixes).
- ice: fix 200G PHY types to link speed mapping (git-fixes).
- ice: fix 200G link speed message log (git-fixes).
- ice: fix ICE_LAST_OFFSET formula (git-fixes).
- ice: fix VLAN replay after reset (git-fixes).
- ice: fix VSI lists confusion when adding VLANs (git-fixes).
- ice: fix accounting for filters shared by multiple VSIs (git-fixes).
- ice: fix accounting if a VLAN already exists (git-fixes).
- ice: fix iteration of TLVs in Preserved Fields Area (git-fixes).
- ice: fix page reuse when PAGE_SIZE is over 8k (git-fixes).
- ice: fix reads from NVM Shadow RAM on E830 and E825-C devices (git-fixes).
- ice: fix truesize operations for PAGE_SIZE >= 8192 (git-fixes).
- ice: implement AQ download pkg retry (git-fixes).
- ice: map XDP queues to vectors in ice_vsi_map_rings_to_vectors() (git-fixes).
- ice: remove af_xdp_zc_qps bitmap (git-fixes).
- ice: replace synchronize_rcu with synchronize_net (git-fixes).
- ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes).
- ice: set correct dst VSI in only LAN filters (git-fixes).
- ice: tc: allow zero flags in parsing tc flower (git-fixes).
- ice: tc: check src_vsi in case of traffic from VF (git-fixes).
- ice: use proper macro for testing bit (git-fixes).
- idpf: Interpret .set_channels() input differently (git-fixes).
- idpf: avoid bloating &idpf_q_vector with big %NR_CPUS (git-fixes).
- idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes).
- idpf: do not skip over ethtool tcp-data-split setting (git-fixes).
- idpf: fix UAFs when destroying the queues (git-fixes).
- idpf: fix memleak in vport interrupt configuration (git-fixes).
- idpf: fix memory leaks and crashes while performing a soft reset (git-fixes).
- ieee802154: Fix build error (git-fixes).
- igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes).
- igb: Disable threaded IRQ for igb_msix_other (git-fixes).
- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).
- igc: Fix double reset adapter triggered from a single taprio cmd (git-fixes).
- igc: Fix packet still tx after gate close by reducing i226 MAC retry buffer (git-fixes).
- igc: Fix qbv tx latency by setting gtxoffset (git-fixes).
- igc: Fix qbv_config_change_errors logics (git-fixes).
- igc: Fix reset adapter logics when tx mode change (git-fixes).
- igc: Unlock on error in igc_io_resume() (git-fixes).
- iio: Fix fwnode_handle in __fwnode_iio_channel_get_by_name() (git-fixes).
- iio: accel: bma400: Fix uninitialized variable field_value in tap event handling (git-fixes).
- iio: accel: kx022a: Fix raw read format (git-fixes).
- iio: accel: kx022a: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes).
- iio: adc: ad7606: Fix typo in the driver name (git-fixes).
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes).
- iio: adc: ti-ads124s08: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ti-ads8688: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: adc: ti-lmp92064: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: amplifiers: ada4250: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ad3552r: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: dac: ad5766: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes).
- iio: frequency: adf4377: add missing select REMAP_SPI in Kconfig (git-fixes).
- iio: frequency: admv4420: fix missing select REMAP_SPI in Kconfig (git-fixes).
- iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() (git-fixes).
- iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table() (git-fixes).
- iio: gts: Fix uninitialized symbol 'ret' (git-fixes).
- iio: gts: fix infinite loop for gain_to_scaletables() (git-fixes).
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes).
- iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes).
- iio: light: opt3001: add missing full-scale range value (git-fixes).
- iio: light: veml6030: fix ALS sensor resolution (git-fixes).
- iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes).
- iio: light: veml6030: fix microlux value calculation (git-fixes).
- iio: magnetometer: ak8975: Convert enum->pointer for data in the match tables (stable-fixes).
- iio: magnetometer: ak8975: Fix 'Unexpected device' error (git-fixes).
- iio: magnetometer: ak8975: drop incorrect AK09116 compatible (git-fixes).
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- ima: fix buffer overrun in ima_eventdigest_init_common (git-fixes).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- intel_idle: add Granite Rapids Xeon support (bsc#1231630).
- intel_idle: fix ACPI _CST matching for newer Xeon platforms (bsc#1231630).
- io_uring/eventfd: move to more idiomatic RCU free usage (git-fixes).
- io_uring/io-wq: do not allow pinning outside of cpuset (git-fixes).
- io_uring/io-wq: inherit cpuset of cgroup in io worker (git-fixes).
- io_uring/net: harden multishot termination case for recv (git-fixes).
- io_uring/rw: fix cflags posting for single issue multishot read (git-fixes).
- io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (git-fixes).
- io_uring/rw: treat -EOPNOTSUPP for IOCB_NOWAIT like -EAGAIN (git-fixes).
- io_uring/sqpoll: close race on waiting for sqring entries (git-fixes).
- io_uring/sqpoll: do not allow pinning outside of cpuset (git-fixes).
- io_uring/sqpoll: do not put cpumask on stack (git-fixes).
- io_uring/sqpoll: retain test for whether the CPU is valid (git-fixes).
- io_uring: check for presence of task_work rather than TIF_NOTIFY_SIGNAL (git-fixes).
- iommu/amd: Allocate the page table root using GFP_KERNEL (git-fixes).
- iommu/amd: Do not set the D bit on AMD v2 table entries (git-fixes).
- iommu/amd: Fix typo of , instead of ; (git-fixes).
- iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes).
- iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices (git-fixes).
- iommufd: Check the domain owner of the parent before creating a nesting domain (git-fixes).
- iommufd: Protect against overflow of ALIGN() during iova allocation (git-fixes).
- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes).
- jbd2: Move j_transaction_overhead_buffers into a hole (bsc#1234042).
- jbd2: avoid infinite transaction commit loop (bsc#1234039).
- jbd2: avoid memleak in jbd2_journal_write_metadata_buffer (bsc#1234043).
- jbd2: avoid mount failed when commit block is partial submitted (bsc#1234040).
- jbd2: correct the printing of write_flags in jbd2_write_superblock() (bsc#1234045).
- jbd2: correctly compare tids with tid_geq function in jbd2_fc_begin_commit (bsc#1231638).
- jbd2: fix kernel-doc for j_transaction_overhead_buffers (bsc#1234042).
- jbd2: fix potential data lost in recovering journal raced with synchronizing fs bdev (bsc#1234044).
- jbd2: fix soft lockup in journal_finish_inode_data_buffers() (bsc#1234046).
- jbd2: make jbd2_journal_get_max_txn_bufs() internal (bsc#1234041).
- jbd2: precompute number of transaction descriptor blocks (bsc#1234042).
- jfs: Fix sanity check in dbMount (git-fixes).
- jfs: Fix uaf in dbFreeBits (git-fixes).
- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).
- jfs: check if leafidx greater than num leaves per dmap tree (git-fixes).
- jump_label: Fix static_key_slow_dec() yet again (git-fixes).
- kABI fix of VM: x86: Re-split x2APIC ICR into ICR+ICR2 for AMD (x2AVIC) (git-fixes).
- kABI: Restore exported __arm_smccc_sve_check (git-fixes)
- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).
- kABI: bpf: struct bpf_insn_acces_aux kABI workaround (git-fixes).
- kabi, mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes kabi).
- kasan: Fix Software Tag-Based KASAN with GCC (git-fixes).
- kasan: move checks to do_strncpy_from_user (git-fixes).
- kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450).
- kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450).
- kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450).
- kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450).
- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450).
- kconfig: qconf: fix buffer overflow in debug links (git-fixes).
- kernel-binary: Enable livepatch package only when livepatch is enabled (bsc#1218644).
- kexec_file: fix elfcorehdr digest exclusion when CONFIG_CRASH_HOTPLUG=y (git-fixes).
- keys, dns: Allow key types (eg. DNS) to be reclaimed immediately on expiry (git-fixes).
- keys: Fix overwrite of key expiration on instantiation (git-fixes).
- kthread: unpark only parked kthread (git-fixes).
- leds: lp55xx: Remove redundant test for invalid channel number (git-fixes).
- lib/xarray: introduce a new helper xas_get_order (bsc#1231617).
- lib: string_helpers: silence snprintf() output truncation warning (git-fixes).
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes).
- macsec: do not increment counters for an unrelated SA (git-fixes).
- mailbox: arm_mhuv2: clean up loop in get_irq_chan_comb() (git-fixes).
- maple_tree: correct tree corruption on spanning store (git-fixes).
- maple_tree: fix alloc node fail issue (git-fixes).
- maple_tree: refine mas_store_root() on storing NULL (git-fixes).
- media: adv7604: prevent underflow condition when reporting colorspace (git-fixes).
- media: amphion: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: amphion: Set video drvdata before register video device (git-fixes).
- media: ar0521: do not overflow when checking PLL values (git-fixes).
- media: atomisp: Add check for rgby_data memory allocation failure (git-fixes).
- media: bttv: use audio defaults for winfast2000 (git-fixes).
- media: core: v4l2-ioctl: check if ioctl is known to avoid NULL name (git-fixes).
- media: cx24116: prevent overflows on SNR calculus (git-fixes).
- media: dvb_frontend: do not play tricks with underflow values (git-fixes).
- media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set (stable-fixes).
- media: dvbdev: prevent the risk of out of memory access (git-fixes).
- media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() (git-fixes).
- media: i2c: dw9768: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: i2c: imx335: Enable regulator supplies (stable-fixes).
- media: i2c: tc358743: Fix crash in the probe error path when using polling (git-fixes).
- media: imx-jpeg: Ensure power suppliers be suspended before detach them (git-fixes).
- media: imx-jpeg: Set video drvdata before register video device (git-fixes).
- media: imx335: Fix reset-gpio handling (git-fixes).
- media: mantis: remove orphan mantis_core.h (git-fixes).
- media: mtk-jpeg: Fix null-ptr-deref during unload module (git-fixes).
- media: pci: ipu3-cio2: Initialise timing struct to avoid a compiler warning (git-fixes).
- media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() (git-fixes).
- media: platform: exynos4-is: Fix an OF node reference leak in fimc_md_is_isp_available (git-fixes).
- media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes).
- media: s5p-jpeg: prevent buffer overflows (git-fixes).
- media: stb0899_algo: initialize cfr before using it (git-fixes).
- media: ts2020: fix null-ptr-deref in ts2020_probe() (git-fixes).
- media: uvcvideo: Require entities to have a non-zero unique ID (git-fixes).
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (git-fixes).
- media: uvcvideo: Stop stream during unregister (git-fixes).
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes).
- media: v4l2-tpg: prevent the risk of a division by zero (git-fixes).
- media: vb2: Fix comment (git-fixes).
- media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes).
- media: videobuf2: fix typo: vb2_dbuf -> vb2_qbuf (git-fixes).
- media: wl128x: Fix atomicity violation in fmc_send_cmd() (git-fixes).
- mei: use kvmalloc for read buffer (git-fixes).
- mfd: intel_soc_pmic_chtwc: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes).
- mfd: rt5033: Fix missing regmap_del_irq_chip() (git-fixes).
- mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race (git-fixes).
- minmax: avoid overly complex min()/max() macro arguments in xen (git-fixes).
- minmax: scsi: fix mis-use of 'clamp()' in sr.c (git-fixes).
- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).
- mlx5: avoid truncating error message (git-fixes).
- mlx5: stop warning for 64KB pages (git-fixes).
- mlxbf_gige: disable RX filters until RX path initialized (git-fixes).
- mm/filemap: optimize filemap folio adding (bsc#1231617).
- mm/filemap: return early if failed to allocate memory for split (bsc#1231617).
- mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012).
- mm: avoid unsafe VMA hook invocation when error arises on mmap hook (git-fixes).
- mm: khugepaged: fix the arguments order in khugepaged_collapse_file trace point (git-fixes).
- mm: mmap: no need to call khugepaged_enter_vma() for stack (jsc#PED-10978).
- mm: move dummy_vm_ops out of a header (git-fixes prerequisity).
- mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling (git-fixes).
- mm: refactor map_deny_write_exec() (git-fixes).
- mm: resolve faulty mmap_region() error path behaviour (git-fixes).
- mm: unconditionally close VMAs on error (git-fixes).
- mmc: core: Further prevent card detect during shutdown (git-fixes).
- mmc: mmc_spi: drop buggy snprintf() (git-fixes).
- mmc: sunxi-mmc: Fix A100 compatible description (git-fixes).
- modpost: fix acpi MODULE_DEVICE_TABLE built with mismatched endianness (git-fixes).
- modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host (git-fixes).
- modpost: remove incorrect code in do_eisa_entry() (git-fixes).
- module: abort module loading when sysfs setup suffer errors (git-fixes).
- mtd: rawnand: atmel: Fix possible memory leak (git-fixes).
- mtd: spi-nor: core: replace dummy buswidth from addr to data (git-fixes).
- nbd: fix race between timeout and normal completion (bsc#1230918).
- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes).
- net/mlx5: Added cond_resched() to crdump collection (git-fixes).
- net/mlx5: Check capability for fw_reset (git-fixes).
- net/mlx5: Check for invalid vector index on EQ creation (git-fixes).
- net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes).
- net/mlx5: Fix command bitmask initialization (git-fixes).
- net/mlx5: Fix error handling in irq_pool_request_irq (git-fixes).
- net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes).
- net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes).
- net/mlx5: Stop waiting for PCI if pci channel is offline (git-fixes).
- net/mlx5: Unregister notifier on eswitch init failure (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes).
- net/mlx5e: Add missing link mode to ptys2ext_ethtool_map (git-fixes).
- net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes).
- net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes).
- net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes).
- net/mlx5e: Do not call cleanup on profile rollback failure (git-fixes).
- net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes).
- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).
- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes).
- net/mlx5e: Require mlx5 tc classifier action support for IPsec prio capability (git-fixes).
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes).
- net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891).
- net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289).
- net: mdio-ipq4019: add missing error check (git-fixes).
- net: phy: Remove LED entry from LEDs list on unregister (git-fixes).
- net: phy: bcm84881: Fix some error handling paths (git-fixes).
- net: phy: dp83822: Fix reset pin definitions (git-fixes).
- net: phy: dp83869: fix memory corruption when enabling fiber (git-fixes).
- net: phy: ti: add PHY_RST_AFTER_CLK_EN flag (git-fixes).
- net: qede: sanitize 'rc' in qede_add_tc_flower_fltr() (git-fixes).
- net: qede: use return from qede_parse_actions() (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes).
- net: qede: use return from qede_parse_flow_attr() for flower (git-fixes).
- net: relax socket state check at accept time (git-fixes).
- net: stmmac: dwmac-tegra: Fix link bring-up sequence (git-fixes)
- net: sysfs: Fix /sys/class/net/<iface> path for statistics (git-fixes).
- net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes).
- net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (git-fixes).
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes).
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes).
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes).
- net: usb: usbnet: fix name regression (get-fixes).
- net: usb: usbnet: fix race in probe failure (git-fixes).
- net: wwan: fix global oob in wwan_rtnl_policy (git-fixes).
- net: wwan: t7xx: Fix off-by-one error in t7xx_dpmaif_rx_buf_alloc() (git-fixes).
- net: xfrm: preserve kabi for xfrm_state (bsc#1233754).
- netdevsim: copy addresses for both in and out paths (git-fixes).
- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes).
- netfilter: nf_tables: missing iterator type in lookup walk (git-fixes).
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).
- nfs: avoid i_lock contention in nfs_clear_invalid_mapping (git-fixes).
- nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes).
- nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes).
- nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net (git-fixes).
- nfsd: enable NFSv2 caused by upstream commit (bsc#1230914).
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).
- nfsd: fix refcount leak when file is unhashed after being found (git-fixes).
- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes).
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234121).
- nfsd: return -EINVAL when namelen is 0 (git-fixes).
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes).
- nilfs2: fix potential deadlock with newly created symlinks (git-fixes).
- nouveau/dmem: Fix privileged error in copy engine channel (git-fixes).
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes).
- nouveau/dp: handle retries for AUX CH transfers with GSP (git-fixes).
- nouveau/gsp: Avoid addressing beyond end of rpc->entries (stable-fixes).
- nouveau: fw: sync dma after setup is called (git-fixes).
- nouveau: handle EBUSY and EAGAIN for GSP aux errors (git-fixes).
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- ntfs3: Add bounds checking to mi_enum_attr() (bsc#1233207)
- nvme-fabrics: fix kernel crash while shutting down controller (git-fixes).
- nvme-loop: flush off pending I/O while shutting down loop controller (git-fixes).
- nvme-multipath: suppress partition scan until the disk is ready (bsc#1228244).
- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).
- nvme-pci: fix race condition between reset and nvme_dev_disable() (git-fixes).
- nvme-pci: qdepth 1 quirk (git-fixes).
- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).
- nvme-pci: set doorbell config before unquiescing (git-fixes).
- nvme/host: Fix RCU list traversal to use SRCU primitive (git-fixes).
- nvme: disable CC.CRIME (NVME_CC_CRIME) (jsc#PED-9901).
- nvme: null terminate nvme_tls_attrs (git-fixes).
- nvme: re-fix error-handling for io_uring nvme-passthrough (git-fixes).
- nvme: tcp: avoid race between queue_lock lock and destroy (git-fixes).
- nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes).
- ocfs2: fix UBSAN warning in ocfs2_verify_volume() (git-fixes).
- ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes).
- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes).
- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes).
- ocfs2: uncache inode which has failed entering the group (git-fixes).
- of: Add cleanup.h based auto release via __free(device_node) markings (bsc#1232386)
- parport: Proper fix for array out-of-bounds access (git-fixes).
- phy: freescale: imx8m-pcie: Do CMN_RST just before PHY PLL lock check (git-fixes).
- phy: qcom: qmp-combo: move driver data initialisation earlier (git-fixes).
- phy: qcom: qmp-usb: fix NULL-deref on runtime suspend (git-fixes).
- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).
- phy: ti: phy-j721e-wiz: fix usxgmii configuration (git-fixes).
- pinctrl: apple: check devm_kasprintf() returned value (git-fixes).
- pinctrl: k210: Undef K210_PC_DEFAULT (git-fixes).
- pinctrl: ocelot: fix system hang on level based interrupts (stable-fixes).
- pinctrl: qcom: spmi: fix debugfs drive strength (git-fixes).
- pinctrl: zynqmp: drop excess struct member description (git-fixes).
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes).
- platform/x86/amd/pmc: Detect when STB is not available (git-fixes).
- platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (git-fixes).
- platform/x86: dell-sysman: add support for alienware products (stable-fixes).
- platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes).
- platform/x86: lenovo-ymc: Ignore the 0x0 state (stable-fixes).
- platform/x86: panasonic-laptop: Return errno correctly in show callback (git-fixes).
- platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes).
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098).
- power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes).
- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).
- power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes).
- power: supply: rt9471: Fix wrong WDT function regfield declaration (git-fixes).
- power: supply: rt9471: Use IC status regfield to report real charger status (git-fixes).
- powercap: intel_rapl: Fix off by one in get_rpi() (git-fixes).
- powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869).
- powerpc/64s: Fix unnecessary copy to 0 when kernel is booted at address 0 (bsc#1215199).
- powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869).
- powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869).
- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).
- powerpc/code-patching: Add generic memory patching (bsc#1194869).
- powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869).
- powerpc/crypto: do not build aes-gcm-p10 by default (bsc#1230501 ltc#208632).
- powerpc/crypto: fix missing skcipher dependency for aes-gcm-p10 (bsc#1230501 ltc#208632).
- powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() (bsc#1215199).
- powerpc/fadump: Refactor and prepare fadump_cma_init for late init (bsc#1215199).
- powerpc/kexec: Fix return of uninitialized variable (bsc#1194869).
- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).
- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).
- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869).
- powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869).
- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869).
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869).
- powerpc/pseries: Use correct data types from pseries_hp_errorlog struct (bsc#1215199).
- powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869).
- powerpc/vdso: Inconditionally use CFUNC macro (bsc#1215199).
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869).
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- printk: Add notation to console_srcu locking (bsc#1232183).
- pwm: imx-tpm: Use correct MODULO value for EPWM mode (git-fixes).
- qed: avoid truncating work queue length (git-fixes).
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631).
- rcu: Fix buffer overflow in print_cpu_stall_info() (bsc#1226623).
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- regmap: irq: Set lockdep class for hierarchical IRQ domains (git-fixes).
- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK.
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation (bsc#1218644).
- rpmsg: glink: Handle rejected intent request better (git-fixes).
- rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes).
- rtc: abx80x: Fix WDT bit position of the status register (git-fixes).
- rtc: bbnsm: add remove hook (git-fixes).
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes).
- rtc: rzn1: fix BCD to rtc_time conversion errors (git-fixes).
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- runtime constants: add default dummy infrastructure (git-fixes).
- runtime constants: add x86 architecture support (git-fixes).
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747).
- s390/pci: Handle PCI error codes other than 0x3a (git-fixes bsc#1232629).
- s390/sclp: Deactivate sclp after all its users (git-fixes bsc#1232628).
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232627).
- scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes).
- scsi: NCR5380: Initialize buffer for MSG IN and STATUS transfers (git-fixes).
- scsi: Remove scsi device no_start_on_resume flag (git-fixes).
- scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes).
- scsi: cdrom: kABI: fix cdrom_dev_ops change (git-fixes).
- scsi: core: Disable CDL by default (git-fixes).
- scsi: core: Fix handling of SCMD_FAIL_IF_RECOVERING (git-fixes).
- scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes).
- scsi: core: Handle devices which return an unusually large VPD page count (git-fixes).
- scsi: core: alua: I/O errors for ALUA state transitions (git-fixes).
- scsi: fnic: Move flush_work initialization out of if block (bsc#1230055).
- scsi: hisi_sas: Handle the NCQ error returned by D2H frame (git-fixes).
- scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes).
- scsi: kABI: restore no_start_on_resume to scsi_device (git-fixes).
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes).
- scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes).
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757).
- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757).
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757).
- scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Remove trailing space after \n newline (bsc#1232757).
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (bsc#1232757 bsc#1228119).
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757).
- scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241 jsc#PED-9943).
- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757).
- scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes).
- scsi: mac_scsi: Refactor polling loop (git-fixes).
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes).
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (git-fixes).
- scsi: mpi3mr: Avoid possible run-time warning with long manufacturer strings (git-fixes).
- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).
- scsi: mpi3mr: Validate SAS port assignments (git-fixes).
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: pm8001: Do not overwrite PCI queue mapping (git-fixes).
- scsi: pm80xx: Set phy->enable_completion only when we wait for it (git-fixes).
- scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes).
- scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes).
- scsi: sd: Ignore command SYNCHRONIZE CACHE error if format in progress (git-fixes).
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes).
- scsi: smartpqi: correct stream detection (git-fixes).
- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes).
- scsi: spi: Fix sshdr use (git-fixes).
- scsi: sr: Fix unintentional arithmetic wraparound (git-fixes).
- scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes).
- security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes).
- selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes).
- selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes).
- selftests/bpf: Add test for sign extension in coerce_subreg_to_size_sx() (git-fixes).
- selftests/bpf: Add test for truncation after sign extension in coerce_reg_to_size_sx() (git-fixes).
- selftests/bpf: Add tests for ldsx of pkt data/data_end/data_meta accesses (git-fixes).
- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes).
- selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes).
- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes).
- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).
- serial: imx: Update mctrl old_status on RTSD interrupt (git-fixes).
- serial: protect uart_port_dtr_rts() in uart_shutdown() too (stable-fixes).
- signal: Replace BUG_ON()s (bsc#1234093).
- soc: fsl: rcpm: fix missing of_node_put() in copy_ippdexpcr1_setting() (git-fixes).
- soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (git-fixes).
- soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- soundwire: intel_bus_common: enable interrupts before exiting reset (stable-fixes).
- spi: Fix acpi deferred irq probe (git-fixes).
- spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes).
- spi: atmel-quadspi: Fix wrong register value written to MR (git-fixes).
- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).
- spi: mtk-snfi: fix kerneldoc for mtk_snand_is_page_ops() (git-fixes).
- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).
- spi: spi-fsl-dspi: Fix crash when not using GPIO chip select (git-fixes).
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- spi: tegra210-quad: Avoid shift-out-of-bounds (git-fixes).
- splice: always fsnotify_access(in), fsnotify_modify(out) on success (git-fixes).
- splice: fsnotify_access(fd)/fsnotify_modify(fd) in vmsplice (git-fixes).
- splice: fsnotify_access(in), fsnotify_modify(out) on success in tee (git-fixes).
- srcu: Fix callbacks acceleration mishandling (git-fixes).
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes).
- sumversion: Fix a memory leak in get_src_version() (git-fixes).
- supported.conf: mark nhpoly1305 module as supported (bsc#1231035).
- supported.conf: mark ultravisor userspace access as supported (bsc#1232090).
- task_work: add kerneldoc annotation for 'data' argument (git-fixes).
- tcp: Fix refcnt handling in __inet_hash_connect() (git-fixes).
- thermal: core: Initialize thermal zones before registering them (git-fixes).
- thermal: int3400: Fix reading of current_uuid for active policy (git-fixes).
- thermal: intel: int340x: processor: Fix warning during module unload (git-fixes).
- thunderbolt: Honor TMU requirements in the domain when setting TMU mode (stable-fixes).
- thunderbolt: Improve DisplayPort tunnel setup process to be more robust (stable-fixes).
- tools/lib/thermal: Fix sampling handler context ptr (git-fixes).
- tools/power turbostat: Fix trailing '\n' parsing (git-fixes).
- tools/power turbostat: Increase the limit for fd opened (bsc#1233119).
- tools: hv: rm .*.cmd when make clean (git-fixes).
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes).
- tpm: fix signed/unsigned bug when checking event logs (git-fixes).
- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).
- tracing/osnoise: Fix build when timerlat is not enabled (git-fixes).
- tracing/osnoise: Skip running osnoise if all instances are off (git-fixes).
- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (git-fixes).
- tracing/osnoise: Use a cpumask to know what threads are kthreads (git-fixes).
- tracing/timerlat: Add interface_lock around clearing of kthread in stop_kthread() (git-fixes).
- tracing/timerlat: Add user-space interface (git-fixes).
- tracing/timerlat: Drop interface_lock in stop_kthread() (git-fixes).
- tracing/timerlat: Fix a race during cpuhp processing (git-fixes).
- tracing/timerlat: Fix duplicated kthread creation due to CPU online/offline (git-fixes).
- tracing/timerlat: Move hrtimer_init to timerlat_fd open() (git-fixes).
- tracing/timerlat: Only clear timer if a kthread exists (git-fixes).
- tracing: Consider the NULL character when validating the event length (git-fixes).
- tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler (git-fixes).
- tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (stable-fixes).
- u64_stats: fix u64_stats_init() for lockdep when used repeatedly in one file (git-fixes).
- ubifs: Fix adding orphan entry twice for the same inode (git-fixes).
- ubifs: Fix unattached xattr inode if powercut happens after deleting (git-fixes).
- ubifs: add check for crypto_shash_tfm_digest (git-fixes).
- ubifs: dbg_orphan_check: Fix missed key type checking (git-fixes).
- ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460).
- unicode: Do not special case ignorable code points (stable-fixes).
- unicode: Fix utf8_load() error path (git-fixes).
- uprobe: avoid out-of-bounds memory access of fetching args (git-fixes).
- uprobes: encapsulate preparation of uprobe args buffer (git-fixes).
- uprobes: introduce the global struct vm_special_mapping xol_mapping (bsc#1231114).
- uprobes: turn xol_area->pages into xol_area->page (bsc#1231114).
- usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes).
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes).
- usb: dwc3: Wait for EndXfer completion before restoring GUSB2PHYCFG (git-fixes).
- usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes).
- usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes).
- usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes).
- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).
- usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes).
- usb: gadget: core: force synchronous registration (git-fixes).
- usb: gadget: dummy_hcd: Set transfer interval to 1 microframe (stable-fixes).
- usb: gadget: dummy_hcd: Switch to hrtimer transfer scheduler (stable-fixes).
- usb: gadget: dummy_hcd: execute hrtimer callback in softirq context (git-fixes).
- usb: gadget: f_uac2: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usb: gadget: f_uac2: fix non-newline-terminated function name (stable-fixes).
- usb: gadget: f_uac2: fix return value for UAC2_ATTRIBUTE_STRING store (git-fixes).
- usb: musb: Fix hardware lockup on first Rx endpoint request (git-fixes).
- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes).
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes).
- usb: typec: altmode should keep reference to parent (git-fixes).
- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes).
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes).
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes).
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes).
- usb: xhci: Fix problem with xhci resume from suspend (stable-fixes).
- usb: xhci: fix loss of data on Cadence xHC (git-fixes).
- usb: yurex: make waiting on yurex_write interruptible (git-fixes).
- usbip: tools: Fix detach_port() invalid port error path (git-fixes).
- usbnet: fix cyclical race on disconnect with work queue (git-fixes).
- vdpa: Fix an error handling path in eni_vdpa_probe() (git-fixes).
- vdpa_sim_blk: Fix the potential leak of mgmt_dev (git-fixes).
- vdpa_sim_blk: allocate the buffer zeroed (git-fixes).
- vduse: avoid using __GFP_NOFAIL (git-fixes).
- vfs: dcache: move hashlen_hash() from callers into d_hash() (git-fixes).
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes).
- vhost_vdpa: assign irq bypass producer token correctly (git-fixes).
- virtio_console: fix misc probe bugs (git-fixes).
- vmalloc: modify the alloc_vmap_area() error message for better diagnostics (jsc#PED-10978).
- vmxnet3: Add XDP support (bsc#1226498).
- vmxnet3: Fix missing reserved tailroom (bsc#1226498).
- vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame (bsc#1226498).
- vmxnet3: add command to allow disabling of offloads (bsc#1226498).
- vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498).
- vmxnet3: prepare for version 9 changes (bsc#1226498).
- vmxnet3: update to version 9 (bsc#1226498).
- vsock: Update msg_count on read_skb() (git-fixes).
- vt: prevent kernel-infoleak in con_font_get() (git-fixes).
- watchdog: apple: Actually flush writes after requesting watchdog restart (git-fixes).
- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes).
- watchdog: rti: of: honor timeout-sec property (git-fixes).
- wifi: ath10k: Fix memory leak in management tx (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes).
- wifi: ath11k: Fix CE offset address calculation for WCN6750 in SSR (git-fixes).
- wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes).
- wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath12k: Skip Rx TID cleanup for self peer (git-fixes).
- wifi: ath12k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath12k: fix crash when unbinding (git-fixes).
- wifi: ath12k: fix warning when unbinding (git-fixes).
- wifi: ath12k: remove msdu_end structure for WCN7850 (git-fixes).
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes).
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes).
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes).
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes).
- wifi: brcmfmac: release 'root' node in all execution paths (git-fixes).
- wifi: cfg80211: Set correct chandef when starting CAC (stable-fixes).
- wifi: cfg80211: clear wdev->cqm_config pointer on free (git-fixes).
- wifi: cw1200: Fix potential NULL dereference (git-fixes).
- wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes).
- wifi: iwlegacy: Fix 'field-spanning write' warning in il_enqueue_hcmd() (git-fixes).
- wifi: iwlwifi: allow only CN mcc from WRDD (stable-fixes).
- wifi: iwlwifi: config: label 'gl' devices as discrete (git-fixes).
- wifi: iwlwifi: mvm: Fix a race in scan abort flow (stable-fixes).
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes).
- wifi: iwlwifi: mvm: avoid NULL pointer dereference (stable-fixes).
- wifi: iwlwifi: mvm: do not add default link in fw restart flow (git-fixes).
- wifi: iwlwifi: mvm: do not leak a link on AP removal (git-fixes).
- wifi: iwlwifi: mvm: drop wrong STA selection in TX (stable-fixes).
- wifi: iwlwifi: mvm: use correct key iteration (stable-fixes).
- wifi: iwlwifi: remove AX101, AX201 and AX203 support from LNL (stable-fixes).
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes).
- wifi: mac80211: fix RCU list iterations (stable-fixes).
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes).
- wifi: mt76: mt7915: add dummy HW offload of IEEE 802.11 fragmentation (stable-fixes).
- wifi: mt76: mt7915: disable tx worker during tx BA session enable/disable (stable-fixes).
- wifi: mt76: mt7915: hold dev->mt76.mutex while disabling tx worker (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes).
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: rtw88: 8821cu: Remove VID/PID 0bda:c82c (stable-fixes).
- wifi: rtw88: Fix USB/SDIO devices not transmitting beacons (git-fixes).
- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).
- wifi: rtw89: avoid reading out of bounds when loading TX power FW elements (stable-fixes).
- wifi: rtw89: avoid to add interface to list twice when SER (stable-fixes).
- wifi: rtw89: correct base HT rate mask for firmware (stable-fixes).
- wifi: wfx: Fix error handling in wfx_core_init() (git-fixes).
- x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1233443).
- x86/CPU/AMD: Only apply Zenbleed fix for Zen2 during late microcode load (git-fixes).
- x86/Documentation: Indent 'note::' directive for protocol version number note (git-fixes).
- x86/PCI: Check pcie_find_root_port() return for NULL (git-fixes).
- x86/amd_nb: Add new PCI IDs for AMD family 1Ah model 60h (git-fixes).
- x86/apic: Always explicitly disarm TSC-deadline timer (git-fixes).
- x86/apic: Make x2apic_disable() work correctly (git-fixes).
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).
- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).
- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).
- x86/entry: Remove unwanted instrumentation in common_interrupt() (git-fixes).
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).
- x86/microcode/intel: Remove unnecessary cache writeback and invalidation (git-fixes).
- x86/mm: Use IPIs to synchronize LAM enablement (git-fixes).
- x86/resctrl: Annotate get_mem_config() functions as __init (git-fixes).
- x86/resctrl: Avoid overflow in MB settings in bw_validate() (git-fixes).
- x86/resctrl: Remove hard-coded memory bandwidth limit (git-fixes).
- x86/sev: Check for MWAITX and MONITORX opcodes in the #VC handler (git-fixes).
- x86/syscall: Avoid memcpy() for ia32 syscall_get_arguments() (git-fixes).
- x86/tdx: Dynamically disable SEPT violations from causing #VEs (git-fixes).
- x86/tdx: Enable CPU topology enumeration (git-fixes).
- x86/tdx: Introduce wrappers to read and write TD metadata (git-fixes).
- x86/tdx: Rename tdx_parse_tdinfo() to tdx_setup() (git-fixes).
- x86/traps: move kmsan check after instrumentation_begin (git-fixes).
- x86: Increase brk randomness entropy for 64-bit systems (git-fixes).
- x86: do the user address masking outside the user access area (git-fixes).
- x86: fix off-by-one in access_ok() (git-fixes).
- x86: fix user address masking non-canonical speculation issue (git-fixes).
- x86: make the masked_user_access_begin() macro use its argument only once (git-fixes).
- x86: support user address masking instead of non-speculative conditional (git-fixes).
- xfrm: Export symbol xfrm_dev_state_delete (bsc#1233754).
- xfrm: Fix unregister netdevice hang on hardware offload (bsc#1233754).
- xfs: check opcode and iovec count match in xlog_recover_attri_commit_pass2 (git-fixes).
- xfs: check shortform attr entry flags specifically (git-fixes).
- xfs: convert delayed extents to unwritten when zeroing post eof blocks (git-fixes).
- xfs: fix finding a last resort AG in xfs_filestream_pick_ag (git-fixes).
- xfs: fix freeing speculative preallocations for preallocated files (git-fixes).
- xfs: make sure sb_fdblocks is non-negative (git-fixes).
- xfs: make the seq argument to xfs_bmapi_convert_delalloc() optional (git-fixes).
- xfs: make xfs_bmapi_convert_delalloc() to allocate the target offset (git-fixes).
- xfs: remove a racy if_bytes check in xfs_reflink_end_cow_extent (git-fixes).
- xfs: validate recovered name buffers when recovering xattr items (git-fixes).
- xhci: Add a quirk for writing ERST in high-low order (git-fixes).
- xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes).
- xhci: Fix incorrect stream context type macro (git-fixes).
- xhci: Mitigate failed set dequeue pointer commands (git-fixes).
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes).
- xhci: tegra: fix checked USB2 port number (git-fixes).
- zonefs: Improve error handling (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4330-1
Released: Mon Dec 16 14:17:15 2024
Summary: Security update for vim
Type: security
Severity: low
References: 1229238,1231373,CVE-2024-43374,CVE-2024-47814
This update for vim fixes the following issues:
- CVE-2024-47814: Fixed use-after-free when closing buffers in Vim (bsc#1231373)
- CVE-2024-43374: Fixed use-after-free in alist_add() (bsc#1229238)
Other fixes:
- Updated to version 9.1.0836
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4337-1
Released: Tue Dec 17 08:17:39 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1231048,1232844
This update for systemd fixes the following issues:
- udev: skipping empty udev rules file while collecting the stats (bsc#1232844)
- Clean up some remnants from when homed was in the experimental sub-package (bsc#1231048)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4360-1
Released: Tue Dec 17 15:35:28 2024
Summary: Security update for docker
Type: security
Severity: important
References: 1217070,1228324,1228553,1229806,1230294,1230331,1230333,1231348,1232999,1233819,CVE-2023-45142,CVE-2023-47108,CVE-2024-41110
This update for docker fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
.
Some notable changelogs from the last update:
*
*
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Allow a parallel docker-stable RPM to exists in repositories.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)
- Mark docker-buildx as required since classic 'docker build' has been
deprecated since Docker 23.0. (bsc#1230331)
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
(bsc#1230333)
- Update to Docker 26.1.5-ce. See upstream changelog online at
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070 bsc#1229806
* CVE-2023-45142. bsc#1228553 bsc#1229806
- Update to Docker 26.1.4-ce. See upstream changelog online at
- Update to Docker 26.1.0-ce. See upstream changelog online at
- Update --add-runtime to point to correct binary path.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4363-1
Released: Tue Dec 17 16:12:41 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update v0.390
* Update pci and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2024:4377-1
Released: Thu Dec 19 07:10:53 2024
Summary: Feature update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: feature
Severity: low
References: 1232024
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Add amazon-dracut-config, google-dracut-config, microsoft-dracut-config to Public Cloud 15-SP[3-6] channels (bsc#1232024)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4384-1
Released: Thu Dec 19 09:05:33 2024
Summary: Recommended update for grub2
Type: recommended
Severity: moderate
References: 1231604,1232573
This update for grub2 fixes the following issues:
- xen-debug Subpackage Created: Debug files (with the .module suffix) previously included in the main xen package have
been moved to a separate xen-debug subpackage (bsc#1232573)
- minix Filesystem Misdetection Fixed: Addressed an issue where leftover data on disk could cause a misdetection and
errors (bsc#1231604)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4402-1
Released: Fri Dec 20 16:41:09 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4410-1
Released: Mon Dec 23 12:19:40 2024
Summary: Recommended update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: recommended
Severity: moderate
References: 1234708
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Fix support level to L3 (bsc#1234708)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4426-1
Released: Fri Dec 27 08:46:10 2024
Summary: Recommended update for google-guest-configs
Type: recommended
Severity: moderate
References: 1231775,1231776,1233625,1233626
This update for google-guest-configs fixes the following issues:
- Update to version 20241121.00 (bsc#1233625, bsc#1233626)
- Temporarily revert google_set_multiqueue changes for release
- Remove IDPF devices from renaming rules
- gce-nic-naming: Exit 1 so that udev ignores the rule on error
- Remove Apt IPv4 only config for Debian and Ubuntu
- Add GCE intent based NIC naming tools
- google_set_multiqueue: skip set_irq if NIC is not a gvnic device
- Update to version 20241021.00 (bsc#1231775, bsc#1231776)
- Add GCE-specific config for systemd-resolved
- Update google_set_multiqueue to enable on A3Ultra family
- Update OWNERS
- Depend on jq in enterprise linux
- Always use IP from primary NIC in the networkd-dispatcher routable hook
- Call google_set_hostname on openSUSE and when the agent is configured to manage hostname and FQDN, let it
- Include systemd-networkd hook in Ubuntu packaging
- Fix the name for A3 Edge VMs
- Update is_a3_platform to include A3-edge shape
- Add systemd-networkd hostname hook
- Add hostname hook for NetworkManager without dhclient compat script
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:10-1
Released: Fri Jan 3 14:53:56 2025
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1220338,1232227,1234015
This update for systemd fixes the following issues:
- Drop support for efivar SystemdOptions (bsc#1220338)
- pid1: make clear that $WATCHDOG_USEC is set for the shutdown binary (bsc#1232227)
- udev: allow/denylist for reading sysfs attributes when composing a NIC name (bsc#1234015)
- udev: add new builtin net_driver
- udev-builtin-net_id: split-out pci_get_onboard_index() from dev_pci_onboard()
- udev-builtin-net_id: split-out get_pci_slot_specifiers()
- udev-builtin-net_id: introduce get_port_specifier() helper function
- udev-builtin-net_id: split out get_dev_port() and make its failure critical
- udev-builtin-net_id: split-out pci_get_hotplug_slot() and pci_get_hotplug_slot_from_address()
- udev-builtin-net_id: return earlier when hotplug slot is not found
- udev-builtin-net_id: skip non-directory entry earlier
- udev-builtin-net_id: make names_xen() self-contained
- udev-builtin-net_id: use sd_device_get_sysnum() to get index of netdevsim
- udev-builtin-net_id: make names_netdevsim() self-contained
- udev-builtin-net_id: make names_platform() self-contained
- udev-builtin-net_id: make names_vio() self-contained
- udev-builtin-net_id: make names_ccw() self-contained
- udev-builtin-net_id: make dev_devicetree_onboard() self-contained
- udev-builtin-net_id: make names_mac() self-contained
- udev-builtin-net_id: split out get_ifname_prefix()
- udev-builtin-net_id: swap arguments for streq() and friends
- udev-builtin-net_id: drop unused value from NetNameType
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:42-1
Released: Thu Jan 9 16:04:03 2025
Summary: Recommended update for permissions
Type: recommended
Severity: moderate
References: 1219736
This update for permissions fixes the following issues:
- Update to version 20240826:
* chkstat: backport support to operate in insecure mode via envvar opt-in (bsc#1219736)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:73-1
Released: Mon Jan 13 07:10:00 2025
Summary: Recommended update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: recommended
Severity: moderate
References: 1232024
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Add amazon-dracut-config, google-dracut-config, microsoft-dracut-config to MicroOS 5.1, 5.2 and Micro 5.3, 5.4, 5.5 channels (bsc#1232024)
- Move dracut config files to usr/lib/ dir
- Add provides and conflicts on generic name dracut-instance-change-config
- Rename config for nvme for consistency
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:75-1
Released: Mon Jan 13 10:34:23 2025
Summary: Recommended update for kdump
Type: recommended
Severity: moderate
References: 1234845
This update for kdump fixes the following issue:
- Version update kdump-2.0.6+git19.ge6e33ae:
* allow negative KDUMP_KEEP_OLD_DUMPS (bsc#1234845).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:76-1
Released: Mon Jan 13 10:42:05 2025
Summary: Recommended update for containerd
Type: recommended
Severity: moderate
References:
This update for containerd fixes the following issues:
containerd was updated from version 1.7.21 to 1.7.23:
- Changes in version 1.7.23:
* Highlights:
+ Added error definition aliases
+ Allow proxy plugins to have capabilities
+ Revert a previous errdefs package migration
* Container Runtime Interface (CRI):
+ Added check for CNI plugins before tearing down pod network
* Image Distribution:
+ Fixed the race condition during GC of snapshots when client retries
* Full Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.23
- Changes in version 1.7.22:
* Highlights:
+ Build and Release Toolchain
+ Updated Go (go1.22.7 and go1.23.1)
* Container Runtime Interface (CRI):
+ Added a fix for decreasing cumulative stats
* Runtime:
+ Fixed bug where init exits were being dropped
+ Update runc binary to 1.1.14
* Full Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.22
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:79-1
Released: Mon Jan 13 12:50:24 2025
Summary: Recommended update for libnl3, ovpn-dco, openVPN
Type: recommended
Severity: moderate
References: 1082756,1189451
This update for libnl3, ovpn-dco, openVPN fixes the following issue:
- Update libnl to release 3.9
- Create Multibuild Environment to support openVPN Data Channel Offload (openvpn-dco package)(#PED-8305)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:135-1
Released: Thu Jan 16 11:20:40 2025
Summary: Recommended update for glibc
Type: recommended
Severity: moderate
References: 1234665
This update for glibc fixes the following issues:
- Linux: Switch back to assembly syscall wrapper for prctl (bsc#1234665).
- Correctly determine livepatching support.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:142-1
Released: Thu Jan 16 14:20:08 2025
Summary: Security update for xen
Type: security
Severity: moderate
References: 1027519,1234282,CVE-2024-53241
This update for xen fixes the following issues:
- CVE-2024-53241: Xen hypercall page unsafe against speculative attacks (bsc#1234282).
Bug fixes:
- Update to Xen 4.18.4 security bug fix release (bsc#1027519)
* x86: Prefer ACPI reboot over UEFI ResetSystem() run time service call
* No other changes mentioned in upstream changelog, sources, or webpage
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:151-1
Released: Thu Jan 16 20:44:56 2025
Summary: Recommended update for libproxy
Type: recommended
Severity: moderate
References: 1234940,1235097
This update for libproxy fixes the following issues:
- Properly handle empty proxy ignore entry (bsc#1234940).
- Ignore invalid proxy URI to suppress GUri warnings (bsc#1235097).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:154-1
Released: Fri Jan 17 10:15:08 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1214954,1216813,1220773,1224095,1224726,1225743,1225758,1225820,1227445,1228526,1229809,1230205,1230413,1230697,1231854,1231909,1231963,1232193,1232198,1232201,1232418,1232419,1232420,1232421,1232436,1233038,1233070,1233096,1233200,1233204,1233239,1233259,1233260,1233324,1233328,1233461,1233467,1233468,1233469,1233546,1233558,1233637,1233642,1233772,1233837,1234024,1234069,1234071,1234073,1234075,1234076,1234077,1234079,1234086,1234139,1234140,1234141,1234142,1234143,1234144,1234145,1234146,1234147,1234148,1234149,1234150,1234153,1234155,1234156,1234158,1234159,1234160,1234161,1234162,1234163,1234164,1234165,1234166,1234167,1234168,1234169,1234170,1234171,1234172,1234173,1234174,1234175,1234176,1234177,1234178,1234179,1234180,1234181,1234182,1234183,1234184,1234185,1234186,1234187,1234188,1234189,1234190,1234191,1234192,1234193,1234194,1234195,1234196,1234197,1234198,1234199,1234200,1234201,1234203,1234204,1234205,1234207,1234208,1234209,1234219,1234220,1234221,1234237,1
234238,1234239,1234240,1234241,1234242,1234243,1234278,1234279,1234280,1234281,1234282,1234294,1234338,1234357,1234381,1234454,1234464,1234605,1234651,1234652,1234654,1234655,1234657,1234658,1234659,1234668,1234690,1234725,1234726,1234810,1234811,1234826,1234827,1234829,1234832,1234834,1234843,1234846,1234848,1234853,1234855,1234856,1234884,1234889,1234891,1234899,1234900,1234905,1234907,1234909,1234911,1234912,1234916,1234918,1234920,1234921,1234922,1234929,1234930,1234937,1234948,1234950,1234952,1234960,1234962,1234963,1234968,1234969,1234970,1234971,1234973,1234974,1234989,1234999,1235002,1235003,1235004,1235007,1235009,1235016,1235019,1235033,1235045,1235056,1235061,1235075,1235108,1235128,1235134,1235138,1235246,1235406,1235409,1235416,1235507,1235550,CVE-2024-26924,CVE-2024-27397,CVE-2024-35839,CVE-2024-36908,CVE-2024-36915,CVE-2024-39480,CVE-2024-41042,CVE-2024-44934,CVE-2024-44996,CVE-2024-47678,CVE-2024-49854,CVE-2024-49884,CVE-2024-49915,CVE-2024-50016,CVE-2024-50018,CVE-2
024-50039,CVE-2024-50047,CVE-2024-50143,CVE-2024-50154,CVE-2024-50202,CVE-2024-50203,CVE-2024-50211,CVE-2024-50228,CVE-2024-50256,CVE-2024-50262,CVE-2024-50272,CVE-2024-50278,CVE-2024-50279,CVE-2024-50280,CVE-2024-53050,CVE-2024-53064,CVE-2024-53090,CVE-2024-53095,CVE-2024-53099,CVE-2024-53103,CVE-2024-53105,CVE-2024-53111,CVE-2024-53113,CVE-2024-53117,CVE-2024-53118,CVE-2024-53119,CVE-2024-53120,CVE-2024-53122,CVE-2024-53125,CVE-2024-53126,CVE-2024-53127,CVE-2024-53129,CVE-2024-53130,CVE-2024-53131,CVE-2024-53133,CVE-2024-53134,CVE-2024-53136,CVE-2024-53141,CVE-2024-53142,CVE-2024-53144,CVE-2024-53146,CVE-2024-53148,CVE-2024-53150,CVE-2024-53151,CVE-2024-53154,CVE-2024-53155,CVE-2024-53156,CVE-2024-53157,CVE-2024-53158,CVE-2024-53159,CVE-2024-53160,CVE-2024-53161,CVE-2024-53162,CVE-2024-53166,CVE-2024-53169,CVE-2024-53171,CVE-2024-53173,CVE-2024-53174,CVE-2024-53179,CVE-2024-53180,CVE-2024-53188,CVE-2024-53190,CVE-2024-53191,CVE-2024-53200,CVE-2024-53201,CVE-2024-53202,CVE-2024-532
06,CVE-2024-53207,CVE-2024-53208,CVE-2024-53209,CVE-2024-53210,CVE-2024-53213,CVE-2024-53214,CVE-2024-53215,CVE-2024-53216,CVE-2024-53217,CVE-2024-53222,CVE-2024-53224,CVE-2024-53229,CVE-2024-53234,CVE-2024-53237,CVE-2024-53240,CVE-2024-53241,CVE-2024-56536,CVE-2024-56539,CVE-2024-56549,CVE-2024-56551,CVE-2024-56562,CVE-2024-56566,CVE-2024-56567,CVE-2024-56576,CVE-2024-56582,CVE-2024-56599,CVE-2024-56604,CVE-2024-56605,CVE-2024-56645,CVE-2024-56667,CVE-2024-56752,CVE-2024-56754,CVE-2024-56755,CVE-2024-56756,CVE-2024-8805
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: netfilter: nf_tables: use timestamp to check for set element timeout (bsc#1224095).
- CVE-2024-35839: kABI fix for netfilter: bridge: replace physindev with physinif in nf_bridge_info (bsc#1224726).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
- CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809).
- CVE-2024-44996: vsock: fix recursive ->recvmsg calls (bsc#1230205).
- CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854).
- CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419).
- CVE-2024-50039: kABI: Restore deleted EXPORT_SYMBOL(__qdisc_calculate_pkt_len) (bsc#1231909).
- CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324).
- CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200).
- CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239).
- CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469).
- CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-53050: drm/i915/hdcp: Add encoder check in hdcp2_get_capability (bsc#1233546).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-53090: afs: Fix lock recursion (bsc#1233637).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53099: bpf: Check validity of link->type in bpf_link_show_fdinfo() (bsc#1233772).
- CVE-2024-53105: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() (bsc#1234069).
- CVE-2024-53111: mm/mremap: fix address wraparound in move_page_tables() (bsc#1234086).
- CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077).
- CVE-2024-53117: virtio/vsock: Improve MSG_ZEROCOPY error handling (bsc#1234079).
- CVE-2024-53118: vsock: Fix sk_error_queue memory leak (bsc#1234071).
- CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073).
- CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219).
- CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220).
- CVE-2024-53133: drm/amd/display: Handle dml allocation failure to avoid crash (bsc#1234221)
- CVE-2024-53134: pmdomain: imx93-blk-ctrl: correct remove path (bsc#1234159).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-53160: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu (bsc#1234810).
- CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53216: nfsd: fix UAF when access ex_uuid or ex_stats (bsc#1235003).
- CVE-2024-53222: zram: fix NULL pointer in comp_algorithm_show() (bsc#1234974).
- CVE-2024-53234: erofs: handle NONHEAD !delta[1] lclusters gracefully (bsc#1235045).
- CVE-2024-53240: xen/netfront: fix crash when removing device (XSA-465 bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912).
- CVE-2024-56566: mm/slub: Avoid list corruption when removing a slab from the full list (bsc#1235033).
- CVE-2024-56582: btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235128).
- CVE-2024-56599: wifi: ath10k: avoid NULL pointer error during sdio remove (bsc#1235138).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920).
The following non-security bugs were fixed:
- 9p: v9fs_fid_find: also lookup by inode if not found dentry (git-fixes).
- ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294)
- ACPI: PRM: Add PRM handler direct call support (jsc#PED-10467).
- ACPI: resource: Fix memory resource type union access (git-fixes).
- ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840 (stable-fixes).
- ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[] (stable-fixes).
- ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID (stable-fixes).
- ACPICA: events/evxfregn: do not release the ContextMutex that was never acquired (git-fixes).
- ALSA hda/realtek: Add quirk for Framework F111:000C (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on Acer Nitro 5 (stable-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- ALSA: seq: Check UMP support for midi_version change (git-fixes).
- ALSA: seq: oss: Fix races at processing SysEx messages (stable-fixes).
- ALSA: seq: ump: Fix seq port updates per FB info notify (git-fixes).
- ALSA: seq: ump: Use automatic cleanup of kfree() (stable-fixes).
- ALSA: seq: ump: Use guard() for locking (stable-fixes).
- ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5 (stable-fixes).
- ALSA: usb-audio: Notify xrun for low-latency mode (git-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- ALSA: usb-audio: US16x08: Initialize array before use (git-fixes).
- ASoC: Intel: sof_sdw: add quirk for Dell SKU 0B8C (stable-fixes).
- ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP (stable-fixes).
- ASoC: SOF: Remove libraries from topology lookups (git-fixes).
- ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 (stable-fixes).
- ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6 21M1CTO1WW (stable-fixes).
- ASoC: amd: yc: Fix the wrong return value (git-fixes).
- ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes).
- ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes).
- ASoC: amd: yc: fix internal mic on Redmi G 2022 (stable-fixes).
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes).
- ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes).
- ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes).
- ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes).
- ASoC: hdmi-codec: reorder channel allocation list (stable-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes).
- ASoC: nau8822: Lower debug print priority (stable-fixes).
- Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() (stable-fixes).
- Bluetooth: ISO: Reassociate a socket with an active BIS (stable-fixes).
- Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (stable-fixes).
- Bluetooth: MGMT: Fix possible deadlocks (git-fixes).
- Bluetooth: SCO: Add support for 16 bits transparent voice setting (git-fixes).
- Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables (stable-fixes).
- Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (stable-fixes).
- Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating (git-fixes).
- Bluetooth: iso: Fix recursive locking warning (git-fixes).
- Documentation: PM: Clarify pm_runtime_resume_and_get() return value (git-fixes).
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes).
- HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support (stable-fixes).
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes).
- NFSD: Async COPY result needs to return a write verifier (git-fixes).
- NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() (git-fixes).
- NFSD: Fix nfsd4_shutdown_copy() (git-fixes).
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes).
- NFSD: Prevent a potential integer overflow (git-fixes).
- NFSD: Remove a never-true comparison (git-fixes).
- NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point (git-fixes).
- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes).
- Octeontx2-pf: Free send queue buffers incase of leaf to inner (git-fixes).
- PCI/AER: Disable AER service on suspend (stable-fixes).
- PCI/MSI: Handle lack of irqdomain gracefully (git-fixes).
- PCI: Add 'reset_subordinate' to reset hierarchy below bridge (stable-fixes).
- PCI: Add ACS quirk for Broadcom BCM5760X NIC (stable-fixes).
- PCI: Add ACS quirk for Wangxun FF5xxx NICs (stable-fixes).
- PCI: Add T_PERST_CLK_US macro (git-fixes).
- PCI: Detect and trust built-in Thunderbolt chips (stable-fixes).
- PCI: Fix use-after-free of slot->bus on hot remove (stable-fixes).
- PCI: Use preserve_config in place of pci_flags (stable-fixes).
- PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() (stable-fixes).
- PCI: cadence: Set cdns_pcie_host_init() global (stable-fixes).
- PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads (stable-fixes).
- PCI: j721e: Add PCIe 4x lane selection support (stable-fixes).
- PCI: j721e: Add per platform maximum lane settings (stable-fixes).
- PCI: j721e: Add reset GPIO to struct j721e_pcie (stable-fixes).
- PCI: j721e: Add suspend and resume support (git-fixes).
- PCI: j721e: Use T_PERST_CLK_US macro (git-fixes).
- PCI: qcom: Add support for IPQ9574 (stable-fixes).
- PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs (stable-fixes).
- PCI: vmd: Set devices to D0 before enabling PM L1 Substates (stable-fixes).
- RAS/AMD/ATL: Translate normalized to system physical addresses using PRM (jsc#PED-10467).
- RDMA/bnxt_re: Add check for path mtu in modify_qp (git-fixes)
- RDMA/bnxt_re: Avoid initializing the software queue for user queues (git-fixes)
- RDMA/bnxt_re: Avoid sending the modify QP workaround for latest adapters (git-fixes)
- RDMA/bnxt_re: Disable use of reserved wqes (git-fixes)
- RDMA/bnxt_re: Fix max_qp_wrs reported (git-fixes)
- RDMA/bnxt_re: Fix reporting hw_ver in query_device (git-fixes)
- RDMA/bnxt_re: Fix the check for 9060 condition (git-fixes)
- RDMA/bnxt_re: Fix the locking while accessing the QP table (git-fixes)
- RDMA/bnxt_re: Remove always true dattr validity check (git-fixes)
- RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes)
- RDMA/hns: Fix accessing invalid dip_ctx during destroying QP (git-fixes)
- RDMA/hns: Fix mapping error of zero-hop WQE buffer (git-fixes)
- RDMA/hns: Fix missing flush CQE for DWQE (git-fixes)
- RDMA/hns: Fix warning storm caused by invalid input in IO path (git-fixes)
- RDMA/mlx5: Enforce same type port association for multiport RoCE (git-fixes)
- RDMA/rtrs: Ensure 'ib_sge list' is accessible (git-fixes)
- RDMA/uverbs: Prevent integer overflow issue (git-fixes)
- Revert 'block/mq-deadline: use correct way to throttling write requests' (bsc#1234146).
- Revert 'btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128)'
- Revert 'igb: Disable threaded IRQ for igb_msix_other' (git-fixes).
- Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413)
- Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413)
- Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413)
- Revert 'unicode: Do not special case ignorable code points' (stable-fixes).
- SUNRPC: make sure cache entry active before cache_show (git-fixes).
- SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT (git-fixes).
- USB: serial: option: add MediaTek T7XX compositions (stable-fixes).
- USB: serial: option: add MeiG Smart SLM770A (stable-fixes).
- USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (stable-fixes).
- USB: serial: option: add TCL IK512 MBIM & ECM (stable-fixes).
- USB: serial: option: add Telit FE910C04 rmnet compositions (stable-fixes).
- accel/habanalabs/gaudi2: unsecure tpc count registers (stable-fixes).
- accel/habanalabs: export dma-buf only if size/offset multiples of PAGE_SIZE (stable-fixes).
- accel/habanalabs: fix debugfs files permissions (stable-fixes).
- accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings (stable-fixes).
- acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (git-fixes).
- af_unix: Call manage_oob() for every skb in unix_stream_read_generic() (bsc#1234725).
- afs: Automatically generate trace tag enums (git-fixes).
- afs: Fix missing subdir edit when renamed between parent dirs (git-fixes).
- amdgpu/uvd: get ring reference from rq scheduler (git-fixes).
- arch: Introduce arch_{,try_}_cmpxchg128{,_local}() (bsc#1220773).
- arch: Remove cmpxchg_double (bsc#1220773).
- arch: consolidate arch_irq_work_raise prototypes (git-fixes).
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605)
- arm64: Force position-independent veneers (git-fixes).
- arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes).
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes).
- batman-adv: Do not let TT changes list grows indefinitely (git-fixes).
- batman-adv: Do not send uninitialized TT changes (git-fixes).
- batman-adv: Remove uninitialized data in full table TT response (git-fixes).
- blk-cgroup: Fix UAF in blkcg_unpin_online() (bsc#1234726).
- blk-core: use pr_warn_ratelimited() in bio_check_ro() (bsc#1234139).
- blk-iocost: Fix an UBSAN shift-out-of-bounds warning (bsc#1234144).
- blk-iocost: do not WARN if iocg was already offlined (bsc#1234147).
- blk-throttle: fix lockdep warning of 'cgroup_mutex or RCU read lock required!' (bsc#1234140).
- block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() (bsc#1234149).
- block, bfq: do not break merge chain in bfq_split_bfqq() (bsc#1234150).
- block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234160).
- block, bfq: fix procress reference leakage for bfqq in merge chain (bsc#1234280).
- block, bfq: fix uaf for accessing waker_bfqq after splitting (bsc#1234279).
- block/mq-deadline: Fix the tag reservation code (bsc#1234148).
- block: Call .limit_depth() after .hctx has been set (bsc#1234148).
- block: Fix where bio IO priority gets set (bsc#1234145).
- block: prevent an integer overflow in bvec_try_merge_hw_page (bsc#1234142).
- block: update the stable_writes flag in bdev_add (bsc#1234141).
- bnxt_en: Fix receive ring space parameters when XDP is active (git-fixes).
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes).
- bnxt_en: Set backplane link modes correctly for ethtool (git-fixes).
- bpf, x86: Fix PROBE_MEM runtime load check (git-fixes).
- bpf: verifier: prevent userspace memory access (git-fixes).
- btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128)
- can: gs_usb: add VID/PID for Xylanta SAINT3 product family (stable-fixes).
- can: j1939: fix error in J1939 documentation (stable-fixes).
- checkpatch: always parse orig_commit in fixes tag (git-fixes).
- checkpatch: check for missing Fixes tags (stable-fixes).
- clocksource/drivers/timer-ti-dm: Fix child node refcount handling (git-fixes).
- clocksource/drivers:sp804: Make user selectable (git-fixes).
- counter: stm32-timer-cnt: Add check for clk_enable() (git-fixes).
- counter: ti-ecap-capture: Add check for clk_enable() (git-fixes).
- crypto: qat - disable IOV in adf_dev_stop() (git-fixes).
- crypto: x86/sha256 - Add parentheses around macros' single arguments (stable-fixes).
- cyrpto/b128ops: Remove struct u128 (bsc#1220773).
- devlink: Fix length of eswitch inline-mode (git-fixes).
- dma-buf: fix dma_fence_array_signaled v4 (stable-fixes).
- dma-debug: fix a possible deadlock on radix_lock (stable-fixes).
- dmaengine: apple-admac: Avoid accessing registers in probe (git-fixes).
- dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (git-fixes).
- dmaengine: dw: Select only supported masters for ACPI devices (git-fixes).
- dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357).
- dmaengine: mv_xor: fix child node refcount handling in early exit (git-fixes).
- dmaengine: tegra: Return correct DMA status when paused (git-fixes).
- driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link (stable-fixes).
- driver core: fw_devlink: Improve logs for cycle detection (stable-fixes).
- driver core: fw_devlink: Stop trying to optimize cycle detection logic (git-fixes).
- drivers: net: ionic: add missed debugfs cleanup to ionic_probe() error path (git-fixes).
- drm/amd/display: Add HDR workaround for specific eDP (stable-fixes).
- drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw (stable-fixes).
- drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes).
- drm/amd/display: Avoid overflow assignment in link_dp_cts (stable-fixes).
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes).
- drm/amd/display: Revert Avoid overflow assignment (stable-fixes).
- drm/amd/display: Use gpuvm_min_page_size_kbytes for DML2 surfaces (stable-fixes).
- drm/amd/pm: fix the high voltage issue after unload (stable-fixes).
- drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu v13.0.7 (stable-fixes).
- drm/amdgpu/gfx10: use rlc safe mode for soft recovery (stable-fixes).
- drm/amdgpu/gfx11: use rlc safe mode for soft recovery (stable-fixes).
- drm/amdgpu/gfx9: properly handle error ints on all pipes (stable-fixes).
- drm/amdgpu/gfx9: use rlc safe mode for soft recovery (stable-fixes).
- drm/amdgpu/hdp5.2: do a posting read when flushing HDP (stable-fixes).
- drm/amdgpu/pm: Remove gpu_od if it's an empty directory (stable-fixes).
- drm/amdgpu/umsch: do not execute umsch test when GPU is in reset/suspend (stable-fixes).
- drm/amdgpu/umsch: reinitialize write pointer in hw init (stable-fixes).
- drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3 (stable-fixes).
- drm/amdgpu: Block MMR_READ IOCTL in reset (stable-fixes).
- drm/amdgpu: Dereference the ATCS ACPI buffer (stable-fixes).
- drm/amdgpu: add raven1 gfxoff quirk (stable-fixes).
- drm/amdgpu: add smu 14.0.1 discovery support (stable-fixes).
- drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih (stable-fixes).
- drm/amdgpu: differentiate external rev id for gfx 11.5.0 (stable-fixes).
- drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes).
- drm/amdgpu: do not access invalid sched (git-fixes).
- drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes).
- drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes).
- drm/amdgpu: fix usage slab after free (stable-fixes).
- drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes).
- drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr (stable-fixes).
- drm/amdgpu: set the right AMDGPU sg segment limitation (stable-fixes).
- drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov (stable-fixes).
- drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes).
- drm/amdkfd: Use device based logging for errors (stable-fixes).
- drm/amdkfd: Use the correct wptr size (stable-fixes).
- drm/amdkfd: pause autosuspend when creating pdd (stable-fixes).
- drm/bridge: adv7511_audio: Update Audio InfoFrame properly (git-fixes).
- drm/bridge: it6505: Enable module autoloading (stable-fixes).
- drm/bridge: it6505: Fix inverted reset polarity (git-fixes).
- drm/bridge: it6505: update usleep_range for RC circuit charge time (stable-fixes).
- drm/display: Fix building with GCC 15 (stable-fixes).
- drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (stable-fixes).
- drm/dp_mst: Fix MST sideband message body length check (stable-fixes).
- drm/dp_mst: Fix resetting msg rx state after topology removal (git-fixes).
- drm/dp_mst: Verify request type in the corresponding down message reply (stable-fixes).
- drm/etnaviv: flush shader L1 cache after user commandstream (stable-fixes).
- drm/i915/dg1: Fix power gate sequence (git-fixes).
- drm/i915: Fix NULL pointer dereference in capture_engine (git-fixes).
- drm/i915: Fix memory leak by correcting cache object name in error handler (git-fixes).
- drm/mcde: Enable module autoloading (stable-fixes).
- drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() (stable-fixes).
- drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 (stable-fixes).
- drm/panel: novatek-nt35950: fix return value check in nt35950_probe() (git-fixes).
- drm/panel: simple: Add Microchip AC69T88A LVDS Display panel (stable-fixes).
- drm/printer: Allow NULL data in devcoredump printer (stable-fixes).
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes).
- drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() (stable-fixes).
- drm/radeon: Fix spurious unplug event on radeon HDMI (git-fixes).
- drm/radeon: add helper rdev_to_drm(rdev) (stable-fixes).
- drm/radeon: change rdev->ddev to rdev_to_drm(rdev) (stable-fixes).
- drm/sched: memset() 'job' in drm_sched_job_init() (stable-fixes).
- drm/vc4: hdmi: Avoid log spam for audio start failure (stable-fixes).
- drm/vc4: hvs: Set AXI panic modes for the HVS (stable-fixes).
- drm: adv7511: Drop dsi single lane support (git-fixes).
- drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (git-fixes).
- drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK (stable-fixes).
- drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes).
- erofs: avoid debugging output for (de)compressed data (git-fixes).
- exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes).
- ext4: add a new helper to check if es must be kept (bsc#1234170).
- ext4: add correct group descriptors and reserved GDT blocks to system zone (bsc#1234164).
- ext4: add missed brelse in update_backups (bsc#1234171).
- ext4: allow for the last group to be marked as trimmed (bsc#1234278).
- ext4: avoid buffer_head leak in ext4_mark_inode_used() (bsc#1234191).
- ext4: avoid excessive credit estimate in ext4_tmpfile() (bsc#1234180).
- ext4: avoid negative min_clusters in find_group_orlov() (bsc#1234193).
- ext4: avoid overlapping preallocations due to overflow (bsc#1234162).
- ext4: avoid potential buffer_head leak in __ext4_new_inode() (bsc#1234192).
- ext4: avoid writing unitialized memory to disk in EA inodes (bsc#1234187).
- ext4: check the extent status again before inserting delalloc block (bsc#1234186).
- ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard (bsc#1234190).
- ext4: convert to exclusive lock while inserting delalloc extents (bsc#1234178).
- ext4: correct best extent lstart adjustment logic (bsc#1234179).
- ext4: correct grp validation in ext4_mb_good_group (bsc#1234163).
- ext4: correct return value of ext4_convert_meta_bg (bsc#1234172).
- ext4: correct the hole length returned by ext4_map_blocks() (bsc#1234178).
- ext4: correct the start block of counting reserved clusters (bsc#1234169).
- ext4: do not let fstrim block system suspend (https://bugzilla.kernel.org/show_bug.cgi?id=216322 bsc#1234166).
- ext4: do not trim the group with corrupted block bitmap (bsc#1234177).
- ext4: factor out __es_alloc_extent() and __es_free_extent() (bsc#1234170).
- ext4: factor out a common helper to query extent map (bsc#1234186).
- ext4: fix inconsistent between segment fstrim and full fstrim (bsc#1234176).
- ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() (bsc#1234188).
- ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() (bsc#1234188).
- ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() (bsc#1234188).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix potential unnitialized variable (bsc#1234183).
- ext4: fix race between writepages and remount (bsc#1234168).
- ext4: fix rec_len verify error (bsc#1234167).
- ext4: fix slab-use-after-free in ext4_es_insert_extent() (bsc#1234170).
- ext4: fix uninitialized variable in ext4_inlinedir_to_tree (bsc#1234185).
- ext4: forbid commit inconsistent quota data when errors=remount-ro (bsc#1234178).
- ext4: make ext4_es_insert_delayed_block() return void (bsc#1234170).
- ext4: make ext4_es_insert_extent() return void (bsc#1234170).
- ext4: make ext4_es_remove_extent() return void (bsc#1234170).
- ext4: make ext4_zeroout_es() return void (bsc#1234170).
- ext4: make sure allocate pending entry not fail (bsc#1234170).
- ext4: mark buffer new if it is unwritten to avoid stale data exposure (bsc#1234175).
- ext4: move 'ix' sanity check to corrent position (bsc#1234174).
- ext4: move setting of trimmed bit into ext4_try_to_trim_range() (bsc#1234165).
- ext4: nested locking for xattr inode (bsc#1234189).
- ext4: propagate errors from ext4_find_extent() in ext4_insert_range() (bsc#1234194).
- ext4: refactor ext4_da_map_blocks() (bsc#1234178).
- ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (bsc#1234173).
- ext4: remove the redundant folio_wait_stable() (bsc#1234184).
- ext4: set the type of max_zeroout to unsigned int to avoid overflow (bsc#1234182).
- ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow (bsc#1234181).
- ext4: use pre-allocated es in __es_insert_extent() (bsc#1234170).
- ext4: use pre-allocated es in __es_remove_extent() (bsc#1234170).
