SUSE-IU-2025:372-1: Security update of suse-sles-15-sp5-chost-byos-v20250122-x86_64-gen2
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sun Jan 26 08:02:23 UTC 2025
SUSE Image Update Advisory: suse-sles-15-sp5-chost-byos-v20250122-x86_64-gen2
-----------------------------------------------------------------
Image Advisory ID : SUSE-IU-2025:372-1
Image Tags : suse-sles-15-sp5-chost-byos-v20250122-x86_64-gen2:20250122
Image Release :
Severity : important
Type : security
References : 1054914 1065729 1082555 1170891 1173139 1185010 1190358 1190428
1192020 1194869 1203332 1203617 1204171 1205521 1205796 1206188
1206344 1209288 1209290 1209798 1210449 1210627 1211593 1211595
1213034 1213607 1214635 1215304 1215523 1216813 1216813 1216909
1217070 1218562 1218644 1219608 1219724 1220382 1221168 1221309
1221333 1222364 1222590 1222878 1223044 1223202 1223345 1223384
1223524 1223656 1223824 1223848 1223919 1223942 1224518 1224526
1224574 1225189 1225336 1225451 1225462 1225611 1225725 1225730
1225742 1225758 1225762 1225764 1225812 1225820 1226498 1226560
1226586 1226592 1226631 1226694 1226748 1226797 1226872 1227437
1227853 1227885 1228119 1228190 1228269 1228324 1228410 1228430
1228486 1228553 1228650 1228709 1228743 1228747 1228857 1229005
1229019 1229238 1229312 1229429 1229450 1229454 1229456 1229556
1229585 1229684 1229752 1229769 1229806 1229808 1229809 1229837
1229891 1230055 1230179 1230220 1230231 1230270 1230272 1230289
1230294 1230331 1230333 1230405 1230414 1230422 1230429 1230456
1230550 1230558 1230600 1230620 1230697 1230715 1230722 1230763
1230773 1230774 1230801 1230827 1230903 1230918 1230984 1231016
1231072 1231073 1231083 1231084 1231085 1231087 1231089 1231094
1231096 1231098 1231101 1231105 1231108 1231111 1231114 1231115
1231132 1231135 1231138 1231148 1231169 1231178 1231179 1231180
1231181 1231185 1231187 1231191 1231193 1231195 1231197 1231200
1231202 1231203 1231277 1231293 1231327 1231328 1231344 1231348
1231373 1231375 1231383 1231388 1231414 1231434 1231439 1231441
1231442 1231452 1231453 1231465 1231474 1231481 1231496 1231502
1231537 1231539 1231540 1231541 1231578 1231604 1231610 1231646
1231673 1231795 1231849 1231854 1231856 1231857 1231858 1231859
1231861 1231864 1231872 1231883 1231885 1231887 1231888 1231889
1231890 1231892 1231893 1231895 1231896 1231897 1231902 1231903
1231904 1231907 1231914 1231916 1231920 1231923 1231929 1231930
1231931 1231935 1231936 1231937 1231938 1231939 1231940 1231941
1231942 1231944 1231947 1231950 1231952 1231953 1231954 1231958
1231959 1231960 1231961 1231962 1231965 1231967 1231968 1231972
1231973 1231976 1231978 1231979 1231987 1231988 1231990 1231991
1231992 1231995 1231996 1231997 1231998 1232001 1232004 1232005
1232006 1232007 1232013 1232015 1232016 1232017 1232024 1232024
1232025 1232026 1232027 1232028 1232033 1232034 1232035 1232036
1232037 1232038 1232039 1232043 1232045 1232047 1232048 1232049
1232050 1232056 1232067 1232069 1232070 1232071 1232075 1232076
1232080 1232083 1232084 1232085 1232089 1232094 1232096 1232097
1232098 1232104 1232105 1232108 1232111 1232114 1232116 1232119
1232120 1232123 1232124 1232126 1232133 1232134 1232135 1232136
1232140 1232141 1232142 1232145 1232147 1232149 1232150 1232151
1232152 1232154 1232155 1232157 1232159 1232160 1232162 1232163
1232164 1232165 1232166 1232170 1232172 1232174 1232175 1232180
1232185 1232187 1232189 1232191 1232195 1232196 1232198 1232199
1232200 1232201 1232217 1232218 1232220 1232221 1232224 1232229
1232232 1232233 1232237 1232251 1232253 1232254 1232255 1232259
1232260 1232262 1232263 1232264 1232272 1232279 1232282 1232285
1232286 1232287 1232293 1232304 1232305 1232307 1232309 1232310
1232312 1232313 1232314 1232316 1232317 1232318 1232329 1232332
1232333 1232334 1232335 1232337 1232339 1232342 1232345 1232349
1232352 1232354 1232355 1232357 1232358 1232359 1232361 1232362
1232364 1232366 1232367 1232368 1232369 1232370 1232371 1232374
1232378 1232381 1232383 1232385 1232387 1232392 1232394 1232395
1232413 1232416 1232418 1232419 1232424 1232432 1232435 1232436
1232436 1232442 1232446 1232472 1232483 1232500 1232501 1232503
1232504 1232507 1232519 1232520 1232552 1232573 1232579 1232630
1232631 1232632 1232757 1232819 1232823 1232860 1232870 1232873
1232877 1232878 1232881 1232884 1232885 1232887 1232888 1232890
1232892 1232896 1232897 1232905 1232907 1232919 1232926 1232928
1232935 1232999 1233035 1233038 1233049 1233050 1233051 1233056
1233057 1233061 1233063 1233065 1233067 1233070 1233070 1233073
1233074 1233096 1233100 1233103 1233104 1233105 1233106 1233107
1233108 1233110 1233111 1233113 1233114 1233117 1233123 1233125
1233127 1233129 1233130 1233134 1233135 1233150 1233189 1233191
1233197 1233200 1233205 1233206 1233209 1233210 1233211 1233212
1233214 1233216 1233238 1233239 1233241 1233253 1233255 1233282
1233293 1233307 1233324 1233350 1233393 1233420 1233452 1233453
1233454 1233456 1233457 1233458 1233460 1233462 1233463 1233467
1233468 1233468 1233469 1233471 1233476 1233478 1233479 1233481
1233484 1233485 1233487 1233490 1233491 1233499 1233528 1233547
1233548 1233550 1233552 1233553 1233554 1233555 1233557 1233558
1233560 1233561 1233564 1233568 1233570 1233577 1233580 1233637
1233642 1233701 1233769 1233773 1233819 1233837 1233977 1234012
1234025 1234068 1234072 1234073 1234075 1234076 1234077 1234085
1234087 1234093 1234098 1234108 1234120 1234156 1234214 1234219
1234220 1234240 1234241 1234245 1234273 1234281 1234282 1234294
1234333 1234338 1234357 1234437 1234464 1234605 1234639 1234650
1234708 1234727 1234749 1234809 1234811 1234827 1234834 1234843
1234846 1234853 1234856 1234891 1234912 1234920 1234921 1234960
1234963 1234971 1234973 1235004 1235035 1235037 1235039 1235054
1235056 1235061 1235073 1235220 1235224 1235246 1235507 CVE-2021-47202
CVE-2021-47416 CVE-2021-47534 CVE-2021-47594 CVE-2022-3435 CVE-2022-36280
CVE-2022-45934 CVE-2022-48664 CVE-2022-48674 CVE-2022-48742 CVE-2022-48879
CVE-2022-48946 CVE-2022-48947 CVE-2022-48948 CVE-2022-48949 CVE-2022-48951
CVE-2022-48953 CVE-2022-48954 CVE-2022-48955 CVE-2022-48956 CVE-2022-48957
CVE-2022-48958 CVE-2022-48959 CVE-2022-48960 CVE-2022-48961 CVE-2022-48962
CVE-2022-48966 CVE-2022-48967 CVE-2022-48968 CVE-2022-48969 CVE-2022-48970
CVE-2022-48971 CVE-2022-48972 CVE-2022-48973 CVE-2022-48975 CVE-2022-48977
CVE-2022-48978 CVE-2022-48979 CVE-2022-48980 CVE-2022-48981 CVE-2022-48982
CVE-2022-48983 CVE-2022-48985 CVE-2022-48987 CVE-2022-48988 CVE-2022-48989
CVE-2022-48990 CVE-2022-48991 CVE-2022-48992 CVE-2022-48994 CVE-2022-48995
CVE-2022-48997 CVE-2022-48999 CVE-2022-49000 CVE-2022-49002 CVE-2022-49003
CVE-2022-49005 CVE-2022-49006 CVE-2022-49007 CVE-2022-49010 CVE-2022-49011
CVE-2022-49012 CVE-2022-49014 CVE-2022-49015 CVE-2022-49016 CVE-2022-49017
CVE-2022-49019 CVE-2022-49020 CVE-2022-49021 CVE-2022-49022 CVE-2022-49023
CVE-2022-49024 CVE-2022-49025 CVE-2022-49026 CVE-2022-49027 CVE-2022-49028
CVE-2022-49029 CVE-2022-49031 CVE-2022-49032 CVE-2022-49033 CVE-2022-49035
CVE-2023-1382 CVE-2023-2166 CVE-2023-28327 CVE-2023-33951 CVE-2023-33952
CVE-2023-45142 CVE-2023-47108 CVE-2023-52766 CVE-2023-52800 CVE-2023-52881
CVE-2023-52915 CVE-2023-52917 CVE-2023-52918 CVE-2023-52919 CVE-2023-52920
CVE-2023-52921 CVE-2023-52922 CVE-2023-6270 CVE-2024-10524 CVE-2024-11053
CVE-2024-11168 CVE-2024-24806 CVE-2024-24860 CVE-2024-26782 CVE-2024-26886
CVE-2024-26906 CVE-2024-26924 CVE-2024-26953 CVE-2024-27043 CVE-2024-35888
CVE-2024-35937 CVE-2024-35980 CVE-2024-36244 CVE-2024-36484 CVE-2024-36883
CVE-2024-36886 CVE-2024-36905 CVE-2024-36915 CVE-2024-36953 CVE-2024-36954
CVE-2024-36957 CVE-2024-38577 CVE-2024-38589 CVE-2024-38615 CVE-2024-39476
CVE-2024-40965 CVE-2024-40997 CVE-2024-41016 CVE-2024-41023 CVE-2024-41049
CVE-2024-41110 CVE-2024-42131 CVE-2024-42145 CVE-2024-42226 CVE-2024-42232
CVE-2024-42253 CVE-2024-43374 CVE-2024-43817 CVE-2024-43897 CVE-2024-44931
CVE-2024-44932 CVE-2024-44934 CVE-2024-44947 CVE-2024-44958 CVE-2024-44964
CVE-2024-44995 CVE-2024-45016 CVE-2024-45025 CVE-2024-46678 CVE-2024-46681
CVE-2024-46716 CVE-2024-46719 CVE-2024-46754 CVE-2024-46770 CVE-2024-46775
CVE-2024-46777 CVE-2024-46800 CVE-2024-46802 CVE-2024-46804 CVE-2024-46805
CVE-2024-46807 CVE-2024-46809 CVE-2024-46810 CVE-2024-46811 CVE-2024-46812
CVE-2024-46813 CVE-2024-46814 CVE-2024-46815 CVE-2024-46816 CVE-2024-46817
CVE-2024-46818 CVE-2024-46819 CVE-2024-46821 CVE-2024-46826 CVE-2024-46828
CVE-2024-46834 CVE-2024-46835 CVE-2024-46840 CVE-2024-46841 CVE-2024-46842
CVE-2024-46848 CVE-2024-46849 CVE-2024-46853 CVE-2024-46854 CVE-2024-46855
CVE-2024-46857 CVE-2024-46859 CVE-2024-46864 CVE-2024-46871 CVE-2024-47660
CVE-2024-47661 CVE-2024-47663 CVE-2024-47664 CVE-2024-47665 CVE-2024-47666
CVE-2024-47667 CVE-2024-47668 CVE-2024-47669 CVE-2024-47670 CVE-2024-47671
CVE-2024-47672 CVE-2024-47673 CVE-2024-47674 CVE-2024-47678 CVE-2024-47679
CVE-2024-47682 CVE-2024-47684 CVE-2024-47685 CVE-2024-47692 CVE-2024-47693
CVE-2024-47695 CVE-2024-47696 CVE-2024-47697 CVE-2024-47698 CVE-2024-47699
CVE-2024-47701 CVE-2024-47704 CVE-2024-47705 CVE-2024-47706 CVE-2024-47707
CVE-2024-47709 CVE-2024-47710 CVE-2024-47712 CVE-2024-47713 CVE-2024-47718
CVE-2024-47720 CVE-2024-47723 CVE-2024-47727 CVE-2024-47728 CVE-2024-47730
CVE-2024-47735 CVE-2024-47737 CVE-2024-47738 CVE-2024-47739 CVE-2024-47742
CVE-2024-47745 CVE-2024-47747 CVE-2024-47748 CVE-2024-47749 CVE-2024-47756
CVE-2024-47757 CVE-2024-47814 CVE-2024-49850 CVE-2024-49851 CVE-2024-49852
CVE-2024-49855 CVE-2024-49858 CVE-2024-49860 CVE-2024-49861 CVE-2024-49863
CVE-2024-49866 CVE-2024-49867 CVE-2024-49868 CVE-2024-49870 CVE-2024-49871
CVE-2024-49875 CVE-2024-49877 CVE-2024-49879 CVE-2024-49881 CVE-2024-49882
CVE-2024-49883 CVE-2024-49884 CVE-2024-49886 CVE-2024-49890 CVE-2024-49891
CVE-2024-49892 CVE-2024-49894 CVE-2024-49895 CVE-2024-49896 CVE-2024-49897
CVE-2024-49899 CVE-2024-49900 CVE-2024-49901 CVE-2024-49902 CVE-2024-49903
CVE-2024-49905 CVE-2024-49906 CVE-2024-49907 CVE-2024-49908 CVE-2024-49909
CVE-2024-49911 CVE-2024-49912 CVE-2024-49913 CVE-2024-49914 CVE-2024-49917
CVE-2024-49918 CVE-2024-49919 CVE-2024-49920 CVE-2024-49921 CVE-2024-49922
CVE-2024-49923 CVE-2024-49924 CVE-2024-49925 CVE-2024-49929 CVE-2024-49930
CVE-2024-49933 CVE-2024-49934 CVE-2024-49935 CVE-2024-49936 CVE-2024-49938
CVE-2024-49939 CVE-2024-49944 CVE-2024-49945 CVE-2024-49946 CVE-2024-49947
CVE-2024-49949 CVE-2024-49950 CVE-2024-49952 CVE-2024-49954 CVE-2024-49955
CVE-2024-49957 CVE-2024-49958 CVE-2024-49959 CVE-2024-49960 CVE-2024-49962
CVE-2024-49963 CVE-2024-49965 CVE-2024-49966 CVE-2024-49967 CVE-2024-49968
CVE-2024-49969 CVE-2024-49973 CVE-2024-49974 CVE-2024-49975 CVE-2024-49981
CVE-2024-49982 CVE-2024-49983 CVE-2024-49985 CVE-2024-49989 CVE-2024-49991
CVE-2024-49993 CVE-2024-49995 CVE-2024-49996 CVE-2024-50000 CVE-2024-50001
CVE-2024-50002 CVE-2024-50003 CVE-2024-50006 CVE-2024-50007 CVE-2024-50008
CVE-2024-50009 CVE-2024-50013 CVE-2024-50014 CVE-2024-50017 CVE-2024-50018
CVE-2024-50019 CVE-2024-50024 CVE-2024-50025 CVE-2024-50026 CVE-2024-50028
CVE-2024-50031 CVE-2024-50033 CVE-2024-50035 CVE-2024-50041 CVE-2024-50044