- ext4: using nofail preallocation in ext4_es_insert_delayed_block() (bsc#1234170).
- ext4: using nofail preallocation in ext4_es_insert_extent() (bsc#1234170).
- ext4: using nofail preallocation in ext4_es_remove_extent() (bsc#1234170).
- filemap: Fix bounds checking in filemap_read() (bsc#1234209).
- filemap: add a per-mapping stable writes flag (bsc#1234141).
- firmware: arm_scmi: Reject clear channel request on A2P (stable-fixes).
- fs-writeback: do not requeue a clean inode having skipped pages (bsc#1234200).
- fs/writeback: bail out if there is no more inodes for IO and queued once (bsc#1234207).
- fsnotify: fix sending inotify event with unexpected filename (bsc#1234198).
- genirq/cpuhotplug: Retry with cpu_online_mask when migration fails (git-fixes).
- genirq/cpuhotplug: Skip suspended interrupts when restoring affinity (git-fixes).
- genirq/irqdesc: Honor caller provided affinity in alloc_desc() (git-fixes).
- gpio: grgpio: Add NULL check in grgpio_probe (git-fixes).
- gpio: grgpio: use a helper variable to store the address of ofdev->dev (stable-fixes).
- hfsplus: do not query the device logical block size multiple times (git-fixes).
- hvc/xen: fix console unplug (git-fixes).
- hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (git-fixes).
- hvc/xen: fix event channel handling for secondary consoles (git-fixes).
- hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list (stable-fixes).
- hwmon: (pmbus/core) clear faults after setting smbalert mask (git-fixes).
- hwmon: (pmbus_core) Allow to hook PMBUS_SMBALERT_MASK (stable-fixes).
- hwmon: (tmp513) Do not use 'proxy' headers (stable-fixes).
- hwmon: (tmp513) Fix Current Register value interpretation (git-fixes).
- hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit Registers (git-fixes).
- hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit Registers (git-fixes).
- hwmon: (tmp513) Simplify with dev_err_probe() (stable-fixes).
- hwmon: (tmp513) Use SI constants from units.h (stable-fixes).
- i2c: imx: add imx7d compatible string for applying erratum ERR007805 (git-fixes).
- i2c: microchip-core: actually use repeated sends (git-fixes).
- i2c: microchip-core: fix 'ghost' detections (git-fixes).
- i2c: pnx: Fix timeout in wait functions (git-fixes).
- i2c: riic: Always round-up when calculating bus period (git-fixes).
- i40e: Fix handling changed priv flags (git-fixes).
- i915/guc: Accumulate active runtime on gt reset (git-fixes).
- i915/guc: Ensure busyness counter increases motonically (git-fixes).
- i915/guc: Reset engine utilization buffer before registration (git-fixes).
- ice: Unbind the workqueue (bsc#1234989)
- ice: change q_index variable type to s16 to store -1 value (git-fixes).
- ice: consistently use q_idx in ice_vc_cfg_qs_msg() (git-fixes).
- ice: fix PHY Clock Recovery availability check (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- igb: Fix potential invalid memory access in igb_init_module() (git-fixes).
- iio: magnetometer: yas530: use signed integer type for clamp limits (git-fixes).
- instrumentation: Wire up cmpxchg128() (bsc#1220773).
- io_uring/rw: avoid punting to io-wq directly (git-fixes).
- io_uring/tctx: work around xa_store() allocation error issue (git-fixes).
- io_uring: Fix registered ring file refcount leak (git-fixes).
- io_uring: always lock __io_cqring_overflow_flush (git-fixes).
- io_uring: check if iowq is killed before queuing (git-fixes).
- iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables (git-fixes).
- irqflags: Explicitly ignore lockdep_hrtimer_exit() argument (git-fixes).
- isofs: handle CDs with bad root inode but good Joliet root directory (bsc#1234199).
- ixgbe: downgrade logging of unsupported VF API version to debug (git-fixes).
- ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5 (git-fixes).
- jffs2: Fix rtime decompressor (git-fixes).
- jffs2: Prevent rtime decompress memory corruption (git-fixes).
- jffs2: fix use of uninitialized variable (git-fixes).
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes).
- jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes).
- jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes).
- jfs: fix shift-out-of-bounds in dbSplit (git-fixes).
- jfs: xattr: check invalid xattr size more strictly (git-fixes).
- kABI workaround for struct drm_dp_mst_topology_mgr (git-fixes).
- kabi/severities: make vcap_find_actionfield PASS (bsc#1220773)
- kasan: make report_lock a raw spinlock (git-fixes).
- kdb: Fix buffer overflow during tab-complete (bsc#1234652).
- kdb: Fix console handling when editing and tab-completing commands (bsc#1234655).
- kdb: Merge identical case statements in kdb_read() (bsc#1234657).
- kdb: Use format-specifiers rather than memset() for padding in kdb_read() (bsc#1234658).
- kdb: Use format-strings rather than '\0' injection in kdb_read() (bsc#1234654).
- kdb: Use the passed prompt in kdb_position_cursor() (bsc#1234654).
- kdb: address -Wformat-security warnings (bsc#1234659).
- kgdb: Flush console before entering kgdb on panic (bsc#1234651).
- leds: class: Protect brightness_show() with led_cdev->led_access mutex (stable-fixes).
- linux/dmaengine.h: fix a few kernel-doc warnings (git-fixes).
- locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() (bsc#1220773 git-fix).
- loop: fix the the direct I/O support check when used on top of block devices (bsc#1234143).
- mac80211: fix user-power when emulating chanctx (stable-fixes).
- media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 (stable-fixes).
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (git-fixes).
- media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera (stable-fixes).
- media: uvcvideo: RealSense D421 Depth module metadata (stable-fixes).
- mfd: da9052-spi: Change read-mask to write-mask (git-fixes).
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices (git-fixes).
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (git-fixes).
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device (git-fixes).
- mm/filemap: avoid buffered read/write race to read inconsistent data (bsc#1234204).
- mm/readahead: do not allow order-1 folio (bsc#1234205).
- mm/readahead: limit page cache size in page_cache_ra_order() (bsc#1234208).
- mmc: core: Add SD card quirk for broken poweroff notification (stable-fixes).
- mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting (git-fixes).
- mmc: mtk-sd: fix devm_clk_get_optional usage (stable-fixes).
- mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED (stable-fixes).
- mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet (stable-fixes).
- mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (git-fixes).
- mtd: diskonchip: Cast an operand to prevent potential overflow (git-fixes).
- mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes).
- mtd: hyperbus: rpc-if: Convert to platform remove callback returning void (stable-fixes).
- mtd: rawnand: arasan: Fix double assertion of chip-select (git-fixes).
- mtd: rawnand: arasan: Fix missing de-registration of NAND (git-fixes).
- mtd: rawnand: fix double free in atmel_pmecc_create_user() (git-fixes).
- net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (git-fixes).
- net/ipv6: release expired exception dst cached in socket (bsc#1216813).
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes).
- net/mlx5e: Remove workaround to avoid syndrome for internal port (git-fixes).
- net/mlx5e: clear xdp features on non-uplink representors (git-fixes).
- net/qed: allow old cards not supporting 'num_images' to work (git-fixes).
- net: Return error from sk_stream_wait_connect() if sk_wait_event() fails (git-fixes).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- net: usb: qmi_wwan: add Quectel RG650V (stable-fixes).
- nfs: ignore SB_RDONLY when mounting nfs (git-fixes).
- nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (git-fixes).
- nfsd: make sure exp active before svc_export_show (git-fixes).
- nfsd: release svc_expkey/svc_export with rcu_work (git-fixes).
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- nilfs2: fix buffer head leaks in calls to truncate_inode_pages() (git-fixes).
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes).
- nilfs2: prevent use of deleted inode (git-fixes).
- nvme-pci: 512 byte aligned dma pool segment quirk (git-fixes).
- nvme-rdma: unquiesce admin_q before destroy it (git-fixes).
- nvme-tcp: fix the memleak while create new ctrl failed (git-fixes).
- nvme/multipath: Fix RCU list traversal to use SRCU primitive (git-fixes).
- nvme: apple: fix device reference counting (git-fixes).
- nvme: fix metadata handling in nvme-passthrough (git-fixes).
- nvmet-loop: avoid using mutex in IO hotpath (git-fixes).
- ocfs2: fix uninitialized value in ocfs2_file_read_iter() (git-fixes).
- ocfs2: free inode when ocfs2_get_init_inode() fails (git-fixes).
- of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() (git-fixes).
- of: Fix error path in of_parse_phandle_with_args_map() (git-fixes).
- of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (git-fixes).
- of: address: Report error on resource bounds overflow (stable-fixes).
- parisc: Raise minimal GCC version (bsc#1220773).
- parisc: Raise minimal GCC version to 12.0.0 (bsc#1220773 git-fix).
- percpu: Add {raw,this}_cpu_try_cmpxchg() (bsc#1220773).
- percpu: Fix self-assignment of __old in raw_cpu_generic_try_cmpxchg() (bsc#1220773 git-fix).
- percpu: Wire up cmpxchg128 (bsc#1220773).
- phy: core: Fix an OF node refcount leakage in _of_phy_get() (git-fixes).
- phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (git-fixes).
- phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider (git-fixes).
- phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (git-fixes).
- phy: core: Fix that API devm_phy_put() fails to release the phy (git-fixes).
- phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP (git-fixes).
- phy: rockchip: naneng-combphy: fix phy reset (git-fixes).
- phy: usb: Toggle the PHY power during init (git-fixes).
- pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (git-fixes).
- pinctrl: qcom-pmic-gpio: add support for PM8937 (stable-fixes).
- pinctrl: qcom: spmi-mpp: Add PM8937 compatible (stable-fixes).
- pinmux: Use sequential access to access desc->pinmux data (stable-fixes).
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).
- platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (stable-fixes).
- platform/x86: dell-smbios-base: Extends support to Alienware products (stable-fixes).
- platform/x86: dell-wmi-base: Handle META key Lock/Unlock events (stable-fixes).
- platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect fan speed (stable-fixes).
- power: supply: gpio-charger: Fix set charge current limits (git-fixes).
- powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active (bsc#1235108).
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes).
- quota: Fix rcu annotations of inode dquot pointers (bsc#1234197).
- quota: explicitly forbid quota files from being encrypted (bsc#1234196).
- quota: flush quota_release_work upon quota writeback (bsc#1234195).
- quota: simplify drop_dquot_ref() (bsc#1234197).
- readahead: use ilog2 instead of a while loop in page_cache_ra_order() (bsc#1234208).
- regmap: Use correct format specifier for logging range errors (stable-fixes).
- regulator: rk808: Add apply_bit for BUCK3 on RK809 (stable-fixes).
- rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454)
- rtc: cmos: avoid taking rtc_lock for extended period of time (stable-fixes).
- s390/cio: Do not unregister the subchannel based on DNV (git-fixes).
- s390/cpum_sf: Convert to cmpxchg128() (bsc#1220773).
- s390/cpum_sf: Handle CPU hotplug remove during sampling (git-fixes).
- s390/cpum_sf: Remove WARN_ON_ONCE statements (git-fixes).
- s390/facility: Disable compile time optimization for decompressor code (git-fixes).
- s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (git-fixes).
- s390/pageattr: Implement missing kernel_page_present() (git-fixes).
- scatterlist: fix incorrect func name in kernel-doc (git-fixes).
- sched/numa: fix memory leak due to the overwritten vma->numab_state (git fixes (sched/numa)).
- scsi: lpfc: Add handling for LS_RJT reason explanation authentication required (bsc#1235409).
- scsi: lpfc: Add support for large fw object application layer reads (bsc#1235409).
- scsi: lpfc: Change lpfc_nodelist save_flags member into a bitmask (bsc#1235409).
- scsi: lpfc: Copyright updates for 14.4.0.7 patches (bsc#1235409).
- scsi: lpfc: Delete NLP_TARGET_REMOVE flag due to obsolete usage (bsc#1235409).
- scsi: lpfc: Modify handling of ADISC based on ndlp state and RPI registration (bsc#1235409).
- scsi: lpfc: Redefine incorrect type in lpfc_create_device_data() (bsc#1235409).
- scsi: lpfc: Restrict the REG_FCFI MAM field to FCoE adapters only (bsc#1235409).
- scsi: lpfc: Update definition of firmware configuration mbox cmds (bsc#1235409).
- scsi: lpfc: Update lpfc version to 14.4.0.7 (bsc#1235409).
- scsi: qla2xxx: Fix NVMe and NPIV connect issue (bsc#1235406).
- scsi: qla2xxx: Fix abort in bsg timeout (bsc#1235406).
- scsi: qla2xxx: Fix use after free on unload (bsc#1235406).
- scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt (bsc#1235406).
- scsi: qla2xxx: Remove the unused 'del_list_entry' field in struct fc_port (bsc#1235406).
- scsi: qla2xxx: Supported speed displayed incorrectly for VPorts (bsc#1235406).
- scsi: qla2xxx: Update version to 10.02.09.400-k (bsc#1235406).
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- selftests/bpf: Test PROBE_MEM of VSYSCALL_ADDR on x86-64 (git-fixes).
- serial: 8250_dw: Add Sophgo SG2044 quirk (stable-fixes).
- serial: 8250_dw: Do not use struct dw8250_data outside of 8250_dw (git-fixes).
- serial: 8250_dw: Replace ACPI device check by a quirk (git-fixes).
- serial: 8250_fintek: Add support for F81216E (stable-fixes).
- serial: Do not hold the port lock when setting rx-during-tx GPIO (git-fixes).
- serial: amba-pl011: Fix RX stall when DMA is used (git-fixes).
- serial: amba-pl011: Use port lock wrappers (stable-fixes).
- serial: amba-pl011: fix build regression (git-fixes).
- serial: do not use uninitialized value in uart_poll_init() (git-fixes).
- serial: imx: only set receiver level if it is zero (git-fixes).
- serial: imx: set receiver level before starting uart (git-fixes).
- serial: qcom-geni: Do not cancel/abort if we can't get the port lock (git-fixes).
- serial: qcom-geni: disable interrupts during console writes (git-fixes).
- serial: qcom-geni: fix arg types for qcom_geni_serial_poll_bit() (git-fixes).
- serial: qcom-geni: fix console corruption (git-fixes).
- serial: qcom-geni: fix dma rx cancellation (git-fixes).
- serial: qcom-geni: fix false console tx restart (git-fixes).
- serial: qcom-geni: fix fifo polling timeout (git-fixes).
- serial: qcom-geni: fix hard lockup on buffer flush (git-fixes).
- serial: qcom-geni: fix polled console corruption (git-fixes).
- serial: qcom-geni: fix polled console initialisation (git-fixes).
- serial: qcom-geni: fix receiver enable (git-fixes).
- serial: qcom-geni: fix shutdown race (git-fixes).
- serial: qcom-geni: fix soft lockup on sw flow control and suspend (git-fixes).
- serial: qcom-geni: introduce qcom_geni_serial_poll_bitfield() (git-fixes).
- serial: qcom-geni: revert broken hibernation support (git-fixes).
- serial: stm32: Return IRQ_NONE in the ISR if no handling happend (git-fixes).
- serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled (git-fixes).
- slub: Replace cmpxchg_double() (bsc#1220773).
- slub: Replace cmpxchg_double() - KABI fix (bsc#1220773).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: fix issue described in bsc#1233642]
- soc/fsl: cpm: qmc: Convert to platform remove callback returning void (stable-fixes).
- soc: fsl: cpm1: qmc: Fix blank line and spaces (stable-fixes).
- soc: fsl: cpm1: qmc: Introduce qmc_init_resource() and its CPM1 version (stable-fixes).
- soc: fsl: cpm1: qmc: Introduce qmc_{init,exit}_xcc() and their CPM1 version (stable-fixes).
- soc: fsl: cpm1: qmc: Re-order probe() operations (stable-fixes).
- soc: fsl: cpm1: qmc: Set the ret error code on platform_get_irq() failure (git-fixes).
- soc: imx8m: Probe the SoC driver as platform driver (stable-fixes).
- soc: qcom: Add check devm_kasprintf() returned value (stable-fixes).
- soc: qcom: geni-se: Add M_TX_FIFO_NOT_EMPTY bit definition (git-fixes).
- soc: qcom: geni-se: add GP_LENGTH/IRQ_EN_SET/IRQ_EN_CLEAR registers (git-fixes).
- soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (git-fixes).
- spi: aspeed: Fix an error handling path in aspeed_spi_[read|write]_user() (git-fixes).
- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (git-fixes).
- sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (git-fixes).
- sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() (git-fixes).
- svcrdma: Address an integer overflow (git-fixes).
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes).
- swiotlb: Enforce page alignment in swiotlb_alloc() (git-fixes).
- swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE (git-fixes).
- thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens (stable-fixes).
- tools: hv: change permissions of NetworkManager configuration file (git-fixes).
- tpm/eventlog: Limit memory allocations for event logs with excessive size (bsc#1233260 bsc#1233259 bsc#1232421).
- tpm_tis_spi: Release chip select when flow control fails (bsc#1234338)
- tty: serial: kgdboc: Fix 8250_* kgdb over serial (git-fixes).
- types: Introduce [us]128 (bsc#1220773).
- ubifs: Correct the total block count by deducting journal reservation (git-fixes).
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes).
- udf: Fix lock ordering in udf_evict_inode() (bsc#1234238).
- udf: fix uninit-value use in udf_get_fileshortad (bsc#1234243).
- udf: prevent integer overflow in udf_bitmap_free_blocks() (bsc#1234239).
- udf: refactor inode_bmap() to handle error (bsc#1234242).
- udf: refactor udf_current_aext() to handle error (bsc#1234240).
- udf: refactor udf_next_aext() to handle error (bsc#1234241).
- udf: udftime: prevent overflow in udf_disk_stamp_to_time() (bsc#1234237).
- usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver (stable-fixes).
- usb: cdns3-ti: Add workaround for Errata i2409 (stable-fixes).
- usb: cdns3: Add quirk flag to enable suspend residency (stable-fixes).
- usb: chipidea: udc: handle USB Error Interrupt if IOC not set (stable-fixes).
- usb: dwc2: Fix HCD port connection race (git-fixes).
- usb: dwc2: Fix HCD resume (git-fixes).
- usb: dwc2: gadget: Do not write invalid mapped sg entries into dma_desc with iommu enabled (stable-fixes).
- usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature (git-fixes).
- usb: dwc3: ep0: Do not clear ep0 DWC3_EP_TRANSFER_STARTED (git-fixes).
- usb: dwc3: ep0: Do not reset resource alloc flag (git-fixes).
- usb: dwc3: ep0: Do not reset resource alloc flag (including ep0) (git-fixes).
- usb: dwc3: gadget: Rewrite endpoint allocation flow (stable-fixes).
- usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode (git-fixes).
- usb: ehci-hcd: fix call balance of clocks handling routines (git-fixes).
- usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (git-fixes).
- usb: host: max3421-hcd: Correctly abort a USB request (git-fixes).
- usb: typec: anx7411: fix OF node reference leaks in anx7411_typec_switch_probe() (git-fixes).
- usb: typec: anx7411: fix fwnode_handle reference leak (git-fixes).
- usb: typec: use cleanup facility for 'altmodes_node' (stable-fixes).
- vDPA/ifcvf: Fix pci_read_config_byte() return code handling (git-fixes).
- vdpa/mlx5: Fix PA offset with unaligned starting iotlb map (git-fixes).
- vdpa/mlx5: Fix suboptimal range on iotlb iteration (git-fixes).
- vdpa: solidrun: Fix UB bug with devres (git-fixes).
- vfs: fix readahead(2) on block devices (bsc#1234201).
- wifi: ath5k: add PCI ID for Arcadyan devices (git-fixes).
- wifi: ath5k: add PCI ID for SX76X (git-fixes).
- wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (stable-fixes).
- wifi: cfg80211: sme: init n_channels before channels[] access (git-fixes).
- wifi: cw1200: Fix potential NULL dereference (git-fixes).
- wifi: ipw2x00: libipw_rx_any(): fix bad alignment (stable-fixes).
- wifi: iwlwifi: mvm: Use the sync timepoint API in suspend (stable-fixes).
- wifi: mac80211: clean up 'ret' in sta_link_apply_parameters() (stable-fixes).
- wifi: mac80211: fix station NSS capability initialization order (git-fixes).
- wifi: mac80211: init cnt before accessing elem in ieee80211_copy_mbssid_beacon (git-fixes).
- wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one (git-fixes).
- wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures (stable-fixes).
- wifi: rtw89: check return value of ieee80211_probereq_get() for RNR (stable-fixes).
- workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker (bsc#1235416).
- writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs (bsc#1234203).
- x86,amd_iommu: Replace cmpxchg_double() (bsc#1220773).
- x86,intel_iommu: Replace cmpxchg_double() (bsc#1220773).
- x86/hyperv: Fix hv tsc page based sched_clock for hibernation (git-fixes).
- xfs: do not allocate COW extents when unsharing a hole (git-fixes).
- xfs: fix sb_spino_align checks for large fsblock sizes (git-fixes).
- xfs: remove unknown compat feature check in superblock write validation (git-fixes).
- xfs: return from xfs_symlink_verify early on V4 filesystems (git-fixes).
- xfs: sb_spino_align is not verified (git-fixes).
- xhci: Add usb cold attach (CAS) as a reason to resume root hub (git-fixes).
- xhci: Allow RPM on the USB controller (1022:43f7) by default (stable-fixes).
- xhci: fix possible null pointer deref during xhci urb enqueue (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:222-1
Released: Wed Jan 22 12:30:04 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:225-1
Released: Wed Jan 22 15:31:54 2025
Summary: Recommended update for vim
Type: recommended
Severity: moderate
References: 1234214,1234245,1234333
This update for vim fixes the following issues:
- Fix for migration problems related to 'xxd', a subpackages of vim (bsc#1234333 / bsc#1234214 / bsc#1234245).
Package 'xxd' has been obsoleted by Vim, as it provides the xxd
files directly.
However, because the 'Obsoletes' entry was versioned, depending on
which version of 'xxd' that is installed, the 'Obsoletes' isn't
actually triggered. Thus, there is a conflict between 'vim' and
'xxd' in these cases.
Fixing this by removing the version completely. The 'vim' package
should always replace 'xxd', even if people are migrating from an
older SLE15 service pack which has the exact same version.
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- containerd-ctr-1.7.23-150000.120.1 updated
- containerd-1.7.23-150000.120.1 updated
- docker-26.1.5_ce-150000.212.1 updated
- glibc-locale-base-2.38-150600.14.20.3 updated
- glibc-locale-2.38-150600.14.20.3 updated
- glibc-2.38-150600.14.20.3 updated
- google-dracut-config-0.0.4-150300.7.9.2 added
- google-guest-configs-20241121.00-150400.13.14.1 updated
- grub2-i386-pc-2.12-150600.8.12.1 updated
- grub2-x86_64-efi-2.12-150600.8.12.1 updated
- grub2-2.12-150600.8.12.1 updated
- hwdata-0.390-150000.3.74.2 updated
- kdump-2.0.6+git19.ge6e33ae-150600.3.6.2 updated
- kernel-default-6.4.0-150600.23.33.1 updated
- libcurl4-8.6.0-150600.4.18.1 updated
- libnl-config-3.9.0-150600.15.4.4 updated
- libnl3-200-3.9.0-150600.15.4.4 updated
- libproxy1-0.5.3-150600.4.6.2 updated
- libpxbackend-1_0-0.5.3-150600.4.6.2 updated
- libsystemd0-254.21-150600.4.21.1 updated
- libudev1-254.21-150600.4.21.1 updated
- libzypp-17.35.16-150600.3.41.1 updated
- permissions-20240826-150600.10.12.1 updated
- systemd-254.21-150600.4.21.1 updated
- udev-254.21-150600.4.21.1 updated
- vim-data-common-9.1.0836-150500.20.18.1 updated
- vim-9.1.0836-150500.20.18.1 updated
- xen-libs-4.18.4_02-150600.3.15.2 updated
- zypper-1.14.79-150600.10.19.1 updated
From sle-container-updates at lists.suse.com Sat Jan 25 08:02:24 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 25 Jan 2025 09:02:24 +0100 (CET)
Subject: SUSE-IU-2025:350-1: Security update of
suse-sles-15-sp5-chost-byos-v20250122-hvm-ssd-x86_64
Message-ID: <20250125080224.EA127FCE7@maintenance.suse.de>
SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20250122-hvm-ssd-x86_64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:350-1
Image Tags : suse-sles-15-sp5-chost-byos-v20250122-hvm-ssd-x86_64:20250122
Image Release :
Severity : important
Type : security
References : 1054914 1065729 1082555 1170891 1173139 1185010 1190358 1190428
1192020 1194869 1203332 1203617 1204171 1205521 1205796 1206188
1206344 1209288 1209290 1209798 1210449 1210627 1211593 1211595
1213034 1214635 1215304 1215523 1216813 1216813 1216909 1217070
1218562 1218644 1219608 1220382 1221309 1221333 1222364 1222590
1222878 1223044 1223202 1223384 1223524 1223656 1223824 1223848
1223919 1223942 1224518 1224526 1224574 1225189 1225336 1225611
1225725 1225730 1225742 1225758 1225762 1225764 1225812 1225820
1226498 1226560 1226586 1226592 1226631 1226694 1226748 1226797
1226872 1227437 1227853 1227885 1228119 1228190 1228269 1228324
1228410 1228430 1228486 1228553 1228650 1228709 1228743 1228747
1228857 1229005 1229019 1229312 1229429 1229450 1229454 1229456
1229556 1229585 1229752 1229769 1229806 1229808 1229809 1229837
1229891 1230055 1230179 1230220 1230231 1230270 1230272 1230289
1230294 1230331 1230333 1230405 1230414 1230422 1230429 1230456
1230550 1230558 1230600 1230620 1230697 1230715 1230722 1230763
1230773 1230774 1230801 1230827 1230903 1230918 1231016 1231072
1231073 1231083 1231084 1231085 1231087 1231089 1231094 1231096
1231098 1231101 1231105 1231108 1231111 1231114 1231115 1231132
1231135 1231138 1231148 1231169 1231178 1231179 1231180 1231181
1231187 1231191 1231193 1231195 1231197 1231200 1231202 1231203
1231277 1231293 1231327 1231344 1231348 1231375 1231383 1231388
1231434 1231439 1231441 1231442 1231452 1231453 1231465 1231474
1231481 1231496 1231502 1231537 1231539 1231540 1231541 1231578
1231604 1231610 1231646 1231673 1231849 1231854 1231856 1231857
1231858 1231859 1231861 1231864 1231872 1231883 1231885 1231887
1231888 1231889 1231890 1231892 1231893 1231895 1231896 1231897
1231902 1231903 1231904 1231907 1231914 1231916 1231920 1231923
1231929 1231930 1231931 1231935 1231936 1231937 1231938 1231939
1231940 1231941 1231942 1231944 1231947 1231950 1231952 1231953
1231954 1231958 1231959 1231960 1231961 1231962 1231965 1231967
1231968 1231972 1231973 1231976 1231978 1231979 1231987 1231988
1231990 1231991 1231992 1231995 1231996 1231997 1231998 1232001
1232004 1232005 1232006 1232007 1232013 1232015 1232016 1232017
1232024 1232024 1232025 1232026 1232027 1232028 1232033 1232034
1232035 1232036 1232037 1232038 1232039 1232043 1232045 1232047
1232048 1232049 1232050 1232056 1232067 1232069 1232070 1232071
1232075 1232076 1232080 1232083 1232084 1232085 1232089 1232094
1232096 1232097 1232098 1232104 1232105 1232108 1232111 1232114
1232116 1232119 1232120 1232123 1232124 1232126 1232133 1232134
1232135 1232136 1232140 1232141 1232142 1232145 1232147 1232149
1232150 1232151 1232152 1232154 1232155 1232157 1232159 1232160
1232162 1232163 1232164 1232165 1232166 1232170 1232172 1232174
1232175 1232180 1232185 1232187 1232189 1232191 1232195 1232196
1232198 1232199 1232200 1232201 1232217 1232218 1232220 1232221
1232224 1232229 1232232 1232233 1232237 1232251 1232253 1232254
1232255 1232259 1232260 1232262 1232263 1232264 1232272 1232279
1232282 1232285 1232286 1232287 1232293 1232304 1232305 1232307
1232309 1232310 1232312 1232313 1232314 1232316 1232317 1232318
1232329 1232332 1232333 1232334 1232335 1232337 1232339 1232342
1232345 1232349 1232352 1232354 1232355 1232357 1232358 1232359
1232361 1232362 1232364 1232366 1232367 1232368 1232369 1232370
1232371 1232374 1232378 1232381 1232383 1232385 1232387 1232392
1232394 1232395 1232413 1232416 1232418 1232419 1232424 1232432
1232435 1232436 1232436 1232442 1232446 1232472 1232483 1232500
1232501 1232503 1232504 1232507 1232519 1232520 1232552 1232573
1232630 1232631 1232632 1232757 1232819 1232823 1232860 1232870
1232873 1232877 1232878 1232881 1232884 1232885 1232887 1232888
1232890 1232892 1232896 1232897 1232905 1232907 1232919 1232926
1232928 1232935 1232999 1233035 1233038 1233049 1233050 1233051
1233056 1233057 1233061 1233063 1233065 1233067 1233070 1233070
1233073 1233074 1233096 1233100 1233103 1233104 1233105 1233106
1233107 1233108 1233110 1233111 1233113 1233114 1233117 1233123
1233125 1233127 1233129 1233130 1233134 1233135 1233150 1233189
1233191 1233197 1233200 1233205 1233206 1233209 1233210 1233211
1233212 1233214 1233216 1233238 1233239 1233241 1233253 1233255
1233293 1233324 1233350 1233420 1233452 1233453 1233454 1233456
1233457 1233458 1233460 1233462 1233463 1233467 1233468 1233468
1233469 1233471 1233476 1233478 1233479 1233481 1233484 1233485
1233487 1233490 1233491 1233528 1233547 1233548 1233550 1233552
1233553 1233554 1233555 1233557 1233558 1233560 1233561 1233564
1233568 1233570 1233577 1233580 1233637 1233642 1233701 1233769
1233819 1233837 1233977 1234012 1234025 1234068 1234072 1234073
1234075 1234076 1234077 1234085 1234087 1234093 1234098 1234108
1234120 1234156 1234214 1234219 1234220 1234240 1234241 1234245
1234273 1234281 1234282 1234294 1234333 1234338 1234357 1234437
1234464 1234605 1234639 1234650 1234708 1234727 1234749 1234809
1234811 1234827 1234834 1234843 1234846 1234853 1234856 1234891
1234912 1234920 1234921 1234960 1234963 1234971 1234973 1235004
1235035 1235037 1235039 1235054 1235056 1235061 1235073 1235220
1235224 1235246 1235507 CVE-2021-47202 CVE-2021-47416 CVE-2021-47534
CVE-2021-47594 CVE-2022-3435 CVE-2022-36280 CVE-2022-45934 CVE-2022-48664
CVE-2022-48674 CVE-2022-48742 CVE-2022-48879 CVE-2022-48946 CVE-2022-48947
CVE-2022-48948 CVE-2022-48949 CVE-2022-48951 CVE-2022-48953 CVE-2022-48954
CVE-2022-48955 CVE-2022-48956 CVE-2022-48957 CVE-2022-48958 CVE-2022-48959
CVE-2022-48960 CVE-2022-48961 CVE-2022-48962 CVE-2022-48966 CVE-2022-48967
CVE-2022-48968 CVE-2022-48969 CVE-2022-48970 CVE-2022-48971 CVE-2022-48972
CVE-2022-48973 CVE-2022-48975 CVE-2022-48977 CVE-2022-48978 CVE-2022-48979
CVE-2022-48980 CVE-2022-48981 CVE-2022-48982 CVE-2022-48983 CVE-2022-48985
CVE-2022-48987 CVE-2022-48988 CVE-2022-48989 CVE-2022-48990 CVE-2022-48991
CVE-2022-48992 CVE-2022-48994 CVE-2022-48995 CVE-2022-48997 CVE-2022-48999
CVE-2022-49000 CVE-2022-49002 CVE-2022-49003 CVE-2022-49005 CVE-2022-49006
CVE-2022-49007 CVE-2022-49010 CVE-2022-49011 CVE-2022-49012 CVE-2022-49014
CVE-2022-49015 CVE-2022-49016 CVE-2022-49017 CVE-2022-49019 CVE-2022-49020
CVE-2022-49021 CVE-2022-49022 CVE-2022-49023 CVE-2022-49024 CVE-2022-49025
CVE-2022-49026 CVE-2022-49027 CVE-2022-49028 CVE-2022-49029 CVE-2022-49031
CVE-2022-49032 CVE-2022-49033 CVE-2022-49035 CVE-2023-1382 CVE-2023-2166
CVE-2023-28327 CVE-2023-33951 CVE-2023-33952 CVE-2023-45142 CVE-2023-47108
CVE-2023-52766 CVE-2023-52800 CVE-2023-52881 CVE-2023-52915 CVE-2023-52917
CVE-2023-52918 CVE-2023-52919 CVE-2023-52920 CVE-2023-52921 CVE-2023-52922
CVE-2023-6270 CVE-2024-11053 CVE-2024-24860 CVE-2024-26782 CVE-2024-26886
CVE-2024-26906 CVE-2024-26924 CVE-2024-26953 CVE-2024-27043 CVE-2024-35888
CVE-2024-35937 CVE-2024-35980 CVE-2024-36244 CVE-2024-36484 CVE-2024-36883
CVE-2024-36886 CVE-2024-36905 CVE-2024-36915 CVE-2024-36953 CVE-2024-36954
CVE-2024-36957 CVE-2024-38577 CVE-2024-38589 CVE-2024-38615 CVE-2024-39476
CVE-2024-40965 CVE-2024-40997 CVE-2024-41016 CVE-2024-41023 CVE-2024-41049
CVE-2024-41110 CVE-2024-42131 CVE-2024-42145 CVE-2024-42226 CVE-2024-42232
CVE-2024-42253 CVE-2024-43817 CVE-2024-43897 CVE-2024-44931 CVE-2024-44932
CVE-2024-44934 CVE-2024-44947 CVE-2024-44958 CVE-2024-44964 CVE-2024-44995
CVE-2024-45016 CVE-2024-45025 CVE-2024-46678 CVE-2024-46681 CVE-2024-46716
CVE-2024-46719 CVE-2024-46754 CVE-2024-46770 CVE-2024-46775 CVE-2024-46777
CVE-2024-46800 CVE-2024-46802 CVE-2024-46804 CVE-2024-46805 CVE-2024-46807
CVE-2024-46809 CVE-2024-46810 CVE-2024-46811 CVE-2024-46812 CVE-2024-46813
CVE-2024-46814 CVE-2024-46815 CVE-2024-46816 CVE-2024-46817 CVE-2024-46818
CVE-2024-46819 CVE-2024-46821 CVE-2024-46826 CVE-2024-46828 CVE-2024-46834
CVE-2024-46835 CVE-2024-46840 CVE-2024-46841 CVE-2024-46842 CVE-2024-46848
CVE-2024-46849 CVE-2024-46853 CVE-2024-46854 CVE-2024-46855 CVE-2024-46857
CVE-2024-46859 CVE-2024-46864 CVE-2024-46871 CVE-2024-47660 CVE-2024-47661
CVE-2024-47663 CVE-2024-47664 CVE-2024-47665 CVE-2024-47666 CVE-2024-47667
CVE-2024-47668 CVE-2024-47669 CVE-2024-47670 CVE-2024-47671 CVE-2024-47672
CVE-2024-47673 CVE-2024-47674 CVE-2024-47678 CVE-2024-47679 CVE-2024-47682
CVE-2024-47684 CVE-2024-47685 CVE-2024-47692 CVE-2024-47693 CVE-2024-47695
CVE-2024-47696 CVE-2024-47697 CVE-2024-47698 CVE-2024-47699 CVE-2024-47701
CVE-2024-47704 CVE-2024-47705 CVE-2024-47706 CVE-2024-47707 CVE-2024-47709
CVE-2024-47710 CVE-2024-47712 CVE-2024-47713 CVE-2024-47718 CVE-2024-47720
CVE-2024-47723 CVE-2024-47727 CVE-2024-47728 CVE-2024-47730 CVE-2024-47735
CVE-2024-47737 CVE-2024-47738 CVE-2024-47739 CVE-2024-47742 CVE-2024-47745
CVE-2024-47747 CVE-2024-47748 CVE-2024-47749 CVE-2024-47756 CVE-2024-47757
CVE-2024-49850 CVE-2024-49851 CVE-2024-49852 CVE-2024-49855 CVE-2024-49858
CVE-2024-49860 CVE-2024-49861 CVE-2024-49863 CVE-2024-49866 CVE-2024-49867
CVE-2024-49868 CVE-2024-49870 CVE-2024-49871 CVE-2024-49875 CVE-2024-49877
CVE-2024-49879 CVE-2024-49881 CVE-2024-49882 CVE-2024-49883 CVE-2024-49884
CVE-2024-49886 CVE-2024-49890 CVE-2024-49891 CVE-2024-49892 CVE-2024-49894
CVE-2024-49895 CVE-2024-49896 CVE-2024-49897 CVE-2024-49899 CVE-2024-49900
CVE-2024-49901 CVE-2024-49902 CVE-2024-49903 CVE-2024-49905 CVE-2024-49906
CVE-2024-49907 CVE-2024-49908 CVE-2024-49909 CVE-2024-49911 CVE-2024-49912
CVE-2024-49913 CVE-2024-49914 CVE-2024-49917 CVE-2024-49918 CVE-2024-49919
CVE-2024-49920 CVE-2024-49921 CVE-2024-49922 CVE-2024-49923 CVE-2024-49924
CVE-2024-49925 CVE-2024-49929 CVE-2024-49930 CVE-2024-49933 CVE-2024-49934
CVE-2024-49935 CVE-2024-49936 CVE-2024-49938 CVE-2024-49939 CVE-2024-49944
CVE-2024-49945 CVE-2024-49946 CVE-2024-49947 CVE-2024-49949 CVE-2024-49950
CVE-2024-49952 CVE-2024-49954 CVE-2024-49955 CVE-2024-49957 CVE-2024-49958
CVE-2024-49959 CVE-2024-49960 CVE-2024-49962 CVE-2024-49963 CVE-2024-49965
CVE-2024-49966 CVE-2024-49967 CVE-2024-49968 CVE-2024-49969 CVE-2024-49973
CVE-2024-49974 CVE-2024-49975 CVE-2024-49981 CVE-2024-49982 CVE-2024-49983
CVE-2024-49985 CVE-2024-49989 CVE-2024-49991 CVE-2024-49993 CVE-2024-49995
CVE-2024-49996 CVE-2024-50000 CVE-2024-50001 CVE-2024-50002 CVE-2024-50003
CVE-2024-50006 CVE-2024-50007 CVE-2024-50008 CVE-2024-50009 CVE-2024-50013
CVE-2024-50014 CVE-2024-50017 CVE-2024-50018 CVE-2024-50019 CVE-2024-50024
CVE-2024-50025 CVE-2024-50026 CVE-2024-50028 CVE-2024-50031 CVE-2024-50033
CVE-2024-50035 CVE-2024-50041 CVE-2024-50044 CVE-2024-50045 CVE-2024-50046
CVE-2024-50047 CVE-2024-50048 CVE-2024-50049 CVE-2024-50055 CVE-2024-50058
CVE-2024-50059 CVE-2024-50061 CVE-2024-50062 CVE-2024-50063 CVE-2024-50067
CVE-2024-50073 CVE-2024-50074 CVE-2024-50077 CVE-2024-50078 CVE-2024-50081
CVE-2024-50082 CVE-2024-50089 CVE-2024-50093 CVE-2024-50095 CVE-2024-50096
CVE-2024-50098 CVE-2024-50099 CVE-2024-50103 CVE-2024-50108 CVE-2024-50110
CVE-2024-50115 CVE-2024-50116 CVE-2024-50117 CVE-2024-50124 CVE-2024-50125
CVE-2024-50127 CVE-2024-50128 CVE-2024-50131 CVE-2024-50134 CVE-2024-50135
CVE-2024-50138 CVE-2024-50141 CVE-2024-50143 CVE-2024-50146 CVE-2024-50147
CVE-2024-50148 CVE-2024-50150 CVE-2024-50153 CVE-2024-50154 CVE-2024-50154
CVE-2024-50155 CVE-2024-50156 CVE-2024-50160 CVE-2024-50166 CVE-2024-50167
CVE-2024-50171 CVE-2024-50179 CVE-2024-50180 CVE-2024-50181 CVE-2024-50182
CVE-2024-50183 CVE-2024-50184 CVE-2024-50186 CVE-2024-50187 CVE-2024-50188
CVE-2024-50189 CVE-2024-50192 CVE-2024-50194 CVE-2024-50195 CVE-2024-50196
CVE-2024-50198 CVE-2024-50201 CVE-2024-50202 CVE-2024-50205 CVE-2024-50208
CVE-2024-50209 CVE-2024-50211 CVE-2024-50215 CVE-2024-50218 CVE-2024-50229
CVE-2024-50230 CVE-2024-50232 CVE-2024-50233 CVE-2024-50234 CVE-2024-50236
CVE-2024-50237 CVE-2024-50249 CVE-2024-50255 CVE-2024-50256 CVE-2024-50259
CVE-2024-50261 CVE-2024-50262 CVE-2024-50264 CVE-2024-50265 CVE-2024-50267
CVE-2024-50268 CVE-2024-50269 CVE-2024-50271 CVE-2024-50273 CVE-2024-50274
CVE-2024-50278 CVE-2024-50279 CVE-2024-50279 CVE-2024-50280 CVE-2024-50282
CVE-2024-50287 CVE-2024-50289 CVE-2024-50290 CVE-2024-50292 CVE-2024-50295
CVE-2024-50296 CVE-2024-50298 CVE-2024-50301 CVE-2024-50302 CVE-2024-52616
CVE-2024-53051 CVE-2024-53052 CVE-2024-53055 CVE-2024-53056 CVE-2024-53058
CVE-2024-53059 CVE-2024-53060 CVE-2024-53061 CVE-2024-53063 CVE-2024-53064
CVE-2024-53066 CVE-2024-53068 CVE-2024-53072 CVE-2024-53079 CVE-2024-53085
CVE-2024-53088 CVE-2024-53090 CVE-2024-53095 CVE-2024-53101 CVE-2024-53104
CVE-2024-53110 CVE-2024-53113 CVE-2024-53114 CVE-2024-53119 CVE-2024-53120
CVE-2024-53122 CVE-2024-53125 CVE-2024-53130 CVE-2024-53131 CVE-2024-53142
CVE-2024-53146 CVE-2024-53150 CVE-2024-53156 CVE-2024-53157 CVE-2024-53158
CVE-2024-53161 CVE-2024-53162 CVE-2024-53173 CVE-2024-53179 CVE-2024-53206
CVE-2024-53210 CVE-2024-53213 CVE-2024-53214 CVE-2024-53239 CVE-2024-53240
CVE-2024-53241 CVE-2024-56326 CVE-2024-56539 CVE-2024-56548 CVE-2024-56549
CVE-2024-56570 CVE-2024-56571 CVE-2024-56575 CVE-2024-56598 CVE-2024-56604
CVE-2024-56605 CVE-2024-56619 CVE-2024-56755 CVE-2024-8805
-----------------------------------------------------------------
The container suse-sles-15-sp5-chost-byos-v20250122-hvm-ssd-x86_64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4338-1
Released: Tue Dec 17 08:18:46 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1230272,1231610
This update for systemd fixes the following issues:
- core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout (bsc#1230272)
- core/unit: add get_timeout_start_usec in UnitVTable and define it for service
- sd-bus: make bus_add_match_full accept timeout
- udev-builtin-path_id: SAS wide ports must have num_phys > 1 (bsc#1231610)
- sd-device: add helper to read a unsigned int attribute
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4359-1
Released: Tue Dec 17 14:19:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4360-1
Released: Tue Dec 17 15:35:28 2024
Summary: Security update for docker
Type: security
Severity: important
References: 1217070,1228324,1228553,1229806,1230294,1230331,1230333,1231348,1232999,1233819,CVE-2023-45142,CVE-2023-47108,CVE-2024-41110
This update for docker fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
.
Some notable changelogs from the last update:
*
*
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Allow a parallel docker-stable RPM to exists in repositories.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)
- Mark docker-buildx as required since classic 'docker build' has been
deprecated since Docker 23.0. (bsc#1230331)
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
(bsc#1230333)
- Update to Docker 26.1.5-ce. See upstream changelog online at
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070 bsc#1229806
* CVE-2023-45142. bsc#1228553 bsc#1229806
- Update to Docker 26.1.4-ce. See upstream changelog online at
- Update to Docker 26.1.0-ce. See upstream changelog online at
- Update --add-runtime to point to correct binary path.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4363-1
Released: Tue Dec 17 16:12:41 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update v0.390
* Update pci and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4364-1
Released: Tue Dec 17 16:57:18 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1054914,1065729,1082555,1194869,1204171,1205796,1206188,1206344,1209290,1210449,1210627,1213034,1216813,1218562,1218644,1220382,1221309,1221333,1222364,1222590,1223202,1223384,1223524,1223656,1223824,1223848,1223919,1223942,1224518,1224526,1224574,1225189,1225336,1225611,1225725,1225730,1225742,1225762,1225764,1225812,1226498,1226560,1226592,1226631,1226748,1226797,1226872,1227437,1227853,1227885,1228119,1228269,1228410,1228430,1228486,1228650,1228709,1228743,1228747,1228857,1229005,1229019,1229312,1229429,1229450,1229454,1229456,1229556,1229585,1229752,1229769,1229808,1229837,1229891,1230055,1230179,1230220,1230231,1230270,1230289,1230405,1230414,1230429,1230456,1230550,1230558,1230600,1230620,1230715,1230722,1230763,1230773,1230774,1230801,1230827,1230903,1230918,1231016,1231072,1231073,1231083,1231084,1231085,1231087,1231089,1231094,1231096,1231098,1231101,1231105,1231108,1231111,1231114,1231115,1231132,1231135,1231138,1231148,1231169,1231178,1231179,1231180,1231181,1
231187,1231191,1231193,1231195,1231197,1231200,1231202,1231203,1231277,1231293,1231327,1231344,1231375,1231383,1231434,1231439,1231441,1231442,1231452,1231465,1231474,1231481,1231496,1231502,1231537,1231539,1231540,1231541,1231578,1231646,1231673,1231849,1231856,1231857,1231858,1231859,1231861,1231864,1231872,1231883,1231885,1231887,1231888,1231889,1231890,1231892,1231893,1231895,1231896,1231897,1231902,1231903,1231904,1231907,1231914,1231916,1231920,1231923,1231929,1231930,1231931,1231935,1231936,1231937,1231938,1231939,1231940,1231941,1231942,1231944,1231947,1231950,1231952,1231953,1231954,1231958,1231959,1231960,1231961,1231962,1231965,1231967,1231968,1231972,1231973,1231976,1231978,1231979,1231987,1231988,1231990,1231991,1231992,1231995,1231996,1231997,1231998,1232001,1232004,1232005,1232006,1232007,1232013,1232015,1232016,1232017,1232025,1232026,1232027,1232028,1232033,1232034,1232035,1232036,1232037,1232038,1232039,1232043,1232047,1232048,1232049,1232050,1232056,1232067,123206
9,1232070,1232071,1232075,1232076,1232080,1232083,1232084,1232085,1232089,1232094,1232096,1232097,1232098,1232104,1232105,1232108,1232111,1232114,1232116,1232119,1232120,1232123,1232124,1232126,1232133,1232134,1232135,1232136,1232140,1232141,1232142,1232145,1232147,1232149,1232150,1232151,1232152,1232154,1232155,1232159,1232160,1232162,1232163,1232164,1232165,1232170,1232172,1232174,1232175,1232180,1232185,1232187,1232189,1232191,1232195,1232196,1232198,1232199,1232200,1232201,1232217,1232218,1232220,1232221,1232224,1232229,1232232,1232233,1232237,1232251,1232253,1232254,1232255,1232259,1232260,1232262,1232263,1232264,1232272,1232279,1232282,1232285,1232286,1232287,1232293,1232304,1232305,1232307,1232309,1232310,1232312,1232313,1232314,1232316,1232317,1232318,1232329,1232332,1232333,1232334,1232335,1232337,1232339,1232342,1232345,1232349,1232352,1232354,1232355,1232357,1232358,1232359,1232361,1232362,1232364,1232366,1232367,1232368,1232369,1232370,1232371,1232374,1232378,1232381,123
2383,1232385,1232387,1232392,1232394,1232395,1232413,1232416,1232418,1232424,1232432,1232435,1232436,1232442,1232446,1232483,1232500,1232501,1232503,1232504,1232507,1232519,1232520,1232552,1232630,1232631,1232632,1232757,1232819,1232860,1232870,1232873,1232877,1232878,1232881,1232884,1232885,1232887,1232888,1232890,1232892,1232896,1232897,1232905,1232907,1232919,1232926,1232928,1232935,1233035,1233049,1233051,1233056,1233057,1233061,1233063,1233065,1233067,1233070,1233073,1233074,1233100,1233103,1233104,1233105,1233106,1233107,1233108,1233110,1233111,1233113,1233114,1233117,1233123,1233125,1233129,1233130,1233134,1233135,1233150,1233189,1233191,1233197,1233205,1233206,1233209,1233210,1233211,1233212,1233214,1233216,1233238,1233241,1233253,1233255,1233293,1233350,1233452,1233453,1233454,1233456,1233457,1233458,1233460,1233462,1233463,1233468,1233471,1233476,1233478,1233479,1233481,1233484,1233487,1233490,1233491,1233528,1233548,1233552,1233553,1233554,1233555,1233557,1233560,1233561,
1233570,1233577,1233580,1233977,1234012,1234025,1234085,1234093,1234098,1234108,CVE-2021-47416,CVE-2021-47534,CVE-2021-47594,CVE-2022-3435,CVE-2022-45934,CVE-2022-48664,CVE-2022-48674,CVE-2022-48879,CVE-2022-48946,CVE-2022-48947,CVE-2022-48948,CVE-2022-48949,CVE-2022-48951,CVE-2022-48953,CVE-2022-48954,CVE-2022-48955,CVE-2022-48956,CVE-2022-48957,CVE-2022-48958,CVE-2022-48959,CVE-2022-48960,CVE-2022-48961,CVE-2022-48962,CVE-2022-48966,CVE-2022-48967,CVE-2022-48968,CVE-2022-48969,CVE-2022-48970,CVE-2022-48971,CVE-2022-48972,CVE-2022-48973,CVE-2022-48975,CVE-2022-48977,CVE-2022-48978,CVE-2022-48979,CVE-2022-48980,CVE-2022-48981,CVE-2022-48982,CVE-2022-48983,CVE-2022-48985,CVE-2022-48987,CVE-2022-48988,CVE-2022-48989,CVE-2022-48990,CVE-2022-48991,CVE-2022-48992,CVE-2022-48994,CVE-2022-48995,CVE-2022-48997,CVE-2022-48999,CVE-2022-49000,CVE-2022-49002,CVE-2022-49003,CVE-2022-49005,CVE-2022-49006,CVE-2022-49007,CVE-2022-49010,CVE-2022-49011,CVE-2022-49012,CVE-2022-49014,CVE-2022-49015,CVE
-2022-49016,CVE-2022-49017,CVE-2022-49019,CVE-2022-49020,CVE-2022-49021,CVE-2022-49022,CVE-2022-49023,CVE-2022-49024,CVE-2022-49025,CVE-2022-49026,CVE-2022-49027,CVE-2022-49028,CVE-2022-49029,CVE-2022-49031,CVE-2022-49032,CVE-2023-2166,CVE-2023-28327,CVE-2023-52766,CVE-2023-52800,CVE-2023-52881,CVE-2023-52915,CVE-2023-52917,CVE-2023-52918,CVE-2023-52919,CVE-2023-52921,CVE-2023-52922,CVE-2023-6270,CVE-2024-26782,CVE-2024-26906,CVE-2024-26953,CVE-2024-27043,CVE-2024-35888,CVE-2024-35937,CVE-2024-35980,CVE-2024-36244,CVE-2024-36484,CVE-2024-36883,CVE-2024-36886,CVE-2024-36905,CVE-2024-36953,CVE-2024-36954,CVE-2024-36957,CVE-2024-38577,CVE-2024-38589,CVE-2024-38615,CVE-2024-39476,CVE-2024-40965,CVE-2024-40997,CVE-2024-41016,CVE-2024-41023,CVE-2024-41049,CVE-2024-42131,CVE-2024-42145,CVE-2024-42226,CVE-2024-42253,CVE-2024-43817,CVE-2024-43897,CVE-2024-44931,CVE-2024-44932,CVE-2024-44947,CVE-2024-44958,CVE-2024-44964,CVE-2024-44995,CVE-2024-45016,CVE-2024-45025,CVE-2024-46678,CVE-2024-466
81,CVE-2024-46716,CVE-2024-46719,CVE-2024-46754,CVE-2024-46770,CVE-2024-46775,CVE-2024-46777,CVE-2024-46800,CVE-2024-46802,CVE-2024-46804,CVE-2024-46805,CVE-2024-46807,CVE-2024-46809,CVE-2024-46810,CVE-2024-46811,CVE-2024-46812,CVE-2024-46813,CVE-2024-46814,CVE-2024-46815,CVE-2024-46816,CVE-2024-46817,CVE-2024-46818,CVE-2024-46819,CVE-2024-46821,CVE-2024-46826,CVE-2024-46828,CVE-2024-46834,CVE-2024-46835,CVE-2024-46840,CVE-2024-46841,CVE-2024-46842,CVE-2024-46848,CVE-2024-46849,CVE-2024-46853,CVE-2024-46854,CVE-2024-46855,CVE-2024-46857,CVE-2024-46859,CVE-2024-46864,CVE-2024-46871,CVE-2024-47660,CVE-2024-47661,CVE-2024-47663,CVE-2024-47664,CVE-2024-47665,CVE-2024-47667,CVE-2024-47668,CVE-2024-47669,CVE-2024-47670,CVE-2024-47671,CVE-2024-47672,CVE-2024-47673,CVE-2024-47674,CVE-2024-47679,CVE-2024-47682,CVE-2024-47684,CVE-2024-47685,CVE-2024-47692,CVE-2024-47693,CVE-2024-47695,CVE-2024-47696,CVE-2024-47697,CVE-2024-47698,CVE-2024-47699,CVE-2024-47701,CVE-2024-47704,CVE-2024-47705,CVE-
2024-47706,CVE-2024-47707,CVE-2024-47709,CVE-2024-47710,CVE-2024-47712,CVE-2024-47713,CVE-2024-47718,CVE-2024-47720,CVE-2024-47723,CVE-2024-47727,CVE-2024-47728,CVE-2024-47730,CVE-2024-47735,CVE-2024-47737,CVE-2024-47738,CVE-2024-47739,CVE-2024-47742,CVE-2024-47745,CVE-2024-47747,CVE-2024-47748,CVE-2024-47749,CVE-2024-47756,CVE-2024-47757,CVE-2024-49850,CVE-2024-49851,CVE-2024-49852,CVE-2024-49855,CVE-2024-49858,CVE-2024-49860,CVE-2024-49861,CVE-2024-49863,CVE-2024-49866,CVE-2024-49867,CVE-2024-49868,CVE-2024-49870,CVE-2024-49871,CVE-2024-49875,CVE-2024-49877,CVE-2024-49879,CVE-2024-49881,CVE-2024-49882,CVE-2024-49883,CVE-2024-49884,CVE-2024-49886,CVE-2024-49890,CVE-2024-49891,CVE-2024-49892,CVE-2024-49894,CVE-2024-49895,CVE-2024-49896,CVE-2024-49897,CVE-2024-49899,CVE-2024-49900,CVE-2024-49901,CVE-2024-49902,CVE-2024-49903,CVE-2024-49905,CVE-2024-49906,CVE-2024-49907,CVE-2024-49908,CVE-2024-49909,CVE-2024-49911,CVE-2024-49912,CVE-2024-49913,CVE-2024-49914,CVE-2024-49917,CVE-2024-49
918,CVE-2024-49919,CVE-2024-49920,CVE-2024-49921,CVE-2024-49922,CVE-2024-49923,CVE-2024-49924,CVE-2024-49925,CVE-2024-49929,CVE-2024-49930,CVE-2024-49933,CVE-2024-49934,CVE-2024-49935,CVE-2024-49936,CVE-2024-49938,CVE-2024-49939,CVE-2024-49945,CVE-2024-49946,CVE-2024-49947,CVE-2024-49949,CVE-2024-49950,CVE-2024-49954,CVE-2024-49955,CVE-2024-49957,CVE-2024-49958,CVE-2024-49959,CVE-2024-49960,CVE-2024-49962,CVE-2024-49963,CVE-2024-49965,CVE-2024-49966,CVE-2024-49967,CVE-2024-49968,CVE-2024-49969,CVE-2024-49973,CVE-2024-49974,CVE-2024-49975,CVE-2024-49981,CVE-2024-49982,CVE-2024-49983,CVE-2024-49985,CVE-2024-49989,CVE-2024-49991,CVE-2024-49993,CVE-2024-49995,CVE-2024-49996,CVE-2024-50000,CVE-2024-50001,CVE-2024-50002,CVE-2024-50003,CVE-2024-50006,CVE-2024-50007,CVE-2024-50008,CVE-2024-50009,CVE-2024-50013,CVE-2024-50014,CVE-2024-50017,CVE-2024-50019,CVE-2024-50024,CVE-2024-50025,CVE-2024-50026,CVE-2024-50028,CVE-2024-50031,CVE-2024-50033,CVE-2024-50035,CVE-2024-50041,CVE-2024-50044,CVE
-2024-50045,CVE-2024-50046,CVE-2024-50047,CVE-2024-50048,CVE-2024-50049,CVE-2024-50055,CVE-2024-50058,CVE-2024-50059,CVE-2024-50061,CVE-2024-50062,CVE-2024-50063,CVE-2024-50067,CVE-2024-50073,CVE-2024-50074,CVE-2024-50077,CVE-2024-50078,CVE-2024-50081,CVE-2024-50082,CVE-2024-50089,CVE-2024-50093,CVE-2024-50095,CVE-2024-50096,CVE-2024-50098,CVE-2024-50099,CVE-2024-50103,CVE-2024-50108,CVE-2024-50110,CVE-2024-50115,CVE-2024-50116,CVE-2024-50117,CVE-2024-50124,CVE-2024-50125,CVE-2024-50127,CVE-2024-50128,CVE-2024-50131,CVE-2024-50134,CVE-2024-50135,CVE-2024-50138,CVE-2024-50141,CVE-2024-50146,CVE-2024-50147,CVE-2024-50148,CVE-2024-50150,CVE-2024-50153,CVE-2024-50154,CVE-2024-50155,CVE-2024-50156,CVE-2024-50160,CVE-2024-50167,CVE-2024-50171,CVE-2024-50179,CVE-2024-50180,CVE-2024-50182,CVE-2024-50183,CVE-2024-50184,CVE-2024-50186,CVE-2024-50187,CVE-2024-50188,CVE-2024-50189,CVE-2024-50192,CVE-2024-50194,CVE-2024-50195,CVE-2024-50196,CVE-2024-50198,CVE-2024-50201,CVE-2024-50205,CVE-2024-5
0208,CVE-2024-50209,CVE-2024-50215,CVE-2024-50218,CVE-2024-50229,CVE-2024-50230,CVE-2024-50232,CVE-2024-50233,CVE-2024-50234,CVE-2024-50236,CVE-2024-50237,CVE-2024-50249,CVE-2024-50255,CVE-2024-50259,CVE-2024-50261,CVE-2024-50264,CVE-2024-50265,CVE-2024-50267,CVE-2024-50268,CVE-2024-50269,CVE-2024-50271,CVE-2024-50273,CVE-2024-50274,CVE-2024-50279,CVE-2024-50282,CVE-2024-50287,CVE-2024-50289,CVE-2024-50290,CVE-2024-50292,CVE-2024-50295,CVE-2024-50298,CVE-2024-50301,CVE-2024-50302,CVE-2024-53052,CVE-2024-53058,CVE-2024-53059,CVE-2024-53060,CVE-2024-53061,CVE-2024-53063,CVE-2024-53066,CVE-2024-53068,CVE-2024-53079,CVE-2024-53085,CVE-2024-53088,CVE-2024-53104,CVE-2024-53110
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47594: mptcp: never allow the PM to close a listener subflow (bsc#1226560).
- CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48957: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() (bsc#1231973).
- CVE-2022-48958: ethernet: aeroflex: fix potential skb leak in greth_init_rings() (bsc#1231889).
- CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() (bsc#1231976).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48966: net: mvneta: Fix an out of bounds check (bsc#1232191).
- CVE-2022-48980: net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing() (bsc#1232233).
- CVE-2022-48983: io_uring: Fix a null-ptr-deref in io_tctx_exit_cb() (bsc#1231959).
- CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2022-49017: tipc: re-fetch skb cb after tipc_msg_validate (bsc#1232004).
- CVE-2022-49020: net/9p: Fix a potential socket leak in p9_socket_open (bsc#1232175).
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-26906: Fixed invalid vsyscall page read for copy_from_kernel_nofault() (bsc#1223202).
- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
- CVE-2024-35937: wifi: cfg80211: check A-MSDU format more carefully (bsc#1224526).
- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).
- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
- CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762).
- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
- CVE-2024-38615: cpufreq: exit() callback is optional (bsc#1226592).
- CVE-2024-39476: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (bsc#1227437).
- CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885).
- CVE-2024-40997: cpufreq: amd-pstate: fix memory leak on CPU EPP exit (bsc#1227853).
- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
- CVE-2024-42226: Prevent potential failure in handle_tx_event() for Transfer events without TRB (bsc#1228709).
- CVE-2024-42253: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (bsc#1229005).
- CVE-2024-44931: gpio: prevent potential speculation leaks in gpio_device_get_desc() (bsc#1229837).
- CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).
- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).
- CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).
- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).
- CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).
- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
- CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (bsc#1230715).
- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).
- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).
- CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).
- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-46809: drm/amd/display: Check BIOS images before it is used (bsc#1231148).
- CVE-2024-46811: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (bsc#1231179).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).
- CVE-2024-46828: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1231114).
- CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096).
- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).
- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).
- CVE-2024-46848: perf/x86/intel: Limit the period on Haswell (bsc#1231072).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).
- CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).
- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).
- CVE-2024-47661: drm/amd/display: Avoid overflow from uint32_t to uint8_t (bsc#1231496).
- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47672: wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (bsc#1231540).
- CVE-2024-47673: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (bsc#1231539).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).
- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).
- CVE-2024-47701: ext4: explicitly exit when ext4_find_inline_entry returns an error (bsc#1231920).
- CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944).
- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).
- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).
- CVE-2024-47720: drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (bsc#1232043).
- CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116).
- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).
- CVE-2024-47738: wifi: mac80211: do not use rate mask for offchannel TX either (bsc#1232114).
- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).
- CVE-2024-47745: mm: split critical region in remap_file_pages() and invoke LSMs in between (bsc#1232135).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174).
- CVE-2024-47757: nilfs2: fix potential oob read in nilfs_btree_check_delete() (bsc#1232187).
- CVE-2024-49858: efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (bsc#1232251).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49866: tracing/timerlat: Fix a race during cpuhp processing (bsc#1232259).
- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).
- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).
- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).
- CVE-2024-49886: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (bsc#1232196).
- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).
- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220).
- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).
- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).
- CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).
- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).
- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).
- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369).
- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965).
- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).
- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).
- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).
- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).
- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49929: wifi: iwlwifi: mvm: avoid NULL pointer dereference (bsc#1232253).
- CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260).
- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49939: wifi: rtw89: avoid to add interface to list twice when SER (bsc#1232381).
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).
- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).
- CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).
- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).
- CVE-2024-49955: ACPI: battery: Fix possible crash when unregistering a battery hook (bsc#1232154).
- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).
- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).
- CVE-2024-49968: ext4: fix error message when rejecting the default hash (bsc#1232264).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49975: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1232104).
- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).
- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).
- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).
- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).
- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318).
- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
- CVE-2024-50019: kthread: unpark only parked kthread (bsc#1231990).
- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).
- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).
- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).
- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).
- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).
- CVE-2024-50046: kabi fix for NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
- CVE-2024-50048: fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (bsc#1232310).
- CVE-2024-50055: driver core: bus: Fix double free in driver API bus_register() (bsc#1232329).
- CVE-2024-50058: serial: protect uart_port_dtr_rts() in uart_shutdown() too (bsc#1232285).
- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).
- CVE-2024-50061: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (bsc#1232263).
- CVE-2024-50063: kABI: bpf: struct bpf_map kABI workaround (bsc#1232435).
- CVE-2024-50073: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (bsc#1232520).
- CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501).
- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50093: thermal: intel: int340x: processor: Fix warning during module unload (bsc#1232877).
- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).
- CVE-2024-50108: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (bsc#1232884).
- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-50134: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape (bsc#1232890).
- CVE-2024-50135: nvme-pci: fix race condition between reset and nvme_dev_disable() (bsc#1232888).
- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
- CVE-2024-50146: net/mlx5e: Do not call cleanup on profile rollback failure (bsc#1233056).
- CVE-2024-50147: net/mlx5: Fix command bitmask initialization (bsc#1233067).
- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).
- CVE-2024-50154: tcp: Fix use-after-free of nreq in reqsk_timer_handler() (bsc#1233070).
- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).
- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).
- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).
- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).
- CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110).
- CVE-2024-50188: net: phy: dp83869: fix memory corruption when enabling fiber (bsc#1233107).
- CVE-2024-50192: irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (bsc#1233106).
- CVE-2024-50195: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (bsc#1233103).
- CVE-2024-50196: pinctrl: ocelot: fix system hang on level based interrupts (bsc#1233113).
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2024-50229: nilfs2: fix potential deadlock with newly created symlinks (bsc#1233205).
- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).
- CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (bsc#1233214).
- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).
- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).
- CVE-2024-53052: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (bsc#1233548).
- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
- CVE-2024-53068: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (bsc#1233561).
- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).
- CVE-2024-53088: i40e: fix race condition by adding filter's intermediate sync state (bsc#1233580).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
The following non-security bugs were fixed:
- acpi: battery: Call power_supply_changed() when adding hooks (bsc#1232154)
- acpi: battery: Simplify battery hook locking (bsc#1232154)
- acpi: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes).
- acpi: CPPC: Fix _CPC register setting issue (git-fixes).
- acpi: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).
- acpi: EC: Do not release locks during operation region accesses (stable-fixes).
- acpi: PAD: fix crash in exit_round_robin() (stable-fixes).
- acpi: PRM: Clean up guid type in struct prm_handler_info (git-fixes).
- acpi: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes).
- acpi: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes).
- acpi: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes).
- acpi: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes).
- acpi: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes).
- acpica: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes).
- acpica: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes).
- acpica: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes).
- acpica: iasl: handle empty connection_node (stable-fixes).
- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).
- adapt same struct naming as similar kABI workaround in SLE15-SP6 (prefixed with 'suse_' to make it more obvious its a downstream thing.
- add bug reference for a mana change (bsc#1229769).
- add bug references to existing mana changes (bsc#1232033, bsc#1232034, bsc#1232036).
- add bugreference to a hv_netvsc patch (bsc#1232413).
- afs: Revert 'afs: Hide silly-rename files from userspace' (git-fixes).
- alsa: 6fire: Release resources at card release (git-fixes).
- alsa: ac97: bus: Fix the mistake in the comment (git-fixes).
- alsa: asihpi: Fix potential OOB array access (stable-fixes).
- alsa: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes).
- alsa: core: add isascii() check to card ID generator (stable-fixes).
- alsa: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes).
- alsa: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes).
- alsa: hda: cs35l41: fix module autoloading (git-fixes).
- alsa: hda: Fix kctl->id initialization (git-fixes).
- alsa: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes).
- alsa: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes).
- alsa: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes).
- alsa: hda/cs8409: Fix possible NULL dereference (git-fixes).
- alsa: hda/generic: Unconditionally prefer preferred_dacs pairs (git-fixes).
- alsa: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes).
- alsa: hda/realtek - FIxed ALC285 headphone no sound (stable-fixes).
- alsa: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes).
- alsa: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes).
- alsa: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes).
- alsa: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes).
- alsa: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes).
- alsa: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes).
- alsa: hda/realtek: Fix the push button function for the ALC257 (git-fixes).
- alsa: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes).
- alsa: hda/realtek: Update ALC225 depop procedure (git-fixes).
- alsa: hda/realtek: Update ALC256 depop procedure (git-fixes).
- alsa: hda/realtek: Update default depop procedure (git-fixes).
- alsa: hdsp: Break infinite MIDI input flush loop (stable-fixes).
- alsa: line6: add hw monitor volume control to POD HD500X (stable-fixes).
- alsa: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes).
- alsa: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes).
- alsa: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes).
- alsa: usb-audio: Add input value sanity checks for standard types (stable-fixes).
- alsa: usb-audio: Add logitech Audio profile quirk (stable-fixes).
- alsa: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes).
- alsa: usb-audio: Add quirk for HP 320 FHD Webcam (stable-fixes).
- alsa: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).
- alsa: usb-audio: Define macros for quirk table entries (stable-fixes).
- alsa: usb-audio: Replace complex quirk lines with macros (stable-fixes).
- alsa: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes).
- amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes).
- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)
- arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes).
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes).
- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)
- arm64: Force position-independent veneers (git-fixes).
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)
- arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes)
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian (git-fixes)
- arm64/sve: Discard stale CPU state when handling SVE traps (git-fixes)
- asoc: allow module autoloading for table db1200_pids (stable-fixes).
- asoc: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes).
- asoc: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes).
- asoc: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).
- asoc: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes).
- asoc: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes).
- asoc: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes).
- asoc: intel: fix module autoloading (stable-fixes).
- asoc: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- asoc: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes).
- asoc: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes).
- asoc: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes).
- asoc: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes).
- asoc: tda7419: fix module autoloading (stable-fixes).
- blk-throttle: Fix io statistics for cgroup v1 (bsc#1233528).
- block: Avoid leaking hctx->nr_active counter on batched completion (bsc#1231923).
- block: print symbolic error name instead of error code (bsc#1231872).
- bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes).
- bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes).
- bluetooth: Call iso_exit() on module unload (git-fixes).
- bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes).
- bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes).
- bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes).
- bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes).
- bluetooth: Remove debugfs directory on module init failure (git-fixes).
- bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes).
- bnxt_en: Fix the PCI-AER routines (git-fixes).
- bnxt_en: refactor reset close code (git-fixes).
- bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() (git-fixes).
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes).
- bnxt_en: Reset PTP tx_avail after possible firmware reset (git-fixes).
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes).
- bnxt_en: Wait for FLR to complete during probe (git-fixes).
- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).
- bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes).
- bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes).
- bpf, x64: Remove tail call detection (git-fixes).
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes).
- bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25 (bsc#1230414 bsc#1229450).
- bpf: Allow helpers to accept pointers with a fixed size (git-fixes).
- bpf: Check for helper calls in check_subprogs() (git-fixes).
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes).
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes).
- bpf: Fix helper writes to read-only maps (git-fixes).
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- bpf: Fix tailcall cases in test_bpf (git-fixes).
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes).
- bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes).
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes).
- btf, scripts: Exclude Rust CUs with pahole (bsc#1230414 bsc#1229450).
- bus: integrator-lm: fix OF node leak in probe() (git-fixes).