CVE-2024-50045 CVE-2024-50046 CVE-2024-50047 CVE-2024-50048 CVE-2024-50049
CVE-2024-50055 CVE-2024-50058 CVE-2024-50059 CVE-2024-50061 CVE-2024-50062
CVE-2024-50063 CVE-2024-50067 CVE-2024-50073 CVE-2024-50074 CVE-2024-50077
CVE-2024-50078 CVE-2024-50081 CVE-2024-50082 CVE-2024-50089 CVE-2024-50093
CVE-2024-50095 CVE-2024-50096 CVE-2024-50098 CVE-2024-50099 CVE-2024-50103
CVE-2024-50108 CVE-2024-50110 CVE-2024-50115 CVE-2024-50116 CVE-2024-50117
CVE-2024-50124 CVE-2024-50125 CVE-2024-50127 CVE-2024-50128 CVE-2024-50131
CVE-2024-50134 CVE-2024-50135 CVE-2024-50138 CVE-2024-50141 CVE-2024-50143
CVE-2024-50146 CVE-2024-50147 CVE-2024-50148 CVE-2024-50150 CVE-2024-50153
CVE-2024-50154 CVE-2024-50154 CVE-2024-50155 CVE-2024-50156 CVE-2024-50160
CVE-2024-50166 CVE-2024-50167 CVE-2024-50171 CVE-2024-50179 CVE-2024-50180
CVE-2024-50181 CVE-2024-50182 CVE-2024-50183 CVE-2024-50184 CVE-2024-50186
CVE-2024-50187 CVE-2024-50188 CVE-2024-50189 CVE-2024-50192 CVE-2024-50194
CVE-2024-50195 CVE-2024-50196 CVE-2024-50198 CVE-2024-50201 CVE-2024-50202
CVE-2024-50205 CVE-2024-50208 CVE-2024-50209 CVE-2024-50211 CVE-2024-50215
CVE-2024-50218 CVE-2024-50229 CVE-2024-50230 CVE-2024-50232 CVE-2024-50233
CVE-2024-50234 CVE-2024-50236 CVE-2024-50237 CVE-2024-50249 CVE-2024-50255
CVE-2024-50256 CVE-2024-50259 CVE-2024-50261 CVE-2024-50262 CVE-2024-50264
CVE-2024-50265 CVE-2024-50267 CVE-2024-50268 CVE-2024-50269 CVE-2024-50271
CVE-2024-50273 CVE-2024-50274 CVE-2024-50278 CVE-2024-50279 CVE-2024-50279
CVE-2024-50280 CVE-2024-50282 CVE-2024-50287 CVE-2024-50289 CVE-2024-50290
CVE-2024-50292 CVE-2024-50295 CVE-2024-50296 CVE-2024-50298 CVE-2024-50301
CVE-2024-50302 CVE-2024-50602 CVE-2024-52533 CVE-2024-52616 CVE-2024-53051
CVE-2024-53052 CVE-2024-53055 CVE-2024-53056 CVE-2024-53058 CVE-2024-53059
CVE-2024-53060 CVE-2024-53061 CVE-2024-53063 CVE-2024-53064 CVE-2024-53066
CVE-2024-53068 CVE-2024-53072 CVE-2024-53079 CVE-2024-53085 CVE-2024-53088
CVE-2024-53090 CVE-2024-53095 CVE-2024-53101 CVE-2024-53104 CVE-2024-53110
CVE-2024-53113 CVE-2024-53114 CVE-2024-53119 CVE-2024-53120 CVE-2024-53122
CVE-2024-53125 CVE-2024-53130 CVE-2024-53131 CVE-2024-53142 CVE-2024-53146
CVE-2024-53150 CVE-2024-53156 CVE-2024-53157 CVE-2024-53158 CVE-2024-53161
CVE-2024-53162 CVE-2024-53173 CVE-2024-53179 CVE-2024-53206 CVE-2024-53210
CVE-2024-53213 CVE-2024-53214 CVE-2024-53239 CVE-2024-53240 CVE-2024-53241
CVE-2024-54661 CVE-2024-56326 CVE-2024-56539 CVE-2024-56548 CVE-2024-56549
CVE-2024-56570 CVE-2024-56571 CVE-2024-56575 CVE-2024-56598 CVE-2024-56604
CVE-2024-56605 CVE-2024-56619 CVE-2024-56755 CVE-2024-8805
-----------------------------------------------------------------
The container suse-sles-15-sp5-chost-byos-v20250122-x86_64-gen2 was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4035-1
Released: Mon Nov 18 16:22:57 2024
Summary: Security update for expat
Type: security
Severity: moderate
References: 1232579,CVE-2024-50602
This update for expat fixes the following issues:
- CVE-2024-50602: Fixed a denial of service via XML_ResumeParser (bsc#1232579).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4044-1
Released: Mon Nov 25 08:28:17 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update to v0.389:
* Update pci, usb and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4046-1
Released: Mon Nov 25 09:25:58 2024
Summary: Recommended update for rsyslog
Type: recommended
Severity: moderate
References: 1230984
This update for rsyslog fixes the following issue:
- restart daemon after update at the end of the transaction (bsc#1230984)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4065-1
Released: Tue Nov 26 11:10:58 2024
Summary: Recommended update for crypto-policies
Type: recommended
Severity: moderate
References: 1233499
This update for crypto-policies ships the missing crypto-policies scripts to SUSE Linux Enterprise Micro,
which allows configuration of the policies. (bsc#1233499)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4078-1
Released: Wed Nov 27 13:53:14 2024
Summary: Security update for glib2
Type: security
Severity: important
References: 1233282,CVE-2024-52533
This update for glib2 fixes the following issues:
- CVE-2024-52533: Fixed a single byte buffer overflow (bsc#1233282).
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4109-1
Released: Thu Nov 28 17:15:36 2024
Summary: Security update for libuv
Type: security
Severity: moderate
References: 1219724,CVE-2024-24806
This update for libuv fixes the following issues:
- CVE-2024-24806: Fixed improper Domain Lookup that potentially leads to SSRF attacks (bsc#1219724)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4138-1
Released: Mon Dec 2 13:29:57 2024
Summary: Security update for wget
Type: security
Severity: moderate
References: 1233773,CVE-2024-10524
This update for wget fixes the following issues:
- CVE-2024-10524: Fixed SSRF via shorthand HTTP URL (bsc#1233773)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4172-1
Released: Wed Dec 4 15:28:38 2024
Summary: Recommended update for samba
Type: recommended
Severity: moderate
References: 1213607,1221168,1223345,1229684,1231414
This update for samba fixes the following issues:
- Adjust spec to split out rpcd_* binaries into a separate
sub package (bsc#1231414).
- Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated
(bsc#1229684).
- Fix regression DFS not working with widelinks=true, updated to
fix DFS link enumeration (bsc#1213607).
- Fix: use-after-free in aio_del_req_from_fsp() during smbd shutdown
after failed IPC FSCTL_PIPE_TRANSCEIVE (bsc#1223345).
- Reduce winbind error msg to debug for a PDC/NT4 domain
(bsc#1221168).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4182-1
Released: Thu Dec 5 05:59:14 2024
Summary: Recommended update for suseconnect-ng
Type: recommended
Severity: moderate
References: 1231185,1231328
This update for suseconnect-ng fixes the following issues:
- Integrating uptime-tracker
- Honor auto-import-gpg-keys flag on migration (bsc#1231328)
- Only send labels if targetting SCC
- Skip the docker auth generation on RMT (bsc#1231185)
- Add --set-labels to register command to set labels at registration time on SCC
- Add a new function to display suse-uptime-tracker version
- Add a command to show the info being gathered
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4193-1
Released: Thu Dec 5 12:01:40 2024
Summary: Security update for python3
Type: security
Severity: low
References: 1231795,1233307,CVE-2024-11168
This update for python3 fixes the following issues:
- CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307)
Other fixes:
- Remove -IVendor/ from python-config (bsc#1231795)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4198-1
Released: Thu Dec 5 14:46:19 2024
Summary: Recommended update for libsolv, libzypp, zypper
Type: recommended
Severity: moderate
References: 1225451,1233393
This update for libsolv, libzypp, zypper fixes the following issues:
- Fix replaces_installed_package using the wrong solvable id when checking the noupdate map
- Make POOL_FLAG_ADDFILEPROVIDESFILTERED behaviour more standard
- Add rpm_query_idarray query function
- Support rpm's 'orderwithrequires' dependency
- BuildCache: Don't try to retrieve missing raw metadata if no permission to write the cache (bsc#1225451)
- RepoManager: Throw RepoNoPermissionException if the user has no permission to update(write) the caches (bsc#1225451)
- The 20MB download limit must not apply to non-metadata files like package URLs provided via the CLI (bsc#1233393)
- Don't try to download missing raw metadata if cache is not writable (bsc#1225451)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4302-1
Released: Thu Dec 12 09:51:03 2024
Summary: Security update for socat
Type: security
Severity: moderate
References: 1225462,CVE-2024-54661
This update for socat fixes the following issues:
- CVE-2024-54661: Fixed arbitrary file overwrite via predictable /tmp directory (bsc#1225462)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4330-1
Released: Mon Dec 16 14:17:15 2024
Summary: Security update for vim
Type: security
Severity: low
References: 1229238,1231373,CVE-2024-43374,CVE-2024-47814
This update for vim fixes the following issues:
- CVE-2024-47814: Fixed use-after-free when closing buffers in Vim (bsc#1231373)
- CVE-2024-43374: Fixed use-after-free in alist_add() (bsc#1229238)
Other fixes:
- Updated to version 9.1.0836
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4338-1
Released: Tue Dec 17 08:18:46 2024
Summary: Recommended update for systemd
Type: recommended
Severity: important
References: 1230272,1231610
This update for systemd fixes the following issues:
- core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout (bsc#1230272)
- core/unit: add get_timeout_start_usec in UnitVTable and define it for service
- sd-bus: make bus_add_match_full accept timeout
- udev-builtin-path_id: SAS wide ports must have num_phys > 1 (bsc#1231610)
- sd-device: add helper to read a unsigned int attribute
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4359-1
Released: Tue Dec 17 14:19:32 2024
Summary: Security update for curl
Type: security
Severity: moderate
References: 1234068,CVE-2024-11053
This update for curl fixes the following issues:
- CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4360-1
Released: Tue Dec 17 15:35:28 2024
Summary: Security update for docker
Type: security
Severity: important
References: 1217070,1228324,1228553,1229806,1230294,1230331,1230333,1231348,1232999,1233819,CVE-2023-45142,CVE-2023-47108,CVE-2024-41110
This update for docker fixes the following issues:
- Update docker-buildx to v0.19.2. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.19.2>.
Some notable changelogs from the last update:
* <https://github.com/docker/buildx/releases/tag/v0.19.0>
* <https://github.com/docker/buildx/releases/tag/v0.18.0>
- Add a new toggle file /etc/docker/suse-secrets-enable which allows users to
disable the SUSEConnect integration with Docker (which creates special mounts
in /run/secrets to allow container-suseconnect to authenticate containers
with registries on registered hosts). bsc#1231348 bsc#1232999
In order to disable these mounts, just do
echo 0 > /etc/docker/suse-secrets-enable
and restart Docker. In order to re-enable them, just do
echo 1 > /etc/docker/suse-secrets-enable
and restart Docker. Docker will output information on startup to tell you
whether the SUSE secrets feature is enabled or not.
- Disable docker-buildx builds for SLES. It turns out that build containers
with docker-buildx don't currently get the SUSE secrets mounts applied,
meaning that container-suseconnect doesn't work when building images.
bsc#1233819
- Remove DOCKER_NETWORK_OPTS from docker.service. This was removed from
sysconfig a long time ago, and apparently this causes issues with systemd in
some cases.
- Allow a parallel docker-stable RPM to exists in repositories.
- Update to docker-buildx v0.17.1 to match standalone docker-buildx package we
are replacing. See upstream changelog online at
<https://github.com/docker/buildx/releases/tag/v0.17.1>
- Allow users to disable SUSE secrets support by setting
DOCKER_SUSE_SECRETS_ENABLE=0 in /etc/sysconfig/docker. (bsc#1231348)
- Mark docker-buildx as required since classic 'docker build' has been
deprecated since Docker 23.0. (bsc#1230331)
- Import docker-buildx v0.16.2 as a subpackage. Previously this was a separate
package, but with docker-stable it will be necessary to maintain the packages
together and it makes more sense to have them live in the same OBS package.
(bsc#1230333)
- Update to Docker 26.1.5-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2615>
bsc#1230294
- This update includes fixes for:
* CVE-2024-41110. bsc#1228324
* CVE-2023-47108. bsc#1217070 bsc#1229806
* CVE-2023-45142. bsc#1228553 bsc#1229806
- Update to Docker 26.1.4-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2614>
- Update to Docker 26.1.0-ce. See upstream changelog online at