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes).
- can: c_can: fix {rx,tx}_errors statistics (git-fixes).
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: j1939: j1939_session_new(): fix skb reference counting (git-fixes).
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes).
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes).
- ceph: fix cap ref leak via netfs init_request (bsc#1231383).
- cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108).
- char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes).
- chtls: fix tp->rcv_tstamp initialization (git-fixes).
- clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885).
- clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885).
- comedi: Flush partial mappings in error case (git-fixes).
- comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes).
- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes).
- crypto: bcm - add error check in the ahash_hmac_init function (git-fixes).
- crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes).
- crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes).
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes).
- crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes).
- crypto: hisilicon - Remove pci_aer_clear_nonfatal_status() call (bsc#1232075)
- crypto: hisilicon/qm - re-enable communicate interrupt before notifying PF (bsc#1232075)
- crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes).
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes).
- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).
- cxgb4: Properly lock TX queue for the selftest (git-fixes).
- cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes).
- debugfs: fix automount d_fsdata usage (git-fixes).
- dn_route: set rt neigh to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- drbd: Add NULL check for net_conf to prevent dereference in state validation (git-fixes).
- drbd: Fix atomicity violation in drbd_uuid_set_bm() (git-fixes).
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes).
- drivers: net: prevent tun_build_skb() to exceed the packet size limit (git-fixes).
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes).
- drm: komeda: Fix an issue related to normalized zpos (stable-fixes).
- drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes).
- drm/amd: Guard against bad data for ATIF ACPI method (git-fixes).
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes).
- drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) (stable-fixes).
- drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (stable-fixes).
- drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes).
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944)
- drm/amd/display: Check null pointer before dereferencing se (stable-fixes).
- drm/amd/display: Check null pointers before using dc->clk_mgr (stable-fixes).
- drm/amd/display: Check stream before comparing them (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 color transformation (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (stable-fixes).
- drm/amd/display: Fix index out of bounds in degamma hardware format translation (stable-fixes).
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes).
- drm/amd/display: Fix system hang while resume with TBT monitor (stable-fixes).
- drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (stable-fixes).
- drm/amd/display: Initialize get_bytes_per_element's default to 1 (stable-fixes).
- drm/amd/display: Round calculated vtotal (stable-fixes).
- drm/amd/display: Validate backlight caps are sane (stable-fixes).
- drm/amd/pm: ensure the fw_info is not null before using it (stable-fixes).
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes).
- drm/amdgpu: add raven1 gfxoff quirk (stable-fixes).
- drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes).
- drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes).
- drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes).
- drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes).
- drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes).
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes).
- drm/amdgpu: properly handle vbios fake edid sizing (git-fixes).
- drm/amdgpu: Replace one-element array with flexible-array member (stable-fixes).
- drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes).
- drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: tc358767: Fix link properties discovery (git-fixes).
- drm/bridge: tc358768: Fix DSI command tx (git-fixes).
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes).
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes).
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes).
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes).
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes).
- drm/msm/dpu: do not always program merge_3d block (git-fixes).
- drm/msm/dpu: make sure phys resources are properly initialized (git-fixes).
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes).
- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).
- drm/omap: Fix possible NULL dereference (git-fixes).
- drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes).
- drm/printer: Allow NULL data in devcoredump printer (stable-fixes).
- drm/radeon: Fix encoder->possible_clones (git-fixes).
- drm/radeon: properly handle vbios fake edid sizing (git-fixes).
- drm/radeon: Replace one-element array with flexible-array member (stable-fixes).
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes).
- drm/rockchip: define gamma registers for RK3399 (stable-fixes).
- drm/rockchip: support gamma control on RK3399 (stable-fixes).
- drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes).
- drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes).
- drm/sti: avoid potential dereference of error pointers (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes).
- drm/v3d: Address race-condition in MMU flush (git-fixes).
- drm/v3d: Stop the active perfmon before being destroyed (git-fixes).
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes).
- drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes).
- drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes).
- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes).
- drm/vc4: Stop the active perfmon before being destroyed (git-fixes).
- drm/vmwgfx: Handle surface check failure correctly (git-fixes).
- drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).
- drop HD-audio conexant patch that caused a regression on Thinkpad (bsc#1228269)
- Drop OCFS2 patch causing a regression (bsc#1233255)
- drop USB dwc2 patch that caused a regression on RPi3 (bsc#1232342)
- e1000e: Fix S0ix residency on corporate systems (git-fixes).
- efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465).
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes).
- erofs: avoid consecutive detection for Highmem memory (git-fixes).
- erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF (git-fixes).
- erofs: fix pcluster use-after-free on UP platforms (git-fixes).
- erofs: fix potential overflow calculating xattr_isize (git-fixes).
- erofs: stop parsing non-compact HEAD index if clusterofs is invalid (git-fixes).
- eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes).
- exportfs: use pr_debug for unreachable debug statements (git-fixes).
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- fat: fix uninitialized variable (git-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).
- fgraph: Change the name of cpuhp state to 'fgraph:online' (git-fixes).
- fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes).
- fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes).
- filelock: fix potential use-after-free in posix_lock_inode (git-fixes).
- firmware: google: Unregister driver_info on failure (git-fixes).
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes).
- Fix regression on AMDGPU driver (bsc#1233134)
- fs: Fix file_set_fowner LSM hook inconsistencies (git-fixes).
- fs/namespace: fnic: Switch to use %ptTd (git-fixes).
- fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes).
- genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes).
- goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes).
- gpio: aspeed: Add the flush write to ensure the write complete (git-fixes).
- gpio: aspeed: Use devm_clk api to manage clock source (git-fixes).
- gpio: davinci: fix lazy disable (git-fixes).
- gve: Fix an edge case for TSO skb validity check (git-fixes).
- gve: Fix skb truesize underestimation (git-fixes).
- gve: Fix XDP TX completion handling when counters overflow (git-fixes).
- gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes).
- hid: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes).
- hid: core: zero-initialize the report buffer (git-fixes).
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes).
- hid: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes).
- hid: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes).
- hid: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes).
- hid: multitouch: Add support for B2402FVA track point (stable-fixes).
- hid: multitouch: Add support for GT7868Q (stable-fixes).
- hid: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes).
- hid: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes).
- hid: wacom: Defer calculation of resolution until resolution_code is known (git-fixes).
- hid: wacom: fix when get product name maybe null pointer (git-fixes).
- hid: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes).
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes).
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes).
- i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes).
- i2c: imx-lpi2c: return -EINVAL when i2c peripheral clk does not work (bsc#1227885).
- i2c: imx-lpi2c: use bulk clk API (bsc#1227885).
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes).
- i2c: xiic: Fix broken locking on tx_msg (stable-fixes).
- i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- i2c: xiic: Fix RX IRQ busy check (stable-fixes).
- i2c: xiic: improve error message when transfer fails to start (stable-fixes).
- i2c: xiic: Switch from waitqueue to completion (stable-fixes).
- i2c: xiic: Try re-initialization on bus busy timeout (git-fixes).
- i2c: xiic: Use devm_clk_get_enabled() (stable-fixes).
- i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path (git-fixes).
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes).
- i40e: avoid double calling i40e_pf_rxq_wait() (git-fixes).
- i40e: disable NAPI right after disabling irqs when handling xsk_pool (git-fixes).
- i40e: Fix filter input checks to prevent config with invalid values (git-fixes).
- i40e: fix use-after-free in i40e_aqc_add_filters() (git-fixes).
- i40e: Fix waiting for queues of all VSIs to be disabled (git-fixes).
- i40e: Fix XDP program unloading while removing the driver (git-fixes).
- i40e: Report MFS in decimal base instead of hex (git-fixes).
- i40e: Restore VF MSI-X state during PCI reset (git-fixes).
- i40e: take into account XDP Tx queues when stopping rings (git-fixes).
- iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK is set (git-fixes).
- iavf: fix FDIR rule fields masks validation (git-fixes).
- iavf: Fix promiscuous mode configuration flow messages (git-fixes).
- iavf: Fix TC config comparison with existing adapter TC config (git-fixes).
- iavf: in iavf_down, disable queues when removing the driver (git-fixes).
- iavf: initialize waitqueues before starting watchdog_task (git-fixes).
- iavf: Introduce new state machines for flow director (git-fixes).
- iavf: send VLAN offloading caps once after VFR (git-fixes).
- iavf: validate tx_coalesce_usecs even if rx_coalesce_usecs is zero (git-fixes).
- ibmvnic: Do partial reset on login failure (bsc#1233150).
- ibmvnic: Enforce stronger sanity checks on login response (bsc#1233150).
- ibmvnic: Ensure login failure recovery is safe from other resets (bsc#1233150).
- ibmvnic: Handle DMA unmapping of login buffs in release functions (bsc#1233150).
- ibmvnic: Unmap DMA login rsp buffer on send login fail (bsc#1233150).
- ice: avoid executing commands on other ports when driving sync (git-fixes).
- ice: Block switchdev mode when ADQ is active and vice versa (git-fixes).
- ice: change q_index variable type to s16 to store -1 value (git-fixes).
- ice: fix accounting for filters shared by multiple VSIs (git-fixes).
- ice: fix accounting if a VLAN already exists (git-fixes).
- ice: fix ICE_LAST_OFFSET formula (git-fixes).
- ice: Fix link_down_on_close message (git-fixes).
- ice: Fix netif_is_ice() in Safe Mode (git-fixes).
- ice: Fix NULL pointer deref during VF reset (git-fixes).
- ice: fix over-shifted variable (git-fixes).
- ice: fix receive buffer size miscalculation (git-fixes).
- ice: fix VLAN replay after reset (git-fixes).
- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).
- ice: ice_aq_check_events: fix off-by-one check when filling buffer (git-fixes).
- ice: Interpret .set_channels() input differently (git-fixes).
- ice: reset first in crash dump kernels (git-fixes).
- ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes).
- ice: Shut down VSI with 'link-down-on-close' enabled (git-fixes).
- ice: tc: allow zero flags in parsing tc flower (git-fixes).
- ice: Unbind the workqueue (bsc#1231344).
- ice: virtchnl: stop pretending to support RSS over AQ or registers (git-fixes).
- idpf: avoid compiler introduced padding in virtchnl2_rss_key struct (git-fixes).
- idpf: avoid compiler padding in virtchnl2_ptype struct (git-fixes).
- idpf: disable local BH when scheduling napi for marker packets (git-fixes).
- idpf: distinguish vports by the dev_port attribute (git-fixes).
- idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes).
- idpf: fix corrupted frames and skb leaks in singleq mode (git-fixes).
- idpf: fix memleak in vport interrupt configuration (git-fixes).
- idpf: fix memory leaks and crashes while performing a soft reset (git-fixes).
- idpf: fix UAFs when destroying the queues (git-fixes).
- idpf: Interpret .set_channels() input differently (git-fixes).
- igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes).
- igb: extend PTP timestamp adjustments to i211 (git-fixes).
- igb: Fix missing time sync events (git-fixes).
- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).
- igc: Check VLAN EtherType mask (git-fixes).
- igc: Check VLAN TCI mask (git-fixes).
- igc: Fix hicredit calculation (git-fixes).
- igc: Fix missing time sync events (git-fixes).
- igc: Remove temporary workaround (git-fixes).
- igc: Report VLAN EtherType matching back to user (git-fixes).
- igc: Unlock on error in igc_io_resume() (git-fixes).
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes).
- iio: adc: ad7606: Fix typo in the driver name (git-fixes).
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes).
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes).
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes).
- iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes).
- iio: light: opt3001: add missing full-scale range value (git-fixes).
- iio: light: veml6030: fix ALS sensor resolution (git-fixes).
- iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes).
- iio: light: veml6030: fix microlux value calculation (git-fixes).
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).
- input: adp5589-keys - fix NULL pointer dereference (git-fixes).
- input: ads7846 - ratelimit the spi_sync error message (stable-fixes).
- input: goodix - use the new soc_intel_is_byt() helper (stable-fixes).
- input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (git-fixes).
- input: i8042 - add Ayaneo Kun to i8042 quirk table (git-fixes).
- input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (git-fixes).
- input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (git-fixes).
- input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (git-fixes).
- input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes).
- iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes).
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes).
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (git-fixes).
- itco_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes).
- ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able (git-fixes).
- ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() (git-fixes).
- ixgbe: fix crash with empty VF macvlan list (git-fixes).
- ixgbe: fix timestamp configuration code (git-fixes).
- jfs: check if leafidx greater than num leaves per dmap tree (git-fixes).
- jfs: Fix sanity check in dbMount (git-fixes).
- jfs: Fix uaf in dbFreeBits (git-fixes).
- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).
- kab: fix after net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes).
- kabi fix of KVM: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes).
- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).
- kABI: bpf: struct bpf_func_proto kABI workaround (git-fixes).
- kabi: fix after kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- kabi: fix after KVM: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes).
- kabi: Restore exported __arm_smccc_sve_check (git-fixes)
- kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450).
- kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450).
- kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450).
- kbuild: add test-{ge,gt,le,lt} macros (bsc#1230414 bsc#1229450).
- kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450).
- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450).
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- kernel.h: split out COUNT_ARGS() and CONCATENATE() to args.h (git-fixes)
- kexec: fix a memory leak in crash_shrink_memory() (git-fixes).
- kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- kvm: Add support for arch compat vm ioctls (git-fixes).
- kvm: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes).
- kvm: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes).
- kvm: arm64: Fix AArch32 register narrowing on userspace write (git-fixes).
- kvm: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes).
- kvm: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes).
- kvm: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes).
- kvm: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes).
- kvm: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes).
- kvm: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes).
- kvm: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes).
- kvm: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git-fixes).
- kvm: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes).
- kvm: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes).
- kvm: eventfd: Fix false positive RCU usage warning (git-fixes).
- kvm: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes).
- kvm: Fix lockdep false negative during host resume (git-fixes).
- kvm: fix memoryleak in kvm_init() (git-fixes).
- kvm: Grab a reference to KVM for VM and vCPU stats file descriptors (git-fixes).
- kvm: Optimize kvm_make_vcpus_request_mask() a bit (git-fixes).
- kvm: PPC: Book3S HV: remove unused varible (bsc#1194869).
- kvm: Pre-allocate cpumasks for kvm_make_all_cpus_request_except() (git-fixes).
- kvm: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes).
- kvm: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232631).
- kvm: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231277).
- kvm: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232630).
- kvm: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes).
- kvm: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes).
- kvm: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes).
- kvm: Unconditionally get a ref to /dev/kvm module when creating a VM (git-fixes).
- kvm: Write the per-page 'segment' when clearing (part of) a guest page (git-fixes).
- kvm: x86: Use a stable condition around all VT-d PI paths (git-fixes).
- kvm: x86/mmu: Fold rmap_recycle into rmap_add (git-fixes).
- kvm: x86/mmu: Rename slot_handle_leaf to slot_handle_level_4k (git-fixes).
- kvm/arm64: rework guest entry logic (git-fixes).
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes).
- Makefile.compiler: replace cc-ifversion with compiler-specific macros (bsc#1230414 bsc#1229450).
- media: adv7604: prevent underflow condition when reporting colorspace (git-fixes).
- media: cx24116: prevent overflows on SNR calculus (git-fixes).
- media: dvb_frontend: do not play tricks with underflow values (git-fixes).
- media: dvb-usb-v2: af9035: fix missing unlock (git-fixes).
- media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (stable-fixes).
- media: dvbdev: prevent the risk of out of memory access (git-fixes).
- media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes).
- media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes).
- media: stb0899_algo: initialize cfr before using it (git-fixes).
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes).
- media: v4l2-tpg: prevent the risk of a division by zero (git-fixes).
- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes).
- mei: use kvmalloc for read buffer (git-fixes).
- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).
- mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012).
- mm/memory: add non-anonymous page check in the copy_present_page() (bsc#1231646).
- modpost: remove incorrect code in do_eisa_entry() (git-fixes).
- module: abort module loading when sysfs setup suffer errors (git-fixes).
- nbd: fix race between timeout and normal completion (bsc#1230918).
- net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes).
- net: ena: Fix potential sign extension issue (git-fixes).
- net: ena: Remove ena_select_queue (git-fixes).
- net: ena: Wrong missing IO completions check order (git-fixes).
- net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891).
- net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289).
- net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes).
- net: relax socket state check at accept time (git-fixes).
- net: socket: suppress unused warning (git-fixes).
- net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes).
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes).
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes).
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes).
- net: usb: usbnet: fix name regression (git-fixes).
- net: usb: usbnet: fix race in probe failure (git-fixes).
- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes).
- net/mlx5: Added cond_resched() to crdump collection (git-fixes).
- net/mlx5: Allow 0 for total host VFs (git-fixes).
- net/mlx5: Correctly compare pkt reformat ids (git-fixes).
- net/mlx5: DR, Can't go to uplink vport on RX rule (git-fixes).
- net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx (git-fixes).
- net/mlx5: DR, Use the right GVMI number for drop action (git-fixes).
- net/mlx5: Drain health before unregistering devlink (git-fixes).
- net/mlx5: E-switch, register event handler before arming the event (git-fixes).
- net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes).
- net/mlx5: Fix fw tracer first block check (git-fixes).
- net/mlx5: fix potential memory leak in mlx5e_init_rep_rx (git-fixes).
- net/mlx5: fs, lock FTE when checking if active (git-fixes).
- net/mlx5: Handle fw tracer change ownership event based on MTRC (git-fixes).
- net/mlx5: LAG, Check correct bucket when modifying LAG (git-fixes).
- net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes).
- net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes).
- net/mlx5: Lag, restore buckets number to default after hash LAG deactivation (git-fixes).
- net/mlx5: Skip clock update work when device is in error state (git-fixes).
- net/mlx5: Unregister notifier on eswitch init failure (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5: Use mlx5 device constant for selecting CQ period mode for ASO (git-fixes).
- net/mlx5: Use recovery timeout on sync reset flow (git-fixes).
- net/mlx5: Use RMW accessors for changing LNKCTL (git-fixes).
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes).
- net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes).
- net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes).
- net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
- net/mlx5e: Allow software parsing when IPsec crypto is enabled (git-fixes).
- net/mlx5e: Change the warning when ignore_flow_level is not supported (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version buffer (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors (git-fixes).
- net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes).
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes).
- net/mlx5e: Do not offload internal port if filter device is out device (git-fixes).
- net/mlx5e: fix a potential double-free in fs_udp_create_groups (git-fixes).
- net/mlx5e: Fix crash moving to switchdev mode when ntuple offload is set (git-fixes).
- net/mlx5e: fix double free in macsec_fs_tx_create_crypto_table_groups (git-fixes).
- net/mlx5e: fix double free of encap_header (git-fixes).
- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes).
- net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes).
- net/mlx5e: Fix pedit endianness (git-fixes).
- net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work (git-fixes).
- net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() (git-fixes).
- net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() (git-fixes).
- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).
- net/mlx5e: HTB, Fix inconsistencies with QoS SQs number (git-fixes).
- net/mlx5e: kTLS, Fix incorrect page refcounting (git-fixes).
- net/mlx5e: Move representor neigh cleanup to profile cleanup_tx (git-fixes).
- net/mlx5e: Reduce the size of icosq_str (git-fixes).
- net/mlx5e: Take state lock during tx timeout reporter (git-fixes).
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes).
- net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX (bsc#1226797)
- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes).
- nfs: Avoid unnecessary rescanning of the per-server delegation list (git-fixes).
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).
- nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes).
- nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes).
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).
- nfsd: Fix NFSv4's PUTPUBFH operation (git-fixes).
- nfsd: fix refcount leak when file is unhashed after being found (git-fixes).
- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).
- nfsd: Mark filecache 'down' if init fails (git-fixes).
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes).
- nfsd: return -EINVAL when namelen is 0 (git-fixes).
- nfsv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- nfsv4: Fix clearing of layout segments in layoutreturn (git-fixes).
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes).
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes).
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (stable-fixes).
- nvme-fabrics: fix kernel crash while shutting down controller (git-fixes).
- nvme-multipath: system fails to create generic nvme device (git-fixes).
- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).
- nvme-pci: qdepth 1 quirk (git-fixes).
- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).
- nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes).
- ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes).
- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes).
- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes).
- parport: Proper fix for array out-of-bounds access (git-fixes).
- pci: Add ACS quirk for Qualcomm SA8775P (stable-fixes).
- pci: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes).
- pci: Add T_PVPERL macro (git-fixes).
- pci: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes).
- pci: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019).
- pci: Fix reset_method_store() memory leak (git-fixes).
- pci: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes).
- pci: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes).
- pci: keystone: Set mode as Root Complex for 'ti,keystone-pcie' compatible (git-fixes).
- pci: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes).
- pci: rockchip-ep: Fix address translation unit programming (git-fixes).
- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes).
- platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes).
- platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes).
- platform/x86: dell-sysman: add support for alienware products (stable-fixes).
- platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes).
- platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes).
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098).
- power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes).
- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).
- power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes).
- powerpc: Allow clearing and restoring registers independent of saved breakpoint state (bsc#1194869).
- powerpc: remove GCC version check for UPD_CONSTR (bsc#1194869).
- powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869).
- powerpc/asm: Remove UPD_CONSTR after GCC 4.9 removal (bsc#1194869).
- powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869).
- powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869).
- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).
- powerpc/code-patching: Add generic memory patching (bsc#1194869).
- powerpc/code-patching: Consolidate and cache per-cpu patching context (bsc#1194869).
- powerpc/code-patching: Do not call is_vmalloc_or_module_addr() without CONFIG_MODULES (bsc#1194869).
- powerpc/code-patching: Fix error handling in do_patch_instruction() (bsc#1194869).
- powerpc/code-patching: Fix oops with DEBUG_VM enabled (bsc#1194869).
- powerpc/code-patching: Fix unmap_patch_area() error handling (bsc#1194869).
- powerpc/code-patching: introduce patch_instructions() (bsc#1194869).
- powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869).
- powerpc/code-patching: Pre-map patch area (bsc#1194869).
- powerpc/code-patching: Remove #ifdef CONFIG_STRICT_KERNEL_RWX (bsc#1194869).
- powerpc/code-patching: Remove pr_debug()/pr_devel() messages and fix check() (bsc#1194869).
- powerpc/code-patching: Reorganise do_patch_instruction() to ease error handling (bsc#1194869).
- powerpc/code-patching: Speed up page mapping/unmapping (bsc#1194869).
- powerpc/code-patching: Use jump_label to check if poking_init() is done (bsc#1194869).
- powerpc/code-patching: Use temporary mm for Radix MMU (bsc#1194869).
- powerpc/code-patching: Use WARN_ON and fix check in poking_init (bsc#1194869).
- powerpc/ftrace: Use patch_instruction() return directly (bsc#1194869).
- powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git-fixes).
- powerpc/imc-pmu: Use the correct spinlock initializer (bsc#1054914 git-fixes).
- powerpc/inst: Refactor ___get_user_instr() (bsc#1194869).
- powerpc/kexec: Fix return of uninitialized variable (bsc#1194869).
- powerpc/lib: Add __init attribute to eligible functions (bsc#1194869).
- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).
- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869).
- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).
- powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869).
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869).
- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869).
- powerpc/tlb: Add local flush for page given mm_struct and psize (bsc#1194869).
- powerpc/vdso: augment VDSO32 functions to support 64 bits build (bsc#1194869).
- powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869).
- powerpc/vdso: Merge vdso64 and vdso32 into a single directory (bsc#1194869).
- powerpc/vdso: Rework VDSO32 makefile to add a prefix to object files (bsc#1194869).
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869).
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- qed: avoid truncating work queue length (git-fixes).
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631).
- rcu: Add rcutree.nohz_full_patience_delay to reduce nohz_full (bsc#1231327)
- rdma/bnxt_re: Add a check for memory allocation (git-fixes)
- rdma/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)
- rdma/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)
- rdma/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)
- rdma/bnxt_re: Fix the GID table length (git-fixes)
- rdma/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)
- rdma/bnxt_re: Fix the usage of control path spin locks (git-fixes)
- rdma/bnxt_re: Return more meaningful error (git-fixes)
- rdma/bnxt_re: synchronize the qp-handle table array (git-fixes)
- rdma/cxgb4: Dump vendor specific QP details (git-fixes)
- rdma/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)
- rdma/hns: Add clear_hem return value to log (git-fixes)
- rdma/hns: Add mutex_destroy() (git-fixes)
- rdma/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)
- rdma/hns: Fix cpu stuck caused by printings during reset (git-fixes)
- rdma/hns: Fix different dgids mapping to the same dip_idx (git-fixes)
- rdma/hns: Fix flush cqe error when racing with destroy qp (git-fixes)
- rdma/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)
- rdma/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)
- rdma/hns: Remove unnecessary QP type checks (git-fixes)
- rdma/hns: Remove unused abnormal interrupt of type RAS (git-fixes)
- rdma/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)
- rdma/hns: Use macro instead of magic number (git-fixes)
- rdma/irdma: Fix misspelling of 'accept*' (git-fixes)
- rdma/mad: Improve handling of timed out WRs of mad agent (git-fixes)
- rdma/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes).
- rdma/mana_ib: use the correct page table index based on hardware page size (git-fixes).
- rdma/mlx5: Move events notifier registration to be after device registration (git-fixes)
- rdma/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)
- rdma/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes).
- rdma/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)
- rdma/rxe: Fix the qp flush warnings in req (git-fixes)
- rdma/rxe: Set queue pair cur_qp_state when being queried (git-fixes)
- rdma/srpt: Make slab cache names unique (git-fixes)
- Removed the duplicated check of static_assert(sizeof(struct work_struct) >= sizeof(struct rcu_head)).
- Removed unnecessary white-space change in kernel/bpf/syscall.c
- Revert 'cgroup: Fix memory leak caused by missing cgroup_bpf_offline' (bsc#1234108).
- Revert 'ixgbe: Manual AN-37 for troublesome link partners for X550 SFI' (git-fixes).
- Revert 'KVM: Prevent module exit until all VMs are freed' (git-fixes).
- Revert 'mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K' (git-fixes).
- Revert 'usb: gadget: composite: fix OS descriptors w_value logic' (git-fixes).
- Revert 'usb: yurex: Replace snprintf() with the safer scnprintf() variant' (stable-fixes).
- Revert PM changes that caused a regression on S4 resume (bsc#1231578).
- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK.
- rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY gcc version dependent, at least on ppc
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
- rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes).
- rtc: abx80x: Fix WDT bit position of the status register (git-fixes).
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes).
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747).
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232632).
- sched/isolation: Prevent boot crash when the boot CPU is (bsc#1231327)
- scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes).
- scsi: core: alua: I/O errors for ALUA state transitions (git-fixes).
- scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes).
- scsi: core: Handle devices which return an unusually large VPD page count (git-fixes).
- scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (git-fixes).
- scsi: fnic: Move flush_work initialization out of if block (bsc#1230055).
- scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes).
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes).
- scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes).
- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241).
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757).
- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241).
- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241).
- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241).
- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241).
- scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241).
- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757).
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757).
- scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241).
- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241).
- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241).
- scsi: lpfc: Remove trailing space after \n newline (bsc#1232757).
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (git-fixes).
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757).
- scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241).
- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241).
- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757).
- scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes).
- scsi: mac_scsi: Refactor polling loop (git-fixes).
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes).
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes).
- scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes).
- scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes).
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes).
- scsi: smartpqi: correct stream detection (git-fixes).
- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes).
- scsi: spi: Fix sshdr use (git-fixes).
- scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes).
- security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes).
- selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes).
- selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes).
- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes).
- selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes).
- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes).
- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).
- sfc: Check firmware supports Ethernet PTP filter (git-fixes).
- sfc: do not unregister flow_indr if it was never registered (git-fixes).
- sfc: fix a double-free bug in efx_probe_filters (git-fixes).
- signal: Replace BUG_ON()s (bsc#1234093).
- spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes).
- spi: bcm63xx: Enable module autoloading (stable-fixes).
- spi: bcm63xx: Fix module autoloading (git-fixes).
- spi: Fix acpi deferred irq probe (git-fixes).
- spi: lpspi: release requested DMA channels (stable-fixes).
- spi: lpspi: Silence error message upon deferred probe (stable-fixes).
- spi: lpspi: Simplify some error message (git-fixes).
- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes).
- spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes).
- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).
- spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes).
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes).
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes).
- static_call: Do not make __static_call_return0 static (git-fixes).
- sunrpc: clnt.c: Remove misleading comment (git-fixes).
- sunrpc: Fix integer overflow in decode_rc_list() (git-fixes).
- sunrpc: Fixup gss_status tracepoint error output (git-fixes).
- thermal: core: Initialize thermal zones before registering them (git-fixes).
- thermal: intel: int340x: processor: Fix warning during module unload (git-fixes).
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes).
- tracing: Consider the NULL character when validating the event length (git-fixes).
- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).
- tracing/uprobes: Use trace_event_buffer_reserve() helper (git-fixes).
- tun: Fix xdp_rxq_info's queue_index when detaching (git-fixes).
- tun: prevent negative ifindex (git-fixes).
- ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460).
- Update config files (bsc#1218644). LIVEPATCH_IPA_CLONES=n => LIVEPATCH=n
- Update config files. Enabled IDPF for ARM64 (bsc#1221309)
- uprobe: avoid out-of-bounds memory access of fetching args (git-fixes).
- uprobes: encapsulate preparation of uprobe args buffer (git-fixes).
- usb: appledisplay: close race between probe and completion handler (stable-fixes).
- usb: chaoskey: fail open after removal (git-fixes).
- usb: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes).
- usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes).
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes).
- usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes).
- usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes).
- usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes).
- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).
- usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes).
- usb: gadget: core: force synchronous registration (git-fixes).
- usb: misc: cypress_cy7c63: check for short transfer (stable-fixes).
- usb: misc: yurex: fix race between read and write (stable-fixes).
- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes).
- usb: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes).
- usb: serial: io_edgeport: fix use after free in debug printk (git-fixes).
- usb: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes).
- usb: serial: option: add Quectel RG650V (stable-fixes).
- usb: serial: option: add support for Quectel EG916Q-GL (stable-fixes).
- usb: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes).
- usb: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes).
- usb: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes).
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes).
- usb: typec: altmode should keep reference to parent (git-fixes).
- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes).
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes).
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes).
- usb: xhci: Fix problem with xhci resume from suspend (stable-fixes).
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes).
- usb: yurex: Fix inconsistent locking bug in yurex_read() (git-fixes).
- usb: yurex: make waiting on yurex_write interruptible (git-fixes).
- usb: yurex: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usbip: tools: Fix detach_port() invalid port error path (git-fixes).
- usbnet: ipheth: fix carrier detection in modes 1 and 4 (stable-fixes).
- Use pahole -j1 option for reproducible builds (bsc#1230414 bsc#1229450).
- vdpa/mlx5: preserve CVQ vringh index (git-fixes).
- vhost_vdpa: assign irq bypass producer token correctly (git-fixes).
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes).
- virtio_console: fix misc probe bugs (git-fixes).
- virtio_net: fixing XDP for fully checksummed packets handling (git-fixes).
- virtio-net: synchronize probe with ndo_set_features (git-fixes).
- vmxnet3: add command to allow disabling of offloads (bsc#1226498).
- vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498).
- vmxnet3: prepare for version 9 changes (bsc#1226498).
- vmxnet3: update to version 9 (bsc#1226498).
- vsock/virtio: fix packet delivery to tap device (git-fixes).
- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes).
- watchdog: rti: of: honor timeout-sec property (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes).
- wifi: ath10k: Fix memory leak in management tx (git-fixes).
- wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes).
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes).
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes).
- wifi: ath9k: fix parameter check in ath9k_init_debug() (stable-fixes).
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes).
- wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes).
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes).
- wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes).
- wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes).
- wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes).
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (stable-fixes).
- wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes).
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes).
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes).
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes).
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).
- workqueue: Avoid using isolated cpus' timers on (bsc#1231327)
- workqueue: mark power efficient workqueue as unbounded if (bsc#1231327)
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).
- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).
- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).
- x86/kaslr: Expose and use the end of the physical memory address space (bsc#1230405).
- x86/kvm: fix is_stale_page_fault() (bsc#1221333).
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- xhci: Fix incorrect stream context type macro (git-fixes).
- xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes).
- xhci: Mitigate failed set dequeue pointer commands (git-fixes).
- xhci: Separate PORT and CAPs macros into dedicated file (stable-fixes).
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2024:4377-1
Released: Thu Dec 19 07:10:53 2024
Summary: Feature update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: feature
Severity: low
References: 1232024
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Add amazon-dracut-config, google-dracut-config, microsoft-dracut-config to Public Cloud 15-SP[3-6] channels (bsc#1232024)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4383-1
Released: Thu Dec 19 09:05:03 2024
Summary: Recommended update for grub2
Type: recommended
Severity: moderate
References: 1231604,1232573
This update for grub2 fixes the following issues:
- xen-debug Subpackage Created: Debug files (with the .module suffix) previously included in the main xen package have
been moved to a separate xen-debug subpackage (bsc#1232573)
- minix Filesystem Misdetection Fixed: Addressed an issue where leftover data on disk could cause a misdetection and
errors (bsc#1231604)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4386-1
Released: Thu Dec 19 15:04:16 2024
Summary: Security update for avahi
Type: security
Severity: moderate
References: 1226586,1233420,CVE-2024-52616
This update for avahi fixes the following issues:
- CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420)
Other fixes:
- no longer supply bogus services to callbacks (bsc#1226586).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4403-1
Released: Fri Dec 20 16:42:05 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4410-1
Released: Mon Dec 23 12:19:40 2024
Summary: Recommended update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: recommended
Severity: moderate
References: 1234708
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Fix support level to L3 (bsc#1234708)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:29-1
Released: Tue Jan 7 11:41:20 2025
Summary: Security update for python-Jinja2
Type: security
Severity: important
References: 1234809,CVE-2024-56326
This update for python-Jinja2 fixes the following issues:
- CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:73-1
Released: Mon Jan 13 07:10:00 2025
Summary: Recommended update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: recommended
Severity: moderate
References: 1232024
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Add amazon-dracut-config, google-dracut-config, microsoft-dracut-config to MicroOS 5.1, 5.2 and Micro 5.3, 5.4, 5.5 channels (bsc#1232024)
- Move dracut config files to usr/lib/ dir
- Add provides and conflicts on generic name dracut-instance-change-config
- Rename config for nvme for consistency
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:76-1
Released: Mon Jan 13 10:42:05 2025
Summary: Recommended update for containerd
Type: recommended
Severity: moderate
References:
This update for containerd fixes the following issues:
containerd was updated from version 1.7.21 to 1.7.23:
- Changes in version 1.7.23:
* Highlights:
+ Added error definition aliases
+ Allow proxy plugins to have capabilities
+ Revert a previous errdefs package migration
* Container Runtime Interface (CRI):
+ Added check for CNI plugins before tearing down pod network
* Image Distribution:
+ Fixed the race condition during GC of snapshots when client retries
* Full Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.23
- Changes in version 1.7.22:
* Highlights:
+ Build and Release Toolchain
+ Updated Go (go1.22.7 and go1.23.1)
* Container Runtime Interface (CRI):
+ Added a fix for decreasing cumulative stats
* Runtime:
+ Fixed bug where init exits were being dropped
+ Update runc binary to 1.1.14
* Full Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.22
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:148-1
Released: Thu Jan 16 17:00:45 2025
Summary: Recommended update for cryptsetup
Type: recommended
Severity: moderate
References: 1234273
This update for cryptsetup fixes the following issue:
- luksFormat succeeds despite creating corrupt device (bsc#1234273).
* Add a better warning if luksFormat ends with image without any space for data.
* Print warning early if LUKS container is too small for activation.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:196-1
Released: Tue Jan 21 09:34:32 2025
Summary: Security update for dhcp
Type: security
Severity: moderate
References: 1192020
This update for dhcp fixes the following issues:
- Fixed dhcp not starting in case group nogroup is missing (bsc#1192020)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:201-1
Released: Tue Jan 21 13:51:32 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1170891,1173139,1185010,1190358,1190428,1203332,1205521,1209288,1209798,1211593,1211595,1214635,1215304,1215523,1216813,1216909,1219608,1222878,1223044,1225758,1225820,1226694,1228190,1229809,1230422,1230697,1231388,1231453,1231854,1232045,1232157,1232166,1232419,1232436,1232472,1232823,1233038,1233050,1233070,1233096,1233127,1233200,1233239,1233324,1233467,1233468,1233469,1233485,1233547,1233550,1233558,1233564,1233568,1233637,1233642,1233701,1233769,1233837,1234072,1234073,1234075,1234076,1234077,1234087,1234120,1234156,1234219,1234220,1234240,1234241,1234281,1234282,1234294,1234338,1234357,1234437,1234464,1234605,1234639,1234650,1234727,1234811,1234827,1234834,1234843,1234846,1234853,1234856,1234891,1234912,1234920,1234921,1234960,1234963,1234971,1234973,1235004,1235035,1235037,1235039,1235054,1235056,1235061,1235073,1235220,1235224,1235246,1235507,CVE-2021-47202,CVE-2022-36280,CVE-2022-48742,CVE-2022-49033,CVE-2022-49035,CVE-2023-1382,CVE-2023-33951,CVE-2023-33952,CV
E-2023-52920,CVE-2024-24860,CVE-2024-26886,CVE-2024-26924,CVE-2024-36915,CVE-2024-42232,CVE-2024-44934,CVE-2024-47666,CVE-2024-47678,CVE-2024-49944,CVE-2024-49952,CVE-2024-50018,CVE-2024-50143,CVE-2024-50154,CVE-2024-50166,CVE-2024-50181,CVE-2024-50202,CVE-2024-50211,CVE-2024-50256,CVE-2024-50262,CVE-2024-50278,CVE-2024-50279,CVE-2024-50280,CVE-2024-50296,CVE-2024-53051,CVE-2024-53055,CVE-2024-53056,CVE-2024-53064,CVE-2024-53072,CVE-2024-53090,CVE-2024-53095,CVE-2024-53101,CVE-2024-53113,CVE-2024-53114,CVE-2024-53119,CVE-2024-53120,CVE-2024-53122,CVE-2024-53125,CVE-2024-53130,CVE-2024-53131,CVE-2024-53142,CVE-2024-53146,CVE-2024-53150,CVE-2024-53156,CVE-2024-53157,CVE-2024-53158,CVE-2024-53161,CVE-2024-53162,CVE-2024-53173,CVE-2024-53179,CVE-2024-53206,CVE-2024-53210,CVE-2024-53213,CVE-2024-53214,CVE-2024-53239,CVE-2024-53240,CVE-2024-53241,CVE-2024-56539,CVE-2024-56548,CVE-2024-56549,CVE-2024-56570,CVE-2024-56571,CVE-2024-56575,CVE-2024-56598,CVE-2024-56604,CVE-2024-56605,CVE-2024-
56619,CVE-2024-56755,CVE-2024-8805
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-48742: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (bsc#1226694).
- CVE-2022-49033: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (bsc#1232045).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-33951: Fixed a race condition that could have led to an information disclosure inside the vmwgfx driver (bsc#1211593).
- CVE-2023-33952: Fixed a double free that could have led to a local privilege escalation inside the vmwgfx driver (bsc#1211595).
- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).
- CVE-2024-26886: Bluetooth: af_bluetooth: Fix deadlock (bsc#1223044).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809).
- CVE-2024-47666: scsi: pm80xx: Set phy->enable_completion only when we wait for it (bsc#1231453).
- CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854).
- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
- CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419).
- CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038).
- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
- CVE-2024-50181: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (bsc#1233127).
- CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324).
- CVE-2024-50211: udf: refactor inode_bmap() to handle error (bsc#1233096).
- CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200).
- CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239).
- CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469).
- CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-53072: platform/x86/amd/pmc: Detect when STB is not available (bsc#1233564).
- CVE-2024-53090: afs: Fix lock recursion (bsc#1233637).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53101: fs: Fix uninitialized value issue in from_kuid and from_kgid (bsc#1233769).
- CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077).
- CVE-2024-53114: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1234072).
- CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073).
- CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219).
- CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53150: ALSA: usb-audio: Fix out of bounds reads when finding clock sources (bsc#1234834).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53157: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (bsc#1234827).
- CVE-2024-53158: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (bsc#1234811).
- CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856).
- CVE-2024-53162: crypto: qat/qat_4xxx - fix off by one in uof_get_name() (bsc#1234843).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53210: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (bsc#1234971).
- CVE-2024-53213: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (bsc#1234973).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56571: media: uvcvideo: Require entities to have a non-zero unique ID (bsc#1235037).
- CVE-2024-56575: media: imx-jpeg: Ensure power suppliers be suspended before detach them (bsc#1235039).
- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).
- CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920).
The following non-security bugs were fixed:
- ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294)
- Documentation: Add x86/amd_hsmp driver (jsc#PED-1295).
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes).
- Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139)
- KVM: x86: fix sending PV IPI (git-fixes).
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes).
- NFSD: Fix nfsd4_shutdown_copy() (git-fixes).
- NFSD: Move fill_pre_wcc() and fill_post_wcc() (bsc#1234650 bsc#1233701 bsc#1232472).
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes).
- NFSD: Prevent a potential integer overflow (git-fixes).
- NFSD: reduce locking in nfsd_lookup() (bsc#1234650 bsc#1233701 bsc#1232472).
- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes).
- PCI: vmd: Fix secondary bus reset for Intel bridges (git-fixes).
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- README: Clean-up trailing whitespace
- SUNRPC: make sure cache entry active before cache_show (git-fixes).
- amd_hsmp: Add HSMP protocol version 5 messages (jsc#PED-1295).
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605)
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes).
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes).
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes).
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator (git-fixes).
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion (git-fixes).
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes).
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes).
- autofs: use flexible array in ioctl structure (git-fixes).
- devlink: allow registering parameters after the instance (bsc#1231388 bsc#1230422).
- devlink: do not require setting features before registration (bsc#1231388 bsc#1230422).
- dma-fence: Fix reference leak on fence merge failure path (git-fixes).
- dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357).
- dmaengine: idxd: add wq driver name support for accel-config user tool (bsc#1234357).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them (git-fixes).
- exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes).
- fixup 'rpm: support gz and zst compression methods' once more (bsc#1190428, bsc#1190358) Fixes: 3b8c4d9bcc24 ('rpm: support gz and zst compression methods') Fixes: 23510fce36ec ('fixup 'rpm: support gz and zst compression methods'')
- hfsplus: do not query the device logical block size multiple times (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- ipc/sem: Fix dangling sem_array access in semtimedop race (bsc#1234727).
- jffs2: Fix rtime decompressor (git-fixes).
- jffs2: Prevent rtime decompress memory corruption (git-fixes).
- jffs2: fix use of uninitialized variable (git-fixes).
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes).
- jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes).
- jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes).
- jfs: fix shift-out-of-bounds in dbSplit (git-fixes).
- jfs: xattr: check invalid xattr size more strictly (git-fixes).
- kabi/severities: ignore intermodule symbols between fsl_fman and fsl_dpaa_eth
- kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge.
- kobject: Add sanity check for kset->kobj.ktype in kset_register() (bsc#1234639).
- memory: tegra: Add API for retrieving carveout bounds (jsc#PED-1763).
- mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (bsc#1234120).
- mmc: core: Further prevent card detect during shutdown (git-fixes).
- net/ipv6: release expired exception dst cached in socket (bsc#1216813).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- nfsd: make sure exp active before svc_export_show (git-fixes).
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234650 bsc#1233701 bsc#1232472).
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes).
- nilfs2: prevent use of deleted inode (git-fixes).
- ocfs2: uncache inode which has failed entering the group (bsc#1234087).
- phy: tegra: p2u: Set ENABLE_L2_EXIT_RATE_CHANGE in calibration (jsc#PED-1763).
- platform/x86: Add AMD system management interface (jsc#PED-1295).
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes).
- pwm: tegra: Improve required rate calculation (jsc#PED-1763).
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
- scatterlist: fix incorrect func name in kernel-doc (git-fixes).
- scripts/git_sort/git_sort.py: add tegra DRM and linux-pwm repo
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- serial: tegra: Read DMA status before terminating (jsc#PED-1763).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642].
- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).
- sunrpc: simplify two-level sysctl registration for svcrdma_parm_table (git-fixes).
- supported.conf: add bsc1185010 dependency
- supported.conf: hyperv_drm (jsc#sle-19733)
- svcrdma: Address an integer overflow (git-fixes).
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes).
- tpm_tis_spi: Release chip select when flow control fails (bsc#1234338)
- ubifs: Correct the total block count by deducting journal reservation (git-fixes).
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes).
- udf: Handle error when adding extent to a file (bsc#1234437).
- udf: refactor udf_current_aext() to handle error (bsc#1234240).
- udf: refactor udf_next_aext() to handle error (bsc#1234241).
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- zonefs: fix zone report size in __zonefs_io_error() (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:218-1
Released: Wed Jan 22 04:33:35 2025
Summary: Optional update for augeas
Type: optional
Severity: moderate
References:
This update ships the augeas commandline tool and the augeas-lenses to SUSE Linux Enterprise Micro 5.5.
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:224-1
Released: Wed Jan 22 12:31:25 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:225-1
Released: Wed Jan 22 15:31:54 2025
Summary: Recommended update for vim
Type: recommended
Severity: moderate
References: 1234214,1234245,1234333
This update for vim fixes the following issues:
- Fix for migration problems related to 'xxd', a subpackages of vim (bsc#1234333 / bsc#1234214 / bsc#1234245).
Package 'xxd' has been obsoleted by Vim, as it provides the xxd
files directly.
However, because the 'Obsoletes' entry was versioned, depending on
which version of 'xxd' that is installed, the 'Obsoletes' isn't
actually triggered. Thus, there is a conflict between 'vim' and
'xxd' in these cases.
Fixing this by removing the version completely. The 'vim' package
should always replace 'xxd', even if people are migrating from an
older SLE15 service pack which has the exact same version.
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- amazon-dracut-config-0.0.4-150300.7.9.2 added
- containerd-ctr-1.7.23-150000.120.1 updated
- containerd-1.7.23-150000.120.1 updated
- curl-8.0.1-150400.5.59.1 updated
- dhcp-client-4.3.6.P1-150000.6.22.1 updated
- dhcp-4.3.6.P1-150000.6.22.1 updated
- docker-26.1.5_ce-150000.212.1 updated
- grub2-i386-pc-2.06-150500.29.37.1 updated
- grub2-x86_64-efi-2.06-150500.29.37.1 updated
- grub2-x86_64-xen-2.06-150500.29.37.1 updated
- grub2-2.06-150500.29.37.1 updated
- hwdata-0.390-150000.3.74.2 updated
- kernel-default-5.14.21-150500.55.91.1 updated
- libaugeas0-1.12.0-150400.3.5.1 updated
- libavahi-client3-0.8-150400.7.20.1 updated
- libavahi-common3-0.8-150400.7.20.1 updated
- libcryptsetup12-2.4.3-150400.3.6.2 updated
- libcurl4-8.0.1-150400.5.59.1 updated
- libsystemd0-249.17-150400.8.46.1 updated
- libudev1-249.17-150400.8.46.1 updated
- libzypp-17.35.16-150500.6.33.1 updated
- python3-Jinja2-2.10.1-150000.3.18.1 updated
- systemd-sysvinit-249.17-150400.8.46.1 updated
- systemd-249.17-150400.8.46.1 updated
- udev-249.17-150400.8.46.1 updated
- vim-data-common-9.1.0836-150500.20.18.1 updated
- vim-9.1.0836-150500.20.18.1 updated
- zypper-1.14.79-150500.6.17.1 updated
From sle-container-updates at lists.suse.com Sat Jan 25 08:02:50 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sat, 25 Jan 2025 09:02:50 +0100 (CET)
Subject: SUSE-IU-2025:351-1: Security update of
sles-15-sp5-chost-byos-v20250122-arm64
Message-ID: <20250125080250.7A6DFFBA0@maintenance.suse.de>
SUSE Image Update Advisory: sles-15-sp5-chost-byos-v20250122-arm64
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:351-1
Image Tags : sles-15-sp5-chost-byos-v20250122-arm64:20250122
Image Release :
Severity : important
Type : security
References : 1054914 1065729 1082555 1170891 1173139 1185010 1190358 1190428
1194869 1203332 1203617 1204171 1205521 1205796 1206188 1206344
1209288 1209290 1209798 1210449 1210627 1211593 1211595 1213034
1214635 1215304 1215523 1216813 1216813 1216909 1217070 1218562
1218644 1219608 1220382 1221309 1221333 1222364 1222590 1222878
1223044 1223202 1223384 1223524 1223656 1223824 1223848 1223919
1223942 1224518 1224526 1224574 1225189 1225336 1225611 1225725
1225730 1225742 1225758 1225762 1225764 1225812 1225820 1226498
1226560 1226586 1226592 1226631 1226694 1226748 1226797 1226872
1227437 1227853 1227885 1228119 1228190 1228269 1228324 1228410
1228430 1228486 1228553 1228650 1228709 1228743 1228747 1228857
1229005 1229019 1229312 1229429 1229450 1229454 1229456 1229556
1229585 1229752 1229769 1229806 1229808 1229809 1229837 1229891
1230055 1230179 1230220 1230231 1230270 1230272 1230289 1230294
1230331 1230333 1230405 1230414 1230422 1230429 1230456 1230550
1230558 1230600 1230620 1230697 1230715 1230722 1230763 1230773
1230774 1230801 1230827 1230903 1230918 1231016 1231072 1231073
1231083 1231084 1231085 1231087 1231089 1231094 1231096 1231098
1231101 1231105 1231108 1231111 1231114 1231115 1231132 1231135
1231138 1231148 1231169 1231178 1231179 1231180 1231181 1231187
1231191 1231193 1231195 1231197 1231200 1231202 1231203 1231277
1231293 1231327 1231344 1231348 1231375 1231383 1231388 1231434
1231439 1231441 1231442 1231452 1231453 1231465 1231474 1231481
1231496 1231502 1231537 1231539 1231540 1231541 1231578 1231604
1231610 1231646 1231673 1231775 1231776 1231849 1231854 1231856
1231857 1231858 1231859 1231861 1231864 1231872 1231883 1231885
1231887 1231888 1231889 1231890 1231892 1231893 1231895 1231896
1231897 1231902 1231903 1231904 1231907 1231914 1231916 1231920
1231923 1231929 1231930 1231931 1231935 1231936 1231937 1231938
1231939 1231940 1231941 1231942 1231944 1231947 1231950 1231952
1231953 1231954 1231958 1231959 1231960 1231961 1231962 1231965
1231967 1231968 1231972 1231973 1231976 1231978 1231979 1231987
1231988 1231990 1231991 1231992 1231995 1231996 1231997 1231998
1232001 1232004 1232005 1232006 1232007 1232013 1232015 1232016
1232017 1232024 1232024 1232025 1232026 1232027 1232028 1232033
1232034 1232035 1232036 1232037 1232038 1232039 1232043 1232045
1232047 1232048 1232049 1232050 1232056 1232067 1232069 1232070
1232071 1232075 1232076 1232080 1232083 1232084 1232085 1232089
1232094 1232096 1232097 1232098 1232104 1232105 1232108 1232111
1232114 1232116 1232119 1232120 1232123 1232124 1232126 1232133
1232134 1232135 1232136 1232140 1232141 1232142 1232145 1232147
1232149 1232150 1232151 1232152 1232154 1232155 1232157 1232159
1232160 1232162 1232163 1232164 1232165 1232166 1232170 1232172
1232174 1232175 1232180 1232185 1232187 1232189 1232191 1232195
1232196 1232198 1232199 1232200 1232201 1232217 1232218 1232220
1232221 1232224 1232229 1232232 1232233 1232237 1232251 1232253
1232254 1232255 1232259 1232260 1232262 1232263 1232264 1232272
1232279 1232282 1232285 1232286 1232287 1232293 1232304 1232305
1232307 1232309 1232310 1232312 1232313 1232314 1232316 1232317
1232318 1232329 1232332 1232333 1232334 1232335 1232337 1232339
1232342 1232345 1232349 1232352 1232354 1232355 1232357 1232358
1232359 1232361 1232362 1232364 1232366 1232367 1232368 1232369
1232370 1232371 1232374 1232378 1232381 1232383 1232385 1232387
1232392 1232394 1232395 1232413 1232416 1232418 1232419 1232424
1232432 1232435 1232436 1232436 1232442 1232446 1232472 1232483
1232500 1232501 1232503 1232504 1232507 1232519 1232520 1232552
1232573 1232630 1232631 1232632 1232757 1232819 1232823 1232860
1232870 1232873 1232877 1232878 1232881 1232884 1232885 1232887
1232888 1232890 1232892 1232896 1232897 1232905 1232907 1232919
1232926 1232928 1232935 1232999 1233035 1233038 1233049 1233050
1233051 1233056 1233057 1233061 1233063 1233065 1233067 1233070
1233070 1233073 1233074 1233096 1233100 1233103 1233104 1233105
1233106 1233107 1233108 1233110 1233111 1233113 1233114 1233117
1233123 1233125 1233127 1233129 1233130 1233134 1233135 1233150
1233189 1233191 1233197 1233200 1233205 1233206 1233209 1233210
1233211 1233212 1233214 1233216 1233238 1233239 1233241 1233253
1233255 1233293 1233324 1233350 1233420 1233452 1233453 1233454
1233456 1233457 1233458 1233460 1233462 1233463 1233467 1233468
1233468 1233469 1233471 1233476 1233478 1233479 1233481 1233484
1233485 1233487 1233490 1233491 1233528 1233547 1233548 1233550
1233552 1233553 1233554 1233555 1233557 1233558 1233560 1233561
1233564 1233568 1233570 1233577 1233580 1233625 1233626 1233637
1233642 1233701 1233769 1233819 1233837 1233977 1234012 1234025
1234068 1234072 1234073 1234075 1234076 1234077 1234085 1234087
1234093 1234098 1234108 1234120 1234156 1234214 1234219 1234220
1234240 1234241 1234245 1234273 1234281 1234282 1234294 1234333
1234338 1234357 1234437 1234464 1234605 1234639 1234650 1234708
1234727 1234749 1234811 1234827 1234834 1234843 1234846 1234853
1234856 1234891 1234912 1234920 1234921 1234960 1234963 1234971
1234973 1235004 1235035 1235037 1235039 1235054 1235056 1235061
1235073 1235220 1235224 1235246 1235507 CVE-2021-47202 CVE-2021-47416
CVE-2021-47534 CVE-2021-47594 CVE-2022-3435 CVE-2022-36280 CVE-2022-45934
CVE-2022-48664 CVE-2022-48674 CVE-2022-48742 CVE-2022-48879 CVE-2022-48946
CVE-2022-48947 CVE-2022-48948 CVE-2022-48949 CVE-2022-48951 CVE-2022-48953
CVE-2022-48954 CVE-2022-48955 CVE-2022-48956 CVE-2022-48957 CVE-2022-48958
CVE-2022-48959 CVE-2022-48960 CVE-2022-48961 CVE-2022-48962 CVE-2022-48966
CVE-2022-48967 CVE-2022-48968 CVE-2022-48969 CVE-2022-48970 CVE-2022-48971
CVE-2022-48972 CVE-2022-48973 CVE-2022-48975 CVE-2022-48977 CVE-2022-48978
CVE-2022-48979 CVE-2022-48980 CVE-2022-48981 CVE-2022-48982 CVE-2022-48983
CVE-2022-48985 CVE-2022-48987 CVE-2022-48988 CVE-2022-48989 CVE-2022-48990
CVE-2022-48991 CVE-2022-48992 CVE-2022-48994 CVE-2022-48995 CVE-2022-48997
CVE-2022-48999 CVE-2022-49000 CVE-2022-49002 CVE-2022-49003 CVE-2022-49005
CVE-2022-49006 CVE-2022-49007 CVE-2022-49010 CVE-2022-49011 CVE-2022-49012
CVE-2022-49014 CVE-2022-49015 CVE-2022-49016 CVE-2022-49017 CVE-2022-49019
CVE-2022-49020 CVE-2022-49021 CVE-2022-49022 CVE-2022-49023 CVE-2022-49024
CVE-2022-49025 CVE-2022-49026 CVE-2022-49027 CVE-2022-49028 CVE-2022-49029
CVE-2022-49031 CVE-2022-49032 CVE-2022-49033 CVE-2022-49035 CVE-2023-1382
CVE-2023-2166 CVE-2023-28327 CVE-2023-33951 CVE-2023-33952 CVE-2023-45142
CVE-2023-47108 CVE-2023-52766 CVE-2023-52800 CVE-2023-52881 CVE-2023-52915
CVE-2023-52917 CVE-2023-52918 CVE-2023-52919 CVE-2023-52920 CVE-2023-52921
CVE-2023-52922 CVE-2023-6270 CVE-2024-11053 CVE-2024-24860 CVE-2024-26782
CVE-2024-26886 CVE-2024-26906 CVE-2024-26924 CVE-2024-26953 CVE-2024-27043
CVE-2024-35888 CVE-2024-35937 CVE-2024-35980 CVE-2024-36244 CVE-2024-36484
CVE-2024-36883 CVE-2024-36886 CVE-2024-36905 CVE-2024-36915 CVE-2024-36953
CVE-2024-36954 CVE-2024-36957 CVE-2024-38577 CVE-2024-38589 CVE-2024-38615
CVE-2024-39476 CVE-2024-40965 CVE-2024-40997 CVE-2024-41016 CVE-2024-41023
CVE-2024-41049 CVE-2024-41110 CVE-2024-42131 CVE-2024-42145 CVE-2024-42226
CVE-2024-42232 CVE-2024-42253 CVE-2024-43817 CVE-2024-43897 CVE-2024-44931
CVE-2024-44932 CVE-2024-44934 CVE-2024-44947 CVE-2024-44958 CVE-2024-44964
CVE-2024-44995 CVE-2024-45016 CVE-2024-45025 CVE-2024-46678 CVE-2024-46681
CVE-2024-46716 CVE-2024-46719 CVE-2024-46754 CVE-2024-46770 CVE-2024-46775
CVE-2024-46777 CVE-2024-46800 CVE-2024-46802 CVE-2024-46804 CVE-2024-46805
CVE-2024-46807 CVE-2024-46809 CVE-2024-46810 CVE-2024-46811 CVE-2024-46812
CVE-2024-46813 CVE-2024-46814 CVE-2024-46815 CVE-2024-46816 CVE-2024-46817
CVE-2024-46818 CVE-2024-46819 CVE-2024-46821 CVE-2024-46826 CVE-2024-46828
CVE-2024-46834 CVE-2024-46835 CVE-2024-46840 CVE-2024-46841 CVE-2024-46842
CVE-2024-46848 CVE-2024-46849 CVE-2024-46853 CVE-2024-46854 CVE-2024-46855
CVE-2024-46857 CVE-2024-46859 CVE-2024-46864 CVE-2024-46871 CVE-2024-47660
CVE-2024-47661 CVE-2024-47663 CVE-2024-47664 CVE-2024-47665 CVE-2024-47666
CVE-2024-47667 CVE-2024-47668 CVE-2024-47669 CVE-2024-47670 CVE-2024-47671
CVE-2024-47672 CVE-2024-47673 CVE-2024-47674 CVE-2024-47678 CVE-2024-47679
CVE-2024-47682 CVE-2024-47684 CVE-2024-47685 CVE-2024-47692 CVE-2024-47693
CVE-2024-47695 CVE-2024-47696 CVE-2024-47697 CVE-2024-47698 CVE-2024-47699
CVE-2024-47701 CVE-2024-47704 CVE-2024-47705 CVE-2024-47706 CVE-2024-47707
CVE-2024-47709 CVE-2024-47710 CVE-2024-47712 CVE-2024-47713 CVE-2024-47718
CVE-2024-47720 CVE-2024-47723 CVE-2024-47727 CVE-2024-47728 CVE-2024-47730
CVE-2024-47735 CVE-2024-47737 CVE-2024-47738 CVE-2024-47739 CVE-2024-47742
CVE-2024-47745 CVE-2024-47747 CVE-2024-47748 CVE-2024-47749 CVE-2024-47756
CVE-2024-47757 CVE-2024-49850 CVE-2024-49851 CVE-2024-49852 CVE-2024-49855
CVE-2024-49858 CVE-2024-49860 CVE-2024-49861 CVE-2024-49863 CVE-2024-49866
CVE-2024-49867 CVE-2024-49868 CVE-2024-49870 CVE-2024-49871 CVE-2024-49875
CVE-2024-49877 CVE-2024-49879 CVE-2024-49881 CVE-2024-49882 CVE-2024-49883
CVE-2024-49884 CVE-2024-49886 CVE-2024-49890 CVE-2024-49891 CVE-2024-49892
CVE-2024-49894 CVE-2024-49895 CVE-2024-49896 CVE-2024-49897 CVE-2024-49899
CVE-2024-49900 CVE-2024-49901 CVE-2024-49902 CVE-2024-49903 CVE-2024-49905
CVE-2024-49906 CVE-2024-49907 CVE-2024-49908 CVE-2024-49909 CVE-2024-49911
CVE-2024-49912 CVE-2024-49913 CVE-2024-49914 CVE-2024-49917 CVE-2024-49918
CVE-2024-49919 CVE-2024-49920 CVE-2024-49921 CVE-2024-49922 CVE-2024-49923
CVE-2024-49924 CVE-2024-49925 CVE-2024-49929 CVE-2024-49930 CVE-2024-49933
CVE-2024-49934 CVE-2024-49935 CVE-2024-49936 CVE-2024-49938 CVE-2024-49939
CVE-2024-49944 CVE-2024-49945 CVE-2024-49946 CVE-2024-49947 CVE-2024-49949
CVE-2024-49950 CVE-2024-49952 CVE-2024-49954 CVE-2024-49955 CVE-2024-49957
CVE-2024-49958 CVE-2024-49959 CVE-2024-49960 CVE-2024-49962 CVE-2024-49963
CVE-2024-49965 CVE-2024-49966 CVE-2024-49967 CVE-2024-49968 CVE-2024-49969
CVE-2024-49973 CVE-2024-49974 CVE-2024-49975 CVE-2024-49981 CVE-2024-49982
CVE-2024-49983 CVE-2024-49985 CVE-2024-49989 CVE-2024-49991 CVE-2024-49993
CVE-2024-49995 CVE-2024-49996 CVE-2024-50000 CVE-2024-50001 CVE-2024-50002
CVE-2024-50003 CVE-2024-50006 CVE-2024-50007 CVE-2024-50008 CVE-2024-50009
CVE-2024-50013 CVE-2024-50014 CVE-2024-50017 CVE-2024-50018 CVE-2024-50019
CVE-2024-50024 CVE-2024-50025 CVE-2024-50026 CVE-2024-50028 CVE-2024-50031
CVE-2024-50033 CVE-2024-50035 CVE-2024-50041 CVE-2024-50044 CVE-2024-50045
CVE-2024-50046 CVE-2024-50047 CVE-2024-50048 CVE-2024-50049 CVE-2024-50055
CVE-2024-50058 CVE-2024-50059 CVE-2024-50061 CVE-2024-50062 CVE-2024-50063
CVE-2024-50067 CVE-2024-50073 CVE-2024-50074 CVE-2024-50077 CVE-2024-50078
CVE-2024-50081 CVE-2024-50082 CVE-2024-50089 CVE-2024-50093 CVE-2024-50095
CVE-2024-50096 CVE-2024-50098 CVE-2024-50099 CVE-2024-50103 CVE-2024-50108
CVE-2024-50110 CVE-2024-50115 CVE-2024-50116 CVE-2024-50117 CVE-2024-50124
CVE-2024-50125 CVE-2024-50127 CVE-2024-50128 CVE-2024-50131 CVE-2024-50134
CVE-2024-50135 CVE-2024-50138 CVE-2024-50141 CVE-2024-50143 CVE-2024-50146
CVE-2024-50147 CVE-2024-50148 CVE-2024-50150 CVE-2024-50153 CVE-2024-50154
CVE-2024-50154 CVE-2024-50155 CVE-2024-50156 CVE-2024-50160 CVE-2024-50166
CVE-2024-50167 CVE-2024-50171 CVE-2024-50179 CVE-2024-50180 CVE-2024-50181
CVE-2024-50182 CVE-2024-50183 CVE-2024-50184 CVE-2024-50186 CVE-2024-50187
CVE-2024-50188 CVE-2024-50189 CVE-2024-50192 CVE-2024-50194 CVE-2024-50195
CVE-2024-50196 CVE-2024-50198 CVE-2024-50201 CVE-2024-50202 CVE-2024-50205
CVE-2024-50208 CVE-2024-50209 CVE-2024-50211 CVE-2024-50215 CVE-2024-50218
CVE-2024-50229 CVE-2024-50230 CVE-2024-50232 CVE-2024-50233 CVE-2024-50234
CVE-2024-50236 CVE-2024-50237 CVE-2024-50249 CVE-2024-50255 CVE-2024-50256
CVE-2024-50259 CVE-2024-50261 CVE-2024-50262 CVE-2024-50264 CVE-2024-50265
CVE-2024-50267 CVE-2024-50268 CVE-2024-50269 CVE-2024-50271 CVE-2024-50273
CVE-2024-50274 CVE-2024-50278 CVE-2024-50279 CVE-2024-50279 CVE-2024-50280
CVE-2024-50282 CVE-2024-50287 CVE-2024-50289 CVE-2024-50290 CVE-2024-50292
CVE-2024-50295 CVE-2024-50296 CVE-2024-50298 CVE-2024-50301 CVE-2024-50302
CVE-2024-52616 CVE-2024-53051 CVE-2024-53052 CVE-2024-53055 CVE-2024-53056
CVE-2024-53058 CVE-2024-53059 CVE-2024-53060 CVE-2024-53061 CVE-2024-53063
CVE-2024-53064 CVE-2024-53066 CVE-2024-53068 CVE-2024-53072 CVE-2024-53079
CVE-2024-53085 CVE-2024-53088 CVE-2024-53090 CVE-2024-53095 CVE-2024-53101
CVE-2024-53104 CVE-2024-53110 CVE-2024-53113 CVE-2024-53114 CVE-2024-53119
CVE-2024-53120 CVE-2024-53122 CVE-2024-53125 CVE-2024-53130 CVE-2024-53131
CVE-2024-53142 CVE-2024-53146 CVE-2024-53150 CVE-2024-53156 CVE-2024-53157
CVE-2024-53158 CVE-2024-53161 CVE-2024-53162 CVE-2024-53173 CVE-2024-53179
CVE-2024-53206 CVE-2024-53210 CVE-2024-53213 CVE-2024-53214 CVE-2024-53239
CVE-2024-53240 CVE-2024-53241 CVE-2024-56539 CVE-2024-56548 CVE-2024-56549
CVE-2024-56570 CVE-2024-56571 CVE-2024-56575 CVE-2024-56598 CVE-2024-56604
CVE-2024-56605 CVE-2024-56619 CVE-2024-56755 CVE-2024-8805
-----------------------------------------------------------------
The container sles-15-sp5-chost-byos-v20250122-arm64 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4338-1
Released: Tue Dec 17 08:18:46 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1230272,1231610
This update for systemd fixes the following issues:
- core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout (bsc#1230272)
- core/unit: add get_timeout_start_usec in UnitVTable and define it for service
- sd-bus: make bus_add_match_full accept timeout
- udev-builtin-path_id: SAS wide ports must have num_phys > 1 (bsc#1231610)
- sd-device: add helper to read a unsigned int attribute
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4359-1
Released: Tue Dec 17 14:19:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4360-1
Released: Tue Dec 17 15:35:28 2024
Summary: Security update for docker
Type: security
Severity: important
References: 1217070,1228324,1228553,1229806,1230294,1230331,1230333,1231348,1232999,1233819,CVE-2023-45142,CVE-2023-47108,CVE-2024-41110
This update for docker fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
.