<https://docs.docker.com/engine/release-notes/26.1/#2610>
- Update --add-runtime to point to correct binary path.
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4363-1
Released: Tue Dec 17 16:12:41 2024
Summary: Recommended update for hwdata
Type: recommended
Severity: moderate
References:
This update for hwdata fixes the following issue:
- Version update v0.390
* Update pci and vendor ids
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4364-1
Released: Tue Dec 17 16:57:18 2024
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1054914,1065729,1082555,1194869,1204171,1205796,1206188,1206344,1209290,1210449,1210627,1213034,1216813,1218562,1218644,1220382,1221309,1221333,1222364,1222590,1223202,1223384,1223524,1223656,1223824,1223848,1223919,1223942,1224518,1224526,1224574,1225189,1225336,1225611,1225725,1225730,1225742,1225762,1225764,1225812,1226498,1226560,1226592,1226631,1226748,1226797,1226872,1227437,1227853,1227885,1228119,1228269,1228410,1228430,1228486,1228650,1228709,1228743,1228747,1228857,1229005,1229019,1229312,1229429,1229450,1229454,1229456,1229556,1229585,1229752,1229769,1229808,1229837,1229891,1230055,1230179,1230220,1230231,1230270,1230289,1230405,1230414,1230429,1230456,1230550,1230558,1230600,1230620,1230715,1230722,1230763,1230773,1230774,1230801,1230827,1230903,1230918,1231016,1231072,1231073,1231083,1231084,1231085,1231087,1231089,1231094,1231096,1231098,1231101,1231105,1231108,1231111,1231114,1231115,1231132,1231135,1231138,1231148,1231169,1231178,1231179,1231180,1231181,1
231187,1231191,1231193,1231195,1231197,1231200,1231202,1231203,1231277,1231293,1231327,1231344,1231375,1231383,1231434,1231439,1231441,1231442,1231452,1231465,1231474,1231481,1231496,1231502,1231537,1231539,1231540,1231541,1231578,1231646,1231673,1231849,1231856,1231857,1231858,1231859,1231861,1231864,1231872,1231883,1231885,1231887,1231888,1231889,1231890,1231892,1231893,1231895,1231896,1231897,1231902,1231903,1231904,1231907,1231914,1231916,1231920,1231923,1231929,1231930,1231931,1231935,1231936,1231937,1231938,1231939,1231940,1231941,1231942,1231944,1231947,1231950,1231952,1231953,1231954,1231958,1231959,1231960,1231961,1231962,1231965,1231967,1231968,1231972,1231973,1231976,1231978,1231979,1231987,1231988,1231990,1231991,1231992,1231995,1231996,1231997,1231998,1232001,1232004,1232005,1232006,1232007,1232013,1232015,1232016,1232017,1232025,1232026,1232027,1232028,1232033,1232034,1232035,1232036,1232037,1232038,1232039,1232043,1232047,1232048,1232049,1232050,1232056,1232067,123206
9,1232070,1232071,1232075,1232076,1232080,1232083,1232084,1232085,1232089,1232094,1232096,1232097,1232098,1232104,1232105,1232108,1232111,1232114,1232116,1232119,1232120,1232123,1232124,1232126,1232133,1232134,1232135,1232136,1232140,1232141,1232142,1232145,1232147,1232149,1232150,1232151,1232152,1232154,1232155,1232159,1232160,1232162,1232163,1232164,1232165,1232170,1232172,1232174,1232175,1232180,1232185,1232187,1232189,1232191,1232195,1232196,1232198,1232199,1232200,1232201,1232217,1232218,1232220,1232221,1232224,1232229,1232232,1232233,1232237,1232251,1232253,1232254,1232255,1232259,1232260,1232262,1232263,1232264,1232272,1232279,1232282,1232285,1232286,1232287,1232293,1232304,1232305,1232307,1232309,1232310,1232312,1232313,1232314,1232316,1232317,1232318,1232329,1232332,1232333,1232334,1232335,1232337,1232339,1232342,1232345,1232349,1232352,1232354,1232355,1232357,1232358,1232359,1232361,1232362,1232364,1232366,1232367,1232368,1232369,1232370,1232371,1232374,1232378,1232381,123
2383,1232385,1232387,1232392,1232394,1232395,1232413,1232416,1232418,1232424,1232432,1232435,1232436,1232442,1232446,1232483,1232500,1232501,1232503,1232504,1232507,1232519,1232520,1232552,1232630,1232631,1232632,1232757,1232819,1232860,1232870,1232873,1232877,1232878,1232881,1232884,1232885,1232887,1232888,1232890,1232892,1232896,1232897,1232905,1232907,1232919,1232926,1232928,1232935,1233035,1233049,1233051,1233056,1233057,1233061,1233063,1233065,1233067,1233070,1233073,1233074,1233100,1233103,1233104,1233105,1233106,1233107,1233108,1233110,1233111,1233113,1233114,1233117,1233123,1233125,1233129,1233130,1233134,1233135,1233150,1233189,1233191,1233197,1233205,1233206,1233209,1233210,1233211,1233212,1233214,1233216,1233238,1233241,1233253,1233255,1233293,1233350,1233452,1233453,1233454,1233456,1233457,1233458,1233460,1233462,1233463,1233468,1233471,1233476,1233478,1233479,1233481,1233484,1233487,1233490,1233491,1233528,1233548,1233552,1233553,1233554,1233555,1233557,1233560,1233561,
1233570,1233577,1233580,1233977,1234012,1234025,1234085,1234093,1234098,1234108,CVE-2021-47416,CVE-2021-47534,CVE-2021-47594,CVE-2022-3435,CVE-2022-45934,CVE-2022-48664,CVE-2022-48674,CVE-2022-48879,CVE-2022-48946,CVE-2022-48947,CVE-2022-48948,CVE-2022-48949,CVE-2022-48951,CVE-2022-48953,CVE-2022-48954,CVE-2022-48955,CVE-2022-48956,CVE-2022-48957,CVE-2022-48958,CVE-2022-48959,CVE-2022-48960,CVE-2022-48961,CVE-2022-48962,CVE-2022-48966,CVE-2022-48967,CVE-2022-48968,CVE-2022-48969,CVE-2022-48970,CVE-2022-48971,CVE-2022-48972,CVE-2022-48973,CVE-2022-48975,CVE-2022-48977,CVE-2022-48978,CVE-2022-48979,CVE-2022-48980,CVE-2022-48981,CVE-2022-48982,CVE-2022-48983,CVE-2022-48985,CVE-2022-48987,CVE-2022-48988,CVE-2022-48989,CVE-2022-48990,CVE-2022-48991,CVE-2022-48992,CVE-2022-48994,CVE-2022-48995,CVE-2022-48997,CVE-2022-48999,CVE-2022-49000,CVE-2022-49002,CVE-2022-49003,CVE-2022-49005,CVE-2022-49006,CVE-2022-49007,CVE-2022-49010,CVE-2022-49011,CVE-2022-49012,CVE-2022-49014,CVE-2022-49015,CVE
-2022-49016,CVE-2022-49017,CVE-2022-49019,CVE-2022-49020,CVE-2022-49021,CVE-2022-49022,CVE-2022-49023,CVE-2022-49024,CVE-2022-49025,CVE-2022-49026,CVE-2022-49027,CVE-2022-49028,CVE-2022-49029,CVE-2022-49031,CVE-2022-49032,CVE-2023-2166,CVE-2023-28327,CVE-2023-52766,CVE-2023-52800,CVE-2023-52881,CVE-2023-52915,CVE-2023-52917,CVE-2023-52918,CVE-2023-52919,CVE-2023-52921,CVE-2023-52922,CVE-2023-6270,CVE-2024-26782,CVE-2024-26906,CVE-2024-26953,CVE-2024-27043,CVE-2024-35888,CVE-2024-35937,CVE-2024-35980,CVE-2024-36244,CVE-2024-36484,CVE-2024-36883,CVE-2024-36886,CVE-2024-36905,CVE-2024-36953,CVE-2024-36954,CVE-2024-36957,CVE-2024-38577,CVE-2024-38589,CVE-2024-38615,CVE-2024-39476,CVE-2024-40965,CVE-2024-40997,CVE-2024-41016,CVE-2024-41023,CVE-2024-41049,CVE-2024-42131,CVE-2024-42145,CVE-2024-42226,CVE-2024-42253,CVE-2024-43817,CVE-2024-43897,CVE-2024-44931,CVE-2024-44932,CVE-2024-44947,CVE-2024-44958,CVE-2024-44964,CVE-2024-44995,CVE-2024-45016,CVE-2024-45025,CVE-2024-46678,CVE-2024-466
81,CVE-2024-46716,CVE-2024-46719,CVE-2024-46754,CVE-2024-46770,CVE-2024-46775,CVE-2024-46777,CVE-2024-46800,CVE-2024-46802,CVE-2024-46804,CVE-2024-46805,CVE-2024-46807,CVE-2024-46809,CVE-2024-46810,CVE-2024-46811,CVE-2024-46812,CVE-2024-46813,CVE-2024-46814,CVE-2024-46815,CVE-2024-46816,CVE-2024-46817,CVE-2024-46818,CVE-2024-46819,CVE-2024-46821,CVE-2024-46826,CVE-2024-46828,CVE-2024-46834,CVE-2024-46835,CVE-2024-46840,CVE-2024-46841,CVE-2024-46842,CVE-2024-46848,CVE-2024-46849,CVE-2024-46853,CVE-2024-46854,CVE-2024-46855,CVE-2024-46857,CVE-2024-46859,CVE-2024-46864,CVE-2024-46871,CVE-2024-47660,CVE-2024-47661,CVE-2024-47663,CVE-2024-47664,CVE-2024-47665,CVE-2024-47667,CVE-2024-47668,CVE-2024-47669,CVE-2024-47670,CVE-2024-47671,CVE-2024-47672,CVE-2024-47673,CVE-2024-47674,CVE-2024-47679,CVE-2024-47682,CVE-2024-47684,CVE-2024-47685,CVE-2024-47692,CVE-2024-47693,CVE-2024-47695,CVE-2024-47696,CVE-2024-47697,CVE-2024-47698,CVE-2024-47699,CVE-2024-47701,CVE-2024-47704,CVE-2024-47705,CVE-
2024-47706,CVE-2024-47707,CVE-2024-47709,CVE-2024-47710,CVE-2024-47712,CVE-2024-47713,CVE-2024-47718,CVE-2024-47720,CVE-2024-47723,CVE-2024-47727,CVE-2024-47728,CVE-2024-47730,CVE-2024-47735,CVE-2024-47737,CVE-2024-47738,CVE-2024-47739,CVE-2024-47742,CVE-2024-47745,CVE-2024-47747,CVE-2024-47748,CVE-2024-47749,CVE-2024-47756,CVE-2024-47757,CVE-2024-49850,CVE-2024-49851,CVE-2024-49852,CVE-2024-49855,CVE-2024-49858,CVE-2024-49860,CVE-2024-49861,CVE-2024-49863,CVE-2024-49866,CVE-2024-49867,CVE-2024-49868,CVE-2024-49870,CVE-2024-49871,CVE-2024-49875,CVE-2024-49877,CVE-2024-49879,CVE-2024-49881,CVE-2024-49882,CVE-2024-49883,CVE-2024-49884,CVE-2024-49886,CVE-2024-49890,CVE-2024-49891,CVE-2024-49892,CVE-2024-49894,CVE-2024-49895,CVE-2024-49896,CVE-2024-49897,CVE-2024-49899,CVE-2024-49900,CVE-2024-49901,CVE-2024-49902,CVE-2024-49903,CVE-2024-49905,CVE-2024-49906,CVE-2024-49907,CVE-2024-49908,CVE-2024-49909,CVE-2024-49911,CVE-2024-49912,CVE-2024-49913,CVE-2024-49914,CVE-2024-49917,CVE-2024-49
918,CVE-2024-49919,CVE-2024-49920,CVE-2024-49921,CVE-2024-49922,CVE-2024-49923,CVE-2024-49924,CVE-2024-49925,CVE-2024-49929,CVE-2024-49930,CVE-2024-49933,CVE-2024-49934,CVE-2024-49935,CVE-2024-49936,CVE-2024-49938,CVE-2024-49939,CVE-2024-49945,CVE-2024-49946,CVE-2024-49947,CVE-2024-49949,CVE-2024-49950,CVE-2024-49954,CVE-2024-49955,CVE-2024-49957,CVE-2024-49958,CVE-2024-49959,CVE-2024-49960,CVE-2024-49962,CVE-2024-49963,CVE-2024-49965,CVE-2024-49966,CVE-2024-49967,CVE-2024-49968,CVE-2024-49969,CVE-2024-49973,CVE-2024-49974,CVE-2024-49975,CVE-2024-49981,CVE-2024-49982,CVE-2024-49983,CVE-2024-49985,CVE-2024-49989,CVE-2024-49991,CVE-2024-49993,CVE-2024-49995,CVE-2024-49996,CVE-2024-50000,CVE-2024-50001,CVE-2024-50002,CVE-2024-50003,CVE-2024-50006,CVE-2024-50007,CVE-2024-50008,CVE-2024-50009,CVE-2024-50013,CVE-2024-50014,CVE-2024-50017,CVE-2024-50019,CVE-2024-50024,CVE-2024-50025,CVE-2024-50026,CVE-2024-50028,CVE-2024-50031,CVE-2024-50033,CVE-2024-50035,CVE-2024-50041,CVE-2024-50044,CVE
-2024-50045,CVE-2024-50046,CVE-2024-50047,CVE-2024-50048,CVE-2024-50049,CVE-2024-50055,CVE-2024-50058,CVE-2024-50059,CVE-2024-50061,CVE-2024-50062,CVE-2024-50063,CVE-2024-50067,CVE-2024-50073,CVE-2024-50074,CVE-2024-50077,CVE-2024-50078,CVE-2024-50081,CVE-2024-50082,CVE-2024-50089,CVE-2024-50093,CVE-2024-50095,CVE-2024-50096,CVE-2024-50098,CVE-2024-50099,CVE-2024-50103,CVE-2024-50108,CVE-2024-50110,CVE-2024-50115,CVE-2024-50116,CVE-2024-50117,CVE-2024-50124,CVE-2024-50125,CVE-2024-50127,CVE-2024-50128,CVE-2024-50131,CVE-2024-50134,CVE-2024-50135,CVE-2024-50138,CVE-2024-50141,CVE-2024-50146,CVE-2024-50147,CVE-2024-50148,CVE-2024-50150,CVE-2024-50153,CVE-2024-50154,CVE-2024-50155,CVE-2024-50156,CVE-2024-50160,CVE-2024-50167,CVE-2024-50171,CVE-2024-50179,CVE-2024-50180,CVE-2024-50182,CVE-2024-50183,CVE-2024-50184,CVE-2024-50186,CVE-2024-50187,CVE-2024-50188,CVE-2024-50189,CVE-2024-50192,CVE-2024-50194,CVE-2024-50195,CVE-2024-50196,CVE-2024-50198,CVE-2024-50201,CVE-2024-50205,CVE-2024-5
0208,CVE-2024-50209,CVE-2024-50215,CVE-2024-50218,CVE-2024-50229,CVE-2024-50230,CVE-2024-50232,CVE-2024-50233,CVE-2024-50234,CVE-2024-50236,CVE-2024-50237,CVE-2024-50249,CVE-2024-50255,CVE-2024-50259,CVE-2024-50261,CVE-2024-50264,CVE-2024-50265,CVE-2024-50267,CVE-2024-50268,CVE-2024-50269,CVE-2024-50271,CVE-2024-50273,CVE-2024-50274,CVE-2024-50279,CVE-2024-50282,CVE-2024-50287,CVE-2024-50289,CVE-2024-50290,CVE-2024-50292,CVE-2024-50295,CVE-2024-50298,CVE-2024-50301,CVE-2024-50302,CVE-2024-53052,CVE-2024-53058,CVE-2024-53059,CVE-2024-53060,CVE-2024-53061,CVE-2024-53063,CVE-2024-53066,CVE-2024-53068,CVE-2024-53079,CVE-2024-53085,CVE-2024-53088,CVE-2024-53104,CVE-2024-53110
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2021-47594: mptcp: never allow the PM to close a listener subflow (bsc#1226560).
- CVE-2022-48879: efi: fix NULL-deref in init error path (bsc#1229556).
- CVE-2022-48956: ipv6: avoid use-after-free in ip6_fragment() (bsc#1231893).
- CVE-2022-48957: dpaa2-switch: Fix memory leak in dpaa2_switch_acl_entry_add() and dpaa2_switch_acl_entry_remove() (bsc#1231973).
- CVE-2022-48958: ethernet: aeroflex: fix potential skb leak in greth_init_rings() (bsc#1231889).
- CVE-2022-48959: net: dsa: sja1105: fix memory leak in sja1105_setup_devlink_regions() (bsc#1231976).
- CVE-2022-48960: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() (bsc#1231979).
- CVE-2022-48962: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() (bsc#1232286).
- CVE-2022-48966: net: mvneta: Fix an out of bounds check (bsc#1232191).
- CVE-2022-48980: net: dsa: sja1105: avoid out of bounds access in sja1105_init_l2_policing() (bsc#1232233).
- CVE-2022-48983: io_uring: Fix a null-ptr-deref in io_tctx_exit_cb() (bsc#1231959).
- CVE-2022-48991: mm/khugepaged: fix collapse_pte_mapped_thp() to allow anon_vma (bsc#1232070).
- CVE-2022-49015: net: hsr: Fix potential use-after-free (bsc#1231938).
- CVE-2022-49017: tipc: re-fetch skb cb after tipc_msg_validate (bsc#1232004).
- CVE-2022-49020: net/9p: Fix a potential socket leak in p9_socket_open (bsc#1232175).
- CVE-2024-26782: mptcp: fix double-free on socket dismantle (bsc#1222590).
- CVE-2024-26906: Fixed invalid vsyscall page read for copy_from_kernel_nofault() (bsc#1223202).
- CVE-2024-26953: net: esp: fix bad handling of pages from page_pool (bsc#1223656).