Some notable changelogs from the last update:
*
*
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Allow a parallel docker-stable RPM to exists in repositories.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)
- Mark docker-buildx as required since classic 'docker build' has been
deprecated since Docker 23.0. (bsc#1230331)
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
(bsc#1230333)
- Update to Docker 26.1.5-ce. See upstream changelog online at
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070 bsc#1229806
* CVE-2023-45142. bsc#1228553 bsc#1229806
- Update to Docker 26.1.4-ce. See upstream changelog online at
- Update to Docker 26.1.0-ce. See upstream changelog online at
- Update --add-runtime to point to correct binary path.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4363-1
Released: Tue Dec 17 16:12:41 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update v0.390
* Update pci and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4364-1
Released: Tue Dec 17 16:57:18 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1054914,1065729,1082555,1194869,1204171,1205796,1206188,1206344,1209290,1210449,1210627,1213034,1216813,1218562,1218644,1220382,1221309,1221333,1222364,1222590,1223202,1223384,1223524,1223656,1223824,1223848,1223919,1223942,1224518,1224526,1224574,1225189,1225336,1225611,1225725,1225730,1225742,1225762,1225764,1225812,1226498,1226560,1226592,1226631,1226748,1226797,1226872,1227437,1227853,1227885,1228119,1228269,1228410,1228430,1228486,1228650,1228709,1228743,1228747,1228857,1229005,1229019,1229312,1229429,1229450,1229454,1229456,1229556,1229585,1229752,1229769,1229808,1229837,1229891,1230055,1230179,1230220,1230231,1230270,1230289,1230405,1230414,1230429,1230456,1230550,1230558,1230600,1230620,1230715,1230722,1230763,1230773,1230774,1230801,1230827,1230903,1230918,1231016,1231072,1231073,1231083,1231084,1231085,1231087,1231089,1231094,1231096,1231098,1231101,1231105,1231108,1231111,1231114,1231115,1231132,1231135,1231138,1231148,1231169,1231178,1231179,1231180,1231181,1
231187,1231191,1231193,1231195,1231197,1231200,1231202,1231203,1231277,1231293,1231327,1231344,1231375,1231383,1231434,1231439,1231441,1231442,1231452,1231465,1231474,1231481,1231496,1231502,1231537,1231539,1231540,1231541,1231578,1231646,1231673,1231849,1231856,1231857,1231858,1231859,1231861,1231864,1231872,1231883,1231885,1231887,1231888,1231889,1231890,1231892,1231893,1231895,1231896,1231897,1231902,1231903,1231904,1231907,1231914,1231916,1231920,1231923,1231929,1231930,1231931,1231935,1231936,1231937,1231938,1231939,1231940,1231941,1231942,1231944,1231947,1231950,1231952,1231953,1231954,1231958,1231959,1231960,1231961,1231962,1231965,1231967,1231968,1231972,1231973,1231976,1231978,1231979,1231987,1231988,1231990,1231991,1231992,1231995,1231996,1231997,1231998,1232001,1232004,1232005,1232006,1232007,1232013,1232015,1232016,1232017,1232025,1232026,1232027,1232028,1232033,1232034,1232035,1232036,1232037,1232038,1232039,1232043,1232047,1232048,1232049,1232050,1232056,1232067,123206
9,1232070,1232071,1232075,1232076,1232080,1232083,1232084,1232085,1232089,1232094,1232096,1232097,1232098,1232104,1232105,1232108,1232111,1232114,1232116,1232119,1232120,1232123,1232124,1232126,1232133,1232134,1232135,1232136,1232140,1232141,1232142,1232145,1232147,1232149,1232150,1232151,1232152,1232154,1232155,1232159,1232160,1232162,1232163,1232164,1232165,1232170,1232172,1232174,1232175,1232180,1232185,1232187,1232189,1232191,1232195,1232196,1232198,1232199,1232200,1232201,1232217,1232218,1232220,1232221,1232224,1232229,1232232,1232233,1232237,1232251,1232253,1232254,1232255,1232259,1232260,1232262,1232263,1232264,1232272,1232279,1232282,1232285,1232286,1232287,1232293,1232304,1232305,1232307,1232309,1232310,1232312,1232313,1232314,1232316,1232317,1232318,1232329,1232332,1232333,1232334,1232335,1232337,1232339,1232342,1232345,1232349,1232352,1232354,1232355,1232357,1232358,1232359,1232361,1232362,1232364,1232366,1232367,1232368,1232369,1232370,1232371,1232374,1232378,1232381,123
2383,1232385,1232387,1232392,1232394,1232395,1232413,1232416,1232418,1232424,1232432,1232435,1232436,1232442,1232446,1232483,1232500,1232501,1232503,1232504,1232507,1232519,1232520,1232552,1232630,1232631,1232632,1232757,1232819,1232860,1232870,1232873,1232877,1232878,1232881,1232884,1232885,1232887,1232888,1232890,1232892,1232896,1232897,1232905,1232907,1232919,1232926,1232928,1232935,1233035,1233049,1233051,1233056,1233057,1233061,1233063,1233065,1233067,1233070,1233073,1233074,1233100,1233103,1233104,1233105,1233106,1233107,1233108,1233110,1233111,1233113,1233114,1233117,1233123,1233125,1233129,1233130,1233134,1233135,1233150,1233189,1233191,1233197,1233205,1233206,1233209,1233210,1233211,1233212,1233214,1233216,1233238,1233241,1233253,1233255,1233293,1233350,1233452,1233453,1233454,1233456,1233457,1233458,1233460,1233462,1233463,1233468,1233471,1233476,1233478,1233479,1233481,1233484,1233487,1233490,1233491,1233528,1233548,1233552,1233553,1233554,1233555,1233557,1233560,1233561,
1233570,1233577,1233580,1233977,1234012,1234025,1234085,1234093,1234098,1234108,CVE-2021-47416,CVE-2021-47534,CVE-2021-47594,CVE-2022-3435,CVE-2022-45934,CVE-2022-48664,CVE-2022-48674,CVE-2022-48879,CVE-2022-48946,CVE-2022-48947,CVE-2022-48948,CVE-2022-48949,CVE-2022-48951,CVE-2022-48953,CVE-2022-48954,CVE-2022-48955,CVE-2022-48956,CVE-2022-48957,CVE-2022-48958,CVE-2022-48959,CVE-2022-48960,CVE-2022-48961,CVE-2022-48962,CVE-2022-48966,CVE-2022-48967,CVE-2022-48968,CVE-2022-48969,CVE-2022-48970,CVE-2022-48971,CVE-2022-48972,CVE-2022-48973,CVE-2022-48975,CVE-2022-48977,CVE-2022-48978,CVE-2022-48979,CVE-2022-48980,CVE-2022-48981,CVE-2022-48982,CVE-2022-48983,CVE-2022-48985,CVE-2022-48987,CVE-2022-48988,CVE-2022-48989,CVE-2022-48990,CVE-2022-48991,CVE-2022-48992,CVE-2022-48994,CVE-2022-48995,CVE-2022-48997,CVE-2022-48999,CVE-2022-49000,CVE-2022-49002,CVE-2022-49003,CVE-2022-49005,CVE-2022-49006,CVE-2022-49007,CVE-2022-49010,CVE-2022-49011,CVE-2022-49012,CVE-2022-49014,CVE-2022-49015,CVE
-2022-49016,CVE-2022-49017,CVE-2022-49019,CVE-2022-49020,CVE-2022-49021,CVE-2022-49022,CVE-2022-49023,CVE-2022-49024,CVE-2022-49025,CVE-2022-49026,CVE-2022-49027,CVE-2022-49028,CVE-2022-49029,CVE-2022-49031,CVE-2022-49032,CVE-2023-2166,CVE-2023-28327,CVE-2023-52766,CVE-2023-52800,CVE-2023-52881,CVE-2023-52915,CVE-2023-52917,CVE-2023-52918,CVE-2023-52919,CVE-2023-52921,CVE-2023-52922,CVE-2023-6270,CVE-2024-26782,CVE-2024-26906,CVE-2024-26953,CVE-2024-27043,CVE-2024-35888,CVE-2024-35937,CVE-2024-35980,CVE-2024-36244,CVE-2024-36484,CVE-2024-36883,CVE-2024-36886,CVE-2024-36905,CVE-2024-36953,CVE-2024-36954,CVE-2024-36957,CVE-2024-38577,CVE-2024-38589,CVE-2024-38615,CVE-2024-39476,CVE-2024-40965,CVE-2024-40997,CVE-2024-41016,CVE-2024-41023,CVE-2024-41049,CVE-2024-42131,CVE-2024-42145,CVE-2024-42226,CVE-2024-42253,CVE-2024-43817,CVE-2024-43897,CVE-2024-44931,CVE-2024-44932,CVE-2024-44947,CVE-2024-44958,CVE-2024-44964,CVE-2024-44995,CVE-2024-45016,CVE-2024-45025,CVE-2024-46678,CVE-2024-466
81,CVE-2024-46716,CVE-2024-46719,CVE-2024-46754,CVE-2024-46770,CVE-2024-46775,CVE-2024-46777,CVE-2024-46800,CVE-2024-46802,CVE-2024-46804,CVE-2024-46805,CVE-2024-46807,CVE-2024-46809,CVE-2024-46810,CVE-2024-46811,CVE-2024-46812,CVE-2024-46813,CVE-2024-46814,CVE-2024-46815,CVE-2024-46816,CVE-2024-46817,CVE-2024-46818,CVE-2024-46819,CVE-2024-46821,CVE-2024-46826,CVE-2024-46828,CVE-2024-46834,CVE-2024-46835,CVE-2024-46840,CVE-2024-46841,CVE-2024-46842,CVE-2024-46848,CVE-2024-46849,CVE-2024-46853,CVE-2024-46854,CVE-2024-46855,CVE-2024-46857,CVE-2024-46859,CVE-2024-46864,CVE-2024-46871,CVE-2024-47660,CVE-2024-47661,CVE-2024-47663,CVE-2024-47664,CVE-2024-47665,CVE-2024-47667,CVE-2024-47668,CVE-2024-47669,CVE-2024-47670,CVE-2024-47671,CVE-2024-47672,CVE-2024-47673,CVE-2024-47674,CVE-2024-47679,CVE-2024-47682,CVE-2024-47684,CVE-2024-47685,CVE-2024-47692,CVE-2024-47693,CVE-2024-47695,CVE-2024-47696,CVE-2024-47697,CVE-2024-47698,CVE-2024-47699,CVE-2024-47701,CVE-2024-47704,CVE-2024-47705,CVE-
2024-47706,CVE-2024-47707,CVE-2024-47709,CVE-2024-47710,CVE-2024-47712,CVE-2024-47713,CVE-2024-47718,CVE-2024-47720,CVE-2024-47723,CVE-2024-47727,CVE-2024-47728,CVE-2024-47730,CVE-2024-47735,CVE-2024-47737,CVE-2024-47738,CVE-2024-47739,CVE-2024-47742,CVE-2024-47745,CVE-2024-47747,CVE-2024-47748,CVE-2024-47749,CVE-2024-47756,CVE-2024-47757,CVE-2024-49850,CVE-2024-49851,CVE-2024-49852,CVE-2024-49855,CVE-2024-49858,CVE-2024-49860,CVE-2024-49861,CVE-2024-49863,CVE-2024-49866,CVE-2024-49867,CVE-2024-49868,CVE-2024-49870,CVE-2024-49871,CVE-2024-49875,CVE-2024-49877,CVE-2024-49879,CVE-2024-49881,CVE-2024-49882,CVE-2024-49883,CVE-2024-49884,CVE-2024-49886,CVE-2024-49890,CVE-2024-49891,CVE-2024-49892,CVE-2024-49894,CVE-2024-49895,CVE-2024-49896,CVE-2024-49897,CVE-2024-49899,CVE-2024-49900,CVE-2024-49901,CVE-2024-49902,CVE-2024-49903,CVE-2024-49905,CVE-2024-49906,CVE-2024-49907,CVE-2024-49908,CVE-2024-49909,CVE-2024-49911,CVE-2024-49912,CVE-2024-49913,CVE-2024-49914,CVE-2024-49917,CVE-2024-49
918,CVE-2024-49919,CVE-2024-49920,CVE-2024-49921,CVE-2024-49922,CVE-2024-49923,CVE-2024-49924,CVE-2024-49925,CVE-2024-49929,CVE-2024-49930,CVE-2024-49933,CVE-2024-49934,CVE-2024-49935,CVE-2024-49936,CVE-2024-49938,CVE-2024-49939,CVE-2024-49945,CVE-2024-49946,CVE-2024-49947,CVE-2024-49949,CVE-2024-49950,CVE-2024-49954,CVE-2024-49955,CVE-2024-49957,CVE-2024-49958,CVE-2024-49959,CVE-2024-49960,CVE-2024-49962,CVE-2024-49963,CVE-2024-49965,CVE-2024-49966,CVE-2024-49967,CVE-2024-49968,CVE-2024-49969,CVE-2024-49973,CVE-2024-49974,CVE-2024-49975,CVE-2024-49981,CVE-2024-49982,CVE-2024-49983,CVE-2024-49985,CVE-2024-49989,CVE-2024-49991,CVE-2024-49993,CVE-2024-49995,CVE-2024-49996,CVE-2024-50000,CVE-2024-50001,CVE-2024-50002,CVE-2024-50003,CVE-2024-50006,CVE-2024-50007,CVE-2024-50008,CVE-2024-50009,CVE-2024-50013,CVE-2024-50014,CVE-2024-50017,CVE-2024-50019,CVE-2024-50024,CVE-2024-50025,CVE-2024-50026,CVE-2024-50028,CVE-2024-50031,CVE-2024-50033,CVE-2024-50035,CVE-2024-50041,CVE-2024-50044,CVE
-2024-50045,CVE-2024-50046,CVE-2024-50047,CVE-2024-50048,CVE-2024-50049,CVE-2024-50055,CVE-2024-50058,CVE-2024-50059,CVE-2024-50061,CVE-2024-50062,CVE-2024-50063,CVE-2024-50067,CVE-2024-50073,CVE-2024-50074,CVE-2024-50077,CVE-2024-50078,CVE-2024-50081,CVE-2024-50082,CVE-2024-50089,CVE-2024-50093,CVE-2024-50095,CVE-2024-50096,CVE-2024-50098,CVE-2024-50099,CVE-2024-50103,CVE-2024-50108,CVE-2024-50110,CVE-2024-50115,CVE-2024-50116,CVE-2024-50117,CVE-2024-50124,CVE-2024-50125,CVE-2024-50127,CVE-2024-50128,CVE-2024-50131,CVE-2024-50134,CVE-2024-50135,CVE-2024-50138,CVE-2024-50141,CVE-2024-50146,CVE-2024-50147,CVE-2024-50148,CVE-2024-50150,CVE-2024-50153,CVE-2024-50154,CVE-2024-50155,CVE-2024-50156,CVE-2024-50160,CVE-2024-50167,CVE-2024-50171,CVE-2024-50179,CVE-2024-50180,CVE-2024-50182,CVE-2024-50183,CVE-2024-50184,CVE-2024-50186,CVE-2024-50187,CVE-2024-50188,CVE-2024-50189,CVE-2024-50192,CVE-2024-50194,CVE-2024-50195,CVE-2024-50196,CVE-2024-50198,CVE-2024-50201,CVE-2024-50205,CVE-2024-5
0208,CVE-2024-50209,CVE-2024-50215,CVE-2024-50218,CVE-2024-50229,CVE-2024-50230,CVE-2024-50232,CVE-2024-50233,CVE-2024-50234,CVE-2024-50236,CVE-2024-50237,CVE-2024-50249,CVE-2024-50255,CVE-2024-50259,CVE-2024-50261,CVE-2024-50264,CVE-2024-50265,CVE-2024-50267,CVE-2024-50268,CVE-2024-50269,CVE-2024-50271,CVE-2024-50273,CVE-2024-50274,CVE-2024-50279,CVE-2024-50282,CVE-2024-50287,CVE-2024-50289,CVE-2024-50290,CVE-2024-50292,CVE-2024-50295,CVE-2024-50298,CVE-2024-50301,CVE-2024-50302,CVE-2024-53052,CVE-2024-53058,CVE-2024-53059,CVE-2024-53060,CVE-2024-53061,CVE-2024-53063,CVE-2024-53066,CVE-2024-53068,CVE-2024-53079,CVE-2024-53085,CVE-2024-53088,CVE-2024-53104,CVE-2024-53110
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47594: mptcp: never allow the PM to close a listener subflow (bsc#1226560).
- CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48957: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() (bsc#1231973).
- CVE-2022-48958: ethernet: aeroflex: fix potential skb leak in greth_init_rings() (bsc#1231889).
- CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() (bsc#1231976).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48966: net: mvneta: Fix an out of bounds check (bsc#1232191).
- CVE-2022-48980: net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing() (bsc#1232233).
- CVE-2022-48983: io_uring: Fix a null-ptr-deref in io_tctx_exit_cb() (bsc#1231959).
- CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2022-49017: tipc: re-fetch skb cb after tipc_msg_validate (bsc#1232004).
- CVE-2022-49020: net/9p: Fix a potential socket leak in p9_socket_open (bsc#1232175).
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-26906: Fixed invalid vsyscall page read for copy_from_kernel_nofault() (bsc#1223202).
- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
- CVE-2024-35937: wifi: cfg80211: check A-MSDU format more carefully (bsc#1224526).
- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).
- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
- CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762).
- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
- CVE-2024-38615: cpufreq: exit() callback is optional (bsc#1226592).
- CVE-2024-39476: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (bsc#1227437).
- CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885).
- CVE-2024-40997: cpufreq: amd-pstate: fix memory leak on CPU EPP exit (bsc#1227853).
- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
- CVE-2024-42226: Prevent potential failure in handle_tx_event() for Transfer events without TRB (bsc#1228709).
- CVE-2024-42253: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (bsc#1229005).
- CVE-2024-44931: gpio: prevent potential speculation leaks in gpio_device_get_desc() (bsc#1229837).
- CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).
- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).
- CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).
- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).
- CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).
- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
- CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (bsc#1230715).
- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).
- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).
- CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).
- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-46809: drm/amd/display: Check BIOS images before it is used (bsc#1231148).
- CVE-2024-46811: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (bsc#1231179).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).
- CVE-2024-46828: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1231114).
- CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096).
- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).
- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).
- CVE-2024-46848: perf/x86/intel: Limit the period on Haswell (bsc#1231072).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).
- CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).
- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).
- CVE-2024-47661: drm/amd/display: Avoid overflow from uint32_t to uint8_t (bsc#1231496).
- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47672: wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (bsc#1231540).
- CVE-2024-47673: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (bsc#1231539).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).
- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).
- CVE-2024-47701: ext4: explicitly exit when ext4_find_inline_entry returns an error (bsc#1231920).
- CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944).
- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).
- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).
- CVE-2024-47720: drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (bsc#1232043).
- CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116).
- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).
- CVE-2024-47738: wifi: mac80211: do not use rate mask for offchannel TX either (bsc#1232114).
- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).
- CVE-2024-47745: mm: split critical region in remap_file_pages() and invoke LSMs in between (bsc#1232135).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174).
- CVE-2024-47757: nilfs2: fix potential oob read in nilfs_btree_check_delete() (bsc#1232187).
- CVE-2024-49858: efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (bsc#1232251).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49866: tracing/timerlat: Fix a race during cpuhp processing (bsc#1232259).
- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).
- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).
- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).
- CVE-2024-49886: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (bsc#1232196).
- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).
- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220).
- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).
- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).
- CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).
- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).
- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).
- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369).
- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965).
- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).
- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).
- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).
- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).
- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49929: wifi: iwlwifi: mvm: avoid NULL pointer dereference (bsc#1232253).
- CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260).
- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49939: wifi: rtw89: avoid to add interface to list twice when SER (bsc#1232381).
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).
- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).
- CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).
- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).
- CVE-2024-49955: ACPI: battery: Fix possible crash when unregistering a battery hook (bsc#1232154).
- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).
- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).
- CVE-2024-49968: ext4: fix error message when rejecting the default hash (bsc#1232264).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49975: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1232104).
- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).
- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).
- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).
- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).
- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318).
- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
- CVE-2024-50019: kthread: unpark only parked kthread (bsc#1231990).
- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).
- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).
- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).
- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).
- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).
- CVE-2024-50046: kabi fix for NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
- CVE-2024-50048: fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (bsc#1232310).
- CVE-2024-50055: driver core: bus: Fix double free in driver API bus_register() (bsc#1232329).
- CVE-2024-50058: serial: protect uart_port_dtr_rts() in uart_shutdown() too (bsc#1232285).
- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).
- CVE-2024-50061: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (bsc#1232263).
- CVE-2024-50063: kABI: bpf: struct bpf_map kABI workaround (bsc#1232435).
- CVE-2024-50073: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (bsc#1232520).
- CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501).
- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50093: thermal: intel: int340x: processor: Fix warning during module unload (bsc#1232877).
- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).
- CVE-2024-50108: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (bsc#1232884).
- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-50134: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape (bsc#1232890).
- CVE-2024-50135: nvme-pci: fix race condition between reset and nvme_dev_disable() (bsc#1232888).
- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
- CVE-2024-50146: net/mlx5e: Do not call cleanup on profile rollback failure (bsc#1233056).
- CVE-2024-50147: net/mlx5: Fix command bitmask initialization (bsc#1233067).
- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).
- CVE-2024-50154: tcp: Fix use-after-free of nreq in reqsk_timer_handler() (bsc#1233070).
- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).
- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).
- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).
- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).
- CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110).
- CVE-2024-50188: net: phy: dp83869: fix memory corruption when enabling fiber (bsc#1233107).
- CVE-2024-50192: irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (bsc#1233106).
- CVE-2024-50195: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (bsc#1233103).
- CVE-2024-50196: pinctrl: ocelot: fix system hang on level based interrupts (bsc#1233113).
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2024-50229: nilfs2: fix potential deadlock with newly created symlinks (bsc#1233205).
- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).
- CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (bsc#1233214).
- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).
- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).
- CVE-2024-53052: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (bsc#1233548).
- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
- CVE-2024-53068: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (bsc#1233561).
- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).
- CVE-2024-53088: i40e: fix race condition by adding filter's intermediate sync state (bsc#1233580).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
The following non-security bugs were fixed:
- acpi: battery: Call power_supply_changed() when adding hooks (bsc#1232154)
- acpi: battery: Simplify battery hook locking (bsc#1232154)
- acpi: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes).
- acpi: CPPC: Fix _CPC register setting issue (git-fixes).
- acpi: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).
- acpi: EC: Do not release locks during operation region accesses (stable-fixes).
- acpi: PAD: fix crash in exit_round_robin() (stable-fixes).
- acpi: PRM: Clean up guid type in struct prm_handler_info (git-fixes).
- acpi: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes).
- acpi: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes).
- acpi: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes).
- acpi: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes).
- acpi: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes).
- acpica: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes).
- acpica: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes).
- acpica: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes).
- acpica: iasl: handle empty connection_node (stable-fixes).
- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).
- adapt same struct naming as similar kABI workaround in SLE15-SP6 (prefixed with 'suse_' to make it more obvious its a downstream thing.
- add bug reference for a mana change (bsc#1229769).
- add bug references to existing mana changes (bsc#1232033, bsc#1232034, bsc#1232036).
- add bugreference to a hv_netvsc patch (bsc#1232413).
- afs: Revert 'afs: Hide silly-rename files from userspace' (git-fixes).
- alsa: 6fire: Release resources at card release (git-fixes).
- alsa: ac97: bus: Fix the mistake in the comment (git-fixes).
- alsa: asihpi: Fix potential OOB array access (stable-fixes).
- alsa: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes).
- alsa: core: add isascii() check to card ID generator (stable-fixes).
- alsa: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes).
- alsa: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes).
- alsa: hda: cs35l41: fix module autoloading (git-fixes).
- alsa: hda: Fix kctl->id initialization (git-fixes).
- alsa: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes).
- alsa: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes).
- alsa: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes).
- alsa: hda/cs8409: Fix possible NULL dereference (git-fixes).
- alsa: hda/generic: Unconditionally prefer preferred_dacs pairs (git-fixes).
- alsa: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes).
- alsa: hda/realtek - FIxed ALC285 headphone no sound (stable-fixes).
- alsa: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes).
- alsa: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes).
- alsa: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes).
- alsa: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes).
- alsa: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes).
- alsa: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes).
- alsa: hda/realtek: Fix the push button function for the ALC257 (git-fixes).
- alsa: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes).
- alsa: hda/realtek: Update ALC225 depop procedure (git-fixes).
- alsa: hda/realtek: Update ALC256 depop procedure (git-fixes).
- alsa: hda/realtek: Update default depop procedure (git-fixes).
- alsa: hdsp: Break infinite MIDI input flush loop (stable-fixes).
- alsa: line6: add hw monitor volume control to POD HD500X (stable-fixes).
- alsa: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes).
- alsa: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes).
- alsa: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes).
- alsa: usb-audio: Add input value sanity checks for standard types (stable-fixes).
- alsa: usb-audio: Add logitech Audio profile quirk (stable-fixes).
- alsa: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes).
- alsa: usb-audio: Add quirk for HP 320 FHD Webcam (stable-fixes).
- alsa: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).
- alsa: usb-audio: Define macros for quirk table entries (stable-fixes).
- alsa: usb-audio: Replace complex quirk lines with macros (stable-fixes).
- alsa: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes).
- amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes).
- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)
- arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes).
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes).
- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)
- arm64: Force position-independent veneers (git-fixes).
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)
- arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes)
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian (git-fixes)
- arm64/sve: Discard stale CPU state when handling SVE traps (git-fixes)
- asoc: allow module autoloading for table db1200_pids (stable-fixes).
- asoc: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes).
- asoc: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes).
- asoc: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).
- asoc: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes).
- asoc: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes).
- asoc: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes).
- asoc: intel: fix module autoloading (stable-fixes).
- asoc: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- asoc: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes).
- asoc: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes).
- asoc: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes).
- asoc: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes).
- asoc: tda7419: fix module autoloading (stable-fixes).
- blk-throttle: Fix io statistics for cgroup v1 (bsc#1233528).
- block: Avoid leaking hctx->nr_active counter on batched completion (bsc#1231923).
- block: print symbolic error name instead of error code (bsc#1231872).
- bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes).
- bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes).
- bluetooth: Call iso_exit() on module unload (git-fixes).
- bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes).
- bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes).
- bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes).
- bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes).
- bluetooth: Remove debugfs directory on module init failure (git-fixes).
- bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes).
- bnxt_en: Fix the PCI-AER routines (git-fixes).
- bnxt_en: refactor reset close code (git-fixes).
- bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() (git-fixes).
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes).
- bnxt_en: Reset PTP tx_avail after possible firmware reset (git-fixes).
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes).
- bnxt_en: Wait for FLR to complete during probe (git-fixes).
- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).
- bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes).
- bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes).
- bpf, x64: Remove tail call detection (git-fixes).
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes).
- bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25 (bsc#1230414 bsc#1229450).
- bpf: Allow helpers to accept pointers with a fixed size (git-fixes).
- bpf: Check for helper calls in check_subprogs() (git-fixes).
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes).
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes).
- bpf: Fix helper writes to read-only maps (git-fixes).
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- bpf: Fix tailcall cases in test_bpf (git-fixes).
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes).
- bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes).
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes).
- btf, scripts: Exclude Rust CUs with pahole (bsc#1230414 bsc#1229450).
- bus: integrator-lm: fix OF node leak in probe() (git-fixes).
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes).
- can: c_can: fix {rx,tx}_errors statistics (git-fixes).
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: j1939: j1939_session_new(): fix skb reference counting (git-fixes).
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes).
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes).
- ceph: fix cap ref leak via netfs init_request (bsc#1231383).
- cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108).
- char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes).
- chtls: fix tp->rcv_tstamp initialization (git-fixes).
- clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885).
- clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885).
- comedi: Flush partial mappings in error case (git-fixes).
- comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes).
- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes).
- crypto: bcm - add error check in the ahash_hmac_init function (git-fixes).
- crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes).
- crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes).
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes).
- crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes).
- crypto: hisilicon - Remove pci_aer_clear_nonfatal_status() call (bsc#1232075)
- crypto: hisilicon/qm - re-enable communicate interrupt before notifying PF (bsc#1232075)
- crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes).
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes).
- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).
- cxgb4: Properly lock TX queue for the selftest (git-fixes).
- cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes).
- debugfs: fix automount d_fsdata usage (git-fixes).
- dn_route: set rt neigh to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- drbd: Add NULL check for net_conf to prevent dereference in state validation (git-fixes).
- drbd: Fix atomicity violation in drbd_uuid_set_bm() (git-fixes).
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes).
- drivers: net: prevent tun_build_skb() to exceed the packet size limit (git-fixes).
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes).
- drm: komeda: Fix an issue related to normalized zpos (stable-fixes).
- drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes).
- drm/amd: Guard against bad data for ATIF ACPI method (git-fixes).
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes).
- drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) (stable-fixes).
- drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (stable-fixes).
- drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes).
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944)
- drm/amd/display: Check null pointer before dereferencing se (stable-fixes).
- drm/amd/display: Check null pointers before using dc->clk_mgr (stable-fixes).
- drm/amd/display: Check stream before comparing them (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 color transformation (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (stable-fixes).
- drm/amd/display: Fix index out of bounds in degamma hardware format translation (stable-fixes).
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes).
- drm/amd/display: Fix system hang while resume with TBT monitor (stable-fixes).
- drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (stable-fixes).
- drm/amd/display: Initialize get_bytes_per_element's default to 1 (stable-fixes).
- drm/amd/display: Round calculated vtotal (stable-fixes).
- drm/amd/display: Validate backlight caps are sane (stable-fixes).
- drm/amd/pm: ensure the fw_info is not null before using it (stable-fixes).
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes).
- drm/amdgpu: add raven1 gfxoff quirk (stable-fixes).
- drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes).
- drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes).
- drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes).
- drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes).
- drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes).
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes).
- drm/amdgpu: properly handle vbios fake edid sizing (git-fixes).
- drm/amdgpu: Replace one-element array with flexible-array member (stable-fixes).
- drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes).
- drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: tc358767: Fix link properties discovery (git-fixes).
- drm/bridge: tc358768: Fix DSI command tx (git-fixes).
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes).
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes).
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes).
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes).
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes).
- drm/msm/dpu: do not always program merge_3d block (git-fixes).
- drm/msm/dpu: make sure phys resources are properly initialized (git-fixes).
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes).
- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).
- drm/omap: Fix possible NULL dereference (git-fixes).
- drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes).
- drm/printer: Allow NULL data in devcoredump printer (stable-fixes).
- drm/radeon: Fix encoder->possible_clones (git-fixes).
- drm/radeon: properly handle vbios fake edid sizing (git-fixes).
- drm/radeon: Replace one-element array with flexible-array member (stable-fixes).
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes).
- drm/rockchip: define gamma registers for RK3399 (stable-fixes).
- drm/rockchip: support gamma control on RK3399 (stable-fixes).
- drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes).
- drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes).
- drm/sti: avoid potential dereference of error pointers (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes).
- drm/v3d: Address race-condition in MMU flush (git-fixes).
- drm/v3d: Stop the active perfmon before being destroyed (git-fixes).
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes).
- drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes).
- drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes).
- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes).
- drm/vc4: Stop the active perfmon before being destroyed (git-fixes).
- drm/vmwgfx: Handle surface check failure correctly (git-fixes).
- drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).
- drop HD-audio conexant patch that caused a regression on Thinkpad (bsc#1228269)
- Drop OCFS2 patch causing a regression (bsc#1233255)
- drop USB dwc2 patch that caused a regression on RPi3 (bsc#1232342)
- e1000e: Fix S0ix residency on corporate systems (git-fixes).
- efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465).
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes).
- erofs: avoid consecutive detection for Highmem memory (git-fixes).
- erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF (git-fixes).
- erofs: fix pcluster use-after-free on UP platforms (git-fixes).
- erofs: fix potential overflow calculating xattr_isize (git-fixes).
- erofs: stop parsing non-compact HEAD index if clusterofs is invalid (git-fixes).
- eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes).
- exportfs: use pr_debug for unreachable debug statements (git-fixes).
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- fat: fix uninitialized variable (git-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).
- fgraph: Change the name of cpuhp state to 'fgraph:online' (git-fixes).
- fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes).
- fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes).
- filelock: fix potential use-after-free in posix_lock_inode (git-fixes).
- firmware: google: Unregister driver_info on failure (git-fixes).
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes).
- Fix regression on AMDGPU driver (bsc#1233134)
- fs: Fix file_set_fowner LSM hook inconsistencies (git-fixes).
- fs/namespace: fnic: Switch to use %ptTd (git-fixes).
- fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes).
- genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes).
- goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes).
- gpio: aspeed: Add the flush write to ensure the write complete (git-fixes).
- gpio: aspeed: Use devm_clk api to manage clock source (git-fixes).
- gpio: davinci: fix lazy disable (git-fixes).
- gve: Fix an edge case for TSO skb validity check (git-fixes).
- gve: Fix skb truesize underestimation (git-fixes).
- gve: Fix XDP TX completion handling when counters overflow (git-fixes).
- gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes).
- hid: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes).
- hid: core: zero-initialize the report buffer (git-fixes).
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes).
- hid: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes).
- hid: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes).
- hid: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes).
- hid: multitouch: Add support for B2402FVA track point (stable-fixes).
- hid: multitouch: Add support for GT7868Q (stable-fixes).
- hid: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes).
- hid: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes).
- hid: wacom: Defer calculation of resolution until resolution_code is known (git-fixes).
- hid: wacom: fix when get product name maybe null pointer (git-fixes).
- hid: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes).
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes).
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes).
- i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes).
- i2c: imx-lpi2c: return -EINVAL when i2c peripheral clk does not work (bsc#1227885).
- i2c: imx-lpi2c: use bulk clk API (bsc#1227885).
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes).
- i2c: xiic: Fix broken locking on tx_msg (stable-fixes).
- i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- i2c: xiic: Fix RX IRQ busy check (stable-fixes).
- i2c: xiic: improve error message when transfer fails to start (stable-fixes).
- i2c: xiic: Switch from waitqueue to completion (stable-fixes).
- i2c: xiic: Try re-initialization on bus busy timeout (git-fixes).
- i2c: xiic: Use devm_clk_get_enabled() (stable-fixes).
- i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path (git-fixes).
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes).
- i40e: avoid double calling i40e_pf_rxq_wait() (git-fixes).
- i40e: disable NAPI right after disabling irqs when handling xsk_pool (git-fixes).
- i40e: Fix filter input checks to prevent config with invalid values (git-fixes).
- i40e: fix use-after-free in i40e_aqc_add_filters() (git-fixes).
- i40e: Fix waiting for queues of all VSIs to be disabled (git-fixes).
- i40e: Fix XDP program unloading while removing the driver (git-fixes).
- i40e: Report MFS in decimal base instead of hex (git-fixes).
- i40e: Restore VF MSI-X state during PCI reset (git-fixes).
- i40e: take into account XDP Tx queues when stopping rings (git-fixes).
- iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK is set (git-fixes).
- iavf: fix FDIR rule fields masks validation (git-fixes).
- iavf: Fix promiscuous mode configuration flow messages (git-fixes).
- iavf: Fix TC config comparison with existing adapter TC config (git-fixes).
- iavf: in iavf_down, disable queues when removing the driver (git-fixes).
- iavf: initialize waitqueues before starting watchdog_task (git-fixes).
- iavf: Introduce new state machines for flow director (git-fixes).
- iavf: send VLAN offloading caps once after VFR (git-fixes).
- iavf: validate tx_coalesce_usecs even if rx_coalesce_usecs is zero (git-fixes).
- ibmvnic: Do partial reset on login failure (bsc#1233150).
- ibmvnic: Enforce stronger sanity checks on login response (bsc#1233150).
- ibmvnic: Ensure login failure recovery is safe from other resets (bsc#1233150).
- ibmvnic: Handle DMA unmapping of login buffs in release functions (bsc#1233150).
- ibmvnic: Unmap DMA login rsp buffer on send login fail (bsc#1233150).
- ice: avoid executing commands on other ports when driving sync (git-fixes).
- ice: Block switchdev mode when ADQ is active and vice versa (git-fixes).
- ice: change q_index variable type to s16 to store -1 value (git-fixes).
- ice: fix accounting for filters shared by multiple VSIs (git-fixes).
- ice: fix accounting if a VLAN already exists (git-fixes).
- ice: fix ICE_LAST_OFFSET formula (git-fixes).
- ice: Fix link_down_on_close message (git-fixes).
- ice: Fix netif_is_ice() in Safe Mode (git-fixes).
- ice: Fix NULL pointer deref during VF reset (git-fixes).
- ice: fix over-shifted variable (git-fixes).
- ice: fix receive buffer size miscalculation (git-fixes).
- ice: fix VLAN replay after reset (git-fixes).
- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).
- ice: ice_aq_check_events: fix off-by-one check when filling buffer (git-fixes).
- ice: Interpret .set_channels() input differently (git-fixes).
- ice: reset first in crash dump kernels (git-fixes).
- ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes).
- ice: Shut down VSI with 'link-down-on-close' enabled (git-fixes).
- ice: tc: allow zero flags in parsing tc flower (git-fixes).
- ice: Unbind the workqueue (bsc#1231344).
- ice: virtchnl: stop pretending to support RSS over AQ or registers (git-fixes).
- idpf: avoid compiler introduced padding in virtchnl2_rss_key struct (git-fixes).
- idpf: avoid compiler padding in virtchnl2_ptype struct (git-fixes).
- idpf: disable local BH when scheduling napi for marker packets (git-fixes).
- idpf: distinguish vports by the dev_port attribute (git-fixes).
- idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes).
- idpf: fix corrupted frames and skb leaks in singleq mode (git-fixes).
- idpf: fix memleak in vport interrupt configuration (git-fixes).
- idpf: fix memory leaks and crashes while performing a soft reset (git-fixes).
- idpf: fix UAFs when destroying the queues (git-fixes).
- idpf: Interpret .set_channels() input differently (git-fixes).
- igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes).
- igb: extend PTP timestamp adjustments to i211 (git-fixes).
- igb: Fix missing time sync events (git-fixes).
- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).
- igc: Check VLAN EtherType mask (git-fixes).
- igc: Check VLAN TCI mask (git-fixes).
- igc: Fix hicredit calculation (git-fixes).
- igc: Fix missing time sync events (git-fixes).
- igc: Remove temporary workaround (git-fixes).
- igc: Report VLAN EtherType matching back to user (git-fixes).
- igc: Unlock on error in igc_io_resume() (git-fixes).
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes).
- iio: adc: ad7606: Fix typo in the driver name (git-fixes).
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes).
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes).
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes).
- iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes).
- iio: light: opt3001: add missing full-scale range value (git-fixes).
- iio: light: veml6030: fix ALS sensor resolution (git-fixes).
- iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes).
- iio: light: veml6030: fix microlux value calculation (git-fixes).
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).
- input: adp5589-keys - fix NULL pointer dereference (git-fixes).
- input: ads7846 - ratelimit the spi_sync error message (stable-fixes).
- input: goodix - use the new soc_intel_is_byt() helper (stable-fixes).
- input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (git-fixes).
- input: i8042 - add Ayaneo Kun to i8042 quirk table (git-fixes).
- input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (git-fixes).
- input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (git-fixes).
- input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (git-fixes).
- input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes).
- iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes).
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes).
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (git-fixes).
- itco_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes).
- ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able (git-fixes).
- ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() (git-fixes).
- ixgbe: fix crash with empty VF macvlan list (git-fixes).
- ixgbe: fix timestamp configuration code (git-fixes).
- jfs: check if leafidx greater than num leaves per dmap tree (git-fixes).
- jfs: Fix sanity check in dbMount (git-fixes).
- jfs: Fix uaf in dbFreeBits (git-fixes).
- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).
- kab: fix after net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes).
- kabi fix of KVM: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes).
- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).
- kABI: bpf: struct bpf_func_proto kABI workaround (git-fixes).
- kabi: fix after kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- kabi: fix after KVM: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes).
- kabi: Restore exported __arm_smccc_sve_check (git-fixes)
- kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450).
- kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450).
- kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450).
- kbuild: add test-{ge,gt,le,lt} macros (bsc#1230414 bsc#1229450).
- kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450).
- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450).
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- kernel.h: split out COUNT_ARGS() and CONCATENATE() to args.h (git-fixes)
- kexec: fix a memory leak in crash_shrink_memory() (git-fixes).
- kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- kvm: Add support for arch compat vm ioctls (git-fixes).
- kvm: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes).
- kvm: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes).
- kvm: arm64: Fix AArch32 register narrowing on userspace write (git-fixes).
- kvm: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes).
- kvm: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes).
- kvm: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes).
- kvm: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes).
- kvm: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes).
- kvm: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes).
- kvm: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes).
- kvm: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git-fixes).
- kvm: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes).
- kvm: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes).
- kvm: eventfd: Fix false positive RCU usage warning (git-fixes).
- kvm: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes).
- kvm: Fix lockdep false negative during host resume (git-fixes).
- kvm: fix memoryleak in kvm_init() (git-fixes).
- kvm: Grab a reference to KVM for VM and vCPU stats file descriptors (git-fixes).
- kvm: Optimize kvm_make_vcpus_request_mask() a bit (git-fixes).
- kvm: PPC: Book3S HV: remove unused varible (bsc#1194869).
- kvm: Pre-allocate cpumasks for kvm_make_all_cpus_request_except() (git-fixes).
- kvm: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes).
- kvm: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232631).
- kvm: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231277).
- kvm: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232630).
- kvm: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes).
- kvm: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes).
- kvm: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes).
- kvm: Unconditionally get a ref to /dev/kvm module when creating a VM (git-fixes).
- kvm: Write the per-page 'segment' when clearing (part of) a guest page (git-fixes).
- kvm: x86: Use a stable condition around all VT-d PI paths (git-fixes).
- kvm: x86/mmu: Fold rmap_recycle into rmap_add (git-fixes).
- kvm: x86/mmu: Rename slot_handle_leaf to slot_handle_level_4k (git-fixes).
- kvm/arm64: rework guest entry logic (git-fixes).
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes).
- Makefile.compiler: replace cc-ifversion with compiler-specific macros (bsc#1230414 bsc#1229450).
- media: adv7604: prevent underflow condition when reporting colorspace (git-fixes).
- media: cx24116: prevent overflows on SNR calculus (git-fixes).
- media: dvb_frontend: do not play tricks with underflow values (git-fixes).
- media: dvb-usb-v2: af9035: fix missing unlock (git-fixes).
- media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (stable-fixes).
- media: dvbdev: prevent the risk of out of memory access (git-fixes).
- media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes).
- media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes).
- media: stb0899_algo: initialize cfr before using it (git-fixes).
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes).
- media: v4l2-tpg: prevent the risk of a division by zero (git-fixes).
- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes).
- mei: use kvmalloc for read buffer (git-fixes).
- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).
- mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012).
- mm/memory: add non-anonymous page check in the copy_present_page() (bsc#1231646).
- modpost: remove incorrect code in do_eisa_entry() (git-fixes).
- module: abort module loading when sysfs setup suffer errors (git-fixes).
- nbd: fix race between timeout and normal completion (bsc#1230918).
- net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes).
- net: ena: Fix potential sign extension issue (git-fixes).
- net: ena: Remove ena_select_queue (git-fixes).
- net: ena: Wrong missing IO completions check order (git-fixes).
- net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891).
- net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289).
- net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes).
- net: relax socket state check at accept time (git-fixes).
- net: socket: suppress unused warning (git-fixes).
- net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes).
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes).
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes).
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes).
- net: usb: usbnet: fix name regression (git-fixes).
- net: usb: usbnet: fix race in probe failure (git-fixes).
- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes).
- net/mlx5: Added cond_resched() to crdump collection (git-fixes).
- net/mlx5: Allow 0 for total host VFs (git-fixes).
- net/mlx5: Correctly compare pkt reformat ids (git-fixes).
- net/mlx5: DR, Can't go to uplink vport on RX rule (git-fixes).
- net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx (git-fixes).
- net/mlx5: DR, Use the right GVMI number for drop action (git-fixes).
- net/mlx5: Drain health before unregistering devlink (git-fixes).
- net/mlx5: E-switch, register event handler before arming the event (git-fixes).
- net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes).
- net/mlx5: Fix fw tracer first block check (git-fixes).
- net/mlx5: fix potential memory leak in mlx5e_init_rep_rx (git-fixes).
- net/mlx5: fs, lock FTE when checking if active (git-fixes).
- net/mlx5: Handle fw tracer change ownership event based on MTRC (git-fixes).
- net/mlx5: LAG, Check correct bucket when modifying LAG (git-fixes).
- net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes).
- net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes).
- net/mlx5: Lag, restore buckets number to default after hash LAG deactivation (git-fixes).
- net/mlx5: Skip clock update work when device is in error state (git-fixes).
- net/mlx5: Unregister notifier on eswitch init failure (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5: Use mlx5 device constant for selecting CQ period mode for ASO (git-fixes).
- net/mlx5: Use recovery timeout on sync reset flow (git-fixes).
- net/mlx5: Use RMW accessors for changing LNKCTL (git-fixes).
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes).
- net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes).
- net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes).
- net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
- net/mlx5e: Allow software parsing when IPsec crypto is enabled (git-fixes).
- net/mlx5e: Change the warning when ignore_flow_level is not supported (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version buffer (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors (git-fixes).
- net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes).
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes).
- net/mlx5e: Do not offload internal port if filter device is out device (git-fixes).
- net/mlx5e: fix a potential double-free in fs_udp_create_groups (git-fixes).
- net/mlx5e: Fix crash moving to switchdev mode when ntuple offload is set (git-fixes).
- net/mlx5e: fix double free in macsec_fs_tx_create_crypto_table_groups (git-fixes).
- net/mlx5e: fix double free of encap_header (git-fixes).
- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes).
- net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes).
- net/mlx5e: Fix pedit endianness (git-fixes).
- net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work (git-fixes).
- net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() (git-fixes).
- net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() (git-fixes).
- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).
- net/mlx5e: HTB, Fix inconsistencies with QoS SQs number (git-fixes).
- net/mlx5e: kTLS, Fix incorrect page refcounting (git-fixes).
- net/mlx5e: Move representor neigh cleanup to profile cleanup_tx (git-fixes).
- net/mlx5e: Reduce the size of icosq_str (git-fixes).
- net/mlx5e: Take state lock during tx timeout reporter (git-fixes).
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes).
- net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX (bsc#1226797)
- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes).
- nfs: Avoid unnecessary rescanning of the per-server delegation list (git-fixes).
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).
- nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes).
- nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes).
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).
- nfsd: Fix NFSv4's PUTPUBFH operation (git-fixes).
- nfsd: fix refcount leak when file is unhashed after being found (git-fixes).
- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).
- nfsd: Mark filecache 'down' if init fails (git-fixes).
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes).
- nfsd: return -EINVAL when namelen is 0 (git-fixes).
- nfsv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- nfsv4: Fix clearing of layout segments in layoutreturn (git-fixes).
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes).
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes).
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (stable-fixes).
- nvme-fabrics: fix kernel crash while shutting down controller (git-fixes).
- nvme-multipath: system fails to create generic nvme device (git-fixes).
- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).
- nvme-pci: qdepth 1 quirk (git-fixes).
- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).
- nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes).
- ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes).
- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes).
- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes).
- parport: Proper fix for array out-of-bounds access (git-fixes).
- pci: Add ACS quirk for Qualcomm SA8775P (stable-fixes).
- pci: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes).
- pci: Add T_PVPERL macro (git-fixes).
- pci: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes).
- pci: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019).
- pci: Fix reset_method_store() memory leak (git-fixes).
- pci: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes).
- pci: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes).
- pci: keystone: Set mode as Root Complex for 'ti,keystone-pcie' compatible (git-fixes).
- pci: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes).
- pci: rockchip-ep: Fix address translation unit programming (git-fixes).
- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes).
- platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes).
- platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes).
- platform/x86: dell-sysman: add support for alienware products (stable-fixes).
- platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes).
- platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes).
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098).
- power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes).
- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).
- power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes).
- powerpc: Allow clearing and restoring registers independent of saved breakpoint state (bsc#1194869).
- powerpc: remove GCC version check for UPD_CONSTR (bsc#1194869).
- powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869).
- powerpc/asm: Remove UPD_CONSTR after GCC 4.9 removal (bsc#1194869).
- powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869).
- powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869).
- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).
- powerpc/code-patching: Add generic memory patching (bsc#1194869).
- powerpc/code-patching: Consolidate and cache per-cpu patching context (bsc#1194869).
- powerpc/code-patching: Do not call is_vmalloc_or_module_addr() without CONFIG_MODULES (bsc#1194869).
- powerpc/code-patching: Fix error handling in do_patch_instruction() (bsc#1194869).
- powerpc/code-patching: Fix oops with DEBUG_VM enabled (bsc#1194869).
- powerpc/code-patching: Fix unmap_patch_area() error handling (bsc#1194869).
- powerpc/code-patching: introduce patch_instructions() (bsc#1194869).
- powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869).
- powerpc/code-patching: Pre-map patch area (bsc#1194869).
- powerpc/code-patching: Remove #ifdef CONFIG_STRICT_KERNEL_RWX (bsc#1194869).
- powerpc/code-patching: Remove pr_debug()/pr_devel() messages and fix check() (bsc#1194869).
- powerpc/code-patching: Reorganise do_patch_instruction() to ease error handling (bsc#1194869).
- powerpc/code-patching: Speed up page mapping/unmapping (bsc#1194869).
- powerpc/code-patching: Use jump_label to check if poking_init() is done (bsc#1194869).
- powerpc/code-patching: Use temporary mm for Radix MMU (bsc#1194869).
- powerpc/code-patching: Use WARN_ON and fix check in poking_init (bsc#1194869).
- powerpc/ftrace: Use patch_instruction() return directly (bsc#1194869).
- powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git-fixes).
- powerpc/imc-pmu: Use the correct spinlock initializer (bsc#1054914 git-fixes).
- powerpc/inst: Refactor ___get_user_instr() (bsc#1194869).
- powerpc/kexec: Fix return of uninitialized variable (bsc#1194869).
- powerpc/lib: Add __init attribute to eligible functions (bsc#1194869).
- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).
- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869).
- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).
- powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869).
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869).
- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869).
- powerpc/tlb: Add local flush for page given mm_struct and psize (bsc#1194869).
- powerpc/vdso: augment VDSO32 functions to support 64 bits build (bsc#1194869).
- powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869).
- powerpc/vdso: Merge vdso64 and vdso32 into a single directory (bsc#1194869).
- powerpc/vdso: Rework VDSO32 makefile to add a prefix to object files (bsc#1194869).
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869).
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- qed: avoid truncating work queue length (git-fixes).
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631).
- rcu: Add rcutree.nohz_full_patience_delay to reduce nohz_full (bsc#1231327)
- rdma/bnxt_re: Add a check for memory allocation (git-fixes)
- rdma/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)
- rdma/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)
- rdma/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)
- rdma/bnxt_re: Fix the GID table length (git-fixes)
- rdma/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)
- rdma/bnxt_re: Fix the usage of control path spin locks (git-fixes)
- rdma/bnxt_re: Return more meaningful error (git-fixes)
- rdma/bnxt_re: synchronize the qp-handle table array (git-fixes)
- rdma/cxgb4: Dump vendor specific QP details (git-fixes)
- rdma/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)
- rdma/hns: Add clear_hem return value to log (git-fixes)
- rdma/hns: Add mutex_destroy() (git-fixes)
- rdma/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)
- rdma/hns: Fix cpu stuck caused by printings during reset (git-fixes)
- rdma/hns: Fix different dgids mapping to the same dip_idx (git-fixes)
- rdma/hns: Fix flush cqe error when racing with destroy qp (git-fixes)
- rdma/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)
- rdma/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)
- rdma/hns: Remove unnecessary QP type checks (git-fixes)
- rdma/hns: Remove unused abnormal interrupt of type RAS (git-fixes)
- rdma/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)
- rdma/hns: Use macro instead of magic number (git-fixes)
- rdma/irdma: Fix misspelling of 'accept*' (git-fixes)
- rdma/mad: Improve handling of timed out WRs of mad agent (git-fixes)
- rdma/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes).
- rdma/mana_ib: use the correct page table index based on hardware page size (git-fixes).
- rdma/mlx5: Move events notifier registration to be after device registration (git-fixes)
- rdma/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)
- rdma/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes).
- rdma/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)
- rdma/rxe: Fix the qp flush warnings in req (git-fixes)
- rdma/rxe: Set queue pair cur_qp_state when being queried (git-fixes)
- rdma/srpt: Make slab cache names unique (git-fixes)
- Removed the duplicated check of static_assert(sizeof(struct work_struct) >= sizeof(struct rcu_head)).
- Removed unnecessary white-space change in kernel/bpf/syscall.c
- Revert 'cgroup: Fix memory leak caused by missing cgroup_bpf_offline' (bsc#1234108).
- Revert 'ixgbe: Manual AN-37 for troublesome link partners for X550 SFI' (git-fixes).
- Revert 'KVM: Prevent module exit until all VMs are freed' (git-fixes).
- Revert 'mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K' (git-fixes).
- Revert 'usb: gadget: composite: fix OS descriptors w_value logic' (git-fixes).
- Revert 'usb: yurex: Replace snprintf() with the safer scnprintf() variant' (stable-fixes).
- Revert PM changes that caused a regression on S4 resume (bsc#1231578).
- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK.
- rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY gcc version dependent, at least on ppc
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
- rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes).
- rtc: abx80x: Fix WDT bit position of the status register (git-fixes).
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes).
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747).
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232632).
- sched/isolation: Prevent boot crash when the boot CPU is (bsc#1231327)
- scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes).
- scsi: core: alua: I/O errors for ALUA state transitions (git-fixes).
- scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes).
- scsi: core: Handle devices which return an unusually large VPD page count (git-fixes).
- scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (git-fixes).
- scsi: fnic: Move flush_work initialization out of if block (bsc#1230055).
- scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes).
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes).
- scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes).
- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241).
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757).
- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241).
- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241).
- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241).
- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241).
- scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241).
- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757).
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757).
- scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241).
- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241).
- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241).
- scsi: lpfc: Remove trailing space after \n newline (bsc#1232757).
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (git-fixes).
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757).
- scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241).
- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241).
- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757).
- scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes).
- scsi: mac_scsi: Refactor polling loop (git-fixes).
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes).
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes).
- scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes).
- scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes).
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes).
- scsi: smartpqi: correct stream detection (git-fixes).
- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes).
- scsi: spi: Fix sshdr use (git-fixes).
- scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes).
- security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes).
- selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes).
- selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes).
- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes).
- selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes).
- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes).
- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).
- sfc: Check firmware supports Ethernet PTP filter (git-fixes).
- sfc: do not unregister flow_indr if it was never registered (git-fixes).
- sfc: fix a double-free bug in efx_probe_filters (git-fixes).
- signal: Replace BUG_ON()s (bsc#1234093).
- spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes).
- spi: bcm63xx: Enable module autoloading (stable-fixes).
- spi: bcm63xx: Fix module autoloading (git-fixes).
- spi: Fix acpi deferred irq probe (git-fixes).
- spi: lpspi: release requested DMA channels (stable-fixes).
- spi: lpspi: Silence error message upon deferred probe (stable-fixes).
- spi: lpspi: Simplify some error message (git-fixes).
- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes).
- spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes).
- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).
- spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes).
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes).
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes).
- static_call: Do not make __static_call_return0 static (git-fixes).
- sunrpc: clnt.c: Remove misleading comment (git-fixes).
- sunrpc: Fix integer overflow in decode_rc_list() (git-fixes).
- sunrpc: Fixup gss_status tracepoint error output (git-fixes).
- thermal: core: Initialize thermal zones before registering them (git-fixes).
- thermal: intel: int340x: processor: Fix warning during module unload (git-fixes).
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes).
- tracing: Consider the NULL character when validating the event length (git-fixes).
- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).
- tracing/uprobes: Use trace_event_buffer_reserve() helper (git-fixes).
- tun: Fix xdp_rxq_info's queue_index when detaching (git-fixes).
- tun: prevent negative ifindex (git-fixes).
- ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460).
- Update config files (bsc#1218644). LIVEPATCH_IPA_CLONES=n => LIVEPATCH=n
- Update config files. Enabled IDPF for ARM64 (bsc#1221309)
- uprobe: avoid out-of-bounds memory access of fetching args (git-fixes).
- uprobes: encapsulate preparation of uprobe args buffer (git-fixes).
- usb: appledisplay: close race between probe and completion handler (stable-fixes).
- usb: chaoskey: fail open after removal (git-fixes).
- usb: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes).
- usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes).
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes).
- usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes).
- usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes).
- usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes).
- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).
- usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes).
- usb: gadget: core: force synchronous registration (git-fixes).
- usb: misc: cypress_cy7c63: check for short transfer (stable-fixes).
- usb: misc: yurex: fix race between read and write (stable-fixes).
- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes).
- usb: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes).
- usb: serial: io_edgeport: fix use after free in debug printk (git-fixes).
- usb: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes).
- usb: serial: option: add Quectel RG650V (stable-fixes).
- usb: serial: option: add support for Quectel EG916Q-GL (stable-fixes).
- usb: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes).
- usb: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes).
- usb: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes).
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes).
- usb: typec: altmode should keep reference to parent (git-fixes).
- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes).
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes).
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes).
- usb: xhci: Fix problem with xhci resume from suspend (stable-fixes).
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes).
- usb: yurex: Fix inconsistent locking bug in yurex_read() (git-fixes).
- usb: yurex: make waiting on yurex_write interruptible (git-fixes).
- usb: yurex: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usbip: tools: Fix detach_port() invalid port error path (git-fixes).
- usbnet: ipheth: fix carrier detection in modes 1 and 4 (stable-fixes).
- Use pahole -j1 option for reproducible builds (bsc#1230414 bsc#1229450).
- vdpa/mlx5: preserve CVQ vringh index (git-fixes).
- vhost_vdpa: assign irq bypass producer token correctly (git-fixes).
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes).
- virtio_console: fix misc probe bugs (git-fixes).
- virtio_net: fixing XDP for fully checksummed packets handling (git-fixes).
- virtio-net: synchronize probe with ndo_set_features (git-fixes).
- vmxnet3: add command to allow disabling of offloads (bsc#1226498).
- vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498).
- vmxnet3: prepare for version 9 changes (bsc#1226498).
- vmxnet3: update to version 9 (bsc#1226498).
- vsock/virtio: fix packet delivery to tap device (git-fixes).
- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes).
- watchdog: rti: of: honor timeout-sec property (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes).
- wifi: ath10k: Fix memory leak in management tx (git-fixes).
- wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes).
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes).
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes).
- wifi: ath9k: fix parameter check in ath9k_init_debug() (stable-fixes).
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes).
- wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes).
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes).
- wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes).
- wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes).
- wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes).
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (stable-fixes).
- wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes).
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes).
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes).
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes).
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).
- workqueue: Avoid using isolated cpus' timers on (bsc#1231327)
- workqueue: mark power efficient workqueue as unbounded if (bsc#1231327)
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).
- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).
- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).
- x86/kaslr: Expose and use the end of the physical memory address space (bsc#1230405).
- x86/kvm: fix is_stale_page_fault() (bsc#1221333).
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- xhci: Fix incorrect stream context type macro (git-fixes).
- xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes).
- xhci: Mitigate failed set dequeue pointer commands (git-fixes).
- xhci: Separate PORT and CAPs macros into dedicated file (stable-fixes).
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2024:4377-1
Released: Thu Dec 19 07:10:53 2024
Summary: Feature update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: feature
Severity: low
References: 1232024
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Add amazon-dracut-config, google-dracut-config, microsoft-dracut-config to Public Cloud 15-SP[3-6] channels (bsc#1232024)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4383-1
Released: Thu Dec 19 09:05:03 2024
Summary: Recommended update for grub2
Type: recommended
Severity: moderate
References: 1231604,1232573
This update for grub2 fixes the following issues:
- xen-debug Subpackage Created: Debug files (with the .module suffix) previously included in the main xen package have
been moved to a separate xen-debug subpackage (bsc#1232573)
- minix Filesystem Misdetection Fixed: Addressed an issue where leftover data on disk could cause a misdetection and
errors (bsc#1231604)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4386-1
Released: Thu Dec 19 15:04:16 2024
Summary: Security update for avahi
Type: security
Severity: moderate
References: 1226586,1233420,CVE-2024-52616
This update for avahi fixes the following issues:
- CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420)
Other fixes:
- no longer supply bogus services to callbacks (bsc#1226586).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4403-1
Released: Fri Dec 20 16:42:05 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4410-1
Released: Mon Dec 23 12:19:40 2024
Summary: Recommended update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: recommended
Severity: moderate
References: 1234708
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Fix support level to L3 (bsc#1234708)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4426-1
Released: Fri Dec 27 08:46:10 2024
Summary: Recommended update for google-guest-configs
Type: recommended
Severity: moderate
References: 1231775,1231776,1233625,1233626
This update for google-guest-configs fixes the following issues:
- Update to version 20241121.00 (bsc#1233625, bsc#1233626)
- Temporarily revert google_set_multiqueue changes for release
- Remove IDPF devices from renaming rules
- gce-nic-naming: Exit 1 so that udev ignores the rule on error
- Remove Apt IPv4 only config for Debian and Ubuntu
- Add GCE intent based NIC naming tools
- google_set_multiqueue: skip set_irq if NIC is not a gvnic device
- Update to version 20241021.00 (bsc#1231775, bsc#1231776)
- Add GCE-specific config for systemd-resolved
- Update google_set_multiqueue to enable on A3Ultra family
- Update OWNERS
- Depend on jq in enterprise linux
- Always use IP from primary NIC in the networkd-dispatcher routable hook
- Call google_set_hostname on openSUSE and when the agent is configured to manage hostname and FQDN, let it
- Include systemd-networkd hook in Ubuntu packaging
- Fix the name for A3 Edge VMs
- Update is_a3_platform to include A3-edge shape
- Add systemd-networkd hostname hook
- Add hostname hook for NetworkManager without dhclient compat script
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:73-1
Released: Mon Jan 13 07:10:00 2025
Summary: Recommended update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: recommended
Severity: moderate
References: 1232024
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Add amazon-dracut-config, google-dracut-config, microsoft-dracut-config to MicroOS 5.1, 5.2 and Micro 5.3, 5.4, 5.5 channels (bsc#1232024)
- Move dracut config files to usr/lib/ dir
- Add provides and conflicts on generic name dracut-instance-change-config
- Rename config for nvme for consistency
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:76-1
Released: Mon Jan 13 10:42:05 2025
Summary: Recommended update for containerd
Type: recommended
Severity: moderate
References:
This update for containerd fixes the following issues:
containerd was updated from version 1.7.21 to 1.7.23:
- Changes in version 1.7.23:
* Highlights:
+ Added error definition aliases
+ Allow proxy plugins to have capabilities
+ Revert a previous errdefs package migration
* Container Runtime Interface (CRI):
+ Added check for CNI plugins before tearing down pod network
* Image Distribution:
+ Fixed the race condition during GC of snapshots when client retries
* Full Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.23
- Changes in version 1.7.22:
* Highlights:
+ Build and Release Toolchain
+ Updated Go (go1.22.7 and go1.23.1)
* Container Runtime Interface (CRI):
+ Added a fix for decreasing cumulative stats
* Runtime:
+ Fixed bug where init exits were being dropped
+ Update runc binary to 1.1.14
* Full Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.22
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:148-1
Released: Thu Jan 16 17:00:45 2025
Summary: Recommended update for cryptsetup
Type: recommended
Severity: moderate
References: 1234273
This update for cryptsetup fixes the following issue:
- luksFormat succeeds despite creating corrupt device (bsc#1234273).
* Add a better warning if luksFormat ends with image without any space for data.
* Print warning early if LUKS container is too small for activation.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:201-1
Released: Tue Jan 21 13:51:32 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1170891,1173139,1185010,1190358,1190428,1203332,1205521,1209288,1209798,1211593,1211595,1214635,1215304,1215523,1216813,1216909,1219608,1222878,1223044,1225758,1225820,1226694,1228190,1229809,1230422,1230697,1231388,1231453,1231854,1232045,1232157,1232166,1232419,1232436,1232472,1232823,1233038,1233050,1233070,1233096,1233127,1233200,1233239,1233324,1233467,1233468,1233469,1233485,1233547,1233550,1233558,1233564,1233568,1233637,1233642,1233701,1233769,1233837,1234072,1234073,1234075,1234076,1234077,1234087,1234120,1234156,1234219,1234220,1234240,1234241,1234281,1234282,1234294,1234338,1234357,1234437,1234464,1234605,1234639,1234650,1234727,1234811,1234827,1234834,1234843,1234846,1234853,1234856,1234891,1234912,1234920,1234921,1234960,1234963,1234971,1234973,1235004,1235035,1235037,1235039,1235054,1235056,1235061,1235073,1235220,1235224,1235246,1235507,CVE-2021-47202,CVE-2022-36280,CVE-2022-48742,CVE-2022-49033,CVE-2022-49035,CVE-2023-1382,CVE-2023-33951,CVE-2023-33952,CV
E-2023-52920,CVE-2024-24860,CVE-2024-26886,CVE-2024-26924,CVE-2024-36915,CVE-2024-42232,CVE-2024-44934,CVE-2024-47666,CVE-2024-47678,CVE-2024-49944,CVE-2024-49952,CVE-2024-50018,CVE-2024-50143,CVE-2024-50154,CVE-2024-50166,CVE-2024-50181,CVE-2024-50202,CVE-2024-50211,CVE-2024-50256,CVE-2024-50262,CVE-2024-50278,CVE-2024-50279,CVE-2024-50280,CVE-2024-50296,CVE-2024-53051,CVE-2024-53055,CVE-2024-53056,CVE-2024-53064,CVE-2024-53072,CVE-2024-53090,CVE-2024-53095,CVE-2024-53101,CVE-2024-53113,CVE-2024-53114,CVE-2024-53119,CVE-2024-53120,CVE-2024-53122,CVE-2024-53125,CVE-2024-53130,CVE-2024-53131,CVE-2024-53142,CVE-2024-53146,CVE-2024-53150,CVE-2024-53156,CVE-2024-53157,CVE-2024-53158,CVE-2024-53161,CVE-2024-53162,CVE-2024-53173,CVE-2024-53179,CVE-2024-53206,CVE-2024-53210,CVE-2024-53213,CVE-2024-53214,CVE-2024-53239,CVE-2024-53240,CVE-2024-53241,CVE-2024-56539,CVE-2024-56548,CVE-2024-56549,CVE-2024-56570,CVE-2024-56571,CVE-2024-56575,CVE-2024-56598,CVE-2024-56604,CVE-2024-56605,CVE-2024-
56619,CVE-2024-56755,CVE-2024-8805
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-48742: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (bsc#1226694).
- CVE-2022-49033: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (bsc#1232045).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-33951: Fixed a race condition that could have led to an information disclosure inside the vmwgfx driver (bsc#1211593).
- CVE-2023-33952: Fixed a double free that could have led to a local privilege escalation inside the vmwgfx driver (bsc#1211595).
- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).
- CVE-2024-26886: Bluetooth: af_bluetooth: Fix deadlock (bsc#1223044).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809).
- CVE-2024-47666: scsi: pm80xx: Set phy->enable_completion only when we wait for it (bsc#1231453).
- CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854).
- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
- CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419).
- CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038).
- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
- CVE-2024-50181: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (bsc#1233127).
- CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324).
- CVE-2024-50211: udf: refactor inode_bmap() to handle error (bsc#1233096).
- CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200).
- CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239).
- CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469).
- CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-53072: platform/x86/amd/pmc: Detect when STB is not available (bsc#1233564).
- CVE-2024-53090: afs: Fix lock recursion (bsc#1233637).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53101: fs: Fix uninitialized value issue in from_kuid and from_kgid (bsc#1233769).
- CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077).
- CVE-2024-53114: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1234072).
- CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073).
- CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219).
- CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53150: ALSA: usb-audio: Fix out of bounds reads when finding clock sources (bsc#1234834).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53157: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (bsc#1234827).
- CVE-2024-53158: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (bsc#1234811).
- CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856).
- CVE-2024-53162: crypto: qat/qat_4xxx - fix off by one in uof_get_name() (bsc#1234843).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53210: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (bsc#1234971).
- CVE-2024-53213: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (bsc#1234973).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56571: media: uvcvideo: Require entities to have a non-zero unique ID (bsc#1235037).
- CVE-2024-56575: media: imx-jpeg: Ensure power suppliers be suspended before detach them (bsc#1235039).
- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).
- CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920).
The following non-security bugs were fixed:
- ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294)
- Documentation: Add x86/amd_hsmp driver (jsc#PED-1295).
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes).
- Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139)
- KVM: x86: fix sending PV IPI (git-fixes).
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes).
- NFSD: Fix nfsd4_shutdown_copy() (git-fixes).
- NFSD: Move fill_pre_wcc() and fill_post_wcc() (bsc#1234650 bsc#1233701 bsc#1232472).
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes).
- NFSD: Prevent a potential integer overflow (git-fixes).
- NFSD: reduce locking in nfsd_lookup() (bsc#1234650 bsc#1233701 bsc#1232472).
- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes).
- PCI: vmd: Fix secondary bus reset for Intel bridges (git-fixes).
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- README: Clean-up trailing whitespace
- SUNRPC: make sure cache entry active before cache_show (git-fixes).
- amd_hsmp: Add HSMP protocol version 5 messages (jsc#PED-1295).
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605)
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes).
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes).
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes).
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator (git-fixes).
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion (git-fixes).
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes).
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes).
- autofs: use flexible array in ioctl structure (git-fixes).
- devlink: allow registering parameters after the instance (bsc#1231388 bsc#1230422).
- devlink: do not require setting features before registration (bsc#1231388 bsc#1230422).
- dma-fence: Fix reference leak on fence merge failure path (git-fixes).
- dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357).
- dmaengine: idxd: add wq driver name support for accel-config user tool (bsc#1234357).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them (git-fixes).
- exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes).
- fixup 'rpm: support gz and zst compression methods' once more (bsc#1190428, bsc#1190358) Fixes: 3b8c4d9bcc24 ('rpm: support gz and zst compression methods') Fixes: 23510fce36ec ('fixup 'rpm: support gz and zst compression methods'')
- hfsplus: do not query the device logical block size multiple times (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- ipc/sem: Fix dangling sem_array access in semtimedop race (bsc#1234727).
- jffs2: Fix rtime decompressor (git-fixes).
- jffs2: Prevent rtime decompress memory corruption (git-fixes).
- jffs2: fix use of uninitialized variable (git-fixes).
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes).
- jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes).
- jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes).
- jfs: fix shift-out-of-bounds in dbSplit (git-fixes).
- jfs: xattr: check invalid xattr size more strictly (git-fixes).
- kabi/severities: ignore intermodule symbols between fsl_fman and fsl_dpaa_eth
- kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge.
- kobject: Add sanity check for kset->kobj.ktype in kset_register() (bsc#1234639).
- memory: tegra: Add API for retrieving carveout bounds (jsc#PED-1763).
- mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (bsc#1234120).
- mmc: core: Further prevent card detect during shutdown (git-fixes).
- net/ipv6: release expired exception dst cached in socket (bsc#1216813).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- nfsd: make sure exp active before svc_export_show (git-fixes).
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234650 bsc#1233701 bsc#1232472).
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes).
- nilfs2: prevent use of deleted inode (git-fixes).
- ocfs2: uncache inode which has failed entering the group (bsc#1234087).
- phy: tegra: p2u: Set ENABLE_L2_EXIT_RATE_CHANGE in calibration (jsc#PED-1763).
- platform/x86: Add AMD system management interface (jsc#PED-1295).
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes).
- pwm: tegra: Improve required rate calculation (jsc#PED-1763).
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
- scatterlist: fix incorrect func name in kernel-doc (git-fixes).
- scripts/git_sort/git_sort.py: add tegra DRM and linux-pwm repo
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- serial: tegra: Read DMA status before terminating (jsc#PED-1763).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642].
- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).
- sunrpc: simplify two-level sysctl registration for svcrdma_parm_table (git-fixes).
- supported.conf: add bsc1185010 dependency
- supported.conf: hyperv_drm (jsc#sle-19733)
- svcrdma: Address an integer overflow (git-fixes).
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes).
- tpm_tis_spi: Release chip select when flow control fails (bsc#1234338)
- ubifs: Correct the total block count by deducting journal reservation (git-fixes).
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes).
- udf: Handle error when adding extent to a file (bsc#1234437).
- udf: refactor udf_current_aext() to handle error (bsc#1234240).
- udf: refactor udf_next_aext() to handle error (bsc#1234241).
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- zonefs: fix zone report size in __zonefs_io_error() (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:218-1
Released: Wed Jan 22 04:33:35 2025
Summary: Optional update for augeas
Type: optional
Severity: moderate
References:
This update ships the augeas commandline tool and the augeas-lenses to SUSE Linux Enterprise Micro 5.5.
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:224-1
Released: Wed Jan 22 12:31:25 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:225-1
Released: Wed Jan 22 15:31:54 2025
Summary: Recommended update for vim
Type: recommended
Severity: moderate
References: 1234214,1234245,1234333
This update for vim fixes the following issues:
- Fix for migration problems related to 'xxd', a subpackages of vim (bsc#1234333 / bsc#1234214 / bsc#1234245).
Package 'xxd' has been obsoleted by Vim, as it provides the xxd
files directly.
However, because the 'Obsoletes' entry was versioned, depending on
which version of 'xxd' that is installed, the 'Obsoletes' isn't
actually triggered. Thus, there is a conflict between 'vim' and
'xxd' in these cases.
Fixing this by removing the version completely. The 'vim' package
should always replace 'xxd', even if people are migrating from an
older SLE15 service pack which has the exact same version.