- CVE-2024-35888: erspan: make sure erspan_base_hdr is present in skb->head (bsc#1224518).
- CVE-2024-35937: wifi: cfg80211: check A-MSDU format more carefully (bsc#1224526).
- CVE-2024-36244: net/sched: taprio: extend minimum interval restriction to entire cycle too (bsc#1226797).
- CVE-2024-36883: net: fix out-of-bounds access in ops_init (bsc#1225725).
- CVE-2024-36886: tipc: fix UAF in error path (bsc#1225730).
- CVE-2024-36905: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (bsc#1225742).
- CVE-2024-36954: tipc: fix a possible memleak in tipc_buf_append (bsc#1225764).
- CVE-2024-36957: octeontx2-af: avoid off-by-one read from userspace (bsc#1225762).
- CVE-2024-38589: netrom: fix possible dead-lock in nr_rt_ioctl() (bsc#1226748).
- CVE-2024-38615: cpufreq: exit() callback is optional (bsc#1226592).
- CVE-2024-39476: md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (bsc#1227437).
- CVE-2024-40965: i2c: lpi2c: Avoid calling clk_get_rate during transfer (bsc#1227885).
- CVE-2024-40997: cpufreq: amd-pstate: fix memory leak on CPU EPP exit (bsc#1227853).
- CVE-2024-41023: sched/deadline: Fix task_struct reference leak (bsc#1228430).
- CVE-2024-42226: Prevent potential failure in handle_tx_event() for Transfer events without TRB (bsc#1228709).
- CVE-2024-42253: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race (bsc#1229005).
- CVE-2024-44931: gpio: prevent potential speculation leaks in gpio_device_get_desc() (bsc#1229837).
- CVE-2024-44932: idpf: fix UAFs when destroying the queues (bsc#1229808).
- CVE-2024-44958: sched/smt: Fix unbalance sched_smt_present dec/inc (bsc#1230179).
- CVE-2024-44964: idpf: fix memory leaks and crashes while performing a soft reset (bsc#1230220).
- CVE-2024-44995: net: hns3: fix a deadlock problem when config TC during resetting (bsc#1230231).
- CVE-2024-45016: netem: fix return value if duplicate enqueue fails (bsc#1230429).
- CVE-2024-45025: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE (bsc#1230456).
- CVE-2024-46678: bonding: change ipsec_lock from spin lock to mutex (bsc#1230550).
- CVE-2024-46681: pktgen: use cpus_read_lock() in pg_net_init() (bsc#1230558).
- CVE-2024-46716: dmaengine: altera-msgdma: properly free descriptor in msgdma_free_descriptor (bsc#1230715).
- CVE-2024-46754: bpf: Remove tst_run from lwt_seg6local_prog_ops (bsc#1230801).
- CVE-2024-46770: ice: Add netif_device_attach/detach into PF reset flow (bsc#1230763).
- CVE-2024-46775: drm/amd/display: Validate function returns (bsc#1230774).
- CVE-2024-46777: udf: Avoid excessive partition lengths (bsc#1230773).
- CVE-2024-46800: sch/netem: fix use after free in netem_dequeue (bsc#1230827).
- CVE-2024-46809: drm/amd/display: Check BIOS images before it is used (bsc#1231148).
- CVE-2024-46811: drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box (bsc#1231179).
- CVE-2024-46813: drm/amd/display: Check link_index before accessing dc->links (bsc#1231191).
- CVE-2024-46814: drm/amd/display: Check msg_id before processing transcation (bsc#1231193).
- CVE-2024-46815: drm/amd/display: Check num_valid_sets before accessing reader_wm_sets (bsc#1231195).
- CVE-2024-46816: drm/amd/display: Stop amdgpu_dm initialize when link nums greater than max_links (bsc#1231197).
- CVE-2024-46817: drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6 (bsc#1231200).
- CVE-2024-46818: drm/amd/display: Check gpio_id before used as array index (bsc#1231203).
- CVE-2024-46826: ELF: fix kernel.randomize_va_space double read (bsc#1231115).
- CVE-2024-46828: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1231114).
- CVE-2024-46834: ethtool: fail closed if we can't get max channel used in indirection tables (bsc#1231096).
- CVE-2024-46840: btrfs: clean up our handling of refs == 0 in snapshot delete (bsc#1231105).
- CVE-2024-46841: btrfs: do not BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc() (bsc#1231094).
- CVE-2024-46848: perf/x86/intel: Limit the period on Haswell (bsc#1231072).
- CVE-2024-46849: ASoC: meson: axg-card: fix 'use-after-free' (bsc#1231073).
- CVE-2024-46854: net: dpaa: Pad packets to ETH_ZLEN (bsc#1231084).
- CVE-2024-46855: netfilter: nft_socket: fix sk refcount leaks (bsc#1231085).
- CVE-2024-46857: net/mlx5: Fix bridge mode operations when there are no VFs (bsc#1231087).
- CVE-2024-47660: fsnotify: clear PARENT_WATCHED flags lazily (bsc#1231439).
- CVE-2024-47661: drm/amd/display: Avoid overflow from uint32_t to uint8_t (bsc#1231496).
- CVE-2024-47664: spi: hisi-kunpeng: Add verification for the max_frequency provided by the firmware (bsc#1231442).
- CVE-2024-47668: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (bsc#1231502).
- CVE-2024-47672: wifi: iwlwifi: mvm: do not wait for tx queues if firmware is dead (bsc#1231540).
- CVE-2024-47673: wifi: iwlwifi: mvm: pause TCM when the firmware is stopped (bsc#1231539).
- CVE-2024-47674: mm: avoid leaving partial pfn mappings around in error case (bsc#1231673).
- CVE-2024-47679: vfs: fix race between evice_inodes() and find_inode()&iput() (bsc#1231930).
- CVE-2024-47684: tcp: check skb is non-NULL in tcp_rto_delta_us() (bsc#1231987).
- CVE-2024-47685: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (bsc#1231998).
- CVE-2024-47692: nfsd: return -EINVAL when namelen is 0 (bsc#1231857).
- CVE-2024-47701: ext4: explicitly exit when ext4_find_inline_entry returns an error (bsc#1231920).
- CVE-2024-47704: drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944).
- CVE-2024-47705: block: fix potential invalid pointer dereference in blk_add_partition (bsc#1231872).
- CVE-2024-47706: block, bfq: fix possible UAF for bfqq->bic with merge chain (bsc#1231942).
- CVE-2024-47707: ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (bsc#1231935).
- CVE-2024-47710: sock_map: Add a cond_resched() in sock_hash_free() (bsc#1232049).
- CVE-2024-47720: drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func (bsc#1232043).
- CVE-2024-47727: x86/tdx: Fix 'in-kernel MMIO' check (bsc#1232116).
- CVE-2024-47730: crypto: hisilicon/qm - inject error before stopping queue (bsc#1232075).
- CVE-2024-47738: wifi: mac80211: do not use rate mask for offchannel TX either (bsc#1232114).
- CVE-2024-47739: padata: use integer wrap around to prevent deadlock on seq_nr overflow (bsc#1232124).
- CVE-2024-47745: mm: split critical region in remap_file_pages() and invoke LSMs in between (bsc#1232135).
- CVE-2024-47747: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition (bsc#1232145).
- CVE-2024-47748: vhost_vdpa: assign irq bypass producer token correctly (bsc#1232174).
- CVE-2024-47757: nilfs2: fix potential oob read in nilfs_btree_check_delete() (bsc#1232187).
- CVE-2024-49858: efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (bsc#1232251).
- CVE-2024-49860: ACPI: sysfs: validate return type of _STR method (bsc#1231861).
- CVE-2024-49866: tracing/timerlat: Fix a race during cpuhp processing (bsc#1232259).
- CVE-2024-49868: btrfs: fix a NULL pointer dereference when failed to start a new trasacntion (bsc#1232272).