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- containerd-ctr-1.7.23-150000.120.1 updated
- containerd-1.7.23-150000.120.1 updated
- curl-8.0.1-150400.5.59.1 updated
- docker-26.1.5_ce-150000.212.1 updated
- google-dracut-config-0.0.4-150300.7.9.2 added
- google-guest-configs-20241121.00-150400.13.14.1 updated
- grub2-i386-pc-2.06-150500.29.37.1 updated
- grub2-x86_64-efi-2.06-150500.29.37.1 updated
- grub2-2.06-150500.29.37.1 updated
- hwdata-0.390-150000.3.74.2 updated
- kernel-default-5.14.21-150500.55.91.1 updated
- libaugeas0-1.12.0-150400.3.5.1 updated
- libavahi-client3-0.8-150400.7.20.1 updated
- libavahi-common3-0.8-150400.7.20.1 updated
- libcryptsetup12-2.4.3-150400.3.6.2 updated
- libcurl4-8.0.1-150400.5.59.1 updated
- libsystemd0-249.17-150400.8.46.1 updated
- libudev1-249.17-150400.8.46.1 updated
- libzypp-17.35.16-150500.6.33.1 updated
- systemd-sysvinit-249.17-150400.8.46.1 updated
- systemd-249.17-150400.8.46.1 updated
- udev-249.17-150400.8.46.1 updated
- vim-data-common-9.1.0836-150500.20.18.1 updated
- vim-9.1.0836-150500.20.18.1 updated
- zypper-1.14.79-150500.6.17.1 updated
From sle-container-updates at lists.suse.com Tue Jan 28 08:03:14 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 28 Jan 2025 09:03:14 +0100 (CET)
Subject: SUSE-IU-2025:373-1: Recommended update of
suse/sl-micro/6.1/baremetal-os-container
Message-ID: <20250128080314.6C0B9F78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.1/baremetal-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:373-1
Image Tags : suse/sl-micro/6.1/baremetal-os-container:2.2.0 , suse/sl-micro/6.1/baremetal-os-container:2.2.0-3.20 , suse/sl-micro/6.1/baremetal-os-container:latest
Image Release : 3.20
Severity : moderate
Type : recommended
References : 1234996 1235088
-----------------------------------------------------------------
The container suse/sl-micro/6.1/baremetal-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 11
Released: Mon Jan 27 14:23:31 2025
Summary: Recommended update for iptables
Type: recommended
Severity: moderate
References: 1234996,1235088
This update for iptables fixes the following issues:
* Fixes checking existence of rules. Fixes issues with rule creation
with podman/netavark. (bsc#1235088, bsc#1234996)
The following package changes have been done:
- libip4tc2-1.8.9-slfo.1.1_2.1 updated
- libxtables12-1.8.9-slfo.1.1_2.1 updated
- libip6tc2-1.8.9-slfo.1.1_2.1 updated
- xtables-plugins-1.8.9-slfo.1.1_2.1 updated
- iptables-1.8.9-slfo.1.1_2.1 updated
- container:SL-Micro-base-container-2.2.0-3.20 updated
From sle-container-updates at lists.suse.com Tue Jan 28 08:03:20 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 28 Jan 2025 09:03:20 +0100 (CET)
Subject: SUSE-IU-2025:374-1: Recommended update of
suse/sl-micro/6.1/base-os-container
Message-ID: <20250128080320.EA7B0F78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.1/base-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:374-1
Image Tags : suse/sl-micro/6.1/base-os-container:2.2.0 , suse/sl-micro/6.1/base-os-container:2.2.0-3.20 , suse/sl-micro/6.1/base-os-container:latest
Image Release : 3.20
Severity : moderate
Type : recommended
References : 1234996 1235088
-----------------------------------------------------------------
The container suse/sl-micro/6.1/base-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 11
Released: Mon Jan 27 14:23:31 2025
Summary: Recommended update for iptables
Type: recommended
Severity: moderate
References: 1234996,1235088
This update for iptables fixes the following issues:
* Fixes checking existence of rules. Fixes issues with rule creation
with podman/netavark. (bsc#1235088, bsc#1234996)
The following package changes have been done:
- libip4tc2-1.8.9-slfo.1.1_2.1 updated
- libxtables12-1.8.9-slfo.1.1_2.1 updated
- container:suse-toolbox-image-1.0.0-3.23 updated
From sle-container-updates at lists.suse.com Tue Jan 28 08:03:30 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 28 Jan 2025 09:03:30 +0100 (CET)
Subject: SUSE-IU-2025:375-1: Recommended update of
suse/sl-micro/6.1/kvm-os-container
Message-ID: <20250128080330.48AF4FBA0@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.1/kvm-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:375-1
Image Tags : suse/sl-micro/6.1/kvm-os-container:2.2.0 , suse/sl-micro/6.1/kvm-os-container:2.2.0-3.23 , suse/sl-micro/6.1/kvm-os-container:latest
Image Release : 3.23
Severity : moderate
Type : recommended
References : 1234996 1235088
-----------------------------------------------------------------
The container suse/sl-micro/6.1/kvm-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 11
Released: Mon Jan 27 14:23:31 2025
Summary: Recommended update for iptables
Type: recommended
Severity: moderate
References: 1234996,1235088
This update for iptables fixes the following issues:
* Fixes checking existence of rules. Fixes issues with rule creation
with podman/netavark. (bsc#1235088, bsc#1234996)
The following package changes have been done:
- libip4tc2-1.8.9-slfo.1.1_2.1 updated
- container:SL-Micro-base-container-2.2.0-3.20 updated
From sle-container-updates at lists.suse.com Tue Jan 28 08:07:24 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 28 Jan 2025 09:07:24 +0100 (CET)
Subject: SUSE-CU-2025:475-1: Recommended update of bci/kiwi
Message-ID: <20250128080724.DD36CFCE8@maintenance.suse.de>
SUSE Container Update Advisory: bci/kiwi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:475-1
Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-20.16 , bci/kiwi:latest
Container Release : 20.16
Severity : low
Type : recommended
References :
-----------------------------------------------------------------
The container bci/kiwi was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:222-1
Released: Wed Jan 22 12:30:04 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
The following package changes have been done:
- libzypp-17.35.16-150600.3.41.1 updated
- zypper-1.14.79-150600.10.19.1 updated
- container:registry.suse.com-bci-bci-base-15.6-004119bb65c14eb506b2f4bbca49187bb2a745adb5c4cf0a562d03010e2b22b3-0 updated
From sle-container-updates at lists.suse.com Tue Jan 28 08:03:38 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Tue, 28 Jan 2025 09:03:38 +0100 (CET)
Subject: SUSE-IU-2025:376-1: Recommended update of
suse/sl-micro/6.1/rt-os-container
Message-ID: <20250128080338.892B6FBA0@maintenance.suse.de>
SUSE Image Update Advisory: suse/sl-micro/6.1/rt-os-container
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:376-1
Image Tags : suse/sl-micro/6.1/rt-os-container:2.2.0 , suse/sl-micro/6.1/rt-os-container:2.2.0-3.20 , suse/sl-micro/6.1/rt-os-container:latest
Image Release : 3.20
Severity : moderate
Type : recommended
References : 1234996 1235088
-----------------------------------------------------------------
The container suse/sl-micro/6.1/rt-os-container was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: 11
Released: Mon Jan 27 14:23:31 2025
Summary: Recommended update for iptables
Type: recommended
Severity: moderate
References: 1234996,1235088
This update for iptables fixes the following issues:
* Fixes checking existence of rules. Fixes issues with rule creation
with podman/netavark. (bsc#1235088, bsc#1234996)
The following package changes have been done:
- libip4tc2-1.8.9-slfo.1.1_2.1 updated
- container:SL-Micro-container-2.2.0-3.20 updated
From sle-container-updates at lists.suse.com Wed Jan 29 12:00:18 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 29 Jan 2025 13:00:18 +0100 (CET)
Subject: SUSE-CU-2025:484-1: Security update of bci/kiwi
Message-ID: <20250129120018.B36DDF78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/kiwi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:484-1
Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-20.17 , bci/kiwi:latest
Container Release : 20.17
Severity : moderate
Type : security
References : 1236278 CVE-2025-21502
-----------------------------------------------------------------
The container bci/kiwi was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:279-1
Released: Wed Jan 29 00:46:57 2025
Summary: Security update for java-21-openjdk
Type: security
Severity: moderate
References: 1236278,CVE-2025-21502
This update for java-21-openjdk fixes the following issues:
Upgrade to upstream tag jdk-21.0.6+7 (January 2025 CPU)
Security fixes:
- CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278)
Other changes:
- JDK-6942632: Hotspot should be able to use more than 64 logical processors on Windows
- JDK-8028127: Regtest java/security/Security/SynchronizedAccess.java is incorrect
- JDK-8195675: Call to insertText with single character from custom Input Method ignored
- JDK-8207908: JMXStatusTest.java fails assertion intermittently
- JDK-8225220: When the Tab Policy is checked,the scroll button direction displayed incorrectly.
- JDK-8240343: JDI stopListening/stoplis001 'FAILED: listening is successfully stopped without starting listening'
- JDK-8283214: [macos] Screen magnifier does not show the magnified text for JComboBox
- JDK-8296787: Unify debug printing format of X.509 cert serial numbers
- JDK-8296972: [macos13] java/awt/Frame/MaximizedToIconified/MaximizedToIconified.java: getExtendedState() != 6 as expected.
- JDK-8306446: java/lang/management/ThreadMXBean/Locks.java transient failures
- JDK-8308429: jvmti/StopThread/stopthrd007 failed with 'NoClassDefFoundError: Could not initialize class jdk.internal.misc.VirtualThreads'
- JDK-8309218: java/util/concurrent/locks/Lock/OOMEInAQS.java still times out with ZGC, Generational ZGC, and SerialGC
- JDK-8311301: MethodExitTest may fail with stack buffer overrun
- JDK-8311656: Shenandoah: Unused ShenandoahSATBAndRemarkThreadsClosure::_claim_token
- JDK-8312518: [macos13] setFullScreenWindow() shows black screen on macOS 13 & above
- JDK-8313374: --enable-ccache's CCACHE_BASEDIR breaks builds
- JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le
- JDK-8315701: [macos] Regression: KeyEvent has different keycode on different keyboard layouts
- JDK-8316428: G1: Nmethod count statistics only count last code root set iterated
- JDK-8316893: Compile without -fno-delete-null-pointer-checks
- JDK-8316895: SeenThread::print_action_queue called on a null pointer
- JDK-8316907: Fix nonnull-compare warnings
- JDK-8317116: Provide layouts for multiple test UI in PassFailJFrame
- JDK-8317575: AArch64: C2_MacroAssembler::fast_lock uses rscratch1 for cmpxchg result
- JDK-8318105: [jmh] the test java.security.HSS failed with 2 active threads
- JDK-8318442: java/net/httpclient/ManyRequests2.java fails intermittently on Linux
- JDK-8319640: ClassicFormat::parseObject (from DateTimeFormatter) does not conform to the javadoc and may leak DateTimeException
- JDK-8319673: Few security tests ignore VM flags
- JDK-8319678: Several tests from corelibs areas ignore VM flags
- JDK-8319960: RISC-V: compiler/intrinsics/TestInteger/LongUnsignedDivMod.java failed with 'counts: Graph contains wrong number of nodes'
- JDK-8319970: AArch64: enable tests compiler/intrinsics/Test(Long|Integer)UnsignedDivMod.java on aarch64
- JDK-8319973: AArch64: Save and restore FPCR in the call stub
- JDK-8320192: SHAKE256 does not work correctly if n >= 137
- JDK-8320397: RISC-V: Avoid passing t0 as temp register to MacroAssembler:: cmpxchg_obj_header/cmpxchgptr
- JDK-8320575: generic type information lost on mandated parameters of record's compact constructors
- JDK-8320586: update manual test/jdk/TEST.groups
- JDK-8320665: update jdk_core at open/test/jdk/TEST.groups
- JDK-8320673: PageFormat/CustomPaper.java has no Pass/Fail buttons; multiple instructions
- JDK-8320682: [AArch64] C1 compilation fails with 'Field too big for insn'
- JDK-8320892: AArch64: Restore FPU control state after JNI
- JDK-8321299: runtime/logging/ClassLoadUnloadTest.java doesn't reliably trigger class unloading
- JDK-8321470: ThreadLocal.nextHashCode can be static final
- JDK-8321474: TestAutoCreateSharedArchiveUpgrade.java should be updated with JDK 21
- JDK-8321543: Update NSS to version 3.96
- JDK-8321550: Update several runtime/cds tests to use vm flags or mark as flagless
- JDK-8321616: Retire binary test vectors in test/jdk/java/util/zip/ZipFile
- JDK-8321940: Improve CDSHeapVerifier in handling of interned strings
- JDK-8322166: Files.isReadable/isWritable/isExecutable expensive when file does not exist
- JDK-8322754: click JComboBox when dialog about to close causes IllegalComponentStateException
- JDK-8322809: SystemModulesMap::classNames and moduleNames arrays do not match the order
- JDK-8322830: Add test case for ZipFile opening a ZIP with no entries
- JDK-8323562: SaslInputStream.read() may return wrong value
- JDK-8323688: C2: Fix UB of jlong overflow in PhaseIdealLoop::is_counted_loop()
- JDK-8324841: PKCS11 tests still skip execution
- JDK-8324861: Exceptions::wrap_dynamic_exception() doesn't have ResourceMark
- JDK-8325038: runtime/cds/appcds/ProhibitedPackage.java can fail with UseLargePages
- JDK-8325399: Add tests for virtual threads doing Selector operations
- JDK-8325506: Ensure randomness is only read from provided SecureRandom object
- JDK-8325525: Create jtreg test case for JDK-8325203
- JDK-8325610: CTW: Add StressIncrementalInlining to stress options
- JDK-8325762: Use PassFailJFrame.Builder.splitUI() in PrintLatinCJKTest.java
- JDK-8325851: Hide PassFailJFrame.Builder constructor
- JDK-8325906: Problemlist vmTestbase/vm/mlvm/meth/stress/compiler/deoptimize/Test.java#id1 until JDK-8320865 is fixed
- JDK-8326100: DeflaterDictionaryTests should use Deflater.getBytesWritten instead of Deflater.getTotalOut
- JDK-8326121: vmTestbase/gc/g1/unloading/tests/unloading_keepRef_rootClass_inMemoryCompilation_keep_cl failed with Full gc happened. Test was useless.
- JDK-8326611: Clean up vmTestbase/nsk/stress/stack tests
- JDK-8326898: NSK tests should listen on loopback addresses only
- JDK-8327924: Simplify TrayIconScalingTest.java
- JDK-8328021: Convert applet test java/awt/List/SetFontTest/SetFontTest.html to main program
- JDK-8328242: Add a log area to the PassFailJFrame
- JDK-8328303: 3 JDI tests timed out with UT enabled
- JDK-8328379: Convert URLDragTest.html applet test to main
- JDK-8328402: Implement pausing functionality for the PassFailJFrame
- JDK-8328619: sun/management/jmxremote/bootstrap/SSLConfigFilePermissionTest.java failed with BindException: Address already in use
- JDK-8328665: serviceability/jvmti/vthread/PopFrameTest failed with a timeout
- JDK-8328723: IP Address error when client enables HTTPS endpoint check on server socket
- JDK-8329353: ResolvedReferencesNotNullTest.java failed with Incorrect resolved references array, quxString should not be archived
- JDK-8329533: TestCDSVMCrash fails on libgraal
- JDK-8330278: Have SSLSocketTemplate.doClientSide use loopback address
- JDK-8330621: Make 5 compiler tests use ProcessTools.executeProcess
- JDK-8331391: Enhance the keytool code by invoking the buildTrustedCerts method for essential options
- JDK-8331393: AArch64: u32 _partial_subtype_ctr loaded/stored as 64
- JDK-8331864: Update Public Suffix List to 1cbd6e7
- JDK-8332112: Update nsk.share.Log to don't print summary during VM shutdown hook
- JDK-8332340: Add JavacBench as a test case for CDS
- JDK-8332461: ubsan : dependencies.cpp:906:3: runtime error: load of value 4294967295, which is not a valid value for type 'DepType'
- JDK-8332724: x86 MacroAssembler may over-align code
- JDK-8332777: Update JCStress test suite
- JDK-8332866: Crash in ImageIO JPEG decoding when MEM_STATS in enabled
- JDK-8332901: Select{Current,New}ItemTest.java for Choice don't open popup on macOS
- JDK-8333098: ubsan: bytecodeInfo.cpp:318:59: runtime error: division by zero
- JDK-8333108: Update vmTestbase/nsk/share/DebugeeProcess.java to don't use finalization
- JDK-8333144: docker tests do not work when ubsan is configured
- JDK-8333235: vmTestbase/nsk/jdb/kill/kill001/kill001.java fails with C1
- JDK-8333248: VectorGatherMaskFoldingTest.java failed when maximum vector bits is 64
- JDK-8333317: Test sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java failed with: Invalid ECDH ServerKeyExchange signature
- JDK-8333427: langtools/tools/javac/newlines/NewLineTest.java is failing on Japanese Windows
- JDK-8333728: ubsan: shenandoahFreeSet.cpp:1347:24: runtime error: division by zero
- JDK-8333754: Add a Test against ECDSA and ECDH NIST Test vector
- JDK-8333824: Unused ClassValue in VarHandles
- JDK-8334057: JLinkReproducibleTest.java support receive test.tool.vm.opts
- JDK-8334405: java/nio/channels/Selector/SelectWithConsumer.java#id0 failed in testWakeupDuringSelect
- JDK-8334475: UnsafeIntrinsicsTest.java#ZGenerationalDebug assert(!assert_on_failure) failed: Has low-order bits set
- JDK-8334560: [PPC64]: postalloc_expand_java_dynamic_call_sched does not copy all fields
- JDK-8334562: Automate com/sun/security/auth/callback/TextCallbackHandler/Default.java test
- JDK-8334567: [test] runtime/os/TestTracePageSizes move ppc handling
- JDK-8334719: (se) Deferred close of SelectableChannel may result in a Selector doing the final close before concurrent I/O on channel has completed
- JDK-8335142: compiler/c1/TestTraceLinearScanLevel.java occasionally times out with -Xcomp
- JDK-8335172: Add manual steps to run security/auth/callback/TextCallbackHandler/Password.java test
- JDK-8335267: [XWayland] move screencast tokens from .awt to .java folder
- JDK-8335344: test/jdk/sun/security/tools/keytool/NssTest.java fails to compile
- JDK-8335428: Enhanced Building of Processes
- JDK-8335449: runtime/cds/DeterministicDump.java fails with File content different at byte ...
- JDK-8335530: Java file extension missing in AuthenticatorTest
- JDK-8335664: Parsing jsr broken: assert(bci>= 0 && bci < c->method()->code_size()) failed: index out of bounds
- JDK-8335709: C2: assert(!loop->is_member(get_loop(useblock))) failed: must be outside loop
- JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files
- JDK-8336240: Test com/sun/crypto/provider/Cipher/DES/PerformanceTest.java fails with java.lang.ArithmeticException
- JDK-8336257: Additional tests in jmxremote/startstop to match on PID not app name
- JDK-8336315: tools/jpackage/windows/WinChildProcessTest.java Failed: Check is calculator process is alive
- JDK-8336413: gtk headers : Fix typedef redeclaration of GMainContext and GdkPixbuf
- JDK-8336564: Enhance mask blit functionality redux
- JDK-8336640: Shenandoah: Parallel worker use in parallel_heap_region_iterate
- JDK-8336854: CAInterop.java#actalisauthenticationrootca conflicted with /manual and /timeout
- JDK-8336911: ZGC: Division by zero in heuristics after JDK-8332717
- JDK-8337066: Repeated call of StringBuffer.reverse with double byte string returns wrong result
- JDK-8337067: Test runtime/classFileParserBug/Bad_NCDFE_Msg.java won't compile
- JDK-8337320: Update ProblemList.txt with tests known to fail on XWayland
- JDK-8337331: crash: pinned virtual thread will lead to jvm crash when running with the javaagent option
- JDK-8337410: The makefiles should set problemlist and adjust timeout basing on the given VM flags
- JDK-8337780: RISC-V: C2: Change C calling convention for sp to NS
- JDK-8337810: ProblemList BasicDirectoryModel/LoaderThreadCount.java on Windows
- JDK-8337826: Improve logging in OCSPTimeout and SimpleOCSPResponder to help diagnose JDK-8309754
- JDK-8337851: Some tests have name which confuse jtreg
- JDK-8337876: [IR Framework] Add support for IR tests with @Stable
- JDK-8337966: (fs) Files.readAttributes fails with Operation not permitted on older docker releases
- JDK-8338058: map_or_reserve_memory_aligned Windows enhance remap assertion
- JDK-8338101: remove old remap assertion in map_or_reserve_memory_aligned after JDK-8338058
- JDK-8338109: java/awt/Mouse/EnterExitEvents/ResizingFrameTest.java duplicate in ProblemList
- JDK-8338110: Exclude Fingerprinter::do_type from ubsan checks
- JDK-8338112: Test testlibrary_tests/ir_framework/tests/TestPrivilegedMode.java fails with release build
- JDK-8338344: Test TestPrivilegedMode.java intermittent fails java.lang.NoClassDefFoundError: jdk/test/lib/Platform
- JDK-8338380: Update TLSCommon/interop/AbstractServer to specify an interface to listen for connections
- JDK-8338389: [JFR] Long strings should be added to the string pool
- JDK-8338402: GHA: some of bundles may not get removed
- JDK-8338449: ubsan: division by zero in sharedRuntimeTrans.cpp
- JDK-8338550: Do libubsan1 installation in test container only if requested
- JDK-8338748: [17u,21u] Test Disconnect.java compile error: cannot find symbol after JDK-8299813
- JDK-8338751: ConfigureNotify behavior has changed in KWin 6.2
- JDK-8338759: Add extra diagnostic to java/net/InetAddress/ptr/Lookup.java
- JDK-8338924: C1: assert(0 <= i && i < _len) failed: illegal index 5 for length 5
- JDK-8339080: Bump update version for OpenJDK: jdk-21.0.6
- JDK-8339180: Enhanced Building of Processes: Follow-on Issue
- JDK-8339248: RISC-V: Remove li64 macro assembler routine and related code
- JDK-8339384: Unintentional IOException in jdk.jdi module when JDWP end of stream occurs
- JDK-8339386: Assertion on AIX - original PC must be in the main code section of the compiled method
- JDK-8339416: [s390x] Provide implementation for resolve_global_jobject
- JDK-8339487: ProcessHandleImpl os_getChildren sysctl call - retry in case of ENOMEM and enhance exception message
- JDK-8339548: GHA: RISC-V: Use Debian snapshot archive for bootstrap
- JDK-8339560: Unaddressed comments during code review of JDK-8337664
- JDK-8339591: Mark jdk/jshell/ExceptionMessageTest.java intermittent
- JDK-8339637: (tz) Update Timezone Data to 2024b
- JDK-8339644: Improve parsing of Day/Month in tzdata rules
- JDK-8339648: ZGC: Division by zero in rule_major_allocation_rate
- JDK-8339725: Concurrent GC crashed due to GetMethodDeclaringClass
- JDK-8339731: java.desktop/share/classes/javax/swing/text/html/default.css typo in margin settings
- JDK-8339741: RISC-V: C ABI breakage for integer on stack
- JDK-8339787: Add some additional diagnostic output to java/net/ipv6tests/UdpTest.java
- JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files
- JDK-8339892: Several security shell tests don't set TESTJAVAOPTS
- JDK-8340007: Refactor KeyEvent/FunctionKeyTest.java
- JDK-8340008: KeyEvent/KeyTyped/Numpad1KeyTyped.java has 15 seconds timeout
- JDK-8340109: Ubsan: ciEnv.cpp:1660:65: runtime error: member call on null pointer of type 'struct CompileTask'
- JDK-8340210: Add positionTestUI() to PassFailJFrame.Builder
- JDK-8340214: C2 compilation asserts with 'no node with a side effect' in PhaseIdealLoop::try_sink_out_of_loop
- JDK-8340230: Tests crash: assert(is_in_encoding_range || k->is_interface() || k->is_abstract()) failed: sanity
- JDK-8340306: Add border around instructions in PassFailJFrame
- JDK-8340308: PassFailJFrame: Make rows default to number of lines in instructions
- JDK-8340365: Position the first window of a window list
- JDK-8340383: VM issues warning failure to find kernel32.dll on Windows nanoserver
- JDK-8340387: Update OS detection code to recognize Windows Server 2025
- JDK-8340398: [JVMCI] Unintuitive behavior of UseJVMCICompiler option
- JDK-8340418: GHA: MacOS AArch64 bundles can be removed prematurely
- JDK-8340461: Amend description for logArea
- JDK-8340466: Add description for PassFailJFrame constructors
- JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names
- JDK-8340590: RISC-V: C2: Small improvement to vector gather load and scatter store
- JDK-8340632: ProblemList java/nio/channels/DatagramChannel/ for Macos
- JDK-8340657: [PPC64] SA determines wrong unextendedSP
- JDK-8340684: Reading from an input stream backed by a closed ZipFile has no test coverage
- JDK-8340785: Update description of PassFailJFrame and samples
- JDK-8340799: Add border inside instruction frame in PassFailJFrame
- JDK-8340801: Disable ubsan checks in some awt/2d coding
- JDK-8340804: doc/building.md update Xcode instructions to note that full install is required
- JDK-8340812: LambdaForm customization via MethodHandle::updateForm is not thread safe
- JDK-8340815: Add SECURITY.md file
- JDK-8340899: Remove wildcard bound in PositionWindows.positionTestWindows
- JDK-8340923: The class LogSelection copies uninitialized memory
- JDK-8341024: [test] build/AbsPathsInImage.java fails with OOM when using ubsan-enabled binaries
- JDK-8341146: RISC-V: Unnecessary fences used for load-acquire in template interpreter
- JDK-8341235: Improve default instruction frame title in PassFailJFrame
- JDK-8341261: Tests assume UnlockExperimentalVMOptions is disabled by default
- JDK-8341562: RISC-V: Generate comments in -XX:+PrintInterpreter to link to source code
- JDK-8341688: Aarch64: Generate comments in -XX:+PrintInterpreter to link to source code
- JDK-8341722: Fix some warnings as errors when building on Linux with toolchain clang
- JDK-8341806: Gcc version detection failure on Alinux3
- JDK-8341927: Replace hardcoded security providers with new test.provider.name system property
- JDK-8341997: Tests create files in src tree instead of scratch dir
- JDK-8342014: RISC-V: ZStoreBarrierStubC2 clobbers rflags
- JDK-8342063: [21u][aix] Backport introduced redundant line in ProblemList
- JDK-8342181: Update tests to use stronger Key and Salt size
- JDK-8342183: Update tests to use stronger algorithms and keys
- JDK-8342188: Update tests to use stronger key parameters and certificates
- JDK-8342409: [s390x] C1 unwind_handler fails to unlock synchronized methods with LM_MONITOR
- JDK-8342496: C2/Shenandoah: SEGV in compiled code when running jcstress
- JDK-8342578: GHA: RISC-V: Bootstrap using Debian snapshot is still failing
- JDK-8342607: Enhance register printing on x86_64 platforms
- JDK-8342669: [21u] Fix TestArrayAllocatorMallocLimit after backport of JDK-8315097
- JDK-8342681: TestLoadBypassesNullCheck.java fails improperly specified VM option
- JDK-8342701: [PPC64] TestOSRLotsOfLocals.java crashes
- JDK-8342765: [21u] RTM tests assume UnlockExperimentalVMOptions is disabled by default
- JDK-8342823: Ubsan: ciEnv.cpp:1614:65: runtime error: member call on null pointer of type 'struct CompileTask'
- JDK-8342905: Thread.setContextClassloader from thread in FJP commonPool task no longer works after JDK-8327501 redux
- JDK-8342962: [s390x] TestOSRLotsOfLocals.java crashes
- JDK-8343285: java.lang.Process is unresponsive and CPU usage spikes to 100%
- JDK-8343474: [updates] Customize README.md to specifics of update project
- JDK-8343506: [s390x] multiple test failures with ubsan
- JDK-8343724: [PPC64] Disallow OptoScheduling
- JDK-8343848: Fix typo of property name in TestOAEPPadding after 8341927
- JDK-8343877: Test AsyncClose.java intermittent fails - Socket.getInputStream().read() wasn't preempted
- JDK-8343884: [s390x] Disallow OptoScheduling
- JDK-8343923: GHA: Switch to Xcode 15 on MacOS AArch64 runners
- JDK-8344164: [s390x] ProblemList hotspot/jtreg/runtime/NMT/VirtualAllocCommitMerge.java
- JDK-8344628: Test TestEnableJVMCIProduct.java run with virtual thread intermittent fails
- JDK-8344993: [21u] [REDO] Backport JDK-8327501 and JDK-8328366 to JDK 21
- JDK-8345055: [21u] ProblemList failing rtm tests on ppc platforms
- JDK-8347010: [21u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.6
The following package changes have been done:
- java-21-openjdk-headless-21.0.6.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Wed Jan 29 16:48:50 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 29 Jan 2025 17:48:50 +0100 (CET)
Subject: SUSE-CU-2025:485-1: Security update of suse/nginx
Message-ID: <20250129164850.3FBCDF78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/nginx
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:485-1
Container Tags : suse/nginx:1.21 , suse/nginx:1.21-51.11 , suse/nginx:latest
Container Release : 51.11
Severity : important
Type : security
References : 1216171 1229155 CVE-2023-44487 CVE-2024-7347
-----------------------------------------------------------------
The container suse/nginx was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:283-1
Released: Wed Jan 29 13:33:27 2025
Summary: Security update for nginx
Type: security
Severity: important
References: 1216171,1229155,CVE-2023-44487,CVE-2024-7347
This update for nginx fixes the following issues:
- CVE-2023-44487: Mitigate HTTP/2 Rapid Reset Attack (bsc#1216171)
- CVE-2024-7347: Fixed worker crashes on special crafted mp4 files containing invalid chunk information (bsc#1229155)
The following package changes have been done:
- nginx-1.21.5-150600.10.3.1 updated
From sle-container-updates at lists.suse.com Wed Jan 29 16:49:23 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 29 Jan 2025 17:49:23 +0100 (CET)
Subject: SUSE-CU-2025:486-1: Security update of bci/openjdk-devel
Message-ID: <20250129164923.C82ECF78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/openjdk-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:486-1
Container Tags : bci/openjdk-devel:21 , bci/openjdk-devel:21.0.6.0 , bci/openjdk-devel:21.0.6.0-32.14 , bci/openjdk-devel:latest
Container Release : 32.14
Severity : moderate
Type : security
References : 1236278 CVE-2025-21502
-----------------------------------------------------------------
The container bci/openjdk-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:279-1
Released: Wed Jan 29 00:46:57 2025
Summary: Security update for java-21-openjdk
Type: security
Severity: moderate
References: 1236278,CVE-2025-21502
This update for java-21-openjdk fixes the following issues:
Upgrade to upstream tag jdk-21.0.6+7 (January 2025 CPU)
Security fixes:
- CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278)
Other changes:
- JDK-6942632: Hotspot should be able to use more than 64 logical processors on Windows
- JDK-8028127: Regtest java/security/Security/SynchronizedAccess.java is incorrect
- JDK-8195675: Call to insertText with single character from custom Input Method ignored
- JDK-8207908: JMXStatusTest.java fails assertion intermittently
- JDK-8225220: When the Tab Policy is checked,the scroll button direction displayed incorrectly.
- JDK-8240343: JDI stopListening/stoplis001 'FAILED: listening is successfully stopped without starting listening'
- JDK-8283214: [macos] Screen magnifier does not show the magnified text for JComboBox
- JDK-8296787: Unify debug printing format of X.509 cert serial numbers
- JDK-8296972: [macos13] java/awt/Frame/MaximizedToIconified/MaximizedToIconified.java: getExtendedState() != 6 as expected.
- JDK-8306446: java/lang/management/ThreadMXBean/Locks.java transient failures
- JDK-8308429: jvmti/StopThread/stopthrd007 failed with 'NoClassDefFoundError: Could not initialize class jdk.internal.misc.VirtualThreads'
- JDK-8309218: java/util/concurrent/locks/Lock/OOMEInAQS.java still times out with ZGC, Generational ZGC, and SerialGC
- JDK-8311301: MethodExitTest may fail with stack buffer overrun
- JDK-8311656: Shenandoah: Unused ShenandoahSATBAndRemarkThreadsClosure::_claim_token
- JDK-8312518: [macos13] setFullScreenWindow() shows black screen on macOS 13 & above
- JDK-8313374: --enable-ccache's CCACHE_BASEDIR breaks builds
- JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le
- JDK-8315701: [macos] Regression: KeyEvent has different keycode on different keyboard layouts
- JDK-8316428: G1: Nmethod count statistics only count last code root set iterated
- JDK-8316893: Compile without -fno-delete-null-pointer-checks
- JDK-8316895: SeenThread::print_action_queue called on a null pointer
- JDK-8316907: Fix nonnull-compare warnings
- JDK-8317116: Provide layouts for multiple test UI in PassFailJFrame
- JDK-8317575: AArch64: C2_MacroAssembler::fast_lock uses rscratch1 for cmpxchg result
- JDK-8318105: [jmh] the test java.security.HSS failed with 2 active threads
- JDK-8318442: java/net/httpclient/ManyRequests2.java fails intermittently on Linux
- JDK-8319640: ClassicFormat::parseObject (from DateTimeFormatter) does not conform to the javadoc and may leak DateTimeException
- JDK-8319673: Few security tests ignore VM flags
- JDK-8319678: Several tests from corelibs areas ignore VM flags
- JDK-8319960: RISC-V: compiler/intrinsics/TestInteger/LongUnsignedDivMod.java failed with 'counts: Graph contains wrong number of nodes'
- JDK-8319970: AArch64: enable tests compiler/intrinsics/Test(Long|Integer)UnsignedDivMod.java on aarch64
- JDK-8319973: AArch64: Save and restore FPCR in the call stub
- JDK-8320192: SHAKE256 does not work correctly if n >= 137
- JDK-8320397: RISC-V: Avoid passing t0 as temp register to MacroAssembler:: cmpxchg_obj_header/cmpxchgptr
- JDK-8320575: generic type information lost on mandated parameters of record's compact constructors
- JDK-8320586: update manual test/jdk/TEST.groups
- JDK-8320665: update jdk_core at open/test/jdk/TEST.groups
- JDK-8320673: PageFormat/CustomPaper.java has no Pass/Fail buttons; multiple instructions
- JDK-8320682: [AArch64] C1 compilation fails with 'Field too big for insn'
- JDK-8320892: AArch64: Restore FPU control state after JNI
- JDK-8321299: runtime/logging/ClassLoadUnloadTest.java doesn't reliably trigger class unloading
- JDK-8321470: ThreadLocal.nextHashCode can be static final
- JDK-8321474: TestAutoCreateSharedArchiveUpgrade.java should be updated with JDK 21
- JDK-8321543: Update NSS to version 3.96
- JDK-8321550: Update several runtime/cds tests to use vm flags or mark as flagless
- JDK-8321616: Retire binary test vectors in test/jdk/java/util/zip/ZipFile
- JDK-8321940: Improve CDSHeapVerifier in handling of interned strings
- JDK-8322166: Files.isReadable/isWritable/isExecutable expensive when file does not exist
- JDK-8322754: click JComboBox when dialog about to close causes IllegalComponentStateException
- JDK-8322809: SystemModulesMap::classNames and moduleNames arrays do not match the order
- JDK-8322830: Add test case for ZipFile opening a ZIP with no entries
- JDK-8323562: SaslInputStream.read() may return wrong value
- JDK-8323688: C2: Fix UB of jlong overflow in PhaseIdealLoop::is_counted_loop()
- JDK-8324841: PKCS11 tests still skip execution
- JDK-8324861: Exceptions::wrap_dynamic_exception() doesn't have ResourceMark
- JDK-8325038: runtime/cds/appcds/ProhibitedPackage.java can fail with UseLargePages
- JDK-8325399: Add tests for virtual threads doing Selector operations
- JDK-8325506: Ensure randomness is only read from provided SecureRandom object
- JDK-8325525: Create jtreg test case for JDK-8325203
- JDK-8325610: CTW: Add StressIncrementalInlining to stress options
- JDK-8325762: Use PassFailJFrame.Builder.splitUI() in PrintLatinCJKTest.java
- JDK-8325851: Hide PassFailJFrame.Builder constructor
- JDK-8325906: Problemlist vmTestbase/vm/mlvm/meth/stress/compiler/deoptimize/Test.java#id1 until JDK-8320865 is fixed
- JDK-8326100: DeflaterDictionaryTests should use Deflater.getBytesWritten instead of Deflater.getTotalOut
- JDK-8326121: vmTestbase/gc/g1/unloading/tests/unloading_keepRef_rootClass_inMemoryCompilation_keep_cl failed with Full gc happened. Test was useless.
- JDK-8326611: Clean up vmTestbase/nsk/stress/stack tests
- JDK-8326898: NSK tests should listen on loopback addresses only
- JDK-8327924: Simplify TrayIconScalingTest.java
- JDK-8328021: Convert applet test java/awt/List/SetFontTest/SetFontTest.html to main program
- JDK-8328242: Add a log area to the PassFailJFrame
- JDK-8328303: 3 JDI tests timed out with UT enabled
- JDK-8328379: Convert URLDragTest.html applet test to main
- JDK-8328402: Implement pausing functionality for the PassFailJFrame
- JDK-8328619: sun/management/jmxremote/bootstrap/SSLConfigFilePermissionTest.java failed with BindException: Address already in use
- JDK-8328665: serviceability/jvmti/vthread/PopFrameTest failed with a timeout
- JDK-8328723: IP Address error when client enables HTTPS endpoint check on server socket
- JDK-8329353: ResolvedReferencesNotNullTest.java failed with Incorrect resolved references array, quxString should not be archived
- JDK-8329533: TestCDSVMCrash fails on libgraal
- JDK-8330278: Have SSLSocketTemplate.doClientSide use loopback address
- JDK-8330621: Make 5 compiler tests use ProcessTools.executeProcess
- JDK-8331391: Enhance the keytool code by invoking the buildTrustedCerts method for essential options
- JDK-8331393: AArch64: u32 _partial_subtype_ctr loaded/stored as 64
- JDK-8331864: Update Public Suffix List to 1cbd6e7
- JDK-8332112: Update nsk.share.Log to don't print summary during VM shutdown hook
- JDK-8332340: Add JavacBench as a test case for CDS
- JDK-8332461: ubsan : dependencies.cpp:906:3: runtime error: load of value 4294967295, which is not a valid value for type 'DepType'
- JDK-8332724: x86 MacroAssembler may over-align code
- JDK-8332777: Update JCStress test suite
- JDK-8332866: Crash in ImageIO JPEG decoding when MEM_STATS in enabled
- JDK-8332901: Select{Current,New}ItemTest.java for Choice don't open popup on macOS
- JDK-8333098: ubsan: bytecodeInfo.cpp:318:59: runtime error: division by zero
- JDK-8333108: Update vmTestbase/nsk/share/DebugeeProcess.java to don't use finalization
- JDK-8333144: docker tests do not work when ubsan is configured
- JDK-8333235: vmTestbase/nsk/jdb/kill/kill001/kill001.java fails with C1
- JDK-8333248: VectorGatherMaskFoldingTest.java failed when maximum vector bits is 64
- JDK-8333317: Test sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java failed with: Invalid ECDH ServerKeyExchange signature
- JDK-8333427: langtools/tools/javac/newlines/NewLineTest.java is failing on Japanese Windows
- JDK-8333728: ubsan: shenandoahFreeSet.cpp:1347:24: runtime error: division by zero
- JDK-8333754: Add a Test against ECDSA and ECDH NIST Test vector
- JDK-8333824: Unused ClassValue in VarHandles
- JDK-8334057: JLinkReproducibleTest.java support receive test.tool.vm.opts
- JDK-8334405: java/nio/channels/Selector/SelectWithConsumer.java#id0 failed in testWakeupDuringSelect
- JDK-8334475: UnsafeIntrinsicsTest.java#ZGenerationalDebug assert(!assert_on_failure) failed: Has low-order bits set
- JDK-8334560: [PPC64]: postalloc_expand_java_dynamic_call_sched does not copy all fields
- JDK-8334562: Automate com/sun/security/auth/callback/TextCallbackHandler/Default.java test
- JDK-8334567: [test] runtime/os/TestTracePageSizes move ppc handling
- JDK-8334719: (se) Deferred close of SelectableChannel may result in a Selector doing the final close before concurrent I/O on channel has completed
- JDK-8335142: compiler/c1/TestTraceLinearScanLevel.java occasionally times out with -Xcomp
- JDK-8335172: Add manual steps to run security/auth/callback/TextCallbackHandler/Password.java test
- JDK-8335267: [XWayland] move screencast tokens from .awt to .java folder
- JDK-8335344: test/jdk/sun/security/tools/keytool/NssTest.java fails to compile
- JDK-8335428: Enhanced Building of Processes
- JDK-8335449: runtime/cds/DeterministicDump.java fails with File content different at byte ...
- JDK-8335530: Java file extension missing in AuthenticatorTest
- JDK-8335664: Parsing jsr broken: assert(bci>= 0 && bci < c->method()->code_size()) failed: index out of bounds
- JDK-8335709: C2: assert(!loop->is_member(get_loop(useblock))) failed: must be outside loop
- JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files
- JDK-8336240: Test com/sun/crypto/provider/Cipher/DES/PerformanceTest.java fails with java.lang.ArithmeticException
- JDK-8336257: Additional tests in jmxremote/startstop to match on PID not app name
- JDK-8336315: tools/jpackage/windows/WinChildProcessTest.java Failed: Check is calculator process is alive
- JDK-8336413: gtk headers : Fix typedef redeclaration of GMainContext and GdkPixbuf
- JDK-8336564: Enhance mask blit functionality redux
- JDK-8336640: Shenandoah: Parallel worker use in parallel_heap_region_iterate
- JDK-8336854: CAInterop.java#actalisauthenticationrootca conflicted with /manual and /timeout
- JDK-8336911: ZGC: Division by zero in heuristics after JDK-8332717
- JDK-8337066: Repeated call of StringBuffer.reverse with double byte string returns wrong result
- JDK-8337067: Test runtime/classFileParserBug/Bad_NCDFE_Msg.java won't compile
- JDK-8337320: Update ProblemList.txt with tests known to fail on XWayland
- JDK-8337331: crash: pinned virtual thread will lead to jvm crash when running with the javaagent option
- JDK-8337410: The makefiles should set problemlist and adjust timeout basing on the given VM flags
- JDK-8337780: RISC-V: C2: Change C calling convention for sp to NS
- JDK-8337810: ProblemList BasicDirectoryModel/LoaderThreadCount.java on Windows
- JDK-8337826: Improve logging in OCSPTimeout and SimpleOCSPResponder to help diagnose JDK-8309754
- JDK-8337851: Some tests have name which confuse jtreg
- JDK-8337876: [IR Framework] Add support for IR tests with @Stable
- JDK-8337966: (fs) Files.readAttributes fails with Operation not permitted on older docker releases
- JDK-8338058: map_or_reserve_memory_aligned Windows enhance remap assertion
- JDK-8338101: remove old remap assertion in map_or_reserve_memory_aligned after JDK-8338058
- JDK-8338109: java/awt/Mouse/EnterExitEvents/ResizingFrameTest.java duplicate in ProblemList
- JDK-8338110: Exclude Fingerprinter::do_type from ubsan checks
- JDK-8338112: Test testlibrary_tests/ir_framework/tests/TestPrivilegedMode.java fails with release build
- JDK-8338344: Test TestPrivilegedMode.java intermittent fails java.lang.NoClassDefFoundError: jdk/test/lib/Platform
- JDK-8338380: Update TLSCommon/interop/AbstractServer to specify an interface to listen for connections
- JDK-8338389: [JFR] Long strings should be added to the string pool
- JDK-8338402: GHA: some of bundles may not get removed
- JDK-8338449: ubsan: division by zero in sharedRuntimeTrans.cpp
- JDK-8338550: Do libubsan1 installation in test container only if requested
- JDK-8338748: [17u,21u] Test Disconnect.java compile error: cannot find symbol after JDK-8299813
- JDK-8338751: ConfigureNotify behavior has changed in KWin 6.2
- JDK-8338759: Add extra diagnostic to java/net/InetAddress/ptr/Lookup.java
- JDK-8338924: C1: assert(0 <= i && i < _len) failed: illegal index 5 for length 5
- JDK-8339080: Bump update version for OpenJDK: jdk-21.0.6
- JDK-8339180: Enhanced Building of Processes: Follow-on Issue
- JDK-8339248: RISC-V: Remove li64 macro assembler routine and related code
- JDK-8339384: Unintentional IOException in jdk.jdi module when JDWP end of stream occurs
- JDK-8339386: Assertion on AIX - original PC must be in the main code section of the compiled method
- JDK-8339416: [s390x] Provide implementation for resolve_global_jobject
- JDK-8339487: ProcessHandleImpl os_getChildren sysctl call - retry in case of ENOMEM and enhance exception message
- JDK-8339548: GHA: RISC-V: Use Debian snapshot archive for bootstrap
- JDK-8339560: Unaddressed comments during code review of JDK-8337664
- JDK-8339591: Mark jdk/jshell/ExceptionMessageTest.java intermittent
- JDK-8339637: (tz) Update Timezone Data to 2024b
- JDK-8339644: Improve parsing of Day/Month in tzdata rules
- JDK-8339648: ZGC: Division by zero in rule_major_allocation_rate
- JDK-8339725: Concurrent GC crashed due to GetMethodDeclaringClass
- JDK-8339731: java.desktop/share/classes/javax/swing/text/html/default.css typo in margin settings
- JDK-8339741: RISC-V: C ABI breakage for integer on stack
- JDK-8339787: Add some additional diagnostic output to java/net/ipv6tests/UdpTest.java
- JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files
- JDK-8339892: Several security shell tests don't set TESTJAVAOPTS
- JDK-8340007: Refactor KeyEvent/FunctionKeyTest.java
- JDK-8340008: KeyEvent/KeyTyped/Numpad1KeyTyped.java has 15 seconds timeout
- JDK-8340109: Ubsan: ciEnv.cpp:1660:65: runtime error: member call on null pointer of type 'struct CompileTask'
- JDK-8340210: Add positionTestUI() to PassFailJFrame.Builder
- JDK-8340214: C2 compilation asserts with 'no node with a side effect' in PhaseIdealLoop::try_sink_out_of_loop
- JDK-8340230: Tests crash: assert(is_in_encoding_range || k->is_interface() || k->is_abstract()) failed: sanity
- JDK-8340306: Add border around instructions in PassFailJFrame
- JDK-8340308: PassFailJFrame: Make rows default to number of lines in instructions
- JDK-8340365: Position the first window of a window list
- JDK-8340383: VM issues warning failure to find kernel32.dll on Windows nanoserver
- JDK-8340387: Update OS detection code to recognize Windows Server 2025
- JDK-8340398: [JVMCI] Unintuitive behavior of UseJVMCICompiler option
- JDK-8340418: GHA: MacOS AArch64 bundles can be removed prematurely
- JDK-8340461: Amend description for logArea
- JDK-8340466: Add description for PassFailJFrame constructors
- JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names
- JDK-8340590: RISC-V: C2: Small improvement to vector gather load and scatter store
- JDK-8340632: ProblemList java/nio/channels/DatagramChannel/ for Macos
- JDK-8340657: [PPC64] SA determines wrong unextendedSP
- JDK-8340684: Reading from an input stream backed by a closed ZipFile has no test coverage
- JDK-8340785: Update description of PassFailJFrame and samples
- JDK-8340799: Add border inside instruction frame in PassFailJFrame
- JDK-8340801: Disable ubsan checks in some awt/2d coding
- JDK-8340804: doc/building.md update Xcode instructions to note that full install is required
- JDK-8340812: LambdaForm customization via MethodHandle::updateForm is not thread safe
- JDK-8340815: Add SECURITY.md file
- JDK-8340899: Remove wildcard bound in PositionWindows.positionTestWindows
- JDK-8340923: The class LogSelection copies uninitialized memory
- JDK-8341024: [test] build/AbsPathsInImage.java fails with OOM when using ubsan-enabled binaries
- JDK-8341146: RISC-V: Unnecessary fences used for load-acquire in template interpreter
- JDK-8341235: Improve default instruction frame title in PassFailJFrame
- JDK-8341261: Tests assume UnlockExperimentalVMOptions is disabled by default
- JDK-8341562: RISC-V: Generate comments in -XX:+PrintInterpreter to link to source code
- JDK-8341688: Aarch64: Generate comments in -XX:+PrintInterpreter to link to source code
- JDK-8341722: Fix some warnings as errors when building on Linux with toolchain clang
- JDK-8341806: Gcc version detection failure on Alinux3
- JDK-8341927: Replace hardcoded security providers with new test.provider.name system property
- JDK-8341997: Tests create files in src tree instead of scratch dir
- JDK-8342014: RISC-V: ZStoreBarrierStubC2 clobbers rflags
- JDK-8342063: [21u][aix] Backport introduced redundant line in ProblemList
- JDK-8342181: Update tests to use stronger Key and Salt size
- JDK-8342183: Update tests to use stronger algorithms and keys
- JDK-8342188: Update tests to use stronger key parameters and certificates
- JDK-8342409: [s390x] C1 unwind_handler fails to unlock synchronized methods with LM_MONITOR
- JDK-8342496: C2/Shenandoah: SEGV in compiled code when running jcstress
- JDK-8342578: GHA: RISC-V: Bootstrap using Debian snapshot is still failing
- JDK-8342607: Enhance register printing on x86_64 platforms
- JDK-8342669: [21u] Fix TestArrayAllocatorMallocLimit after backport of JDK-8315097
- JDK-8342681: TestLoadBypassesNullCheck.java fails improperly specified VM option
- JDK-8342701: [PPC64] TestOSRLotsOfLocals.java crashes
- JDK-8342765: [21u] RTM tests assume UnlockExperimentalVMOptions is disabled by default
- JDK-8342823: Ubsan: ciEnv.cpp:1614:65: runtime error: member call on null pointer of type 'struct CompileTask'
- JDK-8342905: Thread.setContextClassloader from thread in FJP commonPool task no longer works after JDK-8327501 redux
- JDK-8342962: [s390x] TestOSRLotsOfLocals.java crashes
- JDK-8343285: java.lang.Process is unresponsive and CPU usage spikes to 100%
- JDK-8343474: [updates] Customize README.md to specifics of update project
- JDK-8343506: [s390x] multiple test failures with ubsan
- JDK-8343724: [PPC64] Disallow OptoScheduling
- JDK-8343848: Fix typo of property name in TestOAEPPadding after 8341927
- JDK-8343877: Test AsyncClose.java intermittent fails - Socket.getInputStream().read() wasn't preempted
- JDK-8343884: [s390x] Disallow OptoScheduling
- JDK-8343923: GHA: Switch to Xcode 15 on MacOS AArch64 runners
- JDK-8344164: [s390x] ProblemList hotspot/jtreg/runtime/NMT/VirtualAllocCommitMerge.java
- JDK-8344628: Test TestEnableJVMCIProduct.java run with virtual thread intermittent fails
- JDK-8344993: [21u] [REDO] Backport JDK-8327501 and JDK-8328366 to JDK 21
- JDK-8345055: [21u] ProblemList failing rtm tests on ppc platforms
- JDK-8347010: [21u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.6
The following package changes have been done:
- java-21-openjdk-headless-21.0.6.0-150600.3.9.1 updated
- java-21-openjdk-21.0.6.0-150600.3.9.1 updated
- java-21-openjdk-devel-21.0.6.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Wed Jan 29 16:50:40 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Wed, 29 Jan 2025 17:50:40 +0100 (CET)
Subject: SUSE-CU-2025:487-1: Security update of
bci/bci-sle15-kernel-module-devel
Message-ID: <20250129165040.96770F78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:487-1
Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.31.1 , bci/bci-sle15-kernel-module-devel:latest
Container Release : 31.1
Severity : important
Type : security
References : 1154884 1154887 1175825 1180138 1197771 1219660 1222849 1224168
1224170 1224171 1224172 1224173 1227888 1228535 1230093 1230111
1230516 1232528 1234068 1235151 1235600 1235601 CVE-2019-12290
CVE-2019-18224 CVE-2020-8927 CVE-2024-11053 CVE-2024-24577 CVE-2024-32002
CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 CVE-2024-32487
CVE-2024-50349 CVE-2024-52006 CVE-2024-6197 CVE-2024-7264 CVE-2024-8096
CVE-2024-9681
-----------------------------------------------------------------
The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3086-1
Released: Thu Nov 28 10:02:24 2019
Summary: Security update for libidn2
Type: security
Severity: moderate
References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224
This update for libidn2 to version 2.2.0 fixes the following issues:
- CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).
- CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3942-1
Released: Tue Dec 29 12:22:01 2020
Summary: Recommended update for libidn2
Type: recommended
Severity: moderate
References: 1180138
This update for libidn2 fixes the following issues:
- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
adjusted the RPM license tags (bsc#1180138)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3942-1
Released: Mon Dec 6 14:46:05 2021
Summary: Security update for brotli
Type: security
Severity: moderate
References: 1175825,CVE-2020-8927
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2060-1
Released: Tue Jun 18 13:11:47 2024
Summary: Security update for less
Type: security
Severity: important
References: 1222849,CVE-2024-32487
This update for less fixes the following issues:
- CVE-2024-32487: Fixed OS command injection via a newline character in the file name. (bsc#1222849)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2277-1
Released: Tue Jul 2 17:03:49 2024
Summary: Security update for git
Type: security
Severity: important
References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465
This update for git fixes the following issues:
- CVE-2024-32002: Fix recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion. (bsc#1224168)
- CVE-2024-32004: Fixed arbitrary code execution during local clones. (bsc#1224170)
- CVE-2024-32020: Fix file overwriting vulnerability during local clones. (bsc#1224171)
- CVE-2024-32021: Git may create hardlinks to arbitrary user-readable files. (bsc#1224172)
- CVE-2024-32465: Fixed arbitrary code execution during clone operations. (bsc#1224173)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2579-1
Released: Mon Jul 22 12:36:34 2024
Summary: Security update for git
Type: security
Severity: important
References: 1219660,CVE-2024-24577
This update for git fixes the following issues:
- CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2784-1
Released: Tue Aug 6 14:58:38 2024
Summary: Security update for curl
Type: security
Severity: important
References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264
This update for curl fixes the following issues:
- CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535)
- CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3204-1
Released: Wed Sep 11 10:55:22 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1230093,CVE-2024-8096
This update for curl fixes the following issues:
- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3476-1
Released: Fri Sep 27 15:16:38 2024
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1230516
This update for curl fixes the following issue:
- Make special characters in URL work with aws-sigv4 (bsc#1230516).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3589-1
Released: Thu Oct 10 16:39:07 2024
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1230111
This update for cyrus-sasl fixes the following issues:
- Make DIGEST-MD5 work with openssl3 ( bsc#1230111 )
RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3925-1
Released: Wed Nov 6 11:14:28 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1232528,CVE-2024-9681
This update for curl fixes the following issues:
- CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released: Wed Dec 11 09:31:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:116-1
Released: Wed Jan 15 09:32:35 2025
Summary: Security update for git
Type: security
Severity: important
References: 1235600,1235601,CVE-2024-50349,CVE-2024-52006
This update for git fixes the following issues:
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
The following package changes have been done:
- libldap-data-2.4.46-150600.23.21 added
- libssh-config-0.9.8-150600.9.1 added
- libsasl2-3-2.1.28-150600.7.3.1 added
- libnghttp2-14-1.40.0-150600.23.2 added
- libbrotlicommon1-1.0.7-3.3.1 added
- libbrotlidec1-1.0.7-3.3.1 added
- libunistring2-0.9.10-1.1 added
- libidn2-0-2.2.0-3.6.1 added
- libpsl5-0.20.1-150000.3.3.1 added
- libldap-2_4-2-2.4.46-150600.23.21 added
- libssh4-0.9.8-150600.9.1 added
- libcurl4-8.6.0-150600.4.18.1 added
- libsha1detectcoll1-1.0.3-2.18 added
- less-643-150600.3.3.1 added
- git-core-2.43.0-150600.3.9.1 added
From sle-container-updates at lists.suse.com Thu Jan 30 08:07:20 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 30 Jan 2025 09:07:20 +0100 (CET)
Subject: SUSE-CU-2025:493-1: Security update of bci/nodejs
Message-ID: <20250130080720.63A44FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:493-1
Container Tags : bci/node:22 , bci/node:22.13.1 , bci/node:22.13.1-31.3 , bci/nodejs:22 , bci/nodejs:22.13.1 , bci/nodejs:22.13.1-31.3
Container Release : 31.3
Severity : important
Type : security
References : 1236250 1236251 1236258 CVE-2025-22150 CVE-2025-23083 CVE-2025-23085
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:284-1
Released: Wed Jan 29 14:47:54 2025
Summary: Security update for nodejs22
Type: security
Severity: important
References: 1236250,1236251,1236258,CVE-2025-22150,CVE-2025-23083,CVE-2025-23085
This update for nodejs22 fixes the following issues:
Update to 22.13.1:
- CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics (bsc#1236251)
- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)
- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)
The following package changes have been done:
- nodejs22-22.13.1-150600.13.6.1 updated
- npm22-22.13.1-150600.13.6.1 updated
From sle-container-updates at lists.suse.com Thu Jan 30 08:08:16 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 30 Jan 2025 09:08:16 +0100 (CET)
Subject: SUSE-CU-2025:498-1: Security update of
bci/bci-sle15-kernel-module-devel
Message-ID: <20250130080816.EC155FBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:498-1
Container Tags : bci/bci-sle15-kernel-module-devel:15.7 , bci/bci-sle15-kernel-module-devel:15.7-4.1
Container Release : 4.1
Severity : important
Type : security
References : 1154884 1154887 1175825 1180138 1197771 1219660 1222849 1224168
1224170 1224171 1224172 1224173 1227888 1228535 1230093 1230111
1230516 1232528 1234068 1235151 1235600 1235601 CVE-2019-12290
CVE-2019-18224 CVE-2020-8927 CVE-2024-11053 CVE-2024-24577 CVE-2024-32002
CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 CVE-2024-32487
CVE-2024-50349 CVE-2024-52006 CVE-2024-6197 CVE-2024-7264 CVE-2024-8096
CVE-2024-9681
-----------------------------------------------------------------
The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2019:3086-1
Released: Thu Nov 28 10:02:24 2019
Summary: Security update for libidn2
Type: security
Severity: moderate
References: 1154884,1154887,CVE-2019-12290,CVE-2019-18224
This update for libidn2 to version 2.2.0 fixes the following issues:
- CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).
- CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3942-1
Released: Tue Dec 29 12:22:01 2020
Summary: Recommended update for libidn2
Type: recommended
Severity: moderate
References: 1180138
This update for libidn2 fixes the following issues:
- The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later,
adjusted the RPM license tags (bsc#1180138)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2021:3942-1
Released: Mon Dec 6 14:46:05 2021
Summary: Security update for brotli
Type: security
Severity: moderate
References: 1175825,CVE-2020-8927
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:1658-1
Released: Fri May 13 15:40:20 2022
Summary: Recommended update for libpsl
Type: recommended
Severity: important
References: 1197771
This update for libpsl fixes the following issues:
- Fix libpsl compilation issues (bsc#1197771)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2060-1
Released: Tue Jun 18 13:11:47 2024
Summary: Security update for less
Type: security
Severity: important
References: 1222849,CVE-2024-32487
This update for less fixes the following issues:
- CVE-2024-32487: Fixed OS command injection via a newline character in the file name. (bsc#1222849)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2277-1
Released: Tue Jul 2 17:03:49 2024
Summary: Security update for git
Type: security
Severity: important
References: 1224168,1224170,1224171,1224172,1224173,CVE-2024-32002,CVE-2024-32004,CVE-2024-32020,CVE-2024-32021,CVE-2024-32465
This update for git fixes the following issues:
- CVE-2024-32002: Fix recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion. (bsc#1224168)
- CVE-2024-32004: Fixed arbitrary code execution during local clones. (bsc#1224170)
- CVE-2024-32020: Fix file overwriting vulnerability during local clones. (bsc#1224171)
- CVE-2024-32021: Git may create hardlinks to arbitrary user-readable files. (bsc#1224172)
- CVE-2024-32465: Fixed arbitrary code execution during clone operations. (bsc#1224173)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2579-1
Released: Mon Jul 22 12:36:34 2024
Summary: Security update for git
Type: security
Severity: important
References: 1219660,CVE-2024-24577
This update for git fixes the following issues:
- CVE-2024-24577: Fixed arbitrary code execution due to heap corruption in git_index_add (bsc#1219660)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:2784-1
Released: Tue Aug 6 14:58:38 2024
Summary: Security update for curl
Type: security
Severity: important
References: 1227888,1228535,CVE-2024-6197,CVE-2024-7264
This update for curl fixes the following issues:
- CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535)
- CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3204-1
Released: Wed Sep 11 10:55:22 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1230093,CVE-2024-8096
This update for curl fixes the following issues:
- CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3476-1
Released: Fri Sep 27 15:16:38 2024
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1230516
This update for curl fixes the following issue:
- Make special characters in URL work with aws-sigv4 (bsc#1230516).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3589-1
Released: Thu Oct 10 16:39:07 2024
Summary: Recommended update for cyrus-sasl
Type: recommended
Severity: moderate
References: 1230111
This update for cyrus-sasl fixes the following issues:
- Make DIGEST-MD5 work with openssl3 ( bsc#1230111 )
RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3925-1
Released: Wed Nov 6 11:14:28 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1232528,CVE-2024-9681
This update for curl fixes the following issues:
- CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released: Wed Dec 11 09:31:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:77-1
Released: Mon Jan 13 10:43:05 2025
Summary: Recommended update for curl
Type: recommended
Severity: moderate
References: 1235151
This update for curl fixes the following issue:
- smtp: for starttls, do full upgrade [bsc#1235151]
* Make sure the TLS handshake after a successful STARTTLS command
is fully done before further sending/receiving on the connection.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:116-1
Released: Wed Jan 15 09:32:35 2025
Summary: Security update for git
Type: security
Severity: important
References: 1235600,1235601,CVE-2024-50349,CVE-2024-52006
This update for git fixes the following issues:
- CVE-2024-50349: Passwords for trusted sites could be sent to untrusted sites (bsc#1235600).
- CVE-2024-52006: Carriage Returns via the credential protocol to credential helpers (bsc#1235601).
The following package changes have been done:
- libldap-data-2.4.46-150600.23.21 added
- libssh-config-0.9.8-150600.9.1 added
- libnghttp2-14-1.64.0-150700.1.3 added
- libbrotlicommon1-1.0.7-3.3.1 added
- libbrotlidec1-1.0.7-3.3.1 added
- libsasl2-3-2.1.28-150600.7.3.1 added
- libunistring2-0.9.10-1.1 added
- libidn2-0-2.2.0-3.6.1 added
- libpsl5-0.20.1-150000.3.3.1 added
- libldap-2_4-2-2.4.46-150600.23.21 added
- libssh4-0.9.8-150600.9.1 added
- libcurl4-8.6.0-150600.4.18.1 added
- libsha1detectcoll1-1.0.3-2.18 added
- less-643-150600.3.3.1 added
- git-core-2.43.0-150600.3.9.1 added
From sle-container-updates at lists.suse.com Thu Jan 30 14:28:55 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 30 Jan 2025 15:28:55 +0100 (CET)
Subject: SUSE-CU-2025:500-1: Security update of bci/golang
Message-ID: <20250130142855.772BBFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:500-1
Container Tags : bci/golang:1.22 , bci/golang:1.22.11 , bci/golang:1.22.11-2.48.13 , bci/golang:oldstable , bci/golang:oldstable-2.48.13
Container Release : 48.13
Severity : important
Type : security
References : 1218424 1236045 1236046 CVE-2024-45336 CVE-2024-45341
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:281-1
Released: Wed Jan 29 08:34:54 2025
Summary: Security update for go1.22
Type: security
Severity: important
References: 1218424,1236045,1236046,CVE-2024-45336,CVE-2024-45341
This update for go1.22 fixes the following issues:
- Update to go1.22.11 (bsc#1218424)
- CVE-2024-45341: Properly check for IPv6 hosts in URIs (bsc#1236045)
- CVE-2024-45336: Persist header stripping across repeated redirects (bsc#1236046)
The following package changes have been done:
- go1.22-doc-1.22.11-150000.1.39.1 updated
- go1.22-1.22.11-150000.1.39.1 updated
- go1.22-race-1.22.11-150000.1.39.1 updated
From sle-container-updates at lists.suse.com Thu Jan 30 14:29:16 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 30 Jan 2025 15:29:16 +0100 (CET)
Subject: SUSE-CU-2025:501-1: Security update of bci/golang
Message-ID: <20250130142916.4E61CFBA0@maintenance.suse.de>
SUSE Container Update Advisory: bci/golang
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:501-1
Container Tags : bci/golang:1.23 , bci/golang:1.23.5 , bci/golang:1.23.5-1.48.13 , bci/golang:latest , bci/golang:stable , bci/golang:stable-1.48.13
Container Release : 48.13
Severity : important
Type : security
References : 1229122 1236045 1236046 CVE-2024-45336 CVE-2024-45341
-----------------------------------------------------------------
The container bci/golang was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:280-1
Released: Wed Jan 29 08:33:57 2025
Summary: Security update for go1.23
Type: security
Severity: important
References: 1229122,1236045,1236046,CVE-2024-45336,CVE-2024-45341
This update for go1.23 fixes the following issues:
- Update to go1.23.5 (bsc#1229122)
- CVE-2024-45341: Properly check for IPv6 hosts in URIs (bsc#1236045)
- CVE-2024-45336: Persist header stripping across repeated redirects (bsc#1236046)
The following package changes have been done:
- go1.23-doc-1.23.5-150000.1.18.1 updated
- go1.23-1.23.5-150000.1.18.1 updated
- go1.23-race-1.23.5-150000.1.18.1 updated
From sle-container-updates at lists.suse.com Thu Jan 30 14:29:41 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 30 Jan 2025 15:29:41 +0100 (CET)
Subject: SUSE-CU-2025:502-1: Security update of containers/apache-tomcat
Message-ID: <20250130142941.4DFA9FBA0@maintenance.suse.de>
SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:502-1
Container Tags : containers/apache-tomcat:10.1-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21 , containers/apache-tomcat:10.1.34-openjdk21-62.11
Container Release : 62.11
Severity : moderate
Type : security
References : 1236278 CVE-2025-21502
-----------------------------------------------------------------
The container containers/apache-tomcat was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:279-1
Released: Wed Jan 29 00:46:57 2025
Summary: Security update for java-21-openjdk
Type: security
Severity: moderate
References: 1236278,CVE-2025-21502
This update for java-21-openjdk fixes the following issues:
Upgrade to upstream tag jdk-21.0.6+7 (January 2025 CPU)
Security fixes:
- CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278)
Other changes:
- JDK-6942632: Hotspot should be able to use more than 64 logical processors on Windows
- JDK-8028127: Regtest java/security/Security/SynchronizedAccess.java is incorrect
- JDK-8195675: Call to insertText with single character from custom Input Method ignored
- JDK-8207908: JMXStatusTest.java fails assertion intermittently
- JDK-8225220: When the Tab Policy is checked,the scroll button direction displayed incorrectly.
- JDK-8240343: JDI stopListening/stoplis001 'FAILED: listening is successfully stopped without starting listening'
- JDK-8283214: [macos] Screen magnifier does not show the magnified text for JComboBox
- JDK-8296787: Unify debug printing format of X.509 cert serial numbers
- JDK-8296972: [macos13] java/awt/Frame/MaximizedToIconified/MaximizedToIconified.java: getExtendedState() != 6 as expected.
- JDK-8306446: java/lang/management/ThreadMXBean/Locks.java transient failures
- JDK-8308429: jvmti/StopThread/stopthrd007 failed with 'NoClassDefFoundError: Could not initialize class jdk.internal.misc.VirtualThreads'
- JDK-8309218: java/util/concurrent/locks/Lock/OOMEInAQS.java still times out with ZGC, Generational ZGC, and SerialGC
- JDK-8311301: MethodExitTest may fail with stack buffer overrun
- JDK-8311656: Shenandoah: Unused ShenandoahSATBAndRemarkThreadsClosure::_claim_token
- JDK-8312518: [macos13] setFullScreenWindow() shows black screen on macOS 13 & above
- JDK-8313374: --enable-ccache's CCACHE_BASEDIR breaks builds
- JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le
- JDK-8315701: [macos] Regression: KeyEvent has different keycode on different keyboard layouts
- JDK-8316428: G1: Nmethod count statistics only count last code root set iterated
- JDK-8316893: Compile without -fno-delete-null-pointer-checks
- JDK-8316895: SeenThread::print_action_queue called on a null pointer
- JDK-8316907: Fix nonnull-compare warnings
- JDK-8317116: Provide layouts for multiple test UI in PassFailJFrame
- JDK-8317575: AArch64: C2_MacroAssembler::fast_lock uses rscratch1 for cmpxchg result
- JDK-8318105: [jmh] the test java.security.HSS failed with 2 active threads
- JDK-8318442: java/net/httpclient/ManyRequests2.java fails intermittently on Linux
- JDK-8319640: ClassicFormat::parseObject (from DateTimeFormatter) does not conform to the javadoc and may leak DateTimeException
- JDK-8319673: Few security tests ignore VM flags
- JDK-8319678: Several tests from corelibs areas ignore VM flags
- JDK-8319960: RISC-V: compiler/intrinsics/TestInteger/LongUnsignedDivMod.java failed with 'counts: Graph contains wrong number of nodes'
- JDK-8319970: AArch64: enable tests compiler/intrinsics/Test(Long|Integer)UnsignedDivMod.java on aarch64
- JDK-8319973: AArch64: Save and restore FPCR in the call stub
- JDK-8320192: SHAKE256 does not work correctly if n >= 137
- JDK-8320397: RISC-V: Avoid passing t0 as temp register to MacroAssembler:: cmpxchg_obj_header/cmpxchgptr
- JDK-8320575: generic type information lost on mandated parameters of record's compact constructors
- JDK-8320586: update manual test/jdk/TEST.groups
- JDK-8320665: update jdk_core at open/test/jdk/TEST.groups
- JDK-8320673: PageFormat/CustomPaper.java has no Pass/Fail buttons; multiple instructions
- JDK-8320682: [AArch64] C1 compilation fails with 'Field too big for insn'
- JDK-8320892: AArch64: Restore FPU control state after JNI
- JDK-8321299: runtime/logging/ClassLoadUnloadTest.java doesn't reliably trigger class unloading
- JDK-8321470: ThreadLocal.nextHashCode can be static final
- JDK-8321474: TestAutoCreateSharedArchiveUpgrade.java should be updated with JDK 21
- JDK-8321543: Update NSS to version 3.96
- JDK-8321550: Update several runtime/cds tests to use vm flags or mark as flagless
- JDK-8321616: Retire binary test vectors in test/jdk/java/util/zip/ZipFile
- JDK-8321940: Improve CDSHeapVerifier in handling of interned strings
- JDK-8322166: Files.isReadable/isWritable/isExecutable expensive when file does not exist
- JDK-8322754: click JComboBox when dialog about to close causes IllegalComponentStateException
- JDK-8322809: SystemModulesMap::classNames and moduleNames arrays do not match the order
- JDK-8322830: Add test case for ZipFile opening a ZIP with no entries
- JDK-8323562: SaslInputStream.read() may return wrong value
- JDK-8323688: C2: Fix UB of jlong overflow in PhaseIdealLoop::is_counted_loop()
- JDK-8324841: PKCS11 tests still skip execution
- JDK-8324861: Exceptions::wrap_dynamic_exception() doesn't have ResourceMark
- JDK-8325038: runtime/cds/appcds/ProhibitedPackage.java can fail with UseLargePages
- JDK-8325399: Add tests for virtual threads doing Selector operations
- JDK-8325506: Ensure randomness is only read from provided SecureRandom object
- JDK-8325525: Create jtreg test case for JDK-8325203
- JDK-8325610: CTW: Add StressIncrementalInlining to stress options
- JDK-8325762: Use PassFailJFrame.Builder.splitUI() in PrintLatinCJKTest.java
- JDK-8325851: Hide PassFailJFrame.Builder constructor
- JDK-8325906: Problemlist vmTestbase/vm/mlvm/meth/stress/compiler/deoptimize/Test.java#id1 until JDK-8320865 is fixed
- JDK-8326100: DeflaterDictionaryTests should use Deflater.getBytesWritten instead of Deflater.getTotalOut
- JDK-8326121: vmTestbase/gc/g1/unloading/tests/unloading_keepRef_rootClass_inMemoryCompilation_keep_cl failed with Full gc happened. Test was useless.
- JDK-8326611: Clean up vmTestbase/nsk/stress/stack tests
- JDK-8326898: NSK tests should listen on loopback addresses only
- JDK-8327924: Simplify TrayIconScalingTest.java
- JDK-8328021: Convert applet test java/awt/List/SetFontTest/SetFontTest.html to main program
- JDK-8328242: Add a log area to the PassFailJFrame
- JDK-8328303: 3 JDI tests timed out with UT enabled
- JDK-8328379: Convert URLDragTest.html applet test to main
- JDK-8328402: Implement pausing functionality for the PassFailJFrame
- JDK-8328619: sun/management/jmxremote/bootstrap/SSLConfigFilePermissionTest.java failed with BindException: Address already in use
- JDK-8328665: serviceability/jvmti/vthread/PopFrameTest failed with a timeout
- JDK-8328723: IP Address error when client enables HTTPS endpoint check on server socket
- JDK-8329353: ResolvedReferencesNotNullTest.java failed with Incorrect resolved references array, quxString should not be archived
- JDK-8329533: TestCDSVMCrash fails on libgraal
- JDK-8330278: Have SSLSocketTemplate.doClientSide use loopback address
- JDK-8330621: Make 5 compiler tests use ProcessTools.executeProcess
- JDK-8331391: Enhance the keytool code by invoking the buildTrustedCerts method for essential options
- JDK-8331393: AArch64: u32 _partial_subtype_ctr loaded/stored as 64
- JDK-8331864: Update Public Suffix List to 1cbd6e7
- JDK-8332112: Update nsk.share.Log to don't print summary during VM shutdown hook
- JDK-8332340: Add JavacBench as a test case for CDS
- JDK-8332461: ubsan : dependencies.cpp:906:3: runtime error: load of value 4294967295, which is not a valid value for type 'DepType'
- JDK-8332724: x86 MacroAssembler may over-align code
- JDK-8332777: Update JCStress test suite
- JDK-8332866: Crash in ImageIO JPEG decoding when MEM_STATS in enabled
- JDK-8332901: Select{Current,New}ItemTest.java for Choice don't open popup on macOS
- JDK-8333098: ubsan: bytecodeInfo.cpp:318:59: runtime error: division by zero
- JDK-8333108: Update vmTestbase/nsk/share/DebugeeProcess.java to don't use finalization
- JDK-8333144: docker tests do not work when ubsan is configured
- JDK-8333235: vmTestbase/nsk/jdb/kill/kill001/kill001.java fails with C1
- JDK-8333248: VectorGatherMaskFoldingTest.java failed when maximum vector bits is 64
- JDK-8333317: Test sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java failed with: Invalid ECDH ServerKeyExchange signature
- JDK-8333427: langtools/tools/javac/newlines/NewLineTest.java is failing on Japanese Windows
- JDK-8333728: ubsan: shenandoahFreeSet.cpp:1347:24: runtime error: division by zero
- JDK-8333754: Add a Test against ECDSA and ECDH NIST Test vector
- JDK-8333824: Unused ClassValue in VarHandles
- JDK-8334057: JLinkReproducibleTest.java support receive test.tool.vm.opts
- JDK-8334405: java/nio/channels/Selector/SelectWithConsumer.java#id0 failed in testWakeupDuringSelect
- JDK-8334475: UnsafeIntrinsicsTest.java#ZGenerationalDebug assert(!assert_on_failure) failed: Has low-order bits set
- JDK-8334560: [PPC64]: postalloc_expand_java_dynamic_call_sched does not copy all fields
- JDK-8334562: Automate com/sun/security/auth/callback/TextCallbackHandler/Default.java test
- JDK-8334567: [test] runtime/os/TestTracePageSizes move ppc handling
- JDK-8334719: (se) Deferred close of SelectableChannel may result in a Selector doing the final close before concurrent I/O on channel has completed
- JDK-8335142: compiler/c1/TestTraceLinearScanLevel.java occasionally times out with -Xcomp
- JDK-8335172: Add manual steps to run security/auth/callback/TextCallbackHandler/Password.java test
- JDK-8335267: [XWayland] move screencast tokens from .awt to .java folder
- JDK-8335344: test/jdk/sun/security/tools/keytool/NssTest.java fails to compile
- JDK-8335428: Enhanced Building of Processes
- JDK-8335449: runtime/cds/DeterministicDump.java fails with File content different at byte ...
- JDK-8335530: Java file extension missing in AuthenticatorTest
- JDK-8335664: Parsing jsr broken: assert(bci>= 0 && bci < c->method()->code_size()) failed: index out of bounds
- JDK-8335709: C2: assert(!loop->is_member(get_loop(useblock))) failed: must be outside loop
- JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files
- JDK-8336240: Test com/sun/crypto/provider/Cipher/DES/PerformanceTest.java fails with java.lang.ArithmeticException
- JDK-8336257: Additional tests in jmxremote/startstop to match on PID not app name
- JDK-8336315: tools/jpackage/windows/WinChildProcessTest.java Failed: Check is calculator process is alive
- JDK-8336413: gtk headers : Fix typedef redeclaration of GMainContext and GdkPixbuf
- JDK-8336564: Enhance mask blit functionality redux
- JDK-8336640: Shenandoah: Parallel worker use in parallel_heap_region_iterate
- JDK-8336854: CAInterop.java#actalisauthenticationrootca conflicted with /manual and /timeout
- JDK-8336911: ZGC: Division by zero in heuristics after JDK-8332717
- JDK-8337066: Repeated call of StringBuffer.reverse with double byte string returns wrong result
- JDK-8337067: Test runtime/classFileParserBug/Bad_NCDFE_Msg.java won't compile
- JDK-8337320: Update ProblemList.txt with tests known to fail on XWayland
- JDK-8337331: crash: pinned virtual thread will lead to jvm crash when running with the javaagent option
- JDK-8337410: The makefiles should set problemlist and adjust timeout basing on the given VM flags
- JDK-8337780: RISC-V: C2: Change C calling convention for sp to NS
- JDK-8337810: ProblemList BasicDirectoryModel/LoaderThreadCount.java on Windows
- JDK-8337826: Improve logging in OCSPTimeout and SimpleOCSPResponder to help diagnose JDK-8309754
- JDK-8337851: Some tests have name which confuse jtreg
- JDK-8337876: [IR Framework] Add support for IR tests with @Stable
- JDK-8337966: (fs) Files.readAttributes fails with Operation not permitted on older docker releases
- JDK-8338058: map_or_reserve_memory_aligned Windows enhance remap assertion
- JDK-8338101: remove old remap assertion in map_or_reserve_memory_aligned after JDK-8338058
- JDK-8338109: java/awt/Mouse/EnterExitEvents/ResizingFrameTest.java duplicate in ProblemList
- JDK-8338110: Exclude Fingerprinter::do_type from ubsan checks
- JDK-8338112: Test testlibrary_tests/ir_framework/tests/TestPrivilegedMode.java fails with release build
- JDK-8338344: Test TestPrivilegedMode.java intermittent fails java.lang.NoClassDefFoundError: jdk/test/lib/Platform
- JDK-8338380: Update TLSCommon/interop/AbstractServer to specify an interface to listen for connections
- JDK-8338389: [JFR] Long strings should be added to the string pool
- JDK-8338402: GHA: some of bundles may not get removed
- JDK-8338449: ubsan: division by zero in sharedRuntimeTrans.cpp
- JDK-8338550: Do libubsan1 installation in test container only if requested
- JDK-8338748: [17u,21u] Test Disconnect.java compile error: cannot find symbol after JDK-8299813
- JDK-8338751: ConfigureNotify behavior has changed in KWin 6.2
- JDK-8338759: Add extra diagnostic to java/net/InetAddress/ptr/Lookup.java
- JDK-8338924: C1: assert(0 <= i && i < _len) failed: illegal index 5 for length 5
- JDK-8339080: Bump update version for OpenJDK: jdk-21.0.6
- JDK-8339180: Enhanced Building of Processes: Follow-on Issue
- JDK-8339248: RISC-V: Remove li64 macro assembler routine and related code
- JDK-8339384: Unintentional IOException in jdk.jdi module when JDWP end of stream occurs
- JDK-8339386: Assertion on AIX - original PC must be in the main code section of the compiled method
- JDK-8339416: [s390x] Provide implementation for resolve_global_jobject
- JDK-8339487: ProcessHandleImpl os_getChildren sysctl call - retry in case of ENOMEM and enhance exception message
- JDK-8339548: GHA: RISC-V: Use Debian snapshot archive for bootstrap
- JDK-8339560: Unaddressed comments during code review of JDK-8337664
- JDK-8339591: Mark jdk/jshell/ExceptionMessageTest.java intermittent
- JDK-8339637: (tz) Update Timezone Data to 2024b
- JDK-8339644: Improve parsing of Day/Month in tzdata rules
- JDK-8339648: ZGC: Division by zero in rule_major_allocation_rate
- JDK-8339725: Concurrent GC crashed due to GetMethodDeclaringClass
- JDK-8339731: java.desktop/share/classes/javax/swing/text/html/default.css typo in margin settings
- JDK-8339741: RISC-V: C ABI breakage for integer on stack
- JDK-8339787: Add some additional diagnostic output to java/net/ipv6tests/UdpTest.java
- JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files
- JDK-8339892: Several security shell tests don't set TESTJAVAOPTS
- JDK-8340007: Refactor KeyEvent/FunctionKeyTest.java
- JDK-8340008: KeyEvent/KeyTyped/Numpad1KeyTyped.java has 15 seconds timeout
- JDK-8340109: Ubsan: ciEnv.cpp:1660:65: runtime error: member call on null pointer of type 'struct CompileTask'
- JDK-8340210: Add positionTestUI() to PassFailJFrame.Builder
- JDK-8340214: C2 compilation asserts with 'no node with a side effect' in PhaseIdealLoop::try_sink_out_of_loop
- JDK-8340230: Tests crash: assert(is_in_encoding_range || k->is_interface() || k->is_abstract()) failed: sanity
- JDK-8340306: Add border around instructions in PassFailJFrame
- JDK-8340308: PassFailJFrame: Make rows default to number of lines in instructions
- JDK-8340365: Position the first window of a window list
- JDK-8340383: VM issues warning failure to find kernel32.dll on Windows nanoserver
- JDK-8340387: Update OS detection code to recognize Windows Server 2025
- JDK-8340398: [JVMCI] Unintuitive behavior of UseJVMCICompiler option
- JDK-8340418: GHA: MacOS AArch64 bundles can be removed prematurely
- JDK-8340461: Amend description for logArea
- JDK-8340466: Add description for PassFailJFrame constructors
- JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names
- JDK-8340590: RISC-V: C2: Small improvement to vector gather load and scatter store
- JDK-8340632: ProblemList java/nio/channels/DatagramChannel/ for Macos
- JDK-8340657: [PPC64] SA determines wrong unextendedSP
- JDK-8340684: Reading from an input stream backed by a closed ZipFile has no test coverage
- JDK-8340785: Update description of PassFailJFrame and samples
- JDK-8340799: Add border inside instruction frame in PassFailJFrame
- JDK-8340801: Disable ubsan checks in some awt/2d coding
- JDK-8340804: doc/building.md update Xcode instructions to note that full install is required
- JDK-8340812: LambdaForm customization via MethodHandle::updateForm is not thread safe
- JDK-8340815: Add SECURITY.md file
- JDK-8340899: Remove wildcard bound in PositionWindows.positionTestWindows
- JDK-8340923: The class LogSelection copies uninitialized memory
- JDK-8341024: [test] build/AbsPathsInImage.java fails with OOM when using ubsan-enabled binaries
- JDK-8341146: RISC-V: Unnecessary fences used for load-acquire in template interpreter
- JDK-8341235: Improve default instruction frame title in PassFailJFrame
- JDK-8341261: Tests assume UnlockExperimentalVMOptions is disabled by default
- JDK-8341562: RISC-V: Generate comments in -XX:+PrintInterpreter to link to source code
- JDK-8341688: Aarch64: Generate comments in -XX:+PrintInterpreter to link to source code
- JDK-8341722: Fix some warnings as errors when building on Linux with toolchain clang
- JDK-8341806: Gcc version detection failure on Alinux3
- JDK-8341927: Replace hardcoded security providers with new test.provider.name system property
- JDK-8341997: Tests create files in src tree instead of scratch dir
- JDK-8342014: RISC-V: ZStoreBarrierStubC2 clobbers rflags
- JDK-8342063: [21u][aix] Backport introduced redundant line in ProblemList
- JDK-8342181: Update tests to use stronger Key and Salt size
- JDK-8342183: Update tests to use stronger algorithms and keys
- JDK-8342188: Update tests to use stronger key parameters and certificates
- JDK-8342409: [s390x] C1 unwind_handler fails to unlock synchronized methods with LM_MONITOR
- JDK-8342496: C2/Shenandoah: SEGV in compiled code when running jcstress
- JDK-8342578: GHA: RISC-V: Bootstrap using Debian snapshot is still failing
- JDK-8342607: Enhance register printing on x86_64 platforms
- JDK-8342669: [21u] Fix TestArrayAllocatorMallocLimit after backport of JDK-8315097
- JDK-8342681: TestLoadBypassesNullCheck.java fails improperly specified VM option
- JDK-8342701: [PPC64] TestOSRLotsOfLocals.java crashes
- JDK-8342765: [21u] RTM tests assume UnlockExperimentalVMOptions is disabled by default
- JDK-8342823: Ubsan: ciEnv.cpp:1614:65: runtime error: member call on null pointer of type 'struct CompileTask'
- JDK-8342905: Thread.setContextClassloader from thread in FJP commonPool task no longer works after JDK-8327501 redux
- JDK-8342962: [s390x] TestOSRLotsOfLocals.java crashes
- JDK-8343285: java.lang.Process is unresponsive and CPU usage spikes to 100%
- JDK-8343474: [updates] Customize README.md to specifics of update project
- JDK-8343506: [s390x] multiple test failures with ubsan
- JDK-8343724: [PPC64] Disallow OptoScheduling
- JDK-8343848: Fix typo of property name in TestOAEPPadding after 8341927
- JDK-8343877: Test AsyncClose.java intermittent fails - Socket.getInputStream().read() wasn't preempted
- JDK-8343884: [s390x] Disallow OptoScheduling
- JDK-8343923: GHA: Switch to Xcode 15 on MacOS AArch64 runners
- JDK-8344164: [s390x] ProblemList hotspot/jtreg/runtime/NMT/VirtualAllocCommitMerge.java
- JDK-8344628: Test TestEnableJVMCIProduct.java run with virtual thread intermittent fails
- JDK-8344993: [21u] [REDO] Backport JDK-8327501 and JDK-8328366 to JDK 21
- JDK-8345055: [21u] ProblemList failing rtm tests on ppc platforms
- JDK-8347010: [21u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.6
The following package changes have been done:
- java-21-openjdk-headless-21.0.6.0-150600.3.9.1 updated
- java-21-openjdk-21.0.6.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Thu Jan 30 14:29:59 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Thu, 30 Jan 2025 15:29:59 +0100 (CET)
Subject: SUSE-CU-2025:503-1: Security update of containers/apache-tomcat
Message-ID: <20250130142959.CEF2FFBA0@maintenance.suse.de>
SUSE Container Update Advisory: containers/apache-tomcat
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:503-1
Container Tags : containers/apache-tomcat:9-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21 , containers/apache-tomcat:9.0.98-openjdk21-62.11
Container Release : 62.11
Severity : moderate
Type : security
References : 1236278 CVE-2025-21502
-----------------------------------------------------------------
The container containers/apache-tomcat was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:279-1
Released: Wed Jan 29 00:46:57 2025
Summary: Security update for java-21-openjdk
Type: security
Severity: moderate
References: 1236278,CVE-2025-21502
This update for java-21-openjdk fixes the following issues:
Upgrade to upstream tag jdk-21.0.6+7 (January 2025 CPU)
Security fixes:
- CVE-2025-21502: Enhance array handling (JDK-8330045, bsc#1236278)
Other changes:
- JDK-6942632: Hotspot should be able to use more than 64 logical processors on Windows
- JDK-8028127: Regtest java/security/Security/SynchronizedAccess.java is incorrect
- JDK-8195675: Call to insertText with single character from custom Input Method ignored
- JDK-8207908: JMXStatusTest.java fails assertion intermittently
- JDK-8225220: When the Tab Policy is checked,the scroll button direction displayed incorrectly.
- JDK-8240343: JDI stopListening/stoplis001 'FAILED: listening is successfully stopped without starting listening'
- JDK-8283214: [macos] Screen magnifier does not show the magnified text for JComboBox
- JDK-8296787: Unify debug printing format of X.509 cert serial numbers
- JDK-8296972: [macos13] java/awt/Frame/MaximizedToIconified/MaximizedToIconified.java: getExtendedState() != 6 as expected.
- JDK-8306446: java/lang/management/ThreadMXBean/Locks.java transient failures
- JDK-8308429: jvmti/StopThread/stopthrd007 failed with 'NoClassDefFoundError: Could not initialize class jdk.internal.misc.VirtualThreads'
- JDK-8309218: java/util/concurrent/locks/Lock/OOMEInAQS.java still times out with ZGC, Generational ZGC, and SerialGC
- JDK-8311301: MethodExitTest may fail with stack buffer overrun
- JDK-8311656: Shenandoah: Unused ShenandoahSATBAndRemarkThreadsClosure::_claim_token
- JDK-8312518: [macos13] setFullScreenWindow() shows black screen on macOS 13 & above
- JDK-8313374: --enable-ccache's CCACHE_BASEDIR breaks builds
- JDK-8313878: Exclude two compiler/rtm/locking tests on ppc64le
- JDK-8315701: [macos] Regression: KeyEvent has different keycode on different keyboard layouts
- JDK-8316428: G1: Nmethod count statistics only count last code root set iterated
- JDK-8316893: Compile without -fno-delete-null-pointer-checks
- JDK-8316895: SeenThread::print_action_queue called on a null pointer
- JDK-8316907: Fix nonnull-compare warnings
- JDK-8317116: Provide layouts for multiple test UI in PassFailJFrame
- JDK-8317575: AArch64: C2_MacroAssembler::fast_lock uses rscratch1 for cmpxchg result
- JDK-8318105: [jmh] the test java.security.HSS failed with 2 active threads
- JDK-8318442: java/net/httpclient/ManyRequests2.java fails intermittently on Linux
- JDK-8319640: ClassicFormat::parseObject (from DateTimeFormatter) does not conform to the javadoc and may leak DateTimeException
- JDK-8319673: Few security tests ignore VM flags
- JDK-8319678: Several tests from corelibs areas ignore VM flags
- JDK-8319960: RISC-V: compiler/intrinsics/TestInteger/LongUnsignedDivMod.java failed with 'counts: Graph contains wrong number of nodes'
- JDK-8319970: AArch64: enable tests compiler/intrinsics/Test(Long|Integer)UnsignedDivMod.java on aarch64
- JDK-8319973: AArch64: Save and restore FPCR in the call stub
- JDK-8320192: SHAKE256 does not work correctly if n >= 137
- JDK-8320397: RISC-V: Avoid passing t0 as temp register to MacroAssembler:: cmpxchg_obj_header/cmpxchgptr
- JDK-8320575: generic type information lost on mandated parameters of record's compact constructors
- JDK-8320586: update manual test/jdk/TEST.groups
- JDK-8320665: update jdk_core at open/test/jdk/TEST.groups
- JDK-8320673: PageFormat/CustomPaper.java has no Pass/Fail buttons; multiple instructions
- JDK-8320682: [AArch64] C1 compilation fails with 'Field too big for insn'
- JDK-8320892: AArch64: Restore FPU control state after JNI
- JDK-8321299: runtime/logging/ClassLoadUnloadTest.java doesn't reliably trigger class unloading
- JDK-8321470: ThreadLocal.nextHashCode can be static final
- JDK-8321474: TestAutoCreateSharedArchiveUpgrade.java should be updated with JDK 21
- JDK-8321543: Update NSS to version 3.96
- JDK-8321550: Update several runtime/cds tests to use vm flags or mark as flagless
- JDK-8321616: Retire binary test vectors in test/jdk/java/util/zip/ZipFile
- JDK-8321940: Improve CDSHeapVerifier in handling of interned strings
- JDK-8322166: Files.isReadable/isWritable/isExecutable expensive when file does not exist
- JDK-8322754: click JComboBox when dialog about to close causes IllegalComponentStateException
- JDK-8322809: SystemModulesMap::classNames and moduleNames arrays do not match the order
- JDK-8322830: Add test case for ZipFile opening a ZIP with no entries
- JDK-8323562: SaslInputStream.read() may return wrong value
- JDK-8323688: C2: Fix UB of jlong overflow in PhaseIdealLoop::is_counted_loop()
- JDK-8324841: PKCS11 tests still skip execution
- JDK-8324861: Exceptions::wrap_dynamic_exception() doesn't have ResourceMark
- JDK-8325038: runtime/cds/appcds/ProhibitedPackage.java can fail with UseLargePages
- JDK-8325399: Add tests for virtual threads doing Selector operations
- JDK-8325506: Ensure randomness is only read from provided SecureRandom object
- JDK-8325525: Create jtreg test case for JDK-8325203
- JDK-8325610: CTW: Add StressIncrementalInlining to stress options
- JDK-8325762: Use PassFailJFrame.Builder.splitUI() in PrintLatinCJKTest.java
- JDK-8325851: Hide PassFailJFrame.Builder constructor
- JDK-8325906: Problemlist vmTestbase/vm/mlvm/meth/stress/compiler/deoptimize/Test.java#id1 until JDK-8320865 is fixed
- JDK-8326100: DeflaterDictionaryTests should use Deflater.getBytesWritten instead of Deflater.getTotalOut
- JDK-8326121: vmTestbase/gc/g1/unloading/tests/unloading_keepRef_rootClass_inMemoryCompilation_keep_cl failed with Full gc happened. Test was useless.
- JDK-8326611: Clean up vmTestbase/nsk/stress/stack tests
- JDK-8326898: NSK tests should listen on loopback addresses only
- JDK-8327924: Simplify TrayIconScalingTest.java
- JDK-8328021: Convert applet test java/awt/List/SetFontTest/SetFontTest.html to main program
- JDK-8328242: Add a log area to the PassFailJFrame
- JDK-8328303: 3 JDI tests timed out with UT enabled
- JDK-8328379: Convert URLDragTest.html applet test to main
- JDK-8328402: Implement pausing functionality for the PassFailJFrame
- JDK-8328619: sun/management/jmxremote/bootstrap/SSLConfigFilePermissionTest.java failed with BindException: Address already in use
- JDK-8328665: serviceability/jvmti/vthread/PopFrameTest failed with a timeout
- JDK-8328723: IP Address error when client enables HTTPS endpoint check on server socket
- JDK-8329353: ResolvedReferencesNotNullTest.java failed with Incorrect resolved references array, quxString should not be archived
- JDK-8329533: TestCDSVMCrash fails on libgraal
- JDK-8330278: Have SSLSocketTemplate.doClientSide use loopback address
- JDK-8330621: Make 5 compiler tests use ProcessTools.executeProcess
- JDK-8331391: Enhance the keytool code by invoking the buildTrustedCerts method for essential options
- JDK-8331393: AArch64: u32 _partial_subtype_ctr loaded/stored as 64
- JDK-8331864: Update Public Suffix List to 1cbd6e7
- JDK-8332112: Update nsk.share.Log to don't print summary during VM shutdown hook
- JDK-8332340: Add JavacBench as a test case for CDS
- JDK-8332461: ubsan : dependencies.cpp:906:3: runtime error: load of value 4294967295, which is not a valid value for type 'DepType'
- JDK-8332724: x86 MacroAssembler may over-align code
- JDK-8332777: Update JCStress test suite
- JDK-8332866: Crash in ImageIO JPEG decoding when MEM_STATS in enabled
- JDK-8332901: Select{Current,New}ItemTest.java for Choice don't open popup on macOS
- JDK-8333098: ubsan: bytecodeInfo.cpp:318:59: runtime error: division by zero
- JDK-8333108: Update vmTestbase/nsk/share/DebugeeProcess.java to don't use finalization
- JDK-8333144: docker tests do not work when ubsan is configured
- JDK-8333235: vmTestbase/nsk/jdb/kill/kill001/kill001.java fails with C1
- JDK-8333248: VectorGatherMaskFoldingTest.java failed when maximum vector bits is 64
- JDK-8333317: Test sun/security/pkcs11/sslecc/ClientJSSEServerJSSE.java failed with: Invalid ECDH ServerKeyExchange signature
- JDK-8333427: langtools/tools/javac/newlines/NewLineTest.java is failing on Japanese Windows
- JDK-8333728: ubsan: shenandoahFreeSet.cpp:1347:24: runtime error: division by zero
- JDK-8333754: Add a Test against ECDSA and ECDH NIST Test vector
- JDK-8333824: Unused ClassValue in VarHandles
- JDK-8334057: JLinkReproducibleTest.java support receive test.tool.vm.opts
- JDK-8334405: java/nio/channels/Selector/SelectWithConsumer.java#id0 failed in testWakeupDuringSelect
- JDK-8334475: UnsafeIntrinsicsTest.java#ZGenerationalDebug assert(!assert_on_failure) failed: Has low-order bits set
- JDK-8334560: [PPC64]: postalloc_expand_java_dynamic_call_sched does not copy all fields
- JDK-8334562: Automate com/sun/security/auth/callback/TextCallbackHandler/Default.java test
- JDK-8334567: [test] runtime/os/TestTracePageSizes move ppc handling
- JDK-8334719: (se) Deferred close of SelectableChannel may result in a Selector doing the final close before concurrent I/O on channel has completed
- JDK-8335142: compiler/c1/TestTraceLinearScanLevel.java occasionally times out with -Xcomp
- JDK-8335172: Add manual steps to run security/auth/callback/TextCallbackHandler/Password.java test
- JDK-8335267: [XWayland] move screencast tokens from .awt to .java folder
- JDK-8335344: test/jdk/sun/security/tools/keytool/NssTest.java fails to compile
- JDK-8335428: Enhanced Building of Processes
- JDK-8335449: runtime/cds/DeterministicDump.java fails with File content different at byte ...
- JDK-8335530: Java file extension missing in AuthenticatorTest
- JDK-8335664: Parsing jsr broken: assert(bci>= 0 && bci < c->method()->code_size()) failed: index out of bounds
- JDK-8335709: C2: assert(!loop->is_member(get_loop(useblock))) failed: must be outside loop
- JDK-8335912, JDK-8337499: Add an operation mode to the jar command when extracting to not overwriting existing files
- JDK-8336240: Test com/sun/crypto/provider/Cipher/DES/PerformanceTest.java fails with java.lang.ArithmeticException
- JDK-8336257: Additional tests in jmxremote/startstop to match on PID not app name
- JDK-8336315: tools/jpackage/windows/WinChildProcessTest.java Failed: Check is calculator process is alive
- JDK-8336413: gtk headers : Fix typedef redeclaration of GMainContext and GdkPixbuf
- JDK-8336564: Enhance mask blit functionality redux
- JDK-8336640: Shenandoah: Parallel worker use in parallel_heap_region_iterate
- JDK-8336854: CAInterop.java#actalisauthenticationrootca conflicted with /manual and /timeout
- JDK-8336911: ZGC: Division by zero in heuristics after JDK-8332717
- JDK-8337066: Repeated call of StringBuffer.reverse with double byte string returns wrong result
- JDK-8337067: Test runtime/classFileParserBug/Bad_NCDFE_Msg.java won't compile
- JDK-8337320: Update ProblemList.txt with tests known to fail on XWayland
- JDK-8337331: crash: pinned virtual thread will lead to jvm crash when running with the javaagent option
- JDK-8337410: The makefiles should set problemlist and adjust timeout basing on the given VM flags
- JDK-8337780: RISC-V: C2: Change C calling convention for sp to NS
- JDK-8337810: ProblemList BasicDirectoryModel/LoaderThreadCount.java on Windows
- JDK-8337826: Improve logging in OCSPTimeout and SimpleOCSPResponder to help diagnose JDK-8309754
- JDK-8337851: Some tests have name which confuse jtreg
- JDK-8337876: [IR Framework] Add support for IR tests with @Stable
- JDK-8337966: (fs) Files.readAttributes fails with Operation not permitted on older docker releases
- JDK-8338058: map_or_reserve_memory_aligned Windows enhance remap assertion
- JDK-8338101: remove old remap assertion in map_or_reserve_memory_aligned after JDK-8338058
- JDK-8338109: java/awt/Mouse/EnterExitEvents/ResizingFrameTest.java duplicate in ProblemList
- JDK-8338110: Exclude Fingerprinter::do_type from ubsan checks
- JDK-8338112: Test testlibrary_tests/ir_framework/tests/TestPrivilegedMode.java fails with release build
- JDK-8338344: Test TestPrivilegedMode.java intermittent fails java.lang.NoClassDefFoundError: jdk/test/lib/Platform
- JDK-8338380: Update TLSCommon/interop/AbstractServer to specify an interface to listen for connections
- JDK-8338389: [JFR] Long strings should be added to the string pool
- JDK-8338402: GHA: some of bundles may not get removed
- JDK-8338449: ubsan: division by zero in sharedRuntimeTrans.cpp
- JDK-8338550: Do libubsan1 installation in test container only if requested
- JDK-8338748: [17u,21u] Test Disconnect.java compile error: cannot find symbol after JDK-8299813
- JDK-8338751: ConfigureNotify behavior has changed in KWin 6.2
- JDK-8338759: Add extra diagnostic to java/net/InetAddress/ptr/Lookup.java
- JDK-8338924: C1: assert(0 <= i && i < _len) failed: illegal index 5 for length 5
- JDK-8339080: Bump update version for OpenJDK: jdk-21.0.6
- JDK-8339180: Enhanced Building of Processes: Follow-on Issue
- JDK-8339248: RISC-V: Remove li64 macro assembler routine and related code
- JDK-8339384: Unintentional IOException in jdk.jdi module when JDWP end of stream occurs
- JDK-8339386: Assertion on AIX - original PC must be in the main code section of the compiled method
- JDK-8339416: [s390x] Provide implementation for resolve_global_jobject
- JDK-8339487: ProcessHandleImpl os_getChildren sysctl call - retry in case of ENOMEM and enhance exception message
- JDK-8339548: GHA: RISC-V: Use Debian snapshot archive for bootstrap
- JDK-8339560: Unaddressed comments during code review of JDK-8337664
- JDK-8339591: Mark jdk/jshell/ExceptionMessageTest.java intermittent
- JDK-8339637: (tz) Update Timezone Data to 2024b
- JDK-8339644: Improve parsing of Day/Month in tzdata rules
- JDK-8339648: ZGC: Division by zero in rule_major_allocation_rate
- JDK-8339725: Concurrent GC crashed due to GetMethodDeclaringClass
- JDK-8339731: java.desktop/share/classes/javax/swing/text/html/default.css typo in margin settings
- JDK-8339741: RISC-V: C ABI breakage for integer on stack
- JDK-8339787: Add some additional diagnostic output to java/net/ipv6tests/UdpTest.java
- JDK-8339803: Acknowledge case insensitive unambiguous keywords in tzdata files
- JDK-8339892: Several security shell tests don't set TESTJAVAOPTS
- JDK-8340007: Refactor KeyEvent/FunctionKeyTest.java
- JDK-8340008: KeyEvent/KeyTyped/Numpad1KeyTyped.java has 15 seconds timeout
- JDK-8340109: Ubsan: ciEnv.cpp:1660:65: runtime error: member call on null pointer of type 'struct CompileTask'
- JDK-8340210: Add positionTestUI() to PassFailJFrame.Builder
- JDK-8340214: C2 compilation asserts with 'no node with a side effect' in PhaseIdealLoop::try_sink_out_of_loop
- JDK-8340230: Tests crash: assert(is_in_encoding_range || k->is_interface() || k->is_abstract()) failed: sanity
- JDK-8340306: Add border around instructions in PassFailJFrame
- JDK-8340308: PassFailJFrame: Make rows default to number of lines in instructions
- JDK-8340365: Position the first window of a window list
- JDK-8340383: VM issues warning failure to find kernel32.dll on Windows nanoserver
- JDK-8340387: Update OS detection code to recognize Windows Server 2025
- JDK-8340398: [JVMCI] Unintuitive behavior of UseJVMCICompiler option
- JDK-8340418: GHA: MacOS AArch64 bundles can be removed prematurely
- JDK-8340461: Amend description for logArea
- JDK-8340466: Add description for PassFailJFrame constructors
- JDK-8340552: Harden TzdbZoneRulesCompiler against missing zone names
- JDK-8340590: RISC-V: C2: Small improvement to vector gather load and scatter store
- JDK-8340632: ProblemList java/nio/channels/DatagramChannel/ for Macos
- JDK-8340657: [PPC64] SA determines wrong unextendedSP
- JDK-8340684: Reading from an input stream backed by a closed ZipFile has no test coverage
- JDK-8340785: Update description of PassFailJFrame and samples
- JDK-8340799: Add border inside instruction frame in PassFailJFrame
- JDK-8340801: Disable ubsan checks in some awt/2d coding
- JDK-8340804: doc/building.md update Xcode instructions to note that full install is required
- JDK-8340812: LambdaForm customization via MethodHandle::updateForm is not thread safe
- JDK-8340815: Add SECURITY.md file
- JDK-8340899: Remove wildcard bound in PositionWindows.positionTestWindows
- JDK-8340923: The class LogSelection copies uninitialized memory
- JDK-8341024: [test] build/AbsPathsInImage.java fails with OOM when using ubsan-enabled binaries
- JDK-8341146: RISC-V: Unnecessary fences used for load-acquire in template interpreter
- JDK-8341235: Improve default instruction frame title in PassFailJFrame
- JDK-8341261: Tests assume UnlockExperimentalVMOptions is disabled by default
- JDK-8341562: RISC-V: Generate comments in -XX:+PrintInterpreter to link to source code
- JDK-8341688: Aarch64: Generate comments in -XX:+PrintInterpreter to link to source code
- JDK-8341722: Fix some warnings as errors when building on Linux with toolchain clang
- JDK-8341806: Gcc version detection failure on Alinux3
- JDK-8341927: Replace hardcoded security providers with new test.provider.name system property
- JDK-8341997: Tests create files in src tree instead of scratch dir
- JDK-8342014: RISC-V: ZStoreBarrierStubC2 clobbers rflags
- JDK-8342063: [21u][aix] Backport introduced redundant line in ProblemList
- JDK-8342181: Update tests to use stronger Key and Salt size
- JDK-8342183: Update tests to use stronger algorithms and keys
- JDK-8342188: Update tests to use stronger key parameters and certificates
- JDK-8342409: [s390x] C1 unwind_handler fails to unlock synchronized methods with LM_MONITOR
- JDK-8342496: C2/Shenandoah: SEGV in compiled code when running jcstress
- JDK-8342578: GHA: RISC-V: Bootstrap using Debian snapshot is still failing
- JDK-8342607: Enhance register printing on x86_64 platforms
- JDK-8342669: [21u] Fix TestArrayAllocatorMallocLimit after backport of JDK-8315097
- JDK-8342681: TestLoadBypassesNullCheck.java fails improperly specified VM option
- JDK-8342701: [PPC64] TestOSRLotsOfLocals.java crashes
- JDK-8342765: [21u] RTM tests assume UnlockExperimentalVMOptions is disabled by default
- JDK-8342823: Ubsan: ciEnv.cpp:1614:65: runtime error: member call on null pointer of type 'struct CompileTask'
- JDK-8342905: Thread.setContextClassloader from thread in FJP commonPool task no longer works after JDK-8327501 redux
- JDK-8342962: [s390x] TestOSRLotsOfLocals.java crashes
- JDK-8343285: java.lang.Process is unresponsive and CPU usage spikes to 100%
- JDK-8343474: [updates] Customize README.md to specifics of update project
- JDK-8343506: [s390x] multiple test failures with ubsan
- JDK-8343724: [PPC64] Disallow OptoScheduling
- JDK-8343848: Fix typo of property name in TestOAEPPadding after 8341927
- JDK-8343877: Test AsyncClose.java intermittent fails - Socket.getInputStream().read() wasn't preempted
- JDK-8343884: [s390x] Disallow OptoScheduling
- JDK-8343923: GHA: Switch to Xcode 15 on MacOS AArch64 runners
- JDK-8344164: [s390x] ProblemList hotspot/jtreg/runtime/NMT/VirtualAllocCommitMerge.java
- JDK-8344628: Test TestEnableJVMCIProduct.java run with virtual thread intermittent fails
- JDK-8344993: [21u] [REDO] Backport JDK-8327501 and JDK-8328366 to JDK 21
- JDK-8345055: [21u] ProblemList failing rtm tests on ppc platforms
- JDK-8347010: [21u] Remove designator DEFAULT_PROMOTED_VERSION_PRE=ea for release 21.0.6
The following package changes have been done:
- java-21-openjdk-headless-21.0.6.0-150600.3.9.1 updated
- java-21-openjdk-21.0.6.0-150600.3.9.1 updated
From sle-container-updates at lists.suse.com Fri Jan 31 08:03:30 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 31 Jan 2025 09:03:30 +0100 (CET)
Subject: SUSE-IU-2025:417-1: Security update of suse/sle-micro/base-5.5
Message-ID: <20250131080330.3B012F78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sle-micro/base-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:417-1
Image Tags : suse/sle-micro/base-5.5:2.0.4 , suse/sle-micro/base-5.5:2.0.4-5.8.136 , suse/sle-micro/base-5.5:latest
Image Release : 5.8.136
Severity : moderate
Type : security
References : 1236619 CVE-2025-24528
-----------------------------------------------------------------
The container suse/sle-micro/base-5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:304-1
Released: Thu Jan 30 15:52:19 2025
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1236619,CVE-2025-24528
This update for krb5 fixes the following issues:
- CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).
The following package changes have been done:
- krb5-1.20.1-150500.3.12.1 updated
From sle-container-updates at lists.suse.com Fri Jan 31 08:03:56 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 31 Jan 2025 09:03:56 +0100 (CET)
Subject: SUSE-IU-2025:418-1: Security update of suse/sle-micro/kvm-5.5
Message-ID: <20250131080356.44395F78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sle-micro/kvm-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:418-1
Image Tags : suse/sle-micro/kvm-5.5:2.0.4 , suse/sle-micro/kvm-5.5:2.0.4-3.5.260 , suse/sle-micro/kvm-5.5:latest
Image Release : 3.5.260
Severity : moderate
Type : security
References : 1236619 CVE-2025-24528
-----------------------------------------------------------------
The container suse/sle-micro/kvm-5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:304-1
Released: Thu Jan 30 15:52:19 2025
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1236619,CVE-2025-24528
This update for krb5 fixes the following issues:
- CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).
The following package changes have been done:
- krb5-1.20.1-150500.3.12.1 updated
- container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.136 updated
From sle-container-updates at lists.suse.com Fri Jan 31 08:04:36 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 31 Jan 2025 09:04:36 +0100 (CET)
Subject: SUSE-IU-2025:419-1: Security update of suse/sle-micro/rt-5.5
Message-ID: <20250131080436.474C9F78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sle-micro/rt-5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:419-1
Image Tags : suse/sle-micro/rt-5.5:2.0.4 , suse/sle-micro/rt-5.5:2.0.4-4.5.297 , suse/sle-micro/rt-5.5:latest
Image Release : 4.5.297
Severity : moderate
Type : security
References : 1236619 CVE-2025-24528
-----------------------------------------------------------------
The container suse/sle-micro/rt-5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:304-1
Released: Thu Jan 30 15:52:19 2025
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1236619,CVE-2025-24528
This update for krb5 fixes the following issues:
- CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).
The following package changes have been done:
- krb5-1.20.1-150500.3.12.1 updated
- container:suse-sle-micro-5.5-latest-2.0.4-5.5.227 updated
From sle-container-updates at lists.suse.com Fri Jan 31 08:05:24 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 31 Jan 2025 09:05:24 +0100 (CET)
Subject: SUSE-IU-2025:420-1: Security update of suse/sle-micro/5.5
Message-ID: <20250131080524.52FADF78D@maintenance.suse.de>
SUSE Image Update Advisory: suse/sle-micro/5.5
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:420-1
Image Tags : suse/sle-micro/5.5:2.0.4 , suse/sle-micro/5.5:2.0.4-5.5.227 , suse/sle-micro/5.5:latest
Image Release : 5.5.227
Severity : moderate
Type : security
References : 1236619 CVE-2025-24528
-----------------------------------------------------------------
The container suse/sle-micro/5.5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:304-1
Released: Thu Jan 30 15:52:19 2025
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1236619,CVE-2025-24528
This update for krb5 fixes the following issues:
- CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).
The following package changes have been done:
- krb5-1.20.1-150500.3.12.1 updated
- container:suse-sle-micro-base-5.5-latest-2.0.4-5.8.136 updated
From sle-container-updates at lists.suse.com Fri Jan 31 08:06:41 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 31 Jan 2025 09:06:41 +0100 (CET)
Subject: SUSE-CU-2025:509-1: Security update of suse/ltss/sle12.5/sles12sp5
Message-ID: <20250131080641.76B20F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/ltss/sle12.5/sles12sp5
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:509-1
Container Tags : suse/ltss/sle12.5/sles12sp5:8.5.40 , suse/ltss/sle12.5/sles12sp5:latest
Container Release : 8.5.40
Severity : important
Type : security
References : 1236460 CVE-2022-49043
-----------------------------------------------------------------
The container suse/ltss/sle12.5/sles12sp5 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:300-1
Released: Thu Jan 30 15:49:47 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1236460,CVE-2022-49043
This update for libxml2 fixes the following issues:
- CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)
The following package changes have been done:
- libxml2-2-2.9.4-46.78.1 updated
From sle-container-updates at lists.suse.com Fri Jan 31 08:07:23 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 31 Jan 2025 09:07:23 +0100 (CET)
Subject: SUSE-CU-2025:510-1: Recommended update of suse/ltss/sle15.3/sle15
Message-ID: <20250131080723.B6AE9F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/ltss/sle15.3/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:510-1
Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.32 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.32 , suse/ltss/sle15.3/sle15:latest
Container Release : 2.32
Severity : moderate
Type : recommended
References : 1216091 1229106 1232458 1234752 1235636
-----------------------------------------------------------------
The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:293-1
Released: Thu Jan 30 09:49:05 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1216091,1229106,1232458,1234752,1235636
This update for libzypp, zypper fixes the following issues:
- Create '.keep_packages' in the package cache directory to enforce
keeping downloaded packages of all repos cached there (bsc#1232458)
- Fix missing UID checks in repository manager workflow
- Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp
- Fix 'zypper ps' when running in Incus container (bsc#1229106)
Should apply to lxc and lxd containers as well.
- Re-enable 'rpm --runposttrans' usage for chrooted systems
(bsc#1216091)
- lr: show the repositories keep-packages flag (bsc#1232458)
- It is shown in the details view or by using -k,--keep-packages.
- In addition libyzpp supports to enforce keeping downloaded
packages of all repos within a package cache by creating a
'.keep_packages' file there.
- Try to refresh update repos first to have updated GPG keys on
the fly (bsc#1234752)
- An update repo may contain a prolonged GPG key for the GA repo.
- Refreshing the update repo first updates a trusted key on the fly
and avoids a 'key has expired' warning being issued when
refreshing the GA repo.
- Refresh: restore legacy behavior and suppress Exception
reporting as non-root (bsc#1235636)
The following package changes have been done:
- libzypp-17.35.19-150200.144.1 updated
- zypper-1.14.81-150200.102.1 updated
From sle-container-updates at lists.suse.com Fri Jan 31 08:07:24 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 31 Jan 2025 09:07:24 +0100 (CET)
Subject: SUSE-CU-2025:511-1: Security update of suse/ltss/sle15.3/sle15
Message-ID: <20250131080724.B712EF78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/ltss/sle15.3/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:511-1
Container Tags : suse/ltss/sle15.3/bci-base:15.3 , suse/ltss/sle15.3/bci-base:15.3.2.33 , suse/ltss/sle15.3/bci-base:latest , suse/ltss/sle15.3/sle15:15.3 , suse/ltss/sle15.3/sle15:15.3.2.33 , suse/ltss/sle15.3/sle15:latest
Container Release : 2.33
Severity : important
Type : security
References : 1236460 CVE-2022-49043
-----------------------------------------------------------------
The container suse/ltss/sle15.3/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:303-1
Released: Thu Jan 30 15:50:59 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1236460,CVE-2022-49043
This update for libxml2 fixes the following issues:
- CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)
The following package changes have been done:
- libxml2-2-2.9.7-150000.3.73.1 updated
From sle-container-updates at lists.suse.com Fri Jan 31 08:10:36 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 31 Jan 2025 09:10:36 +0100 (CET)
Subject: SUSE-CU-2025:512-1: Security update of suse/ltss/sle15.5/sle15
Message-ID: <20250131081036.75324F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/ltss/sle15.5/sle15
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:512-1
Container Tags : suse/ltss/sle15.5/bci-base:15.5 , suse/ltss/sle15.5/bci-base:15.5-4.5 , suse/ltss/sle15.5/sle15:15.5 , suse/ltss/sle15.5/sle15:15.5-4.5 , suse/ltss/sle15.5/sle15:latest
Container Release : 4.5
Severity : moderate
Type : security
References : 1236619 CVE-2025-24528
-----------------------------------------------------------------
The container suse/ltss/sle15.5/sle15 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:304-1
Released: Thu Jan 30 15:52:19 2025
Summary: Security update for krb5
Type: security
Severity: moderate
References: 1236619,CVE-2025-24528
This update for krb5 fixes the following issues:
- CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619).
The following package changes have been done:
- krb5-1.20.1-150500.3.12.1 updated
From sle-container-updates at lists.suse.com Fri Jan 31 08:11:49 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 31 Jan 2025 09:11:49 +0100 (CET)
Subject: SUSE-CU-2025:514-1: Recommended update of bci/kiwi
Message-ID: <20250131081149.98BDCF78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/kiwi
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:514-1
Container Tags : bci/kiwi:9 , bci/kiwi:9.24 , bci/kiwi:9.24.43 , bci/kiwi:9.24.43-20.18 , bci/kiwi:latest
Container Release : 20.18
Severity : moderate
Type : recommended
References : 1221812 1228079 1230978 1231166 1232283 1232728 1233530
-----------------------------------------------------------------
The container bci/kiwi was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:307-1
Released: Fri Jan 31 05:51:12 2025
Summary: Recommended update for qemu
Type: recommended
Severity: moderate
References: 1221812,1228079,1230978,1231166,1232283,1232728,1233530
This update for qemu fixes the following issues:
- qemu was updated to version to 8.2.8:
* QEMU 8.2.8 is primarily a bug fix release.
Areas being fixed include filesystems, plugins, Docker, networking, audio, interrupt controllers, NVMe, KVM,
Linux user emulation, migration, CPU emulation (ARM, x86, PowerPC, RISC-V, m68k), code generation (TCG) and testing
infrastructure.
* Full changelog is available here:
https://lore.kernel.org/qemu-devel/1b7d3242-abe9-408a-bd77-85162e0d0de4 at tls.msk.ru/
- Highlighted bugs fixed:
* CPU: Exposed IBPB-BRTYPE and SBPB CPUID bits for x86 guests (bsc#1228079)
* Translation: Fixed missing QEMU translation installation (bsc#1231166)
* SCSI: Corrected internal CDB length for MegaSAS controller (bsc#1233530)
* Block: Improved qcow2 invalidation handling by moving the query-block operation
blocker (bsc#1221812, bsc#1232283, bsc#1230978)
* Audio: Fixed a memory leak during the HDA audio setup (bsc#1232728)
The following package changes have been done:
- qemu-pr-helper-8.2.8-150600.3.25.1 updated
- qemu-img-8.2.8-150600.3.25.1 updated
- qemu-tools-8.2.8-150600.3.25.1 updated
From sle-container-updates at lists.suse.com Fri Jan 31 08:14:17 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 31 Jan 2025 09:14:17 +0100 (CET)
Subject: SUSE-CU-2025:515-1: Recommended update of suse/sle-micro/5.1/toolbox
Message-ID: <20250131081417.B241CF78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:515-1
Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.68 , suse/sle-micro/5.1/toolbox:latest
Container Release : 3.13.68
Severity : moderate
Type : recommended
References : 1216091 1229106 1232458 1234752 1235636
-----------------------------------------------------------------
The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:293-1
Released: Thu Jan 30 09:49:05 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1216091,1229106,1232458,1234752,1235636
This update for libzypp, zypper fixes the following issues:
- Create '.keep_packages' in the package cache directory to enforce
keeping downloaded packages of all repos cached there (bsc#1232458)
- Fix missing UID checks in repository manager workflow
- Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp
- Fix 'zypper ps' when running in Incus container (bsc#1229106)
Should apply to lxc and lxd containers as well.
- Re-enable 'rpm --runposttrans' usage for chrooted systems
(bsc#1216091)
- lr: show the repositories keep-packages flag (bsc#1232458)
- It is shown in the details view or by using -k,--keep-packages.
- In addition libyzpp supports to enforce keeping downloaded
packages of all repos within a package cache by creating a
'.keep_packages' file there.
- Try to refresh update repos first to have updated GPG keys on
the fly (bsc#1234752)
- An update repo may contain a prolonged GPG key for the GA repo.
- Refreshing the update repo first updates a trusted key on the fly
and avoids a 'key has expired' warning being issued when
refreshing the GA repo.
- Refresh: restore legacy behavior and suppress Exception
reporting as non-root (bsc#1235636)
The following package changes have been done:
- libzypp-17.35.19-150200.144.1 updated
- zypper-1.14.81-150200.102.1 updated
From sle-container-updates at lists.suse.com Fri Jan 31 08:14:18 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 31 Jan 2025 09:14:18 +0100 (CET)
Subject: SUSE-CU-2025:516-1: Security update of suse/sle-micro/5.1/toolbox
Message-ID: <20250131081418.94FB4F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle-micro/5.1/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:516-1
Container Tags : suse/sle-micro/5.1/toolbox:14.2 , suse/sle-micro/5.1/toolbox:14.2-3.13.69 , suse/sle-micro/5.1/toolbox:latest
Container Release : 3.13.69
Severity : important
Type : security
References : 1236460 CVE-2022-49043
-----------------------------------------------------------------
The container suse/sle-micro/5.1/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:303-1
Released: Thu Jan 30 15:50:59 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1236460,CVE-2022-49043
This update for libxml2 fixes the following issues:
- CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)
The following package changes have been done:
- libxml2-2-2.9.7-150000.3.73.1 updated
From sle-container-updates at lists.suse.com Fri Jan 31 08:19:30 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 31 Jan 2025 09:19:30 +0100 (CET)
Subject: SUSE-CU-2025:518-1: Recommended update of suse/sle-micro/5.2/toolbox
Message-ID: <20250131081930.593C1F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:518-1
Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.70 , suse/sle-micro/5.2/toolbox:latest
Container Release : 7.11.70
Severity : moderate
Type : recommended
References : 1216091 1229106 1232458 1234752 1235636
-----------------------------------------------------------------
The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:293-1
Released: Thu Jan 30 09:49:05 2025
Summary: Recommended update for libzypp, zypper
Type: recommended
Severity: moderate
References: 1216091,1229106,1232458,1234752,1235636
This update for libzypp, zypper fixes the following issues:
- Create '.keep_packages' in the package cache directory to enforce
keeping downloaded packages of all repos cached there (bsc#1232458)
- Fix missing UID checks in repository manager workflow
- Move cmake config files to LIB_INSTALL_DIR/cmake/Zypp
- Fix 'zypper ps' when running in Incus container (bsc#1229106)
Should apply to lxc and lxd containers as well.
- Re-enable 'rpm --runposttrans' usage for chrooted systems
(bsc#1216091)
- lr: show the repositories keep-packages flag (bsc#1232458)
- It is shown in the details view or by using -k,--keep-packages.
- In addition libyzpp supports to enforce keeping downloaded
packages of all repos within a package cache by creating a
'.keep_packages' file there.
- Try to refresh update repos first to have updated GPG keys on
the fly (bsc#1234752)
- An update repo may contain a prolonged GPG key for the GA repo.
- Refreshing the update repo first updates a trusted key on the fly
and avoids a 'key has expired' warning being issued when
refreshing the GA repo.
- Refresh: restore legacy behavior and suppress Exception
reporting as non-root (bsc#1235636)
The following package changes have been done:
- libzypp-17.35.19-150200.144.1 updated
- zypper-1.14.81-150200.102.1 updated
From sle-container-updates at lists.suse.com Fri Jan 31 08:19:31 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Fri, 31 Jan 2025 09:19:31 +0100 (CET)
Subject: SUSE-CU-2025:519-1: Security update of suse/sle-micro/5.2/toolbox
Message-ID: <20250131081931.90D60F78D@maintenance.suse.de>
SUSE Container Update Advisory: suse/sle-micro/5.2/toolbox
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:519-1
Container Tags : suse/sle-micro/5.2/toolbox:14.2 , suse/sle-micro/5.2/toolbox:14.2-7.11.71 , suse/sle-micro/5.2/toolbox:latest
Container Release : 7.11.71
Severity : important
Type : security
References : 1236460 CVE-2022-49043
-----------------------------------------------------------------
The container suse/sle-micro/5.2/toolbox was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:303-1
Released: Thu Jan 30 15:50:59 2025
Summary: Security update for libxml2
Type: security
Severity: important
References: 1236460,CVE-2022-49043
This update for libxml2 fixes the following issues:
- CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)
The following package changes have been done:
- libxml2-2-2.9.7-150000.3.73.1 updated
From sle-container-updates at lists.suse.com Sun Jan 26 08:02:23 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Sun, 26 Jan 2025 08:02:23 -0000
Subject: SUSE-IU-2025:372-1: Security update of
suse-sles-15-sp5-chost-byos-v20250122-x86_64-gen2
Message-ID: <20250126080222.11487FCE8@maintenance.suse.de>
SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20250122-x86_64-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:372-1
Image Tags : suse-sles-15-sp5-chost-byos-v20250122-x86_64-gen2:20250122
Image Release :
Severity : important
Type : security
References : 1054914 1065729 1082555 1170891 1173139 1185010 1190358 1190428
1192020 1194869 1203332 1203617 1204171 1205521 1205796 1206188
1206344 1209288 1209290 1209798 1210449 1210627 1211593 1211595
1213034 1213607 1214635 1215304 1215523 1216813 1216813 1216909
1217070 1218562 1218644 1219608 1219724 1220382 1221168 1221309
1221333 1222364 1222590 1222878 1223044 1223202 1223345 1223384
1223524 1223656 1223824 1223848 1223919 1223942 1224518 1224526
1224574 1225189 1225336 1225451 1225462 1225611 1225725 1225730
1225742 1225758 1225762 1225764 1225812 1225820 1226498 1226560
1226586 1226592 1226631 1226694 1226748 1226797 1226872 1227437
1227853 1227885 1228119 1228190 1228269 1228324 1228410 1228430
1228486 1228553 1228650 1228709 1228743 1228747 1228857 1229005
1229019 1229238 1229312 1229429 1229450 1229454 1229456 1229556
1229585 1229684 1229752 1229769 1229806 1229808 1229809 1229837
1229891 1230055 1230179 1230220 1230231 1230270 1230272 1230289
1230294 1230331 1230333 1230405 1230414 1230422 1230429 1230456
1230550 1230558 1230600 1230620 1230697 1230715 1230722 1230763
1230773 1230774 1230801 1230827 1230903 1230918 1230984 1231016
1231072 1231073 1231083 1231084 1231085 1231087 1231089 1231094
1231096 1231098 1231101 1231105 1231108 1231111 1231114 1231115
1231132 1231135 1231138 1231148 1231169 1231178 1231179 1231180
1231181 1231185 1231187 1231191 1231193 1231195 1231197 1231200
1231202 1231203 1231277 1231293 1231327 1231328 1231344 1231348
1231373 1231375 1231383 1231388 1231414 1231434 1231439 1231441
1231442 1231452 1231453 1231465 1231474 1231481 1231496 1231502
1231537 1231539 1231540 1231541 1231578 1231604 1231610 1231646
1231673 1231795 1231849 1231854 1231856 1231857 1231858 1231859
1231861 1231864 1231872 1231883 1231885 1231887 1231888 1231889
1231890 1231892 1231893 1231895 1231896 1231897 1231902 1231903
1231904 1231907 1231914 1231916 1231920 1231923 1231929 1231930
1231931 1231935 1231936 1231937 1231938 1231939 1231940 1231941
1231942 1231944 1231947 1231950 1231952 1231953 1231954 1231958
1231959 1231960 1231961 1231962 1231965 1231967 1231968 1231972
1231973 1231976 1231978 1231979 1231987 1231988 1231990 1231991
1231992 1231995 1231996 1231997 1231998 1232001 1232004 1232005
1232006 1232007 1232013 1232015 1232016 1232017 1232024 1232024
1232025 1232026 1232027 1232028 1232033 1232034 1232035 1232036
1232037 1232038 1232039 1232043 1232045 1232047 1232048 1232049
1232050 1232056 1232067 1232069 1232070 1232071 1232075 1232076
1232080 1232083 1232084 1232085 1232089 1232094 1232096 1232097
1232098 1232104 1232105 1232108 1232111 1232114 1232116 1232119
1232120 1232123 1232124 1232126 1232133 1232134 1232135 1232136
1232140 1232141 1232142 1232145 1232147 1232149 1232150 1232151
1232152 1232154 1232155 1232157 1232159 1232160 1232162 1232163
1232164 1232165 1232166 1232170 1232172 1232174 1232175 1232180
1232185 1232187 1232189 1232191 1232195 1232196 1232198 1232199
1232200 1232201 1232217 1232218 1232220 1232221 1232224 1232229
1232232 1232233 1232237 1232251 1232253 1232254 1232255 1232259
1232260 1232262 1232263 1232264 1232272 1232279 1232282 1232285
1232286 1232287 1232293 1232304 1232305 1232307 1232309 1232310
1232312 1232313 1232314 1232316 1232317 1232318 1232329 1232332
1232333 1232334 1232335 1232337 1232339 1232342 1232345 1232349
1232352 1232354 1232355 1232357 1232358 1232359 1232361 1232362
1232364 1232366 1232367 1232368 1232369 1232370 1232371 1232374
1232378 1232381 1232383 1232385 1232387 1232392 1232394 1232395
1232413 1232416 1232418 1232419 1232424 1232432 1232435 1232436
1232436 1232442 1232446 1232472 1232483 1232500 1232501 1232503
1232504 1232507 1232519 1232520 1232552 1232573 1232579 1232630
1232631 1232632 1232757 1232819 1232823 1232860 1232870 1232873
1232877 1232878 1232881 1232884 1232885 1232887 1232888 1232890
1232892 1232896 1232897 1232905 1232907 1232919 1232926 1232928
1232935 1232999 1233035 1233038 1233049 1233050 1233051 1233056
1233057 1233061 1233063 1233065 1233067 1233070 1233070 1233073
1233074 1233096 1233100 1233103 1233104 1233105 1233106 1233107
1233108 1233110 1233111 1233113 1233114 1233117 1233123 1233125
1233127 1233129 1233130 1233134 1233135 1233150 1233189 1233191
1233197 1233200 1233205 1233206 1233209 1233210 1233211 1233212
1233214 1233216 1233238 1233239 1233241 1233253 1233255 1233282
1233293 1233307 1233324 1233350 1233393 1233420 1233452 1233453
1233454 1233456 1233457 1233458 1233460 1233462 1233463 1233467
1233468 1233468 1233469 1233471 1233476 1233478 1233479 1233481
1233484 1233485 1233487 1233490 1233491 1233499 1233528 1233547
1233548 1233550 1233552 1233553 1233554 1233555 1233557 1233558
1233560 1233561 1233564 1233568 1233570 1233577 1233580 1233637
1233642 1233701 1233769 1233773 1233819 1233837 1233977 1234012
1234025 1234068 1234072 1234073 1234075 1234076 1234077 1234085
1234087 1234093 1234098 1234108 1234120 1234156 1234214 1234219
1234220 1234240 1234241 1234245 1234273 1234281 1234282 1234294
1234333 1234338 1234357 1234437 1234464 1234605 1234639 1234650
1234708 1234727 1234749 1234809 1234811 1234827 1234834 1234843
1234846 1234853 1234856 1234891 1234912 1234920 1234921 1234960
1234963 1234971 1234973 1235004 1235035 1235037 1235039 1235054
1235056 1235061 1235073 1235220 1235224 1235246 1235507 CVE-2021-47202
CVE-2021-47416 CVE-2021-47534 CVE-2021-47594 CVE-2022-3435 CVE-2022-36280
CVE-2022-45934 CVE-2022-48664 CVE-2022-48674 CVE-2022-48742 CVE-2022-48879
CVE-2022-48946 CVE-2022-48947 CVE-2022-48948 CVE-2022-48949 CVE-2022-48951
CVE-2022-48953 CVE-2022-48954 CVE-2022-48955 CVE-2022-48956 CVE-2022-48957
CVE-2022-48958 CVE-2022-48959 CVE-2022-48960 CVE-2022-48961 CVE-2022-48962
CVE-2022-48966 CVE-2022-48967 CVE-2022-48968 CVE-2022-48969 CVE-2022-48970
CVE-2022-48971 CVE-2022-48972 CVE-2022-48973 CVE-2022-48975 CVE-2022-48977
CVE-2022-48978 CVE-2022-48979 CVE-2022-48980 CVE-2022-48981 CVE-2022-48982
CVE-2022-48983 CVE-2022-48985 CVE-2022-48987 CVE-2022-48988 CVE-2022-48989
CVE-2022-48990 CVE-2022-48991 CVE-2022-48992 CVE-2022-48994 CVE-2022-48995
CVE-2022-48997 CVE-2022-48999 CVE-2022-49000 CVE-2022-49002 CVE-2022-49003
CVE-2022-49005 CVE-2022-49006 CVE-2022-49007 CVE-2022-49010 CVE-2022-49011
CVE-2022-49012 CVE-2022-49014 CVE-2022-49015 CVE-2022-49016 CVE-2022-49017
CVE-2022-49019 CVE-2022-49020 CVE-2022-49021 CVE-2022-49022 CVE-2022-49023
CVE-2022-49024 CVE-2022-49025 CVE-2022-49026 CVE-2022-49027 CVE-2022-49028
CVE-2022-49029 CVE-2022-49031 CVE-2022-49032 CVE-2022-49033 CVE-2022-49035
CVE-2023-1382 CVE-2023-2166 CVE-2023-28327 CVE-2023-33951 CVE-2023-33952
CVE-2023-45142 CVE-2023-47108 CVE-2023-52766 CVE-2023-52800 CVE-2023-52881
CVE-2023-52915 CVE-2023-52917 CVE-2023-52918 CVE-2023-52919 CVE-2023-52920
CVE-2023-52921 CVE-2023-52922 CVE-2023-6270 CVE-2024-10524 CVE-2024-11053
CVE-2024-11168 CVE-2024-24806 CVE-2024-24860 CVE-2024-26782 CVE-2024-26886
CVE-2024-26906 CVE-2024-26924 CVE-2024-26953 CVE-2024-27043 CVE-2024-35888
CVE-2024-35937 CVE-2024-35980 CVE-2024-36244 CVE-2024-36484 CVE-2024-36883
CVE-2024-36886 CVE-2024-36905 CVE-2024-36915 CVE-2024-36953 CVE-2024-36954
CVE-2024-36957 CVE-2024-38577 CVE-2024-38589 CVE-2024-38615 CVE-2024-39476
CVE-2024-40965 CVE-2024-40997 CVE-2024-41016 CVE-2024-41023 CVE-2024-41049
CVE-2024-41110 CVE-2024-42131 CVE-2024-42145 CVE-2024-42226 CVE-2024-42232
CVE-2024-42253 CVE-2024-43374 CVE-2024-43817 CVE-2024-43897 CVE-2024-44931
CVE-2024-44932 CVE-2024-44934 CVE-2024-44947 CVE-2024-44958 CVE-2024-44964
CVE-2024-44995 CVE-2024-45016 CVE-2024-45025 CVE-2024-46678 CVE-2024-46681
CVE-2024-46716 CVE-2024-46719 CVE-2024-46754 CVE-2024-46770 CVE-2024-46775
CVE-2024-46777 CVE-2024-46800 CVE-2024-46802 CVE-2024-46804 CVE-2024-46805
CVE-2024-46807 CVE-2024-46809 CVE-2024-46810 CVE-2024-46811 CVE-2024-46812
CVE-2024-46813 CVE-2024-46814 CVE-2024-46815 CVE-2024-46816 CVE-2024-46817
CVE-2024-46818 CVE-2024-46819 CVE-2024-46821 CVE-2024-46826 CVE-2024-46828
CVE-2024-46834 CVE-2024-46835 CVE-2024-46840 CVE-2024-46841 CVE-2024-46842
CVE-2024-46848 CVE-2024-46849 CVE-2024-46853 CVE-2024-46854 CVE-2024-46855
CVE-2024-46857 CVE-2024-46859 CVE-2024-46864 CVE-2024-46871 CVE-2024-47660
CVE-2024-47661 CVE-2024-47663 CVE-2024-47664 CVE-2024-47665 CVE-2024-47666
CVE-2024-47667 CVE-2024-47668 CVE-2024-47669 CVE-2024-47670 CVE-2024-47671
CVE-2024-47672 CVE-2024-47673 CVE-2024-47674 CVE-2024-47678 CVE-2024-47679
CVE-2024-47682 CVE-2024-47684 CVE-2024-47685 CVE-2024-47692 CVE-2024-47693
CVE-2024-47695 CVE-2024-47696 CVE-2024-47697 CVE-2024-47698 CVE-2024-47699
CVE-2024-47701 CVE-2024-47704 CVE-2024-47705 CVE-2024-47706 CVE-2024-47707
CVE-2024-47709 CVE-2024-47710 CVE-2024-47712 CVE-2024-47713 CVE-2024-47718
CVE-2024-47720 CVE-2024-47723 CVE-2024-47727 CVE-2024-47728 CVE-2024-47730
CVE-2024-47735 CVE-2024-47737 CVE-2024-47738 CVE-2024-47739 CVE-2024-47742
CVE-2024-47745 CVE-2024-47747 CVE-2024-47748 CVE-2024-47749 CVE-2024-47756
CVE-2024-47757 CVE-2024-47814 CVE-2024-49850 CVE-2024-49851 CVE-2024-49852
CVE-2024-49855 CVE-2024-49858 CVE-2024-49860 CVE-2024-49861 CVE-2024-49863
CVE-2024-49866 CVE-2024-49867 CVE-2024-49868 CVE-2024-49870 CVE-2024-49871
CVE-2024-49875 CVE-2024-49877 CVE-2024-49879 CVE-2024-49881 CVE-2024-49882
CVE-2024-49883 CVE-2024-49884 CVE-2024-49886 CVE-2024-49890 CVE-2024-49891
CVE-2024-49892 CVE-2024-49894 CVE-2024-49895 CVE-2024-49896 CVE-2024-49897
CVE-2024-49899 CVE-2024-49900 CVE-2024-49901 CVE-2024-49902 CVE-2024-49903
CVE-2024-49905 CVE-2024-49906 CVE-2024-49907 CVE-2024-49908 CVE-2024-49909
CVE-2024-49911 CVE-2024-49912 CVE-2024-49913 CVE-2024-49914 CVE-2024-49917
CVE-2024-49918 CVE-2024-49919 CVE-2024-49920 CVE-2024-49921 CVE-2024-49922
CVE-2024-49923 CVE-2024-49924 CVE-2024-49925 CVE-2024-49929 CVE-2024-49930
CVE-2024-49933 CVE-2024-49934 CVE-2024-49935 CVE-2024-49936 CVE-2024-49938
CVE-2024-49939 CVE-2024-49944 CVE-2024-49945 CVE-2024-49946 CVE-2024-49947
CVE-2024-49949 CVE-2024-49950 CVE-2024-49952 CVE-2024-49954 CVE-2024-49955
CVE-2024-49957 CVE-2024-49958 CVE-2024-49959 CVE-2024-49960 CVE-2024-49962
CVE-2024-49963 CVE-2024-49965 CVE-2024-49966 CVE-2024-49967 CVE-2024-49968
CVE-2024-49969 CVE-2024-49973 CVE-2024-49974 CVE-2024-49975 CVE-2024-49981
CVE-2024-49982 CVE-2024-49983 CVE-2024-49985 CVE-2024-49989 CVE-2024-49991
CVE-2024-49993 CVE-2024-49995 CVE-2024-49996 CVE-2024-50000 CVE-2024-50001
CVE-2024-50002 CVE-2024-50003 CVE-2024-50006 CVE-2024-50007 CVE-2024-50008
CVE-2024-50009 CVE-2024-50013 CVE-2024-50014 CVE-2024-50017 CVE-2024-50018
CVE-2024-50019 CVE-2024-50024 CVE-2024-50025 CVE-2024-50026 CVE-2024-50028
CVE-2024-50031 CVE-2024-50033 CVE-2024-50035 CVE-2024-50041 CVE-2024-50044
CVE-2024-50045 CVE-2024-50046 CVE-2024-50047 CVE-2024-50048 CVE-2024-50049
CVE-2024-50055 CVE-2024-50058 CVE-2024-50059 CVE-2024-50061 CVE-2024-50062
CVE-2024-50063 CVE-2024-50067 CVE-2024-50073 CVE-2024-50074 CVE-2024-50077
CVE-2024-50078 CVE-2024-50081 CVE-2024-50082 CVE-2024-50089 CVE-2024-50093
CVE-2024-50095 CVE-2024-50096 CVE-2024-50098 CVE-2024-50099 CVE-2024-50103
CVE-2024-50108 CVE-2024-50110 CVE-2024-50115 CVE-2024-50116 CVE-2024-50117
CVE-2024-50124 CVE-2024-50125 CVE-2024-50127 CVE-2024-50128 CVE-2024-50131
CVE-2024-50134 CVE-2024-50135 CVE-2024-50138 CVE-2024-50141 CVE-2024-50143
CVE-2024-50146 CVE-2024-50147 CVE-2024-50148 CVE-2024-50150 CVE-2024-50153
CVE-2024-50154 CVE-2024-50154 CVE-2024-50155 CVE-2024-50156 CVE-2024-50160
CVE-2024-50166 CVE-2024-50167 CVE-2024-50171 CVE-2024-50179 CVE-2024-50180
CVE-2024-50181 CVE-2024-50182 CVE-2024-50183 CVE-2024-50184 CVE-2024-50186
CVE-2024-50187 CVE-2024-50188 CVE-2024-50189 CVE-2024-50192 CVE-2024-50194
CVE-2024-50195 CVE-2024-50196 CVE-2024-50198 CVE-2024-50201 CVE-2024-50202
CVE-2024-50205 CVE-2024-50208 CVE-2024-50209 CVE-2024-50211 CVE-2024-50215
CVE-2024-50218 CVE-2024-50229 CVE-2024-50230 CVE-2024-50232 CVE-2024-50233
CVE-2024-50234 CVE-2024-50236 CVE-2024-50237 CVE-2024-50249 CVE-2024-50255
CVE-2024-50256 CVE-2024-50259 CVE-2024-50261 CVE-2024-50262 CVE-2024-50264
CVE-2024-50265 CVE-2024-50267 CVE-2024-50268 CVE-2024-50269 CVE-2024-50271
CVE-2024-50273 CVE-2024-50274 CVE-2024-50278 CVE-2024-50279 CVE-2024-50279
CVE-2024-50280 CVE-2024-50282 CVE-2024-50287 CVE-2024-50289 CVE-2024-50290
CVE-2024-50292 CVE-2024-50295 CVE-2024-50296 CVE-2024-50298 CVE-2024-50301
CVE-2024-50302 CVE-2024-50602 CVE-2024-52533 CVE-2024-52616 CVE-2024-53051
CVE-2024-53052 CVE-2024-53055 CVE-2024-53056 CVE-2024-53058 CVE-2024-53059
CVE-2024-53060 CVE-2024-53061 CVE-2024-53063 CVE-2024-53064 CVE-2024-53066
CVE-2024-53068 CVE-2024-53072 CVE-2024-53079 CVE-2024-53085 CVE-2024-53088
CVE-2024-53090 CVE-2024-53095 CVE-2024-53101 CVE-2024-53104 CVE-2024-53110
CVE-2024-53113 CVE-2024-53114 CVE-2024-53119 CVE-2024-53120 CVE-2024-53122
CVE-2024-53125 CVE-2024-53130 CVE-2024-53131 CVE-2024-53142 CVE-2024-53146
CVE-2024-53150 CVE-2024-53156 CVE-2024-53157 CVE-2024-53158 CVE-2024-53161
CVE-2024-53162 CVE-2024-53173 CVE-2024-53179 CVE-2024-53206 CVE-2024-53210
CVE-2024-53213 CVE-2024-53214 CVE-2024-53239 CVE-2024-53240 CVE-2024-53241
CVE-2024-54661 CVE-2024-56326 CVE-2024-56539 CVE-2024-56548 CVE-2024-56549
CVE-2024-56570 CVE-2024-56571 CVE-2024-56575 CVE-2024-56598 CVE-2024-56604
CVE-2024-56605 CVE-2024-56619 CVE-2024-56755 CVE-2024-8805
-----------------------------------------------------------------
The container suse-sles-15-sp5-chost-byos-v20250122-x86_64-gen2 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4035-1
Released: Mon Nov 18 16:22:57 2024
Summary: Security update for expat
Type: security
Severity: moderate
References: 1232579,CVE-2024-50602
This update for expat fixes the following issues:
- CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4044-1
Released: Mon Nov 25 08:28:17 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update to v0.389:
* Update pci, usb and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4046-1
Released: Mon Nov 25 09:25:58 2024
Summary: Recommended update for rsyslog
Type: recommended
Severity: moderate
References: 1230984
This update for rsyslog fixes the following issue:
- restart daemon after update at the end of the transaction (bsc#1230984)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4065-1
Released: Tue Nov 26 11:10:58 2024
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1233499
This update for crypto-policies ships the missing crypto-policies scripts to SUSE Linux Enterprise Micro,
which allows configuration of the policies. (bsc#1233499)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4078-1
Released: Wed Nov 27 13:53:14 2024
Summary: Security update for glib2
Type: security
Severity: important
References: 1233282,CVE-2024-52533
This update for glib2 fixes the following issues:
- CVE-2024-52533: Fixed a single byte buffer overflow (bsc#1233282).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4109-1
Released: Thu Nov 28 17:15:36 2024
Summary: Security update for libuv
Type: security
Severity: moderate
References: 1219724,CVE-2024-24806
This update for libuv fixes the following issues:
- CVE-2024-24806: Fixed improper Domain Lookup that potentially leads to SSRF attacks (bsc#1219724)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4138-1
Released: Mon Dec 2 13:29:57 2024
Summary: Security update for wget
Type: security
Severity: moderate
References: 1233773,CVE-2024-10524
This update for wget fixes the following issues:
- CVE-2024-10524: Fixed SSRF via shorthand HTTP URL (bsc#1233773)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4172-1
Released: Wed Dec 4 15:28:38 2024
Summary: Recommended update for samba
Type: recommended
Severity: moderate
References: 1213607,1221168,1223345,1229684,1231414
This update for samba fixes the following issues:
- Adjust spec to split out rpcd_* binaries into a separate
sub package (bsc#1231414).
- Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated
(bsc#1229684).
- Fix regression DFS not working with widelinks=true, updated to
fix DFS link enumeration (bsc#1213607).
- Fix: use-after-free in aio_del_req_from_fsp() during smbd shutdown
after failed IPC FSCTL_PIPE_TRANSCEIVE (bsc#1223345).
- Reduce winbind error msg to debug for a PDC/NT4 domain
(bsc#1221168).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4182-1
Released: Thu Dec 5 05:59:14 2024
Summary: Recommended update for suseconnect-ng
Type: recommended
Severity: moderate
References: 1231185,1231328
This update for suseconnect-ng fixes the following issues:
- Integrating uptime-tracker
- Honor auto-import-gpg-keys flag on migration (bsc#1231328)
- Only send labels if targetting SCC
- Skip the docker auth generation on RMT (bsc#1231185)
- Add --set-labels to register command to set labels at registration time on SCC
- Add a new function to display suse-uptime-tracker version
- Add a command to show the info being gathered
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4193-1
Released: Thu Dec 5 12:01:40 2024
Summary: Security update for python3
Type: security
Severity: low
References: 1231795,1233307,CVE-2024-11168
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)
Other fixes:
- Remove -IVendor/ from python-config (bsc#1231795)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4198-1
Released: Thu Dec 5 14:46:19 2024
Summary: Recommended update for libsolv, libzypp, zypper
Type: recommended
Severity: moderate
References: 1225451,1233393
This update for libsolv, libzypp, zypper fixes the following issues:
- Fix replaces_installed_package using the wrong solvable id when checking the noupdate map
- Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
- Add rpm_query_idarray query function
- Support rpm's 'orderwithrequires' dependency
- BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451)
- RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451)
- The 20MB download limit must not apply to non-metadata files like package URLs provided via the CLI (bsc#1233393)
- Don't try to download missing raw metadata if cache is not writable (bsc#1225451)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4302-1
Released: Thu Dec 12 09:51:03 2024
Summary: Security update for socat
Type: security
Severity: moderate
References: 1225462,CVE-2024-54661
This update for socat fixes the following issues:
- CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory (bsc#1225462)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4330-1
Released: Mon Dec 16 14:17:15 2024
Summary: Security update for vim
Type: security
Severity: low
References: 1229238,1231373,CVE-2024-43374,CVE-2024-47814
This update for vim fixes the following issues:
- CVE-2024-47814: Fixed use-after-free when closing buffers in Vim (bsc#1231373)
- CVE-2024-43374: Fixed use-after-free in alist_add() (bsc#1229238)
Other fixes:
- Updated to version 9.1.0836
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4338-1
Released: Tue Dec 17 08:18:46 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1230272,1231610
This update for systemd fixes the following issues:
- core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout (bsc#1230272)
- core/unit: add get_timeout_start_usec in UnitVTable and define it for service
- sd-bus: make bus_add_match_full accept timeout
- udev-builtin-path_id: SAS wide ports must have num_phys > 1 (bsc#1231610)
- sd-device: add helper to read a unsigned int attribute
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4359-1
Released: Tue Dec 17 14:19:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4360-1
Released: Tue Dec 17 15:35:28 2024
Summary: Security update for docker
Type: security
Severity: important
References: 1217070,1228324,1228553,1229806,1230294,1230331,1230333,1231348,1232999,1233819,CVE-2023-45142,CVE-2023-47108,CVE-2024-41110
This update for docker fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
.
Some notable changelogs from the last update:
*
*
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Allow a parallel docker-stable RPM to exists in repositories.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)
- Mark docker-buildx as required since classic 'docker build' has been
deprecated since Docker 23.0. (bsc#1230331)
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
(bsc#1230333)
- Update to Docker 26.1.5-ce. See upstream changelog online at
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070 bsc#1229806
* CVE-2023-45142. bsc#1228553 bsc#1229806
- Update to Docker 26.1.4-ce. See upstream changelog online at
- Update to Docker 26.1.0-ce. See upstream changelog online at
- Update --add-runtime to point to correct binary path.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4363-1
Released: Tue Dec 17 16:12:41 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update v0.390
* Update pci and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4364-1
Released: Tue Dec 17 16:57:18 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1054914,1065729,1082555,1194869,1204171,1205796,1206188,1206344,1209290,1210449,1210627,1213034,1216813,1218562,1218644,1220382,1221309,1221333,1222364,1222590,1223202,1223384,1223524,1223656,1223824,1223848,1223919,1223942,1224518,1224526,1224574,1225189,1225336,1225611,1225725,1225730,1225742,1225762,1225764,1225812,1226498,1226560,1226592,1226631,1226748,1226797,1226872,1227437,1227853,1227885,1228119,1228269,1228410,1228430,1228486,1228650,1228709,1228743,1228747,1228857,1229005,1229019,1229312,1229429,1229450,1229454,1229456,1229556,1229585,1229752,1229769,1229808,1229837,1229891,1230055,1230179,1230220,1230231,1230270,1230289,1230405,1230414,1230429,1230456,1230550,1230558,1230600,1230620,1230715,1230722,1230763,1230773,1230774,1230801,1230827,1230903,1230918,1231016,1231072,1231073,1231083,1231084,1231085,1231087,1231089,1231094,1231096,1231098,1231101,1231105,1231108,1231111,1231114,1231115,1231132,1231135,1231138,1231148,1231169,1231178,1231179,1231180,1231181,1
231187,1231191,1231193,1231195,1231197,1231200,1231202,1231203,1231277,1231293,1231327,1231344,1231375,1231383,1231434,1231439,1231441,1231442,1231452,1231465,1231474,1231481,1231496,1231502,1231537,1231539,1231540,1231541,1231578,1231646,1231673,1231849,1231856,1231857,1231858,1231859,1231861,1231864,1231872,1231883,1231885,1231887,1231888,1231889,1231890,1231892,1231893,1231895,1231896,1231897,1231902,1231903,1231904,1231907,1231914,1231916,1231920,1231923,1231929,1231930,1231931,1231935,1231936,1231937,1231938,1231939,1231940,1231941,1231942,1231944,1231947,1231950,1231952,1231953,1231954,1231958,1231959,1231960,1231961,1231962,1231965,1231967,1231968,1231972,1231973,1231976,1231978,1231979,1231987,1231988,1231990,1231991,1231992,1231995,1231996,1231997,1231998,1232001,1232004,1232005,1232006,1232007,1232013,1232015,1232016,1232017,1232025,1232026,1232027,1232028,1232033,1232034,1232035,1232036,1232037,1232038,1232039,1232043,1232047,1232048,1232049,1232050,1232056,1232067,123206
9,1232070,1232071,1232075,1232076,1232080,1232083,1232084,1232085,1232089,1232094,1232096,1232097,1232098,1232104,1232105,1232108,1232111,1232114,1232116,1232119,1232120,1232123,1232124,1232126,1232133,1232134,1232135,1232136,1232140,1232141,1232142,1232145,1232147,1232149,1232150,1232151,1232152,1232154,1232155,1232159,1232160,1232162,1232163,1232164,1232165,1232170,1232172,1232174,1232175,1232180,1232185,1232187,1232189,1232191,1232195,1232196,1232198,1232199,1232200,1232201,1232217,1232218,1232220,1232221,1232224,1232229,1232232,1232233,1232237,1232251,1232253,1232254,1232255,1232259,1232260,1232262,1232263,1232264,1232272,1232279,1232282,1232285,1232286,1232287,1232293,1232304,1232305,1232307,1232309,1232310,1232312,1232313,1232314,1232316,1232317,1232318,1232329,1232332,1232333,1232334,1232335,1232337,1232339,1232342,1232345,1232349,1232352,1232354,1232355,1232357,1232358,1232359,1232361,1232362,1232364,1232366,1232367,1232368,1232369,1232370,1232371,1232374,1232378,1232381,123
2383,1232385,1232387,1232392,1232394,1232395,1232413,1232416,1232418,1232424,1232432,1232435,1232436,1232442,1232446,1232483,1232500,1232501,1232503,1232504,1232507,1232519,1232520,1232552,1232630,1232631,1232632,1232757,1232819,1232860,1232870,1232873,1232877,1232878,1232881,1232884,1232885,1232887,1232888,1232890,1232892,1232896,1232897,1232905,1232907,1232919,1232926,1232928,1232935,1233035,1233049,1233051,1233056,1233057,1233061,1233063,1233065,1233067,1233070,1233073,1233074,1233100,1233103,1233104,1233105,1233106,1233107,1233108,1233110,1233111,1233113,1233114,1233117,1233123,1233125,1233129,1233130,1233134,1233135,1233150,1233189,1233191,1233197,1233205,1233206,1233209,1233210,1233211,1233212,1233214,1233216,1233238,1233241,1233253,1233255,1233293,1233350,1233452,1233453,1233454,1233456,1233457,1233458,1233460,1233462,1233463,1233468,1233471,1233476,1233478,1233479,1233481,1233484,1233487,1233490,1233491,1233528,1233548,1233552,1233553,1233554,1233555,1233557,1233560,1233561,
1233570,1233577,1233580,1233977,1234012,1234025,1234085,1234093,1234098,1234108,CVE-2021-47416,CVE-2021-47534,CVE-2021-47594,CVE-2022-3435,CVE-2022-45934,CVE-2022-48664,CVE-2022-48674,CVE-2022-48879,CVE-2022-48946,CVE-2022-48947,CVE-2022-48948,CVE-2022-48949,CVE-2022-48951,CVE-2022-48953,CVE-2022-48954,CVE-2022-48955,CVE-2022-48956,CVE-2022-48957,CVE-2022-48958,CVE-2022-48959,CVE-2022-48960,CVE-2022-48961,CVE-2022-48962,CVE-2022-48966,CVE-2022-48967,CVE-2022-48968,CVE-2022-48969,CVE-2022-48970,CVE-2022-48971,CVE-2022-48972,CVE-2022-48973,CVE-2022-48975,CVE-2022-48977,CVE-2022-48978,CVE-2022-48979,CVE-2022-48980,CVE-2022-48981,CVE-2022-48982,CVE-2022-48983,CVE-2022-48985,CVE-2022-48987,CVE-2022-48988,CVE-2022-48989,CVE-2022-48990,CVE-2022-48991,CVE-2022-48992,CVE-2022-48994,CVE-2022-48995,CVE-2022-48997,CVE-2022-48999,CVE-2022-49000,CVE-2022-49002,CVE-2022-49003,CVE-2022-49005,CVE-2022-49006,CVE-2022-49007,CVE-2022-49010,CVE-2022-49011,CVE-2022-49012,CVE-2022-49014,CVE-2022-49015,CVE
-2022-49016,CVE-2022-49017,CVE-2022-49019,CVE-2022-49020,CVE-2022-49021,CVE-2022-49022,CVE-2022-49023,CVE-2022-49024,CVE-2022-49025,CVE-2022-49026,CVE-2022-49027,CVE-2022-49028,CVE-2022-49029,CVE-2022-49031,CVE-2022-49032,CVE-2023-2166,CVE-2023-28327,CVE-2023-52766,CVE-2023-52800,CVE-2023-52881,CVE-2023-52915,CVE-2023-52917,CVE-2023-52918,CVE-2023-52919,CVE-2023-52921,CVE-2023-52922,CVE-2023-6270,CVE-2024-26782,CVE-2024-26906,CVE-2024-26953,CVE-2024-27043,CVE-2024-35888,CVE-2024-35937,CVE-2024-35980,CVE-2024-36244,CVE-2024-36484,CVE-2024-36883,CVE-2024-36886,CVE-2024-36905,CVE-2024-36953,CVE-2024-36954,CVE-2024-36957,CVE-2024-38577,CVE-2024-38589,CVE-2024-38615,CVE-2024-39476,CVE-2024-40965,CVE-2024-40997,CVE-2024-41016,CVE-2024-41023,CVE-2024-41049,CVE-2024-42131,CVE-2024-42145,CVE-2024-42226,CVE-2024-42253,CVE-2024-43817,CVE-2024-43897,CVE-2024-44931,CVE-2024-44932,CVE-2024-44947,CVE-2024-44958,CVE-2024-44964,CVE-2024-44995,CVE-2024-45016,CVE-2024-45025,CVE-2024-46678,CVE-2024-466
81,CVE-2024-46716,CVE-2024-46719,CVE-2024-46754,CVE-2024-46770,CVE-2024-46775,CVE-2024-46777,CVE-2024-46800,CVE-2024-46802,CVE-2024-46804,CVE-2024-46805,CVE-2024-46807,CVE-2024-46809,CVE-2024-46810,CVE-2024-46811,CVE-2024-46812,CVE-2024-46813,CVE-2024-46814,CVE-2024-46815,CVE-2024-46816,CVE-2024-46817,CVE-2024-46818,CVE-2024-46819,CVE-2024-46821,CVE-2024-46826,CVE-2024-46828,CVE-2024-46834,CVE-2024-46835,CVE-2024-46840,CVE-2024-46841,CVE-2024-46842,CVE-2024-46848,CVE-2024-46849,CVE-2024-46853,CVE-2024-46854,CVE-2024-46855,CVE-2024-46857,CVE-2024-46859,CVE-2024-46864,CVE-2024-46871,CVE-2024-47660,CVE-2024-47661,CVE-2024-47663,CVE-2024-47664,CVE-2024-47665,CVE-2024-47667,CVE-2024-47668,CVE-2024-47669,CVE-2024-47670,CVE-2024-47671,CVE-2024-47672,CVE-2024-47673,CVE-2024-47674,CVE-2024-47679,CVE-2024-47682,CVE-2024-47684,CVE-2024-47685,CVE-2024-47692,CVE-2024-47693,CVE-2024-47695,CVE-2024-47696,CVE-2024-47697,CVE-2024-47698,CVE-2024-47699,CVE-2024-47701,CVE-2024-47704,CVE-2024-47705,CVE-
2024-47706,CVE-2024-47707,CVE-2024-47709,CVE-2024-47710,CVE-2024-47712,CVE-2024-47713,CVE-2024-47718,CVE-2024-47720,CVE-2024-47723,CVE-2024-47727,CVE-2024-47728,CVE-2024-47730,CVE-2024-47735,CVE-2024-47737,CVE-2024-47738,CVE-2024-47739,CVE-2024-47742,CVE-2024-47745,CVE-2024-47747,CVE-2024-47748,CVE-2024-47749,CVE-2024-47756,CVE-2024-47757,CVE-2024-49850,CVE-2024-49851,CVE-2024-49852,CVE-2024-49855,CVE-2024-49858,CVE-2024-49860,CVE-2024-49861,CVE-2024-49863,CVE-2024-49866,CVE-2024-49867,CVE-2024-49868,CVE-2024-49870,CVE-2024-49871,CVE-2024-49875,CVE-2024-49877,CVE-2024-49879,CVE-2024-49881,CVE-2024-49882,CVE-2024-49883,CVE-2024-49884,CVE-2024-49886,CVE-2024-49890,CVE-2024-49891,CVE-2024-49892,CVE-2024-49894,CVE-2024-49895,CVE-2024-49896,CVE-2024-49897,CVE-2024-49899,CVE-2024-49900,CVE-2024-49901,CVE-2024-49902,CVE-2024-49903,CVE-2024-49905,CVE-2024-49906,CVE-2024-49907,CVE-2024-49908,CVE-2024-49909,CVE-2024-49911,CVE-2024-49912,CVE-2024-49913,CVE-2024-49914,CVE-2024-49917,CVE-2024-49
918,CVE-2024-49919,CVE-2024-49920,CVE-2024-49921,CVE-2024-49922,CVE-2024-49923,CVE-2024-49924,CVE-2024-49925,CVE-2024-49929,CVE-2024-49930,CVE-2024-49933,CVE-2024-49934,CVE-2024-49935,CVE-2024-49936,CVE-2024-49938,CVE-2024-49939,CVE-2024-49945,CVE-2024-49946,CVE-2024-49947,CVE-2024-49949,CVE-2024-49950,CVE-2024-49954,CVE-2024-49955,CVE-2024-49957,CVE-2024-49958,CVE-2024-49959,CVE-2024-49960,CVE-2024-49962,CVE-2024-49963,CVE-2024-49965,CVE-2024-49966,CVE-2024-49967,CVE-2024-49968,CVE-2024-49969,CVE-2024-49973,CVE-2024-49974,CVE-2024-49975,CVE-2024-49981,CVE-2024-49982,CVE-2024-49983,CVE-2024-49985,CVE-2024-49989,CVE-2024-49991,CVE-2024-49993,CVE-2024-49995,CVE-2024-49996,CVE-2024-50000,CVE-2024-50001,CVE-2024-50002,CVE-2024-50003,CVE-2024-50006,CVE-2024-50007,CVE-2024-50008,CVE-2024-50009,CVE-2024-50013,CVE-2024-50014,CVE-2024-50017,CVE-2024-50019,CVE-2024-50024,CVE-2024-50025,CVE-2024-50026,CVE-2024-50028,CVE-2024-50031,CVE-2024-50033,CVE-2024-50035,CVE-2024-50041,CVE-2024-50044,CVE
-2024-50045,CVE-2024-50046,CVE-2024-50047,CVE-2024-50048,CVE-2024-50049,CVE-2024-50055,CVE-2024-50058,CVE-2024-50059,CVE-2024-50061,CVE-2024-50062,CVE-2024-50063,CVE-2024-50067,CVE-2024-50073,CVE-2024-50074,CVE-2024-50077,CVE-2024-50078,CVE-2024-50081,CVE-2024-50082,CVE-2024-50089,CVE-2024-50093,CVE-2024-50095,CVE-2024-50096,CVE-2024-50098,CVE-2024-50099,CVE-2024-50103,CVE-2024-50108,CVE-2024-50110,CVE-2024-50115,CVE-2024-50116,CVE-2024-50117,CVE-2024-50124,CVE-2024-50125,CVE-2024-50127,CVE-2024-50128,CVE-2024-50131,CVE-2024-50134,CVE-2024-50135,CVE-2024-50138,CVE-2024-50141,CVE-2024-50146,CVE-2024-50147,CVE-2024-50148,CVE-2024-50150,CVE-2024-50153,CVE-2024-50154,CVE-2024-50155,CVE-2024-50156,CVE-2024-50160,CVE-2024-50167,CVE-2024-50171,CVE-2024-50179,CVE-2024-50180,CVE-2024-50182,CVE-2024-50183,CVE-2024-50184,CVE-2024-50186,CVE-2024-50187,CVE-2024-50188,CVE-2024-50189,CVE-2024-50192,CVE-2024-50194,CVE-2024-50195,CVE-2024-50196,CVE-2024-50198,CVE-2024-50201,CVE-2024-50205,CVE-2024-5
0208,CVE-2024-50209,CVE-2024-50215,CVE-2024-50218,CVE-2024-50229,CVE-2024-50230,CVE-2024-50232,CVE-2024-50233,CVE-2024-50234,CVE-2024-50236,CVE-2024-50237,CVE-2024-50249,CVE-2024-50255,CVE-2024-50259,CVE-2024-50261,CVE-2024-50264,CVE-2024-50265,CVE-2024-50267,CVE-2024-50268,CVE-2024-50269,CVE-2024-50271,CVE-2024-50273,CVE-2024-50274,CVE-2024-50279,CVE-2024-50282,CVE-2024-50287,CVE-2024-50289,CVE-2024-50290,CVE-2024-50292,CVE-2024-50295,CVE-2024-50298,CVE-2024-50301,CVE-2024-50302,CVE-2024-53052,CVE-2024-53058,CVE-2024-53059,CVE-2024-53060,CVE-2024-53061,CVE-2024-53063,CVE-2024-53066,CVE-2024-53068,CVE-2024-53079,CVE-2024-53085,CVE-2024-53088,CVE-2024-53104,CVE-2024-53110
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47594: mptcp: never allow the PM to close a listener subflow (bsc#1226560).
- CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48957: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() (bsc#1231973).
- CVE-2022-48958: ethernet: aeroflex: fix potential skb leak in greth_init_rings() (bsc#1231889).
- CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() (bsc#1231976).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48966: net: mvneta: Fix an out of bounds check (bsc#1232191).
- CVE-2022-48980: net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing() (bsc#1232233).
- CVE-2022-48983: io_uring: Fix a null-ptr-deref in io_tctx_exit_cb() (bsc#1231959).
- CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2022-49017: tipc: re-fetch skb cb after tipc_msg_validate (bsc#1232004).
- CVE-2022-49020: net/9p: Fix a potential socket leak in p9_socket_open (bsc#1232175).
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-26906: Fixed invalid vsyscall page read for copy_from_kernel_nofault() (bsc#1223202).
- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
- CVE-2024-35937: wifi: cfg80211: check A-MSDU format more carefully (bsc#1224526).
- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).
- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
- CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762).
- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
- CVE-2024-38615: cpufreq: exit() callback is optional (bsc#1226592).
- CVE-2024-39476: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (bsc#1227437).
- CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885).
- CVE-2024-40997: cpufreq: amd-pstate: fix memory leak on CPU EPP exit (bsc#1227853).
- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
- CVE-2024-42226: Prevent potential failure in handle_tx_event() for Transfer events without TRB (bsc#1228709).
- CVE-2024-42253: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (bsc#1229005).
- CVE-2024-44931: gpio: prevent potential speculation leaks in gpio_device_get_desc() (bsc#1229837).
- CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).
- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).
- CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).
- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).
- CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).
- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
- CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (bsc#1230715).
- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).
- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).
- CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).
- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-46809: drm/amd/display: Check BIOS images before it is used (bsc#1231148).
- CVE-2024-46811: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (bsc#1231179).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).
- CVE-2024-46828: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1231114).
- CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096).
- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).
- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).
- CVE-2024-46848: perf/x86/intel: Limit the period on Haswell (bsc#1231072).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).
- CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).
- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).
- CVE-2024-47661: drm/amd/display: Avoid overflow from uint32_t to uint8_t (bsc#1231496).
- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47672: wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (bsc#1231540).
- CVE-2024-47673: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (bsc#1231539).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).
- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).
- CVE-2024-47701: ext4: explicitly exit when ext4_find_inline_entry returns an error (bsc#1231920).
- CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944).
- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).
- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).
- CVE-2024-47720: drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (bsc#1232043).
- CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116).
- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).
- CVE-2024-47738: wifi: mac80211: do not use rate mask for offchannel TX either (bsc#1232114).
- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).
- CVE-2024-47745: mm: split critical region in remap_file_pages() and invoke LSMs in between (bsc#1232135).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174).
- CVE-2024-47757: nilfs2: fix potential oob read in nilfs_btree_check_delete() (bsc#1232187).
- CVE-2024-49858: efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (bsc#1232251).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49866: tracing/timerlat: Fix a race during cpuhp processing (bsc#1232259).
- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).
- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).
- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).
- CVE-2024-49886: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (bsc#1232196).
- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).
- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220).
- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).
- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).
- CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).
- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).
- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).
- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369).
- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965).
- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).
- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).
- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).
- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).
- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49929: wifi: iwlwifi: mvm: avoid NULL pointer dereference (bsc#1232253).
- CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260).
- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49939: wifi: rtw89: avoid to add interface to list twice when SER (bsc#1232381).
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).
- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).
- CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).
- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).
- CVE-2024-49955: ACPI: battery: Fix possible crash when unregistering a battery hook (bsc#1232154).
- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).
- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).
- CVE-2024-49968: ext4: fix error message when rejecting the default hash (bsc#1232264).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49975: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1232104).
- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).
- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).
- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).
- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).
- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318).
- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
- CVE-2024-50019: kthread: unpark only parked kthread (bsc#1231990).
- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).
- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).
- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).
- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).
- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).
- CVE-2024-50046: kabi fix for NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
- CVE-2024-50048: fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (bsc#1232310).
- CVE-2024-50055: driver core: bus: Fix double free in driver API bus_register() (bsc#1232329).
- CVE-2024-50058: serial: protect uart_port_dtr_rts() in uart_shutdown() too (bsc#1232285).
- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).
- CVE-2024-50061: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (bsc#1232263).
- CVE-2024-50063: kABI: bpf: struct bpf_map kABI workaround (bsc#1232435).
- CVE-2024-50073: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (bsc#1232520).
- CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501).
- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50093: thermal: intel: int340x: processor: Fix warning during module unload (bsc#1232877).
- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).
- CVE-2024-50108: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (bsc#1232884).
- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-50134: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape (bsc#1232890).
- CVE-2024-50135: nvme-pci: fix race condition between reset and nvme_dev_disable() (bsc#1232888).
- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
- CVE-2024-50146: net/mlx5e: Do not call cleanup on profile rollback failure (bsc#1233056).
- CVE-2024-50147: net/mlx5: Fix command bitmask initialization (bsc#1233067).
- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).
- CVE-2024-50154: tcp: Fix use-after-free of nreq in reqsk_timer_handler() (bsc#1233070).
- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).
- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).
- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).
- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).
- CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110).
- CVE-2024-50188: net: phy: dp83869: fix memory corruption when enabling fiber (bsc#1233107).
- CVE-2024-50192: irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (bsc#1233106).
- CVE-2024-50195: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (bsc#1233103).
- CVE-2024-50196: pinctrl: ocelot: fix system hang on level based interrupts (bsc#1233113).
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2024-50229: nilfs2: fix potential deadlock with newly created symlinks (bsc#1233205).
- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).
- CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (bsc#1233214).
- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).
- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).
- CVE-2024-53052: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (bsc#1233548).
- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
- CVE-2024-53068: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (bsc#1233561).
- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).
- CVE-2024-53088: i40e: fix race condition by adding filter's intermediate sync state (bsc#1233580).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
The following non-security bugs were fixed:
- acpi: battery: Call power_supply_changed() when adding hooks (bsc#1232154)
- acpi: battery: Simplify battery hook locking (bsc#1232154)
- acpi: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes).
- acpi: CPPC: Fix _CPC register setting issue (git-fixes).
- acpi: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).
- acpi: EC: Do not release locks during operation region accesses (stable-fixes).
- acpi: PAD: fix crash in exit_round_robin() (stable-fixes).
- acpi: PRM: Clean up guid type in struct prm_handler_info (git-fixes).
- acpi: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes).
- acpi: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes).
- acpi: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes).
- acpi: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes).
- acpi: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes).
- acpica: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes).
- acpica: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes).
- acpica: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes).
- acpica: iasl: handle empty connection_node (stable-fixes).
- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).
- adapt same struct naming as similar kABI workaround in SLE15-SP6 (prefixed with 'suse_' to make it more obvious its a downstream thing.
- add bug reference for a mana change (bsc#1229769).
- add bug references to existing mana changes (bsc#1232033, bsc#1232034, bsc#1232036).
- add bugreference to a hv_netvsc patch (bsc#1232413).
- afs: Revert 'afs: Hide silly-rename files from userspace' (git-fixes).
- alsa: 6fire: Release resources at card release (git-fixes).
- alsa: ac97: bus: Fix the mistake in the comment (git-fixes).
- alsa: asihpi: Fix potential OOB array access (stable-fixes).
- alsa: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes).
- alsa: core: add isascii() check to card ID generator (stable-fixes).
- alsa: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes).
- alsa: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes).
- alsa: hda: cs35l41: fix module autoloading (git-fixes).
- alsa: hda: Fix kctl->id initialization (git-fixes).
- alsa: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes).
- alsa: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes).
- alsa: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes).
- alsa: hda/cs8409: Fix possible NULL dereference (git-fixes).
- alsa: hda/generic: Unconditionally prefer preferred_dacs pairs (git-fixes).
- alsa: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes).
- alsa: hda/realtek - FIxed ALC285 headphone no sound (stable-fixes).
- alsa: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes).
- alsa: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes).
- alsa: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes).
- alsa: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes).
- alsa: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes).
- alsa: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes).
- alsa: hda/realtek: Fix the push button function for the ALC257 (git-fixes).
- alsa: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes).
- alsa: hda/realtek: Update ALC225 depop procedure (git-fixes).
- alsa: hda/realtek: Update ALC256 depop procedure (git-fixes).
- alsa: hda/realtek: Update default depop procedure (git-fixes).
- alsa: hdsp: Break infinite MIDI input flush loop (stable-fixes).
- alsa: line6: add hw monitor volume control to POD HD500X (stable-fixes).
- alsa: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes).
- alsa: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes).
- alsa: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes).
- alsa: usb-audio: Add input value sanity checks for standard types (stable-fixes).
- alsa: usb-audio: Add logitech Audio profile quirk (stable-fixes).
- alsa: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes).
- alsa: usb-audio: Add quirk for HP 320 FHD Webcam (stable-fixes).
- alsa: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).
- alsa: usb-audio: Define macros for quirk table entries (stable-fixes).
- alsa: usb-audio: Replace complex quirk lines with macros (stable-fixes).
- alsa: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes).
- amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes).
- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)
- arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes).
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes).
- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)
- arm64: Force position-independent veneers (git-fixes).
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)
- arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes)
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian (git-fixes)
- arm64/sve: Discard stale CPU state when handling SVE traps (git-fixes)
- asoc: allow module autoloading for table db1200_pids (stable-fixes).
- asoc: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes).
- asoc: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes).
- asoc: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).
- asoc: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes).
- asoc: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes).
- asoc: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes).
- asoc: intel: fix module autoloading (stable-fixes).
- asoc: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- asoc: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes).
- asoc: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes).
- asoc: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes).
- asoc: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes).
- asoc: tda7419: fix module autoloading (stable-fixes).
- blk-throttle: Fix io statistics for cgroup v1 (bsc#1233528).
- block: Avoid leaking hctx->nr_active counter on batched completion (bsc#1231923).
- block: print symbolic error name instead of error code (bsc#1231872).
- bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes).
- bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes).
- bluetooth: Call iso_exit() on module unload (git-fixes).
- bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes).
- bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes).
- bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes).
- bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes).
- bluetooth: Remove debugfs directory on module init failure (git-fixes).
- bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes).
- bnxt_en: Fix the PCI-AER routines (git-fixes).
- bnxt_en: refactor reset close code (git-fixes).
- bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() (git-fixes).
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes).
- bnxt_en: Reset PTP tx_avail after possible firmware reset (git-fixes).
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes).
- bnxt_en: Wait for FLR to complete during probe (git-fixes).
- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).
- bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes).
- bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes).
- bpf, x64: Remove tail call detection (git-fixes).
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes).
- bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25 (bsc#1230414 bsc#1229450).
- bpf: Allow helpers to accept pointers with a fixed size (git-fixes).
- bpf: Check for helper calls in check_subprogs() (git-fixes).
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes).
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes).
- bpf: Fix helper writes to read-only maps (git-fixes).
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- bpf: Fix tailcall cases in test_bpf (git-fixes).
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes).
- bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes).
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes).
- btf, scripts: Exclude Rust CUs with pahole (bsc#1230414 bsc#1229450).
- bus: integrator-lm: fix OF node leak in probe() (git-fixes).
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes).
- can: c_can: fix {rx,tx}_errors statistics (git-fixes).
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: j1939: j1939_session_new(): fix skb reference counting (git-fixes).
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes).
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes).
- ceph: fix cap ref leak via netfs init_request (bsc#1231383).
- cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108).
- char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes).
- chtls: fix tp->rcv_tstamp initialization (git-fixes).
- clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885).
- clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885).
- comedi: Flush partial mappings in error case (git-fixes).
- comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes).
- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes).
- crypto: bcm - add error check in the ahash_hmac_init function (git-fixes).
- crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes).
- crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes).
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes).
- crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes).
- crypto: hisilicon - Remove pci_aer_clear_nonfatal_status() call (bsc#1232075)
- crypto: hisilicon/qm - re-enable communicate interrupt before notifying PF (bsc#1232075)
- crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes).
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes).
- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).
- cxgb4: Properly lock TX queue for the selftest (git-fixes).
- cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes).
- debugfs: fix automount d_fsdata usage (git-fixes).
- dn_route: set rt neigh to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- drbd: Add NULL check for net_conf to prevent dereference in state validation (git-fixes).
- drbd: Fix atomicity violation in drbd_uuid_set_bm() (git-fixes).
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes).
- drivers: net: prevent tun_build_skb() to exceed the packet size limit (git-fixes).
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes).
- drm: komeda: Fix an issue related to normalized zpos (stable-fixes).
- drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes).
- drm/amd: Guard against bad data for ATIF ACPI method (git-fixes).
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes).
- drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) (stable-fixes).
- drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (stable-fixes).
- drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes).
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944)
- drm/amd/display: Check null pointer before dereferencing se (stable-fixes).
- drm/amd/display: Check null pointers before using dc->clk_mgr (stable-fixes).
- drm/amd/display: Check stream before comparing them (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 color transformation (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (stable-fixes).
- drm/amd/display: Fix index out of bounds in degamma hardware format translation (stable-fixes).
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes).
- drm/amd/display: Fix system hang while resume with TBT monitor (stable-fixes).
- drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (stable-fixes).
- drm/amd/display: Initialize get_bytes_per_element's default to 1 (stable-fixes).
- drm/amd/display: Round calculated vtotal (stable-fixes).
- drm/amd/display: Validate backlight caps are sane (stable-fixes).
- drm/amd/pm: ensure the fw_info is not null before using it (stable-fixes).
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes).
- drm/amdgpu: add raven1 gfxoff quirk (stable-fixes).
- drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes).
- drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes).
- drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes).
- drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes).
- drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes).
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes).
- drm/amdgpu: properly handle vbios fake edid sizing (git-fixes).
- drm/amdgpu: Replace one-element array with flexible-array member (stable-fixes).
- drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes).
- drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: tc358767: Fix link properties discovery (git-fixes).
- drm/bridge: tc358768: Fix DSI command tx (git-fixes).
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes).
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes).
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes).
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes).
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes).
- drm/msm/dpu: do not always program merge_3d block (git-fixes).
- drm/msm/dpu: make sure phys resources are properly initialized (git-fixes).
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes).
- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).
- drm/omap: Fix possible NULL dereference (git-fixes).
- drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes).
- drm/printer: Allow NULL data in devcoredump printer (stable-fixes).
- drm/radeon: Fix encoder->possible_clones (git-fixes).
- drm/radeon: properly handle vbios fake edid sizing (git-fixes).
- drm/radeon: Replace one-element array with flexible-array member (stable-fixes).
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes).
- drm/rockchip: define gamma registers for RK3399 (stable-fixes).
- drm/rockchip: support gamma control on RK3399 (stable-fixes).
- drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes).
- drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes).
- drm/sti: avoid potential dereference of error pointers (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes).
- drm/v3d: Address race-condition in MMU flush (git-fixes).
- drm/v3d: Stop the active perfmon before being destroyed (git-fixes).
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes).
- drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes).
- drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes).
- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes).
- drm/vc4: Stop the active perfmon before being destroyed (git-fixes).
- drm/vmwgfx: Handle surface check failure correctly (git-fixes).
- drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).
- drop HD-audio conexant patch that caused a regression on Thinkpad (bsc#1228269)
- Drop OCFS2 patch causing a regression (bsc#1233255)
- drop USB dwc2 patch that caused a regression on RPi3 (bsc#1232342)
- e1000e: Fix S0ix residency on corporate systems (git-fixes).
- efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465).
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes).
- erofs: avoid consecutive detection for Highmem memory (git-fixes).
- erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF (git-fixes).
- erofs: fix pcluster use-after-free on UP platforms (git-fixes).
- erofs: fix potential overflow calculating xattr_isize (git-fixes).
- erofs: stop parsing non-compact HEAD index if clusterofs is invalid (git-fixes).
- eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes).
- exportfs: use pr_debug for unreachable debug statements (git-fixes).
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- fat: fix uninitialized variable (git-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).
- fgraph: Change the name of cpuhp state to 'fgraph:online' (git-fixes).
- fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes).
- fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes).
- filelock: fix potential use-after-free in posix_lock_inode (git-fixes).
- firmware: google: Unregister driver_info on failure (git-fixes).
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes).
- Fix regression on AMDGPU driver (bsc#1233134)
- fs: Fix file_set_fowner LSM hook inconsistencies (git-fixes).
- fs/namespace: fnic: Switch to use %ptTd (git-fixes).
- fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes).
- genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes).
- goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes).
- gpio: aspeed: Add the flush write to ensure the write complete (git-fixes).
- gpio: aspeed: Use devm_clk api to manage clock source (git-fixes).
- gpio: davinci: fix lazy disable (git-fixes).
- gve: Fix an edge case for TSO skb validity check (git-fixes).
- gve: Fix skb truesize underestimation (git-fixes).
- gve: Fix XDP TX completion handling when counters overflow (git-fixes).
- gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes).
- hid: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes).
- hid: core: zero-initialize the report buffer (git-fixes).
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes).
- hid: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes).
- hid: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes).
- hid: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes).
- hid: multitouch: Add support for B2402FVA track point (stable-fixes).
- hid: multitouch: Add support for GT7868Q (stable-fixes).
- hid: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes).
- hid: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes).
- hid: wacom: Defer calculation of resolution until resolution_code is known (git-fixes).
- hid: wacom: fix when get product name maybe null pointer (git-fixes).
- hid: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes).
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes).
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes).
- i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes).
- i2c: imx-lpi2c: return -EINVAL when i2c peripheral clk does not work (bsc#1227885).
- i2c: imx-lpi2c: use bulk clk API (bsc#1227885).
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes).
- i2c: xiic: Fix broken locking on tx_msg (stable-fixes).
- i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- i2c: xiic: Fix RX IRQ busy check (stable-fixes).
- i2c: xiic: improve error message when transfer fails to start (stable-fixes).
- i2c: xiic: Switch from waitqueue to completion (stable-fixes).
- i2c: xiic: Try re-initialization on bus busy timeout (git-fixes).
- i2c: xiic: Use devm_clk_get_enabled() (stable-fixes).
- i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path (git-fixes).
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes).
- i40e: avoid double calling i40e_pf_rxq_wait() (git-fixes).
- i40e: disable NAPI right after disabling irqs when handling xsk_pool (git-fixes).
- i40e: Fix filter input checks to prevent config with invalid values (git-fixes).
- i40e: fix use-after-free in i40e_aqc_add_filters() (git-fixes).
- i40e: Fix waiting for queues of all VSIs to be disabled (git-fixes).
- i40e: Fix XDP program unloading while removing the driver (git-fixes).
- i40e: Report MFS in decimal base instead of hex (git-fixes).
- i40e: Restore VF MSI-X state during PCI reset (git-fixes).
- i40e: take into account XDP Tx queues when stopping rings (git-fixes).
- iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK is set (git-fixes).
- iavf: fix FDIR rule fields masks validation (git-fixes).
- iavf: Fix promiscuous mode configuration flow messages (git-fixes).
- iavf: Fix TC config comparison with existing adapter TC config (git-fixes).
- iavf: in iavf_down, disable queues when removing the driver (git-fixes).
- iavf: initialize waitqueues before starting watchdog_task (git-fixes).
- iavf: Introduce new state machines for flow director (git-fixes).
- iavf: send VLAN offloading caps once after VFR (git-fixes).
- iavf: validate tx_coalesce_usecs even if rx_coalesce_usecs is zero (git-fixes).
- ibmvnic: Do partial reset on login failure (bsc#1233150).
- ibmvnic: Enforce stronger sanity checks on login response (bsc#1233150).
- ibmvnic: Ensure login failure recovery is safe from other resets (bsc#1233150).
- ibmvnic: Handle DMA unmapping of login buffs in release functions (bsc#1233150).
- ibmvnic: Unmap DMA login rsp buffer on send login fail (bsc#1233150).
- ice: avoid executing commands on other ports when driving sync (git-fixes).
- ice: Block switchdev mode when ADQ is active and vice versa (git-fixes).
- ice: change q_index variable type to s16 to store -1 value (git-fixes).
- ice: fix accounting for filters shared by multiple VSIs (git-fixes).
- ice: fix accounting if a VLAN already exists (git-fixes).
- ice: fix ICE_LAST_OFFSET formula (git-fixes).
- ice: Fix link_down_on_close message (git-fixes).
- ice: Fix netif_is_ice() in Safe Mode (git-fixes).
- ice: Fix NULL pointer deref during VF reset (git-fixes).
- ice: fix over-shifted variable (git-fixes).
- ice: fix receive buffer size miscalculation (git-fixes).
- ice: fix VLAN replay after reset (git-fixes).
- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).
- ice: ice_aq_check_events: fix off-by-one check when filling buffer (git-fixes).
- ice: Interpret .set_channels() input differently (git-fixes).
- ice: reset first in crash dump kernels (git-fixes).
- ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes).
- ice: Shut down VSI with 'link-down-on-close' enabled (git-fixes).
- ice: tc: allow zero flags in parsing tc flower (git-fixes).
- ice: Unbind the workqueue (bsc#1231344).
- ice: virtchnl: stop pretending to support RSS over AQ or registers (git-fixes).
- idpf: avoid compiler introduced padding in virtchnl2_rss_key struct (git-fixes).
- idpf: avoid compiler padding in virtchnl2_ptype struct (git-fixes).
- idpf: disable local BH when scheduling napi for marker packets (git-fixes).
- idpf: distinguish vports by the dev_port attribute (git-fixes).
- idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes).
- idpf: fix corrupted frames and skb leaks in singleq mode (git-fixes).
- idpf: fix memleak in vport interrupt configuration (git-fixes).
- idpf: fix memory leaks and crashes while performing a soft reset (git-fixes).
- idpf: fix UAFs when destroying the queues (git-fixes).
- idpf: Interpret .set_channels() input differently (git-fixes).
- igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes).
- igb: extend PTP timestamp adjustments to i211 (git-fixes).
- igb: Fix missing time sync events (git-fixes).
- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).
- igc: Check VLAN EtherType mask (git-fixes).
- igc: Check VLAN TCI mask (git-fixes).
- igc: Fix hicredit calculation (git-fixes).
- igc: Fix missing time sync events (git-fixes).
- igc: Remove temporary workaround (git-fixes).
- igc: Report VLAN EtherType matching back to user (git-fixes).
- igc: Unlock on error in igc_io_resume() (git-fixes).
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes).
- iio: adc: ad7606: Fix typo in the driver name (git-fixes).
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes).
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes).
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes).
- iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes).
- iio: light: opt3001: add missing full-scale range value (git-fixes).
- iio: light: veml6030: fix ALS sensor resolution (git-fixes).
- iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes).
- iio: light: veml6030: fix microlux value calculation (git-fixes).
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).
- input: adp5589-keys - fix NULL pointer dereference (git-fixes).
- input: ads7846 - ratelimit the spi_sync error message (stable-fixes).
- input: goodix - use the new soc_intel_is_byt() helper (stable-fixes).
- input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (git-fixes).
- input: i8042 - add Ayaneo Kun to i8042 quirk table (git-fixes).
- input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (git-fixes).
- input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (git-fixes).
- input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (git-fixes).
- input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes).
- iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes).
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes).
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (git-fixes).
- itco_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes).
- ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able (git-fixes).
- ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() (git-fixes).
- ixgbe: fix crash with empty VF macvlan list (git-fixes).
- ixgbe: fix timestamp configuration code (git-fixes).
- jfs: check if leafidx greater than num leaves per dmap tree (git-fixes).
- jfs: Fix sanity check in dbMount (git-fixes).
- jfs: Fix uaf in dbFreeBits (git-fixes).
- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).
- kab: fix after net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes).
- kabi fix of KVM: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes).
- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).
- kABI: bpf: struct bpf_func_proto kABI workaround (git-fixes).
- kabi: fix after kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- kabi: fix after KVM: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes).
- kabi: Restore exported __arm_smccc_sve_check (git-fixes)
- kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450).
- kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450).
- kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450).
- kbuild: add test-{ge,gt,le,lt} macros (bsc#1230414 bsc#1229450).
- kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450).
- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450).
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- kernel.h: split out COUNT_ARGS() and CONCATENATE() to args.h (git-fixes)
- kexec: fix a memory leak in crash_shrink_memory() (git-fixes).
- kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- kvm: Add support for arch compat vm ioctls (git-fixes).
- kvm: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes).
- kvm: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes).
- kvm: arm64: Fix AArch32 register narrowing on userspace write (git-fixes).
- kvm: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes).
- kvm: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes).
- kvm: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes).
- kvm: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes).
- kvm: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes).
- kvm: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes).
- kvm: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes).
- kvm: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git-fixes).
- kvm: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes).
- kvm: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes).
- kvm: eventfd: Fix false positive RCU usage warning (git-fixes).
- kvm: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes).
- kvm: Fix lockdep false negative during host resume (git-fixes).
- kvm: fix memoryleak in kvm_init() (git-fixes).
- kvm: Grab a reference to KVM for VM and vCPU stats file descriptors (git-fixes).
- kvm: Optimize kvm_make_vcpus_request_mask() a bit (git-fixes).
- kvm: PPC: Book3S HV: remove unused varible (bsc#1194869).
- kvm: Pre-allocate cpumasks for kvm_make_all_cpus_request_except() (git-fixes).
- kvm: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes).
- kvm: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232631).
- kvm: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231277).
- kvm: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232630).
- kvm: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes).
- kvm: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes).
- kvm: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes).
- kvm: Unconditionally get a ref to /dev/kvm module when creating a VM (git-fixes).
- kvm: Write the per-page 'segment' when clearing (part of) a guest page (git-fixes).
- kvm: x86: Use a stable condition around all VT-d PI paths (git-fixes).
- kvm: x86/mmu: Fold rmap_recycle into rmap_add (git-fixes).
- kvm: x86/mmu: Rename slot_handle_leaf to slot_handle_level_4k (git-fixes).
- kvm/arm64: rework guest entry logic (git-fixes).
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes).
- Makefile.compiler: replace cc-ifversion with compiler-specific macros (bsc#1230414 bsc#1229450).
- media: adv7604: prevent underflow condition when reporting colorspace (git-fixes).
- media: cx24116: prevent overflows on SNR calculus (git-fixes).
- media: dvb_frontend: do not play tricks with underflow values (git-fixes).
- media: dvb-usb-v2: af9035: fix missing unlock (git-fixes).
- media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (stable-fixes).
- media: dvbdev: prevent the risk of out of memory access (git-fixes).
- media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes).
- media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes).
- media: stb0899_algo: initialize cfr before using it (git-fixes).
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes).
- media: v4l2-tpg: prevent the risk of a division by zero (git-fixes).
- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes).
- mei: use kvmalloc for read buffer (git-fixes).
- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).
- mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012).
- mm/memory: add non-anonymous page check in the copy_present_page() (bsc#1231646).
- modpost: remove incorrect code in do_eisa_entry() (git-fixes).
- module: abort module loading when sysfs setup suffer errors (git-fixes).
- nbd: fix race between timeout and normal completion (bsc#1230918).
- net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes).
- net: ena: Fix potential sign extension issue (git-fixes).
- net: ena: Remove ena_select_queue (git-fixes).
- net: ena: Wrong missing IO completions check order (git-fixes).
- net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891).
- net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289).
- net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes).
- net: relax socket state check at accept time (git-fixes).
- net: socket: suppress unused warning (git-fixes).
- net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes).
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes).
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes).
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes).
- net: usb: usbnet: fix name regression (git-fixes).
- net: usb: usbnet: fix race in probe failure (git-fixes).
- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes).
- net/mlx5: Added cond_resched() to crdump collection (git-fixes).
- net/mlx5: Allow 0 for total host VFs (git-fixes).
- net/mlx5: Correctly compare pkt reformat ids (git-fixes).
- net/mlx5: DR, Can't go to uplink vport on RX rule (git-fixes).
- net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx (git-fixes).
- net/mlx5: DR, Use the right GVMI number for drop action (git-fixes).
- net/mlx5: Drain health before unregistering devlink (git-fixes).
- net/mlx5: E-switch, register event handler before arming the event (git-fixes).
- net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes).
- net/mlx5: Fix fw tracer first block check (git-fixes).
- net/mlx5: fix potential memory leak in mlx5e_init_rep_rx (git-fixes).
- net/mlx5: fs, lock FTE when checking if active (git-fixes).
- net/mlx5: Handle fw tracer change ownership event based on MTRC (git-fixes).
- net/mlx5: LAG, Check correct bucket when modifying LAG (git-fixes).
- net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes).
- net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes).
- net/mlx5: Lag, restore buckets number to default after hash LAG deactivation (git-fixes).
- net/mlx5: Skip clock update work when device is in error state (git-fixes).
- net/mlx5: Unregister notifier on eswitch init failure (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5: Use mlx5 device constant for selecting CQ period mode for ASO (git-fixes).
- net/mlx5: Use recovery timeout on sync reset flow (git-fixes).
- net/mlx5: Use RMW accessors for changing LNKCTL (git-fixes).
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes).
- net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes).
- net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes).
- net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
- net/mlx5e: Allow software parsing when IPsec crypto is enabled (git-fixes).
- net/mlx5e: Change the warning when ignore_flow_level is not supported (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version buffer (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors (git-fixes).
- net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes).
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes).
- net/mlx5e: Do not offload internal port if filter device is out device (git-fixes).
- net/mlx5e: fix a potential double-free in fs_udp_create_groups (git-fixes).
- net/mlx5e: Fix crash moving to switchdev mode when ntuple offload is set (git-fixes).
- net/mlx5e: fix double free in macsec_fs_tx_create_crypto_table_groups (git-fixes).
- net/mlx5e: fix double free of encap_header (git-fixes).
- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes).
- net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes).
- net/mlx5e: Fix pedit endianness (git-fixes).
- net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work (git-fixes).
- net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() (git-fixes).
- net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() (git-fixes).
- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).
- net/mlx5e: HTB, Fix inconsistencies with QoS SQs number (git-fixes).
- net/mlx5e: kTLS, Fix incorrect page refcounting (git-fixes).
- net/mlx5e: Move representor neigh cleanup to profile cleanup_tx (git-fixes).
- net/mlx5e: Reduce the size of icosq_str (git-fixes).
- net/mlx5e: Take state lock during tx timeout reporter (git-fixes).
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes).
- net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX (bsc#1226797)
- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes).
- nfs: Avoid unnecessary rescanning of the per-server delegation list (git-fixes).
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).
- nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes).
- nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes).
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).
- nfsd: Fix NFSv4's PUTPUBFH operation (git-fixes).
- nfsd: fix refcount leak when file is unhashed after being found (git-fixes).
- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).
- nfsd: Mark filecache 'down' if init fails (git-fixes).
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes).
- nfsd: return -EINVAL when namelen is 0 (git-fixes).
- nfsv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- nfsv4: Fix clearing of layout segments in layoutreturn (git-fixes).
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes).
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes).
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (stable-fixes).
- nvme-fabrics: fix kernel crash while shutting down controller (git-fixes).
- nvme-multipath: system fails to create generic nvme device (git-fixes).
- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).
- nvme-pci: qdepth 1 quirk (git-fixes).
- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).
- nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes).
- ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes).
- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes).
- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes).
- parport: Proper fix for array out-of-bounds access (git-fixes).
- pci: Add ACS quirk for Qualcomm SA8775P (stable-fixes).
- pci: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes).
- pci: Add T_PVPERL macro (git-fixes).
- pci: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes).
- pci: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019).
- pci: Fix reset_method_store() memory leak (git-fixes).
- pci: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes).
- pci: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes).
- pci: keystone: Set mode as Root Complex for 'ti,keystone-pcie' compatible (git-fixes).
- pci: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes).
- pci: rockchip-ep: Fix address translation unit programming (git-fixes).
- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes).
- platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes).
- platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes).
- platform/x86: dell-sysman: add support for alienware products (stable-fixes).
- platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes).
- platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes).
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098).
- power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes).
- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).
- power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes).
- powerpc: Allow clearing and restoring registers independent of saved breakpoint state (bsc#1194869).
- powerpc: remove GCC version check for UPD_CONSTR (bsc#1194869).
- powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869).
- powerpc/asm: Remove UPD_CONSTR after GCC 4.9 removal (bsc#1194869).
- powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869).
- powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869).
- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).
- powerpc/code-patching: Add generic memory patching (bsc#1194869).
- powerpc/code-patching: Consolidate and cache per-cpu patching context (bsc#1194869).
- powerpc/code-patching: Do not call is_vmalloc_or_module_addr() without CONFIG_MODULES (bsc#1194869).
- powerpc/code-patching: Fix error handling in do_patch_instruction() (bsc#1194869).
- powerpc/code-patching: Fix oops with DEBUG_VM enabled (bsc#1194869).
- powerpc/code-patching: Fix unmap_patch_area() error handling (bsc#1194869).
- powerpc/code-patching: introduce patch_instructions() (bsc#1194869).
- powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869).
- powerpc/code-patching: Pre-map patch area (bsc#1194869).
- powerpc/code-patching: Remove #ifdef CONFIG_STRICT_KERNEL_RWX (bsc#1194869).
- powerpc/code-patching: Remove pr_debug()/pr_devel() messages and fix check() (bsc#1194869).
- powerpc/code-patching: Reorganise do_patch_instruction() to ease error handling (bsc#1194869).
- powerpc/code-patching: Speed up page mapping/unmapping (bsc#1194869).
- powerpc/code-patching: Use jump_label to check if poking_init() is done (bsc#1194869).
- powerpc/code-patching: Use temporary mm for Radix MMU (bsc#1194869).
- powerpc/code-patching: Use WARN_ON and fix check in poking_init (bsc#1194869).
- powerpc/ftrace: Use patch_instruction() return directly (bsc#1194869).
- powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git-fixes).
- powerpc/imc-pmu: Use the correct spinlock initializer (bsc#1054914 git-fixes).
- powerpc/inst: Refactor ___get_user_instr() (bsc#1194869).
- powerpc/kexec: Fix return of uninitialized variable (bsc#1194869).
- powerpc/lib: Add __init attribute to eligible functions (bsc#1194869).
- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).
- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869).
- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).
- powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869).
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869).
- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869).
- powerpc/tlb: Add local flush for page given mm_struct and psize (bsc#1194869).
- powerpc/vdso: augment VDSO32 functions to support 64 bits build (bsc#1194869).
- powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869).
- powerpc/vdso: Merge vdso64 and vdso32 into a single directory (bsc#1194869).
- powerpc/vdso: Rework VDSO32 makefile to add a prefix to object files (bsc#1194869).
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869).
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- qed: avoid truncating work queue length (git-fixes).
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631).
- rcu: Add rcutree.nohz_full_patience_delay to reduce nohz_full (bsc#1231327)
- rdma/bnxt_re: Add a check for memory allocation (git-fixes)
- rdma/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)
- rdma/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)
- rdma/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)
- rdma/bnxt_re: Fix the GID table length (git-fixes)
- rdma/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)
- rdma/bnxt_re: Fix the usage of control path spin locks (git-fixes)
- rdma/bnxt_re: Return more meaningful error (git-fixes)
- rdma/bnxt_re: synchronize the qp-handle table array (git-fixes)
- rdma/cxgb4: Dump vendor specific QP details (git-fixes)
- rdma/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)
- rdma/hns: Add clear_hem return value to log (git-fixes)
- rdma/hns: Add mutex_destroy() (git-fixes)
- rdma/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)
- rdma/hns: Fix cpu stuck caused by printings during reset (git-fixes)
- rdma/hns: Fix different dgids mapping to the same dip_idx (git-fixes)
- rdma/hns: Fix flush cqe error when racing with destroy qp (git-fixes)
- rdma/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)
- rdma/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)
- rdma/hns: Remove unnecessary QP type checks (git-fixes)
- rdma/hns: Remove unused abnormal interrupt of type RAS (git-fixes)
- rdma/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)
- rdma/hns: Use macro instead of magic number (git-fixes)
- rdma/irdma: Fix misspelling of 'accept*' (git-fixes)
- rdma/mad: Improve handling of timed out WRs of mad agent (git-fixes)
- rdma/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes).
- rdma/mana_ib: use the correct page table index based on hardware page size (git-fixes).
- rdma/mlx5: Move events notifier registration to be after device registration (git-fixes)
- rdma/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)
- rdma/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes).
- rdma/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)
- rdma/rxe: Fix the qp flush warnings in req (git-fixes)
- rdma/rxe: Set queue pair cur_qp_state when being queried (git-fixes)
- rdma/srpt: Make slab cache names unique (git-fixes)
- Removed the duplicated check of static_assert(sizeof(struct work_struct) >= sizeof(struct rcu_head)).
- Removed unnecessary white-space change in kernel/bpf/syscall.c
- Revert 'cgroup: Fix memory leak caused by missing cgroup_bpf_offline' (bsc#1234108).
- Revert 'ixgbe: Manual AN-37 for troublesome link partners for X550 SFI' (git-fixes).
- Revert 'KVM: Prevent module exit until all VMs are freed' (git-fixes).
- Revert 'mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K' (git-fixes).
- Revert 'usb: gadget: composite: fix OS descriptors w_value logic' (git-fixes).
- Revert 'usb: yurex: Replace snprintf() with the safer scnprintf() variant' (stable-fixes).
- Revert PM changes that caused a regression on S4 resume (bsc#1231578).
- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK.
- rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY gcc version dependent, at least on ppc
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
- rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes).
- rtc: abx80x: Fix WDT bit position of the status register (git-fixes).
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes).
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747).
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232632).
- sched/isolation: Prevent boot crash when the boot CPU is (bsc#1231327)
- scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes).
- scsi: core: alua: I/O errors for ALUA state transitions (git-fixes).
- scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes).
- scsi: core: Handle devices which return an unusually large VPD page count (git-fixes).
- scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (git-fixes).
- scsi: fnic: Move flush_work initialization out of if block (bsc#1230055).
- scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes).
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes).
- scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes).
- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241).
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757).
- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241).
- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241).
- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241).
- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241).
- scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241).
- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757).
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757).
- scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241).
- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241).
- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241).
- scsi: lpfc: Remove trailing space after \n newline (bsc#1232757).
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (git-fixes).
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757).
- scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241).
- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241).
- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757).
- scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes).
- scsi: mac_scsi: Refactor polling loop (git-fixes).
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes).
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes).
- scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes).
- scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes).
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes).
- scsi: smartpqi: correct stream detection (git-fixes).
- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes).
- scsi: spi: Fix sshdr use (git-fixes).
- scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes).
- security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes).
- selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes).
- selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes).
- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes).
- selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes).
- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes).
- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).
- sfc: Check firmware supports Ethernet PTP filter (git-fixes).
- sfc: do not unregister flow_indr if it was never registered (git-fixes).
- sfc: fix a double-free bug in efx_probe_filters (git-fixes).
- signal: Replace BUG_ON()s (bsc#1234093).
- spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes).
- spi: bcm63xx: Enable module autoloading (stable-fixes).
- spi: bcm63xx: Fix module autoloading (git-fixes).
- spi: Fix acpi deferred irq probe (git-fixes).
- spi: lpspi: release requested DMA channels (stable-fixes).
- spi: lpspi: Silence error message upon deferred probe (stable-fixes).
- spi: lpspi: Simplify some error message (git-fixes).
- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes).
- spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes).
- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).
- spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes).
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes).
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes).
- static_call: Do not make __static_call_return0 static (git-fixes).
- sunrpc: clnt.c: Remove misleading comment (git-fixes).
- sunrpc: Fix integer overflow in decode_rc_list() (git-fixes).
- sunrpc: Fixup gss_status tracepoint error output (git-fixes).
- thermal: core: Initialize thermal zones before registering them (git-fixes).
- thermal: intel: int340x: processor: Fix warning during module unload (git-fixes).
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes).
- tracing: Consider the NULL character when validating the event length (git-fixes).
- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).
- tracing/uprobes: Use trace_event_buffer_reserve() helper (git-fixes).
- tun: Fix xdp_rxq_info's queue_index when detaching (git-fixes).
- tun: prevent negative ifindex (git-fixes).
- ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460).
- Update config files (bsc#1218644). LIVEPATCH_IPA_CLONES=n => LIVEPATCH=n
- Update config files. Enabled IDPF for ARM64 (bsc#1221309)
- uprobe: avoid out-of-bounds memory access of fetching args (git-fixes).
- uprobes: encapsulate preparation of uprobe args buffer (git-fixes).
- usb: appledisplay: close race between probe and completion handler (stable-fixes).
- usb: chaoskey: fail open after removal (git-fixes).
- usb: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes).
- usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes).
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes).
- usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes).
- usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes).
- usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes).
- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).
- usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes).
- usb: gadget: core: force synchronous registration (git-fixes).
- usb: misc: cypress_cy7c63: check for short transfer (stable-fixes).
- usb: misc: yurex: fix race between read and write (stable-fixes).
- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes).
- usb: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes).
- usb: serial: io_edgeport: fix use after free in debug printk (git-fixes).
- usb: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes).
- usb: serial: option: add Quectel RG650V (stable-fixes).
- usb: serial: option: add support for Quectel EG916Q-GL (stable-fixes).
- usb: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes).
- usb: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes).
- usb: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes).
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes).
- usb: typec: altmode should keep reference to parent (git-fixes).
- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes).
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes).
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes).
- usb: xhci: Fix problem with xhci resume from suspend (stable-fixes).
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes).
- usb: yurex: Fix inconsistent locking bug in yurex_read() (git-fixes).
- usb: yurex: make waiting on yurex_write interruptible (git-fixes).
- usb: yurex: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usbip: tools: Fix detach_port() invalid port error path (git-fixes).
- usbnet: ipheth: fix carrier detection in modes 1 and 4 (stable-fixes).
- Use pahole -j1 option for reproducible builds (bsc#1230414 bsc#1229450).
- vdpa/mlx5: preserve CVQ vringh index (git-fixes).
- vhost_vdpa: assign irq bypass producer token correctly (git-fixes).
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes).
- virtio_console: fix misc probe bugs (git-fixes).
- virtio_net: fixing XDP for fully checksummed packets handling (git-fixes).
- virtio-net: synchronize probe with ndo_set_features (git-fixes).
- vmxnet3: add command to allow disabling of offloads (bsc#1226498).
- vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498).
- vmxnet3: prepare for version 9 changes (bsc#1226498).
- vmxnet3: update to version 9 (bsc#1226498).
- vsock/virtio: fix packet delivery to tap device (git-fixes).
- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes).
- watchdog: rti: of: honor timeout-sec property (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes).
- wifi: ath10k: Fix memory leak in management tx (git-fixes).
- wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes).
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes).
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes).
- wifi: ath9k: fix parameter check in ath9k_init_debug() (stable-fixes).
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes).
- wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes).
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes).
- wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes).
- wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes).
- wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes).
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (stable-fixes).
- wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes).
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes).
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes).
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes).
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).
- workqueue: Avoid using isolated cpus' timers on (bsc#1231327)
- workqueue: mark power efficient workqueue as unbounded if (bsc#1231327)
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).
- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).
- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).
- x86/kaslr: Expose and use the end of the physical memory address space (bsc#1230405).
- x86/kvm: fix is_stale_page_fault() (bsc#1221333).
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- xhci: Fix incorrect stream context type macro (git-fixes).
- xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes).
- xhci: Mitigate failed set dequeue pointer commands (git-fixes).
- xhci: Separate PORT and CAPs macros into dedicated file (stable-fixes).
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2024:4377-1
Released: Thu Dec 19 07:10:53 2024
Summary: Feature update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: feature
Severity: low
References: 1232024
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Add amazon-dracut-config, google-dracut-config, microsoft-dracut-config to Public Cloud 15-SP[3-6] channels (bsc#1232024)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4383-1
Released: Thu Dec 19 09:05:03 2024
Summary: Recommended update for grub2
Type: recommended
Severity: moderate
References: 1231604,1232573
This update for grub2 fixes the following issues:
- xen-debug Subpackage Created: Debug files (with the .module suffix) previously included in the main xen package have
been moved to a separate xen-debug subpackage (bsc#1232573)
- minix Filesystem Misdetection Fixed: Addressed an issue where leftover data on disk could cause a misdetection and
errors (bsc#1231604)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4386-1
Released: Thu Dec 19 15:04:16 2024
Summary: Security update for avahi
Type: security
Severity: moderate
References: 1226586,1233420,CVE-2024-52616
This update for avahi fixes the following issues:
- CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420)
Other fixes:
- no longer supply bogus services to callbacks (bsc#1226586).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4403-1
Released: Fri Dec 20 16:42:05 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4410-1
Released: Mon Dec 23 12:19:40 2024
Summary: Recommended update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: recommended
Severity: moderate
References: 1234708
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Fix support level to L3 (bsc#1234708)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:29-1
Released: Tue Jan 7 11:41:20 2025
Summary: Security update for python-Jinja2
Type: security
Severity: important
References: 1234809,CVE-2024-56326
This update for python-Jinja2 fixes the following issues:
- CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:73-1
Released: Mon Jan 13 07:10:00 2025
Summary: Recommended update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: recommended
Severity: moderate
References: 1232024
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Add amazon-dracut-config, google-dracut-config, microsoft-dracut-config to MicroOS 5.1, 5.2 and Micro 5.3, 5.4, 5.5 channels (bsc#1232024)
- Move dracut config files to usr/lib/ dir
- Add provides and conflicts on generic name dracut-instance-change-config
- Rename config for nvme for consistency
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:76-1
Released: Mon Jan 13 10:42:05 2025
Summary: Recommended update for containerd
Type: recommended
Severity: moderate
References:
This update for containerd fixes the following issues:
containerd was updated from version 1.7.21 to 1.7.23:
- Changes in version 1.7.23:
* Highlights:
+ Added error definition aliases
+ Allow proxy plugins to have capabilities
+ Revert a previous errdefs package migration
* Container Runtime Interface (CRI):
+ Added check for CNI plugins before tearing down pod network
* Image Distribution:
+ Fixed the race condition during GC of snapshots when client retries
* Full Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.23
- Changes in version 1.7.22:
* Highlights:
+ Build and Release Toolchain
+ Updated Go (go1.22.7 and go1.23.1)
* Container Runtime Interface (CRI):
+ Added a fix for decreasing cumulative stats
* Runtime:
+ Fixed bug where init exits were being dropped
+ Update runc binary to 1.1.14
* Full Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.22
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:148-1
Released: Thu Jan 16 17:00:45 2025
Summary: Recommended update for cryptsetup
Type: recommended
Severity: moderate
References: 1234273
This update for cryptsetup fixes the following issue:
- luksFormat succeeds despite creating corrupt device (bsc#1234273).
* Add a better warning if luksFormat ends with image without any space for data.
* Print warning early if LUKS container is too small for activation.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:196-1
Released: Tue Jan 21 09:34:32 2025
Summary: Security update for dhcp
Type: security
Severity: moderate
References: 1192020
This update for dhcp fixes the following issues:
- Fixed dhcp not starting in case group nogroup is missing (bsc#1192020)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:201-1
Released: Tue Jan 21 13:51:32 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1170891,1173139,1185010,1190358,1190428,1203332,1205521,1209288,1209798,1211593,1211595,1214635,1215304,1215523,1216813,1216909,1219608,1222878,1223044,1225758,1225820,1226694,1228190,1229809,1230422,1230697,1231388,1231453,1231854,1232045,1232157,1232166,1232419,1232436,1232472,1232823,1233038,1233050,1233070,1233096,1233127,1233200,1233239,1233324,1233467,1233468,1233469,1233485,1233547,1233550,1233558,1233564,1233568,1233637,1233642,1233701,1233769,1233837,1234072,1234073,1234075,1234076,1234077,1234087,1234120,1234156,1234219,1234220,1234240,1234241,1234281,1234282,1234294,1234338,1234357,1234437,1234464,1234605,1234639,1234650,1234727,1234811,1234827,1234834,1234843,1234846,1234853,1234856,1234891,1234912,1234920,1234921,1234960,1234963,1234971,1234973,1235004,1235035,1235037,1235039,1235054,1235056,1235061,1235073,1235220,1235224,1235246,1235507,CVE-2021-47202,CVE-2022-36280,CVE-2022-48742,CVE-2022-49033,CVE-2022-49035,CVE-2023-1382,CVE-2023-33951,CVE-2023-33952,CV
E-2023-52920,CVE-2024-24860,CVE-2024-26886,CVE-2024-26924,CVE-2024-36915,CVE-2024-42232,CVE-2024-44934,CVE-2024-47666,CVE-2024-47678,CVE-2024-49944,CVE-2024-49952,CVE-2024-50018,CVE-2024-50143,CVE-2024-50154,CVE-2024-50166,CVE-2024-50181,CVE-2024-50202,CVE-2024-50211,CVE-2024-50256,CVE-2024-50262,CVE-2024-50278,CVE-2024-50279,CVE-2024-50280,CVE-2024-50296,CVE-2024-53051,CVE-2024-53055,CVE-2024-53056,CVE-2024-53064,CVE-2024-53072,CVE-2024-53090,CVE-2024-53095,CVE-2024-53101,CVE-2024-53113,CVE-2024-53114,CVE-2024-53119,CVE-2024-53120,CVE-2024-53122,CVE-2024-53125,CVE-2024-53130,CVE-2024-53131,CVE-2024-53142,CVE-2024-53146,CVE-2024-53150,CVE-2024-53156,CVE-2024-53157,CVE-2024-53158,CVE-2024-53161,CVE-2024-53162,CVE-2024-53173,CVE-2024-53179,CVE-2024-53206,CVE-2024-53210,CVE-2024-53213,CVE-2024-53214,CVE-2024-53239,CVE-2024-53240,CVE-2024-53241,CVE-2024-56539,CVE-2024-56548,CVE-2024-56549,CVE-2024-56570,CVE-2024-56571,CVE-2024-56575,CVE-2024-56598,CVE-2024-56604,CVE-2024-56605,CVE-2024-
56619,CVE-2024-56755,CVE-2024-8805
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-48742: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (bsc#1226694).
- CVE-2022-49033: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (bsc#1232045).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-33951: Fixed a race condition that could have led to an information disclosure inside the vmwgfx driver (bsc#1211593).
- CVE-2023-33952: Fixed a double free that could have led to a local privilege escalation inside the vmwgfx driver (bsc#1211595).
- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).
- CVE-2024-26886: Bluetooth: af_bluetooth: Fix deadlock (bsc#1223044).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809).
- CVE-2024-47666: scsi: pm80xx: Set phy->enable_completion only when we wait for it (bsc#1231453).
- CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854).
- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
- CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419).
- CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038).
- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
- CVE-2024-50181: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (bsc#1233127).
- CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324).
- CVE-2024-50211: udf: refactor inode_bmap() to handle error (bsc#1233096).
- CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200).
- CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239).
- CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469).
- CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-53072: platform/x86/amd/pmc: Detect when STB is not available (bsc#1233564).
- CVE-2024-53090: afs: Fix lock recursion (bsc#1233637).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53101: fs: Fix uninitialized value issue in from_kuid and from_kgid (bsc#1233769).
- CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077).
- CVE-2024-53114: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1234072).
- CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073).
- CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219).
- CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53150: ALSA: usb-audio: Fix out of bounds reads when finding clock sources (bsc#1234834).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53157: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (bsc#1234827).
- CVE-2024-53158: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (bsc#1234811).
- CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856).
- CVE-2024-53162: crypto: qat/qat_4xxx - fix off by one in uof_get_name() (bsc#1234843).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53210: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (bsc#1234971).
- CVE-2024-53213: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (bsc#1234973).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56571: media: uvcvideo: Require entities to have a non-zero unique ID (bsc#1235037).
- CVE-2024-56575: media: imx-jpeg: Ensure power suppliers be suspended before detach them (bsc#1235039).
- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).
- CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920).
The following non-security bugs were fixed:
- ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294)
- Documentation: Add x86/amd_hsmp driver (jsc#PED-1295).
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes).
- Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139)
- KVM: x86: fix sending PV IPI (git-fixes).
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes).
- NFSD: Fix nfsd4_shutdown_copy() (git-fixes).
- NFSD: Move fill_pre_wcc() and fill_post_wcc() (bsc#1234650 bsc#1233701 bsc#1232472).
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes).
- NFSD: Prevent a potential integer overflow (git-fixes).
- NFSD: reduce locking in nfsd_lookup() (bsc#1234650 bsc#1233701 bsc#1232472).
- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes).
- PCI: vmd: Fix secondary bus reset for Intel bridges (git-fixes).
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- README: Clean-up trailing whitespace
- SUNRPC: make sure cache entry active before cache_show (git-fixes).
- amd_hsmp: Add HSMP protocol version 5 messages (jsc#PED-1295).
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605)
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes).
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes).
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes).
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator (git-fixes).
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion (git-fixes).
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes).
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes).
- autofs: use flexible array in ioctl structure (git-fixes).
- devlink: allow registering parameters after the instance (bsc#1231388 bsc#1230422).
- devlink: do not require setting features before registration (bsc#1231388 bsc#1230422).
- dma-fence: Fix reference leak on fence merge failure path (git-fixes).
- dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357).
- dmaengine: idxd: add wq driver name support for accel-config user tool (bsc#1234357).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them (git-fixes).
- exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes).
- fixup 'rpm: support gz and zst compression methods' once more (bsc#1190428, bsc#1190358) Fixes: 3b8c4d9bcc24 ('rpm: support gz and zst compression methods') Fixes: 23510fce36ec ('fixup 'rpm: support gz and zst compression methods'')
- hfsplus: do not query the device logical block size multiple times (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- ipc/sem: Fix dangling sem_array access in semtimedop race (bsc#1234727).
- jffs2: Fix rtime decompressor (git-fixes).
- jffs2: Prevent rtime decompress memory corruption (git-fixes).
- jffs2: fix use of uninitialized variable (git-fixes).
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes).
- jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes).
- jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes).
- jfs: fix shift-out-of-bounds in dbSplit (git-fixes).
- jfs: xattr: check invalid xattr size more strictly (git-fixes).
- kabi/severities: ignore intermodule symbols between fsl_fman and fsl_dpaa_eth
- kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge.
- kobject: Add sanity check for kset->kobj.ktype in kset_register() (bsc#1234639).
- memory: tegra: Add API for retrieving carveout bounds (jsc#PED-1763).
- mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (bsc#1234120).
- mmc: core: Further prevent card detect during shutdown (git-fixes).
- net/ipv6: release expired exception dst cached in socket (bsc#1216813).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- nfsd: make sure exp active before svc_export_show (git-fixes).
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234650 bsc#1233701 bsc#1232472).
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes).
- nilfs2: prevent use of deleted inode (git-fixes).
- ocfs2: uncache inode which has failed entering the group (bsc#1234087).
- phy: tegra: p2u: Set ENABLE_L2_EXIT_RATE_CHANGE in calibration (jsc#PED-1763).
- platform/x86: Add AMD system management interface (jsc#PED-1295).
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes).
- pwm: tegra: Improve required rate calculation (jsc#PED-1763).
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
- scatterlist: fix incorrect func name in kernel-doc (git-fixes).
- scripts/git_sort/git_sort.py: add tegra DRM and linux-pwm repo
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- serial: tegra: Read DMA status before terminating (jsc#PED-1763).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642].
- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).
- sunrpc: simplify two-level sysctl registration for svcrdma_parm_table (git-fixes).
- supported.conf: add bsc1185010 dependency
- supported.conf: hyperv_drm (jsc#sle-19733)
- svcrdma: Address an integer overflow (git-fixes).
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes).
- tpm_tis_spi: Release chip select when flow control fails (bsc#1234338)
- ubifs: Correct the total block count by deducting journal reservation (git-fixes).
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes).
- udf: Handle error when adding extent to a file (bsc#1234437).
- udf: refactor udf_current_aext() to handle error (bsc#1234240).
- udf: refactor udf_next_aext() to handle error (bsc#1234241).
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- zonefs: fix zone report size in __zonefs_io_error() (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:218-1
Released: Wed Jan 22 04:33:35 2025
Summary: Optional update for augeas
Type: optional
Severity: moderate
References:
This update ships the augeas commandline tool and the augeas-lenses to SUSE Linux Enterprise Micro 5.5.
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:224-1
Released: Wed Jan 22 12:31:25 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-' or
'--' to the '' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:225-1
Released: Wed Jan 22 15:31:54 2025
Summary: Recommended update for vim
Type: recommended
Severity: moderate
References: 1234214,1234245,1234333
This update for vim fixes the following issues:
- Fix for migration problems related to 'xxd', a subpackages of vim (bsc#1234333 / bsc#1234214 / bsc#1234245).
Package 'xxd' has been obsoleted by Vim, as it provides the xxd
files directly.
However, because the 'Obsoletes' entry was versioned, depending on
which version of 'xxd' that is installed, the 'Obsoletes' isn't
actually triggered. Thus, there is a conflict between 'vim' and
'xxd' in these cases.
Fixing this by removing the version completely. The 'vim' package
should always replace 'xxd', even if people are migrating from an
older SLE15 service pack which has the exact same version.
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- containerd-ctr-1.7.23-150000.120.1 updated
- containerd-1.7.23-150000.120.1 updated
- crypto-policies-20210917.c9d86d1-150400.3.8.1 updated
- curl-8.0.1-150400.5.59.1 updated
- dhcp-client-4.3.6.P1-150000.6.22.1 updated
- dhcp-4.3.6.P1-150000.6.22.1 updated
- docker-26.1.5_ce-150000.212.1 updated
- grub2-i386-pc-2.06-150500.29.37.1 updated
- grub2-x86_64-efi-2.06-150500.29.37.1 updated
- grub2-2.06-150500.29.37.1 updated
- hwdata-0.390-150000.3.74.2 updated
- kernel-default-5.14.21-150500.55.91.1 updated
- libaugeas0-1.12.0-150400.3.5.1 updated
- libavahi-client3-0.8-150400.7.20.1 updated
- libavahi-common3-0.8-150400.7.20.1 updated
- libcryptsetup12-2.4.3-150400.3.6.2 updated
- libcurl4-8.0.1-150400.5.59.1 updated
- libexpat1-2.4.4-150400.3.25.1 updated
- libglib-2_0-0-2.70.5-150400.3.17.1 updated
- libpython3_6m1_0-3.6.15-150300.10.78.1 updated
- libsolv-tools-base-0.7.31-150500.6.5.1 updated
- libsolv-tools-0.7.31-150500.6.5.1 updated
- libsystemd0-249.17-150400.8.46.1 updated
- libudev1-249.17-150400.8.46.1 updated
- libuv1-1.44.2-150500.3.5.1 updated
- libzypp-17.35.16-150500.6.33.1 updated
- microsoft-dracut-config-0.0.4-150300.7.9.2 added
- python3-Jinja2-2.10.1-150000.3.18.1 updated
- python3-base-3.6.15-150300.10.78.1 updated
- python3-3.6.15-150300.10.78.1 updated
- rsyslog-module-relp-8.2306.0-150400.5.33.1 updated
- rsyslog-8.2306.0-150400.5.33.1 updated
- samba-client-libs-4.17.12+git.485.dd39ea0501e-150500.3.26.5 updated
- socat-1.8.0.0-150400.14.6.1 updated
- suseconnect-ng-1.13.0-150500.3.32.1 updated
- systemd-sysvinit-249.17-150400.8.46.1 updated
- systemd-249.17-150400.8.46.1 updated
- udev-249.17-150400.8.46.1 updated
- vim-data-common-9.1.0836-150500.20.18.1 updated
- vim-9.1.0836-150500.20.18.1 updated
- wget-1.20.3-150000.3.26.1 updated
- zypper-1.14.79-150500.6.17.1 updated
From sle-container-updates at lists.suse.com Mon Jan 27 08:08:24 2025
From: sle-container-updates at lists.suse.com (sle-container-updates at lists.suse.com)
Date: Mon, 27 Jan 2025 08:08:24 -0000
Subject: SUSE-CU-2025:469-1: Security update of
bci/bci-sle15-kernel-module-devel
Message-ID: <20250127080823.49165F78D@maintenance.suse.de>
SUSE Container Update Advisory: bci/bci-sle15-kernel-module-devel
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:469-1
Container Tags : bci/bci-sle15-kernel-module-devel:15.6 , bci/bci-sle15-kernel-module-devel:15.6.30.11 , bci/bci-sle15-kernel-module-devel:latest
Container Release : 30.11
Severity : important
Type : security
References : 1214954 1216813 1220773 1224095 1224726 1225743 1225758 1225820
1227445 1228526 1229809 1230205 1230413 1230697 1231854 1231909
1231963 1232193 1232198 1232201 1232418 1232419 1232420 1232421
1232436 1233038 1233070 1233096 1233200 1233204 1233239 1233259
1233260 1233324 1233328 1233461 1233467 1233468 1233469 1233546
1233558 1233637 1233642 1233772 1233837 1234024 1234069 1234071
1234073 1234075 1234076 1234077 1234079 1234086 1234139 1234140
1234141 1234142 1234143 1234144 1234145 1234146 1234147 1234148
1234149 1234150 1234153 1234155 1234156 1234158 1234159 1234160
1234161 1234162 1234163 1234164 1234165 1234166 1234167 1234168
1234169 1234170 1234171 1234172 1234173 1234174 1234175 1234176
1234177 1234178 1234179 1234180 1234181 1234182 1234183 1234184
1234185 1234186 1234187 1234188 1234189 1234190 1234191 1234192
1234193 1234194 1234195 1234196 1234197 1234198 1234199 1234200
1234201 1234203 1234204 1234205 1234207 1234208 1234209 1234219
1234220 1234221 1234237 1234238 1234239 1234240 1234241 1234242
1234243 1234278 1234279 1234280 1234281 1234282 1234294 1234338
1234357 1234381 1234454 1234464 1234605 1234651 1234652 1234654
1234655 1234657 1234658 1234659 1234668 1234690 1234725 1234726
1234810 1234811 1234826 1234827 1234829 1234832 1234834 1234843
1234846 1234848 1234853 1234855 1234856 1234884 1234889 1234891
1234899 1234900 1234905 1234907 1234909 1234911 1234912 1234916
1234918 1234920 1234921 1234922 1234929 1234930 1234937 1234948
1234950 1234952 1234960 1234962 1234963 1234968 1234969 1234970
1234971 1234973 1234974 1234989 1234999 1235002 1235003 1235004
1235007 1235009 1235016 1235019 1235033 1235045 1235056 1235061
1235075 1235108 1235128 1235134 1235138 1235246 1235406 1235409
1235416 1235507 1235550 CVE-2024-26924 CVE-2024-27397 CVE-2024-35839
CVE-2024-36908 CVE-2024-36915 CVE-2024-39480 CVE-2024-41042 CVE-2024-44934
CVE-2024-44996 CVE-2024-47678 CVE-2024-49854 CVE-2024-49884 CVE-2024-49915
CVE-2024-50016 CVE-2024-50018 CVE-2024-50039 CVE-2024-50047 CVE-2024-50143
CVE-2024-50154 CVE-2024-50202 CVE-2024-50203 CVE-2024-50211 CVE-2024-50228
CVE-2024-50256 CVE-2024-50262 CVE-2024-50272 CVE-2024-50278 CVE-2024-50279
CVE-2024-50280 CVE-2024-53050 CVE-2024-53064 CVE-2024-53090 CVE-2024-53095
CVE-2024-53099 CVE-2024-53103 CVE-2024-53105 CVE-2024-53111 CVE-2024-53113
CVE-2024-53117 CVE-2024-53118 CVE-2024-53119 CVE-2024-53120 CVE-2024-53122
CVE-2024-53125 CVE-2024-53126 CVE-2024-53127 CVE-2024-53129 CVE-2024-53130
CVE-2024-53131 CVE-2024-53133 CVE-2024-53134 CVE-2024-53136 CVE-2024-53141
CVE-2024-53142 CVE-2024-53144 CVE-2024-53146 CVE-2024-53148 CVE-2024-53150
CVE-2024-53151 CVE-2024-53154 CVE-2024-53155 CVE-2024-53156 CVE-2024-53157
CVE-2024-53158 CVE-2024-53159 CVE-2024-53160 CVE-2024-53161 CVE-2024-53162
CVE-2024-53166 CVE-2024-53169 CVE-2024-53171 CVE-2024-53173 CVE-2024-53174
CVE-2024-53179 CVE-2024-53180 CVE-2024-53188 CVE-2024-53190 CVE-2024-53191
CVE-2024-53200 CVE-2024-53201 CVE-2024-53202 CVE-2024-53206 CVE-2024-53207
CVE-2024-53208 CVE-2024-53209 CVE-2024-53210 CVE-2024-53213 CVE-2024-53214
CVE-2024-53215 CVE-2024-53216 CVE-2024-53217 CVE-2024-53222 CVE-2024-53224
CVE-2024-53229 CVE-2024-53234 CVE-2024-53237 CVE-2024-53240 CVE-2024-53241
CVE-2024-56536 CVE-2024-56539 CVE-2024-56549 CVE-2024-56551 CVE-2024-56562
CVE-2024-56566 CVE-2024-56567 CVE-2024-56576 CVE-2024-56582 CVE-2024-56599
CVE-2024-56604 CVE-2024-56605 CVE-2024-56645 CVE-2024-56667 CVE-2024-56752
CVE-2024-56754 CVE-2024-56755 CVE-2024-56756 CVE-2024-8805
-----------------------------------------------------------------
The container bci/bci-sle15-kernel-module-devel was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:154-1
Released: Fri Jan 17 10:15:08 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1214954,1216813,1220773,1224095,1224726,1225743,1225758,1225820,1227445,1228526,1229809,1230205,1230413,1230697,1231854,1231909,1231963,1232193,1232198,1232201,1232418,1232419,1232420,1232421,1232436,1233038,1233070,1233096,1233200,1233204,1233239,1233259,1233260,1233324,1233328,1233461,1233467,1233468,1233469,1233546,1233558,1233637,1233642,1233772,1233837,1234024,1234069,1234071,1234073,1234075,1234076,1234077,1234079,1234086,1234139,1234140,1234141,1234142,1234143,1234144,1234145,1234146,1234147,1234148,1234149,1234150,1234153,1234155,1234156,1234158,1234159,1234160,1234161,1234162,1234163,1234164,1234165,1234166,1234167,1234168,1234169,1234170,1234171,1234172,1234173,1234174,1234175,1234176,1234177,1234178,1234179,1234180,1234181,1234182,1234183,1234184,1234185,1234186,1234187,1234188,1234189,1234190,1234191,1234192,1234193,1234194,1234195,1234196,1234197,1234198,1234199,1234200,1234201,1234203,1234204,1234205,1234207,1234208,1234209,1234219,1234220,1234221,1234237,1
234238,1234239,1234240,1234241,1234242,1234243,1234278,1234279,1234280,1234281,1234282,1234294,1234338,1234357,1234381,1234454,1234464,1234605,1234651,1234652,1234654,1234655,1234657,1234658,1234659,1234668,1234690,1234725,1234726,1234810,1234811,1234826,1234827,1234829,1234832,1234834,1234843,1234846,1234848,1234853,1234855,1234856,1234884,1234889,1234891,1234899,1234900,1234905,1234907,1234909,1234911,1234912,1234916,1234918,1234920,1234921,1234922,1234929,1234930,1234937,1234948,1234950,1234952,1234960,1234962,1234963,1234968,1234969,1234970,1234971,1234973,1234974,1234989,1234999,1235002,1235003,1235004,1235007,1235009,1235016,1235019,1235033,1235045,1235056,1235061,1235075,1235108,1235128,1235134,1235138,1235246,1235406,1235409,1235416,1235507,1235550,CVE-2024-26924,CVE-2024-27397,CVE-2024-35839,CVE-2024-36908,CVE-2024-36915,CVE-2024-39480,CVE-2024-41042,CVE-2024-44934,CVE-2024-44996,CVE-2024-47678,CVE-2024-49854,CVE-2024-49884,CVE-2024-49915,CVE-2024-50016,CVE-2024-50018,CVE-2
024-50039,CVE-2024-50047,CVE-2024-50143,CVE-2024-50154,CVE-2024-50202,CVE-2024-50203,CVE-2024-50211,CVE-2024-50228,CVE-2024-50256,CVE-2024-50262,CVE-2024-50272,CVE-2024-50278,CVE-2024-50279,CVE-2024-50280,CVE-2024-53050,CVE-2024-53064,CVE-2024-53090,CVE-2024-53095,CVE-2024-53099,CVE-2024-53103,CVE-2024-53105,CVE-2024-53111,CVE-2024-53113,CVE-2024-53117,CVE-2024-53118,CVE-2024-53119,CVE-2024-53120,CVE-2024-53122,CVE-2024-53125,CVE-2024-53126,CVE-2024-53127,CVE-2024-53129,CVE-2024-53130,CVE-2024-53131,CVE-2024-53133,CVE-2024-53134,CVE-2024-53136,CVE-2024-53141,CVE-2024-53142,CVE-2024-53144,CVE-2024-53146,CVE-2024-53148,CVE-2024-53150,CVE-2024-53151,CVE-2024-53154,CVE-2024-53155,CVE-2024-53156,CVE-2024-53157,CVE-2024-53158,CVE-2024-53159,CVE-2024-53160,CVE-2024-53161,CVE-2024-53162,CVE-2024-53166,CVE-2024-53169,CVE-2024-53171,CVE-2024-53173,CVE-2024-53174,CVE-2024-53179,CVE-2024-53180,CVE-2024-53188,CVE-2024-53190,CVE-2024-53191,CVE-2024-53200,CVE-2024-53201,CVE-2024-53202,CVE-2024-532
06,CVE-2024-53207,CVE-2024-53208,CVE-2024-53209,CVE-2024-53210,CVE-2024-53213,CVE-2024-53214,CVE-2024-53215,CVE-2024-53216,CVE-2024-53217,CVE-2024-53222,CVE-2024-53224,CVE-2024-53229,CVE-2024-53234,CVE-2024-53237,CVE-2024-53240,CVE-2024-53241,CVE-2024-56536,CVE-2024-56539,CVE-2024-56549,CVE-2024-56551,CVE-2024-56562,CVE-2024-56566,CVE-2024-56567,CVE-2024-56576,CVE-2024-56582,CVE-2024-56599,CVE-2024-56604,CVE-2024-56605,CVE-2024-56645,CVE-2024-56667,CVE-2024-56752,CVE-2024-56754,CVE-2024-56755,CVE-2024-56756,CVE-2024-8805
The SUSE Linux Enterprise 15 SP6 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-27397: netfilter: nf_tables: use timestamp to check for set element timeout (bsc#1224095).
- CVE-2024-35839: kABI fix for netfilter: bridge: replace physindev with physinif in nf_bridge_info (bsc#1224726).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-41042: Prefer nft_chain_validate (bsc#1228526).
- CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809).
- CVE-2024-44996: vsock: fix recursive ->recvmsg calls (bsc#1230205).
- CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854).
- CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419).
- CVE-2024-50039: kABI: Restore deleted EXPORT_SYMBOL(__qdisc_calculate_pkt_len) (bsc#1231909).
- CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324).
- CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200).
- CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239).
- CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469).
- CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-53050: drm/i915/hdcp: Add encoder check in hdcp2_get_capability (bsc#1233546).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-53090: afs: Fix lock recursion (bsc#1233637).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53099: bpf: Check validity of link->type in bpf_link_show_fdinfo() (bsc#1233772).
- CVE-2024-53105: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() (bsc#1234069).
- CVE-2024-53111: mm/mremap: fix address wraparound in move_page_tables() (bsc#1234086).
- CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077).
- CVE-2024-53117: virtio/vsock: Improve MSG_ZEROCOPY error handling (bsc#1234079).
- CVE-2024-53118: vsock: Fix sk_error_queue memory leak (bsc#1234071).
- CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073).
- CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219).
- CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220).
- CVE-2024-53133: drm/amd/display: Handle dml allocation failure to avoid crash (bsc#1234221)
- CVE-2024-53134: pmdomain: imx93-blk-ctrl: correct remove path (bsc#1234159).
- CVE-2024-53141: netfilter: ipset: add missing range check in bitmap_ip_uadt (bsc#1234381).
- CVE-2024-53160: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu (bsc#1234810).
- CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53216: nfsd: fix UAF when access ex_uuid or ex_stats (bsc#1235003).
- CVE-2024-53222: zram: fix NULL pointer in comp_algorithm_show() (bsc#1234974).
- CVE-2024-53234: erofs: handle NONHEAD !delta[1] lclusters gracefully (bsc#1235045).
- CVE-2024-53240: xen/netfront: fix crash when removing device (XSA-465 bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912).
- CVE-2024-56566: mm/slub: Avoid list corruption when removing a slab from the full list (bsc#1235033).
- CVE-2024-56582: btrfs: fix use-after-free in btrfs_encoded_read_endio() (bsc#1235128).
- CVE-2024-56599: wifi: ath10k: avoid NULL pointer error during sdio remove (bsc#1235138).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920).
The following non-security bugs were fixed:
- 9p: v9fs_fid_find: also lookup by inode if not found dentry (git-fixes).
- ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294)
- ACPI: PRM: Add PRM handler direct call support (jsc#PED-10467).
- ACPI: resource: Fix memory resource type union access (git-fixes).
- ACPI: x86: Add skip i2c clients quirk for Acer Iconia One 8 A1-840 (stable-fixes).
- ACPI: x86: Clean up Asus entries in acpi_quirk_skip_dmi_ids[] (stable-fixes).
- ACPI: x86: Make UART skip quirks work on PCI UARTs without an UID (stable-fixes).
- ACPICA: events/evxfregn: do not release the ContextMutex that was never acquired (git-fixes).
- ALSA hda/realtek: Add quirk for Framework F111:000C (stable-fixes).
- ALSA: hda/hdmi: Yet more pin fix for HP EliteDesk 800 G4 (stable-fixes).
- ALSA: hda/realtek: Add Framework Laptop 13 (Intel Core Ultra) to quirks (stable-fixes).
- ALSA: hda/realtek: Fix headset mic on Acer Nitro 5 (stable-fixes).
- ALSA: hda: Add HP MP9 G4 Retail System AMS to force connect list (stable-fixes).
- ALSA: line6: Fix racy access to midibuf (stable-fixes).
- ALSA: seq: Check UMP support for midi_version change (git-fixes).
- ALSA: seq: oss: Fix races at processing SysEx messages (stable-fixes).
- ALSA: seq: ump: Fix seq port updates per FB info notify (git-fixes).
- ALSA: seq: ump: Use automatic cleanup of kfree() (stable-fixes).
- ALSA: seq: ump: Use guard() for locking (stable-fixes).
- ALSA: usb-audio: Add implicit feedback quirk for Yamaha THR5 (stable-fixes).
- ALSA: usb-audio: Notify xrun for low-latency mode (git-fixes).
- ALSA: usb-audio: Re-add ScratchAmp quirk entries (git-fixes).
- ALSA: usb-audio: US16x08: Initialize array before use (git-fixes).
- ASoC: Intel: sof_sdw: add quirk for Dell SKU 0B8C (stable-fixes).
- ASoC: Intel: sof_sdw: fix jack detection on ADL-N variant RVP (stable-fixes).
- ASoC: SOF: Remove libraries from topology lookups (git-fixes).
- ASoC: amd: yc: Add a quirk for microfone on Lenovo ThinkPad P14s Gen 5 21MES00B00 (stable-fixes).
- ASoC: amd: yc: Add quirk for microphone on Lenovo Thinkpad T14s Gen 6 21M1CTO1WW (stable-fixes).
- ASoC: amd: yc: Fix the wrong return value (git-fixes).
- ASoC: amd: yc: Support mic on HP 14-em0002la (stable-fixes).
- ASoC: amd: yc: Support mic on Lenovo Thinkpad E14 Gen 6 (stable-fixes).
- ASoC: amd: yc: fix internal mic on Redmi G 2022 (stable-fixes).
- ASoC: codecs: wcd938x-sdw: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa881x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa883x: Correct Soundwire ports mask (git-fixes).
- ASoC: codecs: wsa884x: Correct Soundwire ports mask (git-fixes).
- ASoC: cs35l56: Handle OTP read latency over SoundWire (stable-fixes).
- ASoC: cs35l56: Patch CS35L56_IRQ1_MASK_18 to the default value (stable-fixes).
- ASoC: fsl_micfil: Expand the range of FIFO watermark mask (stable-fixes).
- ASoC: hdmi-codec: reorder channel allocation list (stable-fixes).
- ASoC: meson: axg-fifo: fix irq scheduling issue with PREEMPT_RT (git-fixes).
- ASoC: nau8822: Lower debug print priority (stable-fixes).
- Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() (stable-fixes).
- Bluetooth: ISO: Reassociate a socket with an active BIS (stable-fixes).
- Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (stable-fixes).
- Bluetooth: MGMT: Fix possible deadlocks (git-fixes).
- Bluetooth: SCO: Add support for 16 bits transparent voice setting (git-fixes).
- Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables (stable-fixes).
- Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet (stable-fixes).
- Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating (git-fixes).
- Bluetooth: iso: Fix recursive locking warning (git-fixes).
- Documentation: PM: Clarify pm_runtime_resume_and_get() return value (git-fixes).
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes).
- HID: magicmouse: Apple Magic Trackpad 2 USB-C driver support (stable-fixes).
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes).
- NFSD: Async COPY result needs to return a write verifier (git-fixes).
- NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() (git-fixes).
- NFSD: Fix nfsd4_shutdown_copy() (git-fixes).
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes).
- NFSD: Prevent a potential integer overflow (git-fixes).
- NFSD: Remove a never-true comparison (git-fixes).
- NFSD: initialize copy->cp_clp early in nfsd4_copy for use by trace point (git-fixes).
- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes).
- Octeontx2-pf: Free send queue buffers incase of leaf to inner (git-fixes).
- PCI/AER: Disable AER service on suspend (stable-fixes).
- PCI/MSI: Handle lack of irqdomain gracefully (git-fixes).
- PCI: Add 'reset_subordinate' to reset hierarchy below bridge (stable-fixes).
- PCI: Add ACS quirk for Broadcom BCM5760X NIC (stable-fixes).
- PCI: Add ACS quirk for Wangxun FF5xxx NICs (stable-fixes).
- PCI: Add T_PERST_CLK_US macro (git-fixes).
- PCI: Detect and trust built-in Thunderbolt chips (stable-fixes).
- PCI: Fix use-after-free of slot->bus on hot remove (stable-fixes).
- PCI: Use preserve_config in place of pci_flags (stable-fixes).
- PCI: cadence: Extract link setup sequence from cdns_pcie_host_setup() (stable-fixes).
- PCI: cadence: Set cdns_pcie_host_init() global (stable-fixes).
- PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads (stable-fixes).
- PCI: j721e: Add PCIe 4x lane selection support (stable-fixes).
- PCI: j721e: Add per platform maximum lane settings (stable-fixes).
- PCI: j721e: Add reset GPIO to struct j721e_pcie (stable-fixes).
- PCI: j721e: Add suspend and resume support (git-fixes).
- PCI: j721e: Use T_PERST_CLK_US macro (git-fixes).
- PCI: qcom: Add support for IPQ9574 (stable-fixes).
- PCI: vmd: Add DID 8086:B06F and 8086:B60B for Intel client SKUs (stable-fixes).
- PCI: vmd: Set devices to D0 before enabling PM L1 Substates (stable-fixes).
- RAS/AMD/ATL: Translate normalized to system physical addresses using PRM (jsc#PED-10467).
- RDMA/bnxt_re: Add check for path mtu in modify_qp (git-fixes)
- RDMA/bnxt_re: Avoid initializing the software queue for user queues (git-fixes)
- RDMA/bnxt_re: Avoid sending the modify QP workaround for latest adapters (git-fixes)
- RDMA/bnxt_re: Disable use of reserved wqes (git-fixes)
- RDMA/bnxt_re: Fix max_qp_wrs reported (git-fixes)
- RDMA/bnxt_re: Fix reporting hw_ver in query_device (git-fixes)
- RDMA/bnxt_re: Fix the check for 9060 condition (git-fixes)
- RDMA/bnxt_re: Fix the locking while accessing the QP table (git-fixes)
- RDMA/bnxt_re: Remove always true dattr validity check (git-fixes)
- RDMA/core: Fix ENODEV error for iWARP test over vlan (git-fixes)
- RDMA/hns: Fix accessing invalid dip_ctx during destroying QP (git-fixes)
- RDMA/hns: Fix mapping error of zero-hop WQE buffer (git-fixes)
- RDMA/hns: Fix missing flush CQE for DWQE (git-fixes)
- RDMA/hns: Fix warning storm caused by invalid input in IO path (git-fixes)
- RDMA/mlx5: Enforce same type port association for multiport RoCE (git-fixes)
- RDMA/rtrs: Ensure 'ib_sge list' is accessible (git-fixes)
- RDMA/uverbs: Prevent integer overflow issue (git-fixes)
- Revert 'block/mq-deadline: use correct way to throttling write requests' (bsc#1234146).
- Revert 'btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128)'
- Revert 'igb: Disable threaded IRQ for igb_msix_other' (git-fixes).
- Revert 'mm, kmsan: fix infinite recursion due to RCU critical section' (bsc#1230413)
- Revert 'mm/sparsemem: fix race in accessing memory_section->usage' (bsc#1230413)
- Revert 'mm: prevent derefencing NULL ptr in pfn_section_valid()' (bsc#1230413)
- Revert 'unicode: Do not special case ignorable code points' (stable-fixes).
- SUNRPC: make sure cache entry active before cache_show (git-fixes).
- SUNRPC: timeout and cancel TLS handshake with -ETIMEDOUT (git-fixes).
- USB: serial: option: add MediaTek T7XX compositions (stable-fixes).
- USB: serial: option: add MeiG Smart SLM770A (stable-fixes).
- USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready (stable-fixes).
- USB: serial: option: add TCL IK512 MBIM & ECM (stable-fixes).
- USB: serial: option: add Telit FE910C04 rmnet compositions (stable-fixes).
- accel/habanalabs/gaudi2: unsecure tpc count registers (stable-fixes).
- accel/habanalabs: export dma-buf only if size/offset multiples of PAGE_SIZE (stable-fixes).
- accel/habanalabs: fix debugfs files permissions (stable-fixes).
- accel/habanalabs: increase HL_MAX_STR to 64 bytes to avoid warnings (stable-fixes).
- acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (git-fixes).
- af_unix: Call manage_oob() for every skb in unix_stream_read_generic() (bsc#1234725).
- afs: Automatically generate trace tag enums (git-fixes).
- afs: Fix missing subdir edit when renamed between parent dirs (git-fixes).
- amdgpu/uvd: get ring reference from rq scheduler (git-fixes).
- arch: Introduce arch_{,try_}_cmpxchg128{,_local}() (bsc#1220773).
- arch: Remove cmpxchg_double (bsc#1220773).
- arch: consolidate arch_irq_work_raise prototypes (git-fixes).
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605)
- arm64: Force position-independent veneers (git-fixes).
- arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes).
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes).
- batman-adv: Do not let TT changes list grows indefinitely (git-fixes).
- batman-adv: Do not send uninitialized TT changes (git-fixes).
- batman-adv: Remove uninitialized data in full table TT response (git-fixes).
- blk-cgroup: Fix UAF in blkcg_unpin_online() (bsc#1234726).
- blk-core: use pr_warn_ratelimited() in bio_check_ro() (bsc#1234139).
- blk-iocost: Fix an UBSAN shift-out-of-bounds warning (bsc#1234144).
- blk-iocost: do not WARN if iocg was already offlined (bsc#1234147).
- blk-throttle: fix lockdep warning of 'cgroup_mutex or RCU read lock required!' (bsc#1234140).
- block, bfq: choose the last bfqq from merge chain in bfq_setup_cooperator() (bsc#1234149).
- block, bfq: do not break merge chain in bfq_split_bfqq() (bsc#1234150).
- block, bfq: fix bfqq uaf in bfq_limit_depth() (bsc#1234160).
- block, bfq: fix procress reference leakage for bfqq in merge chain (bsc#1234280).
- block, bfq: fix uaf for accessing waker_bfqq after splitting (bsc#1234279).
- block/mq-deadline: Fix the tag reservation code (bsc#1234148).
- block: Call .limit_depth() after .hctx has been set (bsc#1234148).
- block: Fix where bio IO priority gets set (bsc#1234145).
- block: prevent an integer overflow in bvec_try_merge_hw_page (bsc#1234142).
- block: update the stable_writes flag in bdev_add (bsc#1234141).
- bnxt_en: Fix receive ring space parameters when XDP is active (git-fixes).
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes).
- bnxt_en: Set backplane link modes correctly for ethtool (git-fixes).
- bpf, x86: Fix PROBE_MEM runtime load check (git-fixes).
- bpf: verifier: prevent userspace memory access (git-fixes).
- btrfs: fix use-after-free waiting for encoded read endios (bsc#1235128)
- can: gs_usb: add VID/PID for Xylanta SAINT3 product family (stable-fixes).
- can: j1939: fix error in J1939 documentation (stable-fixes).
- checkpatch: always parse orig_commit in fixes tag (git-fixes).
- checkpatch: check for missing Fixes tags (stable-fixes).
- clocksource/drivers/timer-ti-dm: Fix child node refcount handling (git-fixes).
- clocksource/drivers:sp804: Make user selectable (git-fixes).
- counter: stm32-timer-cnt: Add check for clk_enable() (git-fixes).
- counter: ti-ecap-capture: Add check for clk_enable() (git-fixes).
- crypto: qat - disable IOV in adf_dev_stop() (git-fixes).
- crypto: x86/sha256 - Add parentheses around macros' single arguments (stable-fixes).
- cyrpto/b128ops: Remove struct u128 (bsc#1220773).
- devlink: Fix length of eswitch inline-mode (git-fixes).
- dma-buf: fix dma_fence_array_signaled v4 (stable-fixes).
- dma-debug: fix a possible deadlock on radix_lock (stable-fixes).
- dmaengine: apple-admac: Avoid accessing registers in probe (git-fixes).
- dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset (git-fixes).
- dmaengine: dw: Select only supported masters for ACPI devices (git-fixes).
- dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357).
- dmaengine: mv_xor: fix child node refcount handling in early exit (git-fixes).
- dmaengine: tegra: Return correct DMA status when paused (git-fixes).
- driver core: Add FWLINK_FLAG_IGNORE to completely ignore a fwnode link (stable-fixes).
- driver core: fw_devlink: Improve logs for cycle detection (stable-fixes).
- driver core: fw_devlink: Stop trying to optimize cycle detection logic (git-fixes).
- drivers: net: ionic: add missed debugfs cleanup to ionic_probe() error path (git-fixes).
- drm/amd/display: Add HDR workaround for specific eDP (stable-fixes).
- drm/amd/display: Add NULL check for clk_mgr in dcn32_init_hw (stable-fixes).
- drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes).
- drm/amd/display: Avoid overflow assignment in link_dp_cts (stable-fixes).
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes).
- drm/amd/display: Revert Avoid overflow assignment (stable-fixes).
- drm/amd/display: Use gpuvm_min_page_size_kbytes for DML2 surfaces (stable-fixes).
- drm/amd/pm: fix the high voltage issue after unload (stable-fixes).
- drm/amd/pm: update current_socclk and current_uclk in gpu_metrics on smu v13.0.7 (stable-fixes).
- drm/amdgpu/gfx10: use rlc safe mode for soft recovery (stable-fixes).
- drm/amdgpu/gfx11: use rlc safe mode for soft recovery (stable-fixes).
- drm/amdgpu/gfx9: properly handle error ints on all pipes (stable-fixes).
- drm/amdgpu/gfx9: use rlc safe mode for soft recovery (stable-fixes).
- drm/amdgpu/hdp5.2: do a posting read when flushing HDP (stable-fixes).
- drm/amdgpu/pm: Remove gpu_od if it's an empty directory (stable-fixes).
- drm/amdgpu/umsch: do not execute umsch test when GPU is in reset/suspend (stable-fixes).
- drm/amdgpu/umsch: reinitialize write pointer in hw init (stable-fixes).
- drm/amdgpu/vcn: reset fw_shared when VCPU buffers corrupted on vcn v4.0.3 (stable-fixes).
- drm/amdgpu: Block MMR_READ IOCTL in reset (stable-fixes).
- drm/amdgpu: Dereference the ATCS ACPI buffer (stable-fixes).
- drm/amdgpu: add raven1 gfxoff quirk (stable-fixes).
- drm/amdgpu: add smu 14.0.1 discovery support (stable-fixes).
- drm/amdgpu: clear RB_OVERFLOW bit when enabling interrupts for vega20_ih (stable-fixes).
- drm/amdgpu: differentiate external rev id for gfx 11.5.0 (stable-fixes).
- drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes).
- drm/amdgpu: do not access invalid sched (git-fixes).
- drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes).
- drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes).
- drm/amdgpu: fix usage slab after free (stable-fixes).
- drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes).
- drm/amdgpu: refine error handling in amdgpu_ttm_tt_pin_userptr (stable-fixes).
- drm/amdgpu: set the right AMDGPU sg segment limitation (stable-fixes).
- drm/amdgpu: skip amdgpu_device_cache_pci_state under sriov (stable-fixes).
- drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes).
- drm/amdkfd: Use device based logging for errors (stable-fixes).
- drm/amdkfd: Use the correct wptr size (stable-fixes).
- drm/amdkfd: pause autosuspend when creating pdd (stable-fixes).
- drm/bridge: adv7511_audio: Update Audio InfoFrame properly (git-fixes).
- drm/bridge: it6505: Enable module autoloading (stable-fixes).
- drm/bridge: it6505: Fix inverted reset polarity (git-fixes).
- drm/bridge: it6505: update usleep_range for RC circuit charge time (stable-fixes).
- drm/display: Fix building with GCC 15 (stable-fixes).
- drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() (stable-fixes).
- drm/dp_mst: Fix MST sideband message body length check (stable-fixes).
- drm/dp_mst: Fix resetting msg rx state after topology removal (git-fixes).
- drm/dp_mst: Verify request type in the corresponding down message reply (stable-fixes).
- drm/etnaviv: flush shader L1 cache after user commandstream (stable-fixes).
- drm/i915/dg1: Fix power gate sequence (git-fixes).
- drm/i915: Fix NULL pointer dereference in capture_engine (git-fixes).
- drm/i915: Fix memory leak by correcting cache object name in error handler (git-fixes).
- drm/mcde: Enable module autoloading (stable-fixes).
- drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() (stable-fixes).
- drm/nouveau/gsp: Use the sg allocator for level 2 of radix3 (stable-fixes).
- drm/panel: novatek-nt35950: fix return value check in nt35950_probe() (git-fixes).
- drm/panel: simple: Add Microchip AC69T88A LVDS Display panel (stable-fixes).
- drm/printer: Allow NULL data in devcoredump printer (stable-fixes).
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes).
- drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() (stable-fixes).
- drm/radeon: Fix spurious unplug event on radeon HDMI (git-fixes).
- drm/radeon: add helper rdev_to_drm(rdev) (stable-fixes).
- drm/radeon: change rdev->ddev to rdev_to_drm(rdev) (stable-fixes).
- drm/sched: memset() 'job' in drm_sched_job_init() (stable-fixes).
- drm/vc4: hdmi: Avoid log spam for audio start failure (stable-fixes).
- drm/vc4: hvs: Set AXI panic modes for the HVS (stable-fixes).
- drm: adv7511: Drop dsi single lane support (git-fixes).
- drm: adv7511: Fix use-after-free in adv7533_attach_dsi() (git-fixes).
- drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for AYA NEO Founder edition (stable-fixes).
- drm: panel-orientation-quirks: Add quirk for AYA NEO GEEK (stable-fixes).
- drm: panel-orientation-quirks: Make Lenovo Yoga Tab 3 X90F DMI match less strict (stable-fixes).
- erofs: avoid debugging output for (de)compressed data (git-fixes).
- exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes).
- ext4: add a new helper to check if es must be kept (bsc#1234170).
- ext4: add correct group descriptors and reserved GDT blocks to system zone (bsc#1234164).
- ext4: add missed brelse in update_backups (bsc#1234171).
- ext4: allow for the last group to be marked as trimmed (bsc#1234278).
- ext4: avoid buffer_head leak in ext4_mark_inode_used() (bsc#1234191).
- ext4: avoid excessive credit estimate in ext4_tmpfile() (bsc#1234180).
- ext4: avoid negative min_clusters in find_group_orlov() (bsc#1234193).
- ext4: avoid overlapping preallocations due to overflow (bsc#1234162).
- ext4: avoid potential buffer_head leak in __ext4_new_inode() (bsc#1234192).
- ext4: avoid writing unitialized memory to disk in EA inodes (bsc#1234187).
- ext4: check the extent status again before inserting delalloc block (bsc#1234186).
- ext4: clear EXT4_GROUP_INFO_WAS_TRIMMED_BIT even mount with discard (bsc#1234190).
- ext4: convert to exclusive lock while inserting delalloc extents (bsc#1234178).
- ext4: correct best extent lstart adjustment logic (bsc#1234179).
- ext4: correct grp validation in ext4_mb_good_group (bsc#1234163).
- ext4: correct return value of ext4_convert_meta_bg (bsc#1234172).
- ext4: correct the hole length returned by ext4_map_blocks() (bsc#1234178).
- ext4: correct the start block of counting reserved clusters (bsc#1234169).
- ext4: do not let fstrim block system suspend (https://bugzilla.kernel.org/show_bug.cgi?id=216322 bsc#1234166).
- ext4: do not trim the group with corrupted block bitmap (bsc#1234177).
- ext4: factor out __es_alloc_extent() and __es_free_extent() (bsc#1234170).
- ext4: factor out a common helper to query extent map (bsc#1234186).
- ext4: fix inconsistent between segment fstrim and full fstrim (bsc#1234176).
- ext4: fix incorrect tid assumption in __jbd2_log_wait_for_space() (bsc#1234188).
- ext4: fix incorrect tid assumption in ext4_wait_for_tail_page_commit() (bsc#1234188).
- ext4: fix incorrect tid assumption in jbd2_journal_shrink_checkpoint_list() (bsc#1234188).
- ext4: fix memory leaks in ext4_fname_{setup_filename,prepare_lookup} (bsc#1214954).
- ext4: fix potential unnitialized variable (bsc#1234183).
- ext4: fix race between writepages and remount (bsc#1234168).
- ext4: fix rec_len verify error (bsc#1234167).
- ext4: fix slab-use-after-free in ext4_es_insert_extent() (bsc#1234170).
- ext4: fix uninitialized variable in ext4_inlinedir_to_tree (bsc#1234185).
- ext4: forbid commit inconsistent quota data when errors=remount-ro (bsc#1234178).
- ext4: make ext4_es_insert_delayed_block() return void (bsc#1234170).
- ext4: make ext4_es_insert_extent() return void (bsc#1234170).
- ext4: make ext4_es_remove_extent() return void (bsc#1234170).
- ext4: make ext4_zeroout_es() return void (bsc#1234170).
- ext4: make sure allocate pending entry not fail (bsc#1234170).
- ext4: mark buffer new if it is unwritten to avoid stale data exposure (bsc#1234175).
- ext4: move 'ix' sanity check to corrent position (bsc#1234174).
- ext4: move setting of trimmed bit into ext4_try_to_trim_range() (bsc#1234165).
- ext4: nested locking for xattr inode (bsc#1234189).
- ext4: propagate errors from ext4_find_extent() in ext4_insert_range() (bsc#1234194).
- ext4: refactor ext4_da_map_blocks() (bsc#1234178).
- ext4: remove gdb backup copy for meta bg in setup_new_flex_group_blocks (bsc#1234173).
- ext4: remove the redundant folio_wait_stable() (bsc#1234184).
- ext4: set the type of max_zeroout to unsigned int to avoid overflow (bsc#1234182).
- ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow (bsc#1234181).
- ext4: use pre-allocated es in __es_insert_extent() (bsc#1234170).
- ext4: use pre-allocated es in __es_remove_extent() (bsc#1234170).
- ext4: using nofail preallocation in ext4_es_insert_delayed_block() (bsc#1234170).
- ext4: using nofail preallocation in ext4_es_insert_extent() (bsc#1234170).
- ext4: using nofail preallocation in ext4_es_remove_extent() (bsc#1234170).
- filemap: Fix bounds checking in filemap_read() (bsc#1234209).
- filemap: add a per-mapping stable writes flag (bsc#1234141).
- firmware: arm_scmi: Reject clear channel request on A2P (stable-fixes).
- fs-writeback: do not requeue a clean inode having skipped pages (bsc#1234200).
- fs/writeback: bail out if there is no more inodes for IO and queued once (bsc#1234207).
- fsnotify: fix sending inotify event with unexpected filename (bsc#1234198).
- genirq/cpuhotplug: Retry with cpu_online_mask when migration fails (git-fixes).
- genirq/cpuhotplug: Skip suspended interrupts when restoring affinity (git-fixes).
- genirq/irqdesc: Honor caller provided affinity in alloc_desc() (git-fixes).
- gpio: grgpio: Add NULL check in grgpio_probe (git-fixes).
- gpio: grgpio: use a helper variable to store the address of ofdev->dev (stable-fixes).
- hfsplus: do not query the device logical block size multiple times (git-fixes).
- hvc/xen: fix console unplug (git-fixes).
- hvc/xen: fix error path in xen_hvc_init() to always register frontend driver (git-fixes).
- hvc/xen: fix event channel handling for secondary consoles (git-fixes).
- hwmon: (nct6775) Add 665-ACE/600M-CL to ASUS WMI monitoring list (stable-fixes).
- hwmon: (pmbus/core) clear faults after setting smbalert mask (git-fixes).
- hwmon: (pmbus_core) Allow to hook PMBUS_SMBALERT_MASK (stable-fixes).
- hwmon: (tmp513) Do not use 'proxy' headers (stable-fixes).
- hwmon: (tmp513) Fix Current Register value interpretation (git-fixes).
- hwmon: (tmp513) Fix interpretation of values of Shunt Voltage and Limit Registers (git-fixes).
- hwmon: (tmp513) Fix interpretation of values of Temperature Result and Limit Registers (git-fixes).
- hwmon: (tmp513) Simplify with dev_err_probe() (stable-fixes).
- hwmon: (tmp513) Use SI constants from units.h (stable-fixes).
- i2c: imx: add imx7d compatible string for applying erratum ERR007805 (git-fixes).
- i2c: microchip-core: actually use repeated sends (git-fixes).
- i2c: microchip-core: fix 'ghost' detections (git-fixes).
- i2c: pnx: Fix timeout in wait functions (git-fixes).
- i2c: riic: Always round-up when calculating bus period (git-fixes).
- i40e: Fix handling changed priv flags (git-fixes).
- i915/guc: Accumulate active runtime on gt reset (git-fixes).
- i915/guc: Ensure busyness counter increases motonically (git-fixes).
- i915/guc: Reset engine utilization buffer before registration (git-fixes).
- ice: Unbind the workqueue (bsc#1234989)
- ice: change q_index variable type to s16 to store -1 value (git-fixes).
- ice: consistently use q_idx in ice_vc_cfg_qs_msg() (git-fixes).
- ice: fix PHY Clock Recovery availability check (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- igb: Fix potential invalid memory access in igb_init_module() (git-fixes).
- iio: magnetometer: yas530: use signed integer type for clamp limits (git-fixes).
- instrumentation: Wire up cmpxchg128() (bsc#1220773).
- io_uring/rw: avoid punting to io-wq directly (git-fixes).
- io_uring/tctx: work around xa_store() allocation error issue (git-fixes).
- io_uring: Fix registered ring file refcount leak (git-fixes).
- io_uring: always lock __io_cqring_overflow_flush (git-fixes).
- io_uring: check if iowq is killed before queuing (git-fixes).
- iommu/io-pgtable-arm: Fix stage-2 map/unmap for concatenated tables (git-fixes).
- irqflags: Explicitly ignore lockdep_hrtimer_exit() argument (git-fixes).
- isofs: handle CDs with bad root inode but good Joliet root directory (bsc#1234199).
- ixgbe: downgrade logging of unsupported VF API version to debug (git-fixes).
- ixgbevf: stop attempting IPSEC offload on Mailbox API 1.5 (git-fixes).
- jffs2: Fix rtime decompressor (git-fixes).
- jffs2: Prevent rtime decompress memory corruption (git-fixes).
- jffs2: fix use of uninitialized variable (git-fixes).
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes).
- jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes).
- jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes).
- jfs: fix shift-out-of-bounds in dbSplit (git-fixes).
- jfs: xattr: check invalid xattr size more strictly (git-fixes).
- kABI workaround for struct drm_dp_mst_topology_mgr (git-fixes).
- kabi/severities: make vcap_find_actionfield PASS (bsc#1220773)
- kasan: make report_lock a raw spinlock (git-fixes).
- kdb: Fix buffer overflow during tab-complete (bsc#1234652).
- kdb: Fix console handling when editing and tab-completing commands (bsc#1234655).
- kdb: Merge identical case statements in kdb_read() (bsc#1234657).
- kdb: Use format-specifiers rather than memset() for padding in kdb_read() (bsc#1234658).
- kdb: Use format-strings rather than '\0' injection in kdb_read() (bsc#1234654).
- kdb: Use the passed prompt in kdb_position_cursor() (bsc#1234654).
- kdb: address -Wformat-security warnings (bsc#1234659).
- kgdb: Flush console before entering kgdb on panic (bsc#1234651).
- leds: class: Protect brightness_show() with led_cdev->led_access mutex (stable-fixes).
- linux/dmaengine.h: fix a few kernel-doc warnings (git-fixes).
- locking/atomic/x86: Correct the definition of __arch_try_cmpxchg128() (bsc#1220773 git-fix).
- loop: fix the the direct I/O support check when used on top of block devices (bsc#1234143).
- mac80211: fix user-power when emulating chanctx (stable-fixes).
- media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 (stable-fixes).
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg (git-fixes).
- media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera (stable-fixes).
- media: uvcvideo: RealSense D421 Depth module metadata (stable-fixes).
- mfd: da9052-spi: Change read-mask to write-mask (git-fixes).
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices (git-fixes).
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device (git-fixes).
- mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device (git-fixes).
- mm/filemap: avoid buffered read/write race to read inconsistent data (bsc#1234204).
- mm/readahead: do not allow order-1 folio (bsc#1234205).
- mm/readahead: limit page cache size in page_cache_ra_order() (bsc#1234208).
- mmc: core: Add SD card quirk for broken poweroff notification (stable-fixes).
- mmc: mtk-sd: Fix MMC_CAP2_CRYPTO flag setting (git-fixes).
- mmc: mtk-sd: fix devm_clk_get_optional usage (stable-fixes).
- mmc: sdhci-esdhc-imx: enable quirks SDHCI_QUIRK_NO_LED (stable-fixes).
- mmc: sdhci-pci: Add DMI quirk for missing CD GPIO on Vexia Edu Atla 10 tablet (stable-fixes).
- mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk (git-fixes).
- mtd: diskonchip: Cast an operand to prevent potential overflow (git-fixes).
- mtd: hyperbus: rpc-if: Add missing MODULE_DEVICE_TABLE (git-fixes).
- mtd: hyperbus: rpc-if: Convert to platform remove callback returning void (stable-fixes).
- mtd: rawnand: arasan: Fix double assertion of chip-select (git-fixes).
- mtd: rawnand: arasan: Fix missing de-registration of NAND (git-fixes).
- mtd: rawnand: fix double free in atmel_pmecc_create_user() (git-fixes).
- net :mana :Request a V2 response version for MANA_QUERY_GF_STAT (git-fixes).
- net/ipv6: release expired exception dst cached in socket (bsc#1216813).
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes).
- net/mlx5e: Remove workaround to avoid syndrome for internal port (git-fixes).
- net/mlx5e: clear xdp features on non-uplink representors (git-fixes).
- net/qed: allow old cards not supporting 'num_images' to work (git-fixes).
- net: Return error from sk_stream_wait_connect() if sk_wait_event() fails (git-fixes).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- net: usb: qmi_wwan: add Quectel RG650V (stable-fixes).
- nfs: ignore SB_RDONLY when mounting nfs (git-fixes).
- nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur (git-fixes).
- nfsd: make sure exp active before svc_export_show (git-fixes).
- nfsd: release svc_expkey/svc_export with rcu_work (git-fixes).
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- nilfs2: fix buffer head leaks in calls to truncate_inode_pages() (git-fixes).
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes).
- nilfs2: prevent use of deleted inode (git-fixes).
- nvme-pci: 512 byte aligned dma pool segment quirk (git-fixes).
- nvme-rdma: unquiesce admin_q before destroy it (git-fixes).
- nvme-tcp: fix the memleak while create new ctrl failed (git-fixes).
- nvme/multipath: Fix RCU list traversal to use SRCU primitive (git-fixes).
- nvme: apple: fix device reference counting (git-fixes).
- nvme: fix metadata handling in nvme-passthrough (git-fixes).
- nvmet-loop: avoid using mutex in IO hotpath (git-fixes).
- ocfs2: fix uninitialized value in ocfs2_file_read_iter() (git-fixes).
- ocfs2: free inode when ocfs2_get_init_inode() fails (git-fixes).
- of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() (git-fixes).
- of: Fix error path in of_parse_phandle_with_args_map() (git-fixes).
- of: Fix refcount leakage for OF node returned by __of_get_dma_parent() (git-fixes).
- of: address: Report error on resource bounds overflow (stable-fixes).
- parisc: Raise minimal GCC version (bsc#1220773).
- parisc: Raise minimal GCC version to 12.0.0 (bsc#1220773 git-fix).
- percpu: Add {raw,this}_cpu_try_cmpxchg() (bsc#1220773).
- percpu: Fix self-assignment of __old in raw_cpu_generic_try_cmpxchg() (bsc#1220773 git-fix).
- percpu: Wire up cmpxchg128 (bsc#1220773).
- phy: core: Fix an OF node refcount leakage in _of_phy_get() (git-fixes).
- phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() (git-fixes).
- phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider (git-fixes).
- phy: core: Fix that API devm_phy_destroy() fails to destroy the phy (git-fixes).
- phy: core: Fix that API devm_phy_put() fails to release the phy (git-fixes).
- phy: qcom-qmp: Fix register name in RX Lane config of SC8280XP (git-fixes).
- phy: rockchip: naneng-combphy: fix phy reset (git-fixes).
- phy: usb: Toggle the PHY power during init (git-fixes).
- pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (git-fixes).
- pinctrl: qcom-pmic-gpio: add support for PM8937 (stable-fixes).
- pinctrl: qcom: spmi-mpp: Add PM8937 compatible (stable-fixes).
- pinmux: Use sequential access to access desc->pinmux data (stable-fixes).
- platform/chrome: cros_ec_proto: Lock device when updating MKBP version (git-fixes).
- platform/x86: asus-nb-wmi: Ignore unknown event 0xCF (stable-fixes).
- platform/x86: dell-smbios-base: Extends support to Alienware products (stable-fixes).
- platform/x86: dell-wmi-base: Handle META key Lock/Unlock events (stable-fixes).
- platform/x86: thinkpad_acpi: Fix for ThinkPad's with ECFW showing incorrect fan speed (stable-fixes).
- power: supply: gpio-charger: Fix set charge current limits (git-fixes).
- powerpc/book3s64/hugetlb: Fix disabling hugetlb when fadump is active (bsc#1235108).
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes).
- quota: Fix rcu annotations of inode dquot pointers (bsc#1234197).
- quota: explicitly forbid quota files from being encrypted (bsc#1234196).
- quota: flush quota_release_work upon quota writeback (bsc#1234195).
- quota: simplify drop_dquot_ref() (bsc#1234197).
- readahead: use ilog2 instead of a while loop in page_cache_ra_order() (bsc#1234208).
- regmap: Use correct format specifier for logging range errors (stable-fixes).
- regulator: rk808: Add apply_bit for BUCK3 on RK809 (stable-fixes).
- rpm/kernel-binary.spec.in: fix KMPs build on 6.13+ (bsc#1234454)
- rtc: cmos: avoid taking rtc_lock for extended period of time (stable-fixes).
- s390/cio: Do not unregister the subchannel based on DNV (git-fixes).
- s390/cpum_sf: Convert to cmpxchg128() (bsc#1220773).
- s390/cpum_sf: Handle CPU hotplug remove during sampling (git-fixes).
- s390/cpum_sf: Remove WARN_ON_ONCE statements (git-fixes).
- s390/facility: Disable compile time optimization for decompressor code (git-fixes).
- s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (git-fixes).
- s390/pageattr: Implement missing kernel_page_present() (git-fixes).
- scatterlist: fix incorrect func name in kernel-doc (git-fixes).
- sched/numa: fix memory leak due to the overwritten vma->numab_state (git fixes (sched/numa)).
- scsi: lpfc: Add handling for LS_RJT reason explanation authentication required (bsc#1235409).
- scsi: lpfc: Add support for large fw object application layer reads (bsc#1235409).
- scsi: lpfc: Change lpfc_nodelist save_flags member into a bitmask (bsc#1235409).
- scsi: lpfc: Copyright updates for 14.4.0.7 patches (bsc#1235409).
- scsi: lpfc: Delete NLP_TARGET_REMOVE flag due to obsolete usage (bsc#1235409).
- scsi: lpfc: Modify handling of ADISC based on ndlp state and RPI registration (bsc#1235409).
- scsi: lpfc: Redefine incorrect type in lpfc_create_device_data() (bsc#1235409).
- scsi: lpfc: Restrict the REG_FCFI MAM field to FCoE adapters only (bsc#1235409).
- scsi: lpfc: Update definition of firmware configuration mbox cmds (bsc#1235409).
- scsi: lpfc: Update lpfc version to 14.4.0.7 (bsc#1235409).
- scsi: qla2xxx: Fix NVMe and NPIV connect issue (bsc#1235406).
- scsi: qla2xxx: Fix abort in bsg timeout (bsc#1235406).
- scsi: qla2xxx: Fix use after free on unload (bsc#1235406).
- scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt (bsc#1235406).
- scsi: qla2xxx: Remove the unused 'del_list_entry' field in struct fc_port (bsc#1235406).
- scsi: qla2xxx: Supported speed displayed incorrectly for VPorts (bsc#1235406).
- scsi: qla2xxx: Update version to 10.02.09.400-k (bsc#1235406).
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- selftests/bpf: Test PROBE_MEM of VSYSCALL_ADDR on x86-64 (git-fixes).
- serial: 8250_dw: Add Sophgo SG2044 quirk (stable-fixes).
- serial: 8250_dw: Do not use struct dw8250_data outside of 8250_dw (git-fixes).
- serial: 8250_dw: Replace ACPI device check by a quirk (git-fixes).
- serial: 8250_fintek: Add support for F81216E (stable-fixes).
- serial: Do not hold the port lock when setting rx-during-tx GPIO (git-fixes).
- serial: amba-pl011: Fix RX stall when DMA is used (git-fixes).
- serial: amba-pl011: Use port lock wrappers (stable-fixes).
- serial: amba-pl011: fix build regression (git-fixes).
- serial: do not use uninitialized value in uart_poll_init() (git-fixes).
- serial: imx: only set receiver level if it is zero (git-fixes).
- serial: imx: set receiver level before starting uart (git-fixes).
- serial: qcom-geni: Do not cancel/abort if we can't get the port lock (git-fixes).
- serial: qcom-geni: disable interrupts during console writes (git-fixes).
- serial: qcom-geni: fix arg types for qcom_geni_serial_poll_bit() (git-fixes).
- serial: qcom-geni: fix console corruption (git-fixes).
- serial: qcom-geni: fix dma rx cancellation (git-fixes).
- serial: qcom-geni: fix false console tx restart (git-fixes).
- serial: qcom-geni: fix fifo polling timeout (git-fixes).
- serial: qcom-geni: fix hard lockup on buffer flush (git-fixes).
- serial: qcom-geni: fix polled console corruption (git-fixes).
- serial: qcom-geni: fix polled console initialisation (git-fixes).
- serial: qcom-geni: fix receiver enable (git-fixes).
- serial: qcom-geni: fix shutdown race (git-fixes).
- serial: qcom-geni: fix soft lockup on sw flow control and suspend (git-fixes).
- serial: qcom-geni: introduce qcom_geni_serial_poll_bitfield() (git-fixes).
- serial: qcom-geni: revert broken hibernation support (git-fixes).
- serial: stm32: Return IRQ_NONE in the ISR if no handling happend (git-fixes).
- serial: stm32: do not always set SER_RS485_RX_DURING_TX if RS485 is enabled (git-fixes).
- slub: Replace cmpxchg_double() (bsc#1220773).
- slub: Replace cmpxchg_double() - KABI fix (bsc#1220773).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: fix issue described in bsc#1233642]
- soc/fsl: cpm: qmc: Convert to platform remove callback returning void (stable-fixes).
- soc: fsl: cpm1: qmc: Fix blank line and spaces (stable-fixes).
- soc: fsl: cpm1: qmc: Introduce qmc_init_resource() and its CPM1 version (stable-fixes).
- soc: fsl: cpm1: qmc: Introduce qmc_{init,exit}_xcc() and their CPM1 version (stable-fixes).
- soc: fsl: cpm1: qmc: Re-order probe() operations (stable-fixes).
- soc: fsl: cpm1: qmc: Set the ret error code on platform_get_irq() failure (git-fixes).
- soc: imx8m: Probe the SoC driver as platform driver (stable-fixes).
- soc: qcom: Add check devm_kasprintf() returned value (stable-fixes).
- soc: qcom: geni-se: Add M_TX_FIFO_NOT_EMPTY bit definition (git-fixes).
- soc: qcom: geni-se: add GP_LENGTH/IRQ_EN_SET/IRQ_EN_CLEAR registers (git-fixes).
- soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() (git-fixes).
- spi: aspeed: Fix an error handling path in aspeed_spi_[read|write]_user() (git-fixes).
- sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport (git-fixes).
- sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket (git-fixes).
- sunrpc: handle -ENOTCONN in xs_tcp_setup_socket() (git-fixes).
- svcrdma: Address an integer overflow (git-fixes).
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes).
- swiotlb: Enforce page alignment in swiotlb_alloc() (git-fixes).
- swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE (git-fixes).
- thermal/drivers/qcom/tsens-v1: Add support for MSM8937 tsens (stable-fixes).
- tools: hv: change permissions of NetworkManager configuration file (git-fixes).
- tpm/eventlog: Limit memory allocations for event logs with excessive size (bsc#1233260 bsc#1233259 bsc#1232421).
- tpm_tis_spi: Release chip select when flow control fails (bsc#1234338)
- tty: serial: kgdboc: Fix 8250_* kgdb over serial (git-fixes).
- types: Introduce [us]128 (bsc#1220773).
- ubifs: Correct the total block count by deducting journal reservation (git-fixes).
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes).
- udf: Fix lock ordering in udf_evict_inode() (bsc#1234238).
- udf: fix uninit-value use in udf_get_fileshortad (bsc#1234243).
- udf: prevent integer overflow in udf_bitmap_free_blocks() (bsc#1234239).
- udf: refactor inode_bmap() to handle error (bsc#1234242).
- udf: refactor udf_current_aext() to handle error (bsc#1234240).
- udf: refactor udf_next_aext() to handle error (bsc#1234241).
- udf: udftime: prevent overflow in udf_disk_stamp_to_time() (bsc#1234237).
- usb: add support for new USB device ID 0x17EF:0x3098 for the r8152 driver (stable-fixes).
- usb: cdns3-ti: Add workaround for Errata i2409 (stable-fixes).
- usb: cdns3: Add quirk flag to enable suspend residency (stable-fixes).
- usb: chipidea: udc: handle USB Error Interrupt if IOC not set (stable-fixes).
- usb: dwc2: Fix HCD port connection race (git-fixes).
- usb: dwc2: Fix HCD resume (git-fixes).
- usb: dwc2: gadget: Do not write invalid mapped sg entries into dma_desc with iommu enabled (stable-fixes).
- usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature (git-fixes).
- usb: dwc3: ep0: Do not clear ep0 DWC3_EP_TRANSFER_STARTED (git-fixes).
- usb: dwc3: ep0: Do not reset resource alloc flag (git-fixes).
- usb: dwc3: ep0: Do not reset resource alloc flag (including ep0) (git-fixes).
- usb: dwc3: gadget: Rewrite endpoint allocation flow (stable-fixes).
- usb: dwc3: xilinx: make sure pipe clock is deselected in usb2 only mode (git-fixes).
- usb: ehci-hcd: fix call balance of clocks handling routines (git-fixes).
- usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer (git-fixes).
- usb: host: max3421-hcd: Correctly abort a USB request (git-fixes).
- usb: typec: anx7411: fix OF node reference leaks in anx7411_typec_switch_probe() (git-fixes).
- usb: typec: anx7411: fix fwnode_handle reference leak (git-fixes).
- usb: typec: use cleanup facility for 'altmodes_node' (stable-fixes).
- vDPA/ifcvf: Fix pci_read_config_byte() return code handling (git-fixes).
- vdpa/mlx5: Fix PA offset with unaligned starting iotlb map (git-fixes).
- vdpa/mlx5: Fix suboptimal range on iotlb iteration (git-fixes).
- vdpa: solidrun: Fix UB bug with devres (git-fixes).
- vfs: fix readahead(2) on block devices (bsc#1234201).
- wifi: ath5k: add PCI ID for Arcadyan devices (git-fixes).
- wifi: ath5k: add PCI ID for SX76X (git-fixes).
- wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() (stable-fixes).
- wifi: cfg80211: sme: init n_channels before channels[] access (git-fixes).
- wifi: cw1200: Fix potential NULL dereference (git-fixes).
- wifi: ipw2x00: libipw_rx_any(): fix bad alignment (stable-fixes).
- wifi: iwlwifi: mvm: Use the sync timepoint API in suspend (stable-fixes).
- wifi: mac80211: clean up 'ret' in sta_link_apply_parameters() (stable-fixes).
- wifi: mac80211: fix station NSS capability initialization order (git-fixes).
- wifi: mac80211: init cnt before accessing elem in ieee80211_copy_mbssid_beacon (git-fixes).
- wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one (git-fixes).
- wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures (stable-fixes).
- wifi: rtw89: check return value of ieee80211_probereq_get() for RNR (stable-fixes).
- workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker (bsc#1235416).
- writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs (bsc#1234203).
- x86,amd_iommu: Replace cmpxchg_double() (bsc#1220773).
- x86,intel_iommu: Replace cmpxchg_double() (bsc#1220773).
- x86/hyperv: Fix hv tsc page based sched_clock for hibernation (git-fixes).
- xfs: do not allocate COW extents when unsharing a hole (git-fixes).
- xfs: fix sb_spino_align checks for large fsblock sizes (git-fixes).
- xfs: remove unknown compat feature check in superblock write validation (git-fixes).
- xfs: return from xfs_symlink_verify early on V4 filesystems (git-fixes).
- xfs: sb_spino_align is not verified (git-fixes).
- xhci: Add usb cold attach (CAS) as a reason to resume root hub (git-fixes).
- xhci: Allow RPM on the USB controller (1022:43f7) by default (stable-fixes).
- xhci: fix possible null pointer deref during xhci urb enqueue (git-fixes).
The following package changes have been done:
- kernel-macros-6.4.0-150600.23.33.1 updated
- kernel-devel-6.4.0-150600.23.33.1 updated
- kernel-default-devel-6.4.0-150600.23.33.1 updated
- kernel-syms-6.4.0-150600.23.33.1 updated
- container:registry.suse.com-bci-bci-base-15.6-004119bb65c14eb506b2f4bbca49187bb2a745adb5c4cf0a562d03010e2b22b3-0 updated