- CVE-2024-49881: ext4: update orig_path in ext4_find_extent() (bsc#1232201).
- CVE-2024-49882: ext4: fix double brelse() the buffer of the extents path (bsc#1232200).
- CVE-2024-49883: ext4: aovid use-after-free in ext4_ext_insert_extent() (bsc#1232199).
- CVE-2024-49886: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug (bsc#1232196).
- CVE-2024-49890: drm/amd/pm: ensure the fw_info is not null before using it (bsc#1232217).
- CVE-2024-49892: drm/amd/display: Initialize get_bytes_per_element's default to 1 (bsc#1232220).
- CVE-2024-49896: drm/amd/display: Check stream before comparing them (bsc#1232221).
- CVE-2024-49897: drm/amd/display: Check phantom_stream before it is used (bsc#1232355).
- CVE-2024-49899: drm/amd/display: Initialize denominators' default to 1 (bsc#1232358).
- CVE-2024-49901: drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs (bsc#1232305).
- CVE-2024-49906: drm/amd/display: Check null pointer before try to access it (bsc#1232332).
- CVE-2024-49909: drm/amd/display: Add NULL check for function pointer in dcn32_set_output_transfer_func (bsc#1232337).
- CVE-2024-49911: drm/amd/display: Add NULL check for function pointer in dcn20_set_output_transfer_func (bsc#1232366).
- CVE-2024-49914: drm/amd/display: Add null check for pipe_ctx->plane_state in (bsc#1232369).
- CVE-2024-49917: drm/amd/display: Add NULL check for clk_mgr and clk_mgr->funcs in dcn30_init_hw (bsc#1231965).
- CVE-2024-49918: drm/amd/display: Add null check for head_pipe in dcn32_acquire_idle_pipe_for_head_pipe_in_layer (bsc#1231967).
- CVE-2024-49919: drm/amd/display: Add null check for head_pipe in dcn201_acquire_free_pipe_for_layer (bsc#1231968).
- CVE-2024-49920: drm/amd/display: Check null pointers before multiple uses (bsc#1232313).
- CVE-2024-49921: drm/amd/display: Check null pointers before used (bsc#1232371).
- CVE-2024-49922: drm/amd/display: Check null pointers before using them (bsc#1232374).
- CVE-2024-49923: drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags (bsc#1232361).
- CVE-2024-49925: fbdev: efifb: Register sysfs groups through driver core (bsc#1232224)
- CVE-2024-49929: wifi: iwlwifi: mvm: avoid NULL pointer dereference (bsc#1232253).
- CVE-2024-49930: wifi: ath11k: fix array out-of-bound access in SoC stats (bsc#1232260).
- CVE-2024-49933: blk_iocost: fix more out of bound shifts (bsc#1232368).
- CVE-2024-49934: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name (bsc#1232387).
- CVE-2024-49936: net/xen-netback: prevent UAF in xenvif_flush_hash() (bsc#1232424).
- CVE-2024-49939: wifi: rtw89: avoid to add interface to list twice when SER (bsc#1232381).
- CVE-2024-49945: net/ncsi: Disable the ncsi work before freeing the associated structure (bsc#1232165).
- CVE-2024-49946: ppp: do not assume bh is held in ppp_channel_bridge_input() (bsc#1232164).
- CVE-2024-49949: net: avoid potential underflow in qdisc_pkt_len_init() with UFO (bsc#1232160).
- CVE-2024-49950: Bluetooth: L2CAP: Fix uaf in l2cap_connect (bsc#1232159).
- CVE-2024-49954: static_call: Replace pointless WARN_ON() in static_call_module_notify() (bsc#1232155).
- CVE-2024-49955: ACPI: battery: Fix possible crash when unregistering a battery hook (bsc#1232154).
- CVE-2024-49958: ocfs2: reserve space for inline xattr before attaching reflink tree (bsc#1232151).
- CVE-2024-49959: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error (bsc#1232149).
- CVE-2024-49960: ext4: fix timer use-after-free on failed mount (bsc#1232395).
- CVE-2024-49967: ext4: no need to continue when the number of entries is 1 (bsc#1232140).
- CVE-2024-49968: ext4: fix error message when rejecting the default hash (bsc#1232264).
- CVE-2024-49969: drm/amd/display: Fix index out of bounds in DCN30 color transformation (bsc#1232519).
- CVE-2024-49973: r8169: add tally counter fields added with RTL8125 (bsc#1232105).
- CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous (bsc#1232383).
- CVE-2024-49975: uprobes: fix kernel info leak via '[uprobes]' vma (bsc#1232104).
- CVE-2024-49983: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free (bsc#1232096).
- CVE-2024-49989: drm/amd/display: fix double free issue during amdgpu module unload (bsc#1232483).
- CVE-2024-49991: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer (bsc#1232282).
- CVE-2024-49993: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count (bsc#1232316).
- CVE-2024-49995: tipc: guard against string buffer overrun (bsc#1232432).
- CVE-2024-49996: cifs: Fix buffer overflow when parsing NFS reparse points (bsc#1232089).
- CVE-2024-50000: net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() (bsc#1232085).
- CVE-2024-50001: net/mlx5: Fix error path in multi-packet WQE transmit (bsc#1232084).
- CVE-2024-50002: static_call: Handle module init failure correctly in static_call_del_module() (bsc#1232083).
- CVE-2024-50006: ext4: fix i_data_sem unlock order in ext4_ind_migrate() (bsc#1232442).
- CVE-2024-50009: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value (bsc#1232318).
- CVE-2024-50014: ext4: fix access to uninitialised lock in fc replay path (bsc#1232446).
- CVE-2024-50019: kthread: unpark only parked kthread (bsc#1231990).
- CVE-2024-50024: net: Fix an unsafe loop on the list (bsc#1231954).
- CVE-2024-50028: thermal: core: Reference count the zone in thermal_zone_get_by_id() (bsc#1231950).
- CVE-2024-50033: slip: make slhc_remember() more robust against malicious packets (bsc#1231914).
- CVE-2024-50035: ppp: fix ppp_async_encode() illegal access (bsc#1232392).
- CVE-2024-50041: i40e: Fix macvlan leak by synchronizing access to mac_filter_hash (bsc#1231907).
- CVE-2024-50045: netfilter: br_netfilter: fix panic with metadata_dst skb (bsc#1231903).
- CVE-2024-50046: kabi fix for NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (bsc#1231902).
- CVE-2024-50047: smb: client: fix UAF in async decryption (bsc#1232418).
- CVE-2024-50048: fbcon: Fix a NULL pointer dereference issue in fbcon_putcs (bsc#1232310).
- CVE-2024-50055: driver core: bus: Fix double free in driver API bus_register() (bsc#1232329).
- CVE-2024-50058: serial: protect uart_port_dtr_rts() in uart_shutdown() too (bsc#1232285).
- CVE-2024-50059: ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (bsc#1232345).
- CVE-2024-50061: i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition (bsc#1232263).
- CVE-2024-50063: kABI: bpf: struct bpf_map kABI workaround (bsc#1232435).
- CVE-2024-50073: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux (bsc#1232520).
- CVE-2024-50081: blk-mq: setup queue ->tag_set before initializing hctx (bsc#1232501).
- CVE-2024-50082: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (bsc#1232500).
- CVE-2024-50089: unicode: Do not special case ignorable code points (bsc#1232860).
- CVE-2024-50093: thermal: intel: int340x: processor: Fix warning during module unload (bsc#1232877).
- CVE-2024-50098: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down (bsc#1232881).
- CVE-2024-50108: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too (bsc#1232884).
- CVE-2024-50110: xfrm: fix one more kernel-infoleak in algo dumping (bsc#1232885).
- CVE-2024-50115: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (bsc#1232919).
- CVE-2024-50125: Bluetooth: SCO: Fix UAF on sco_sock_timeout (bsc#1232928).
- CVE-2024-50127: net: sched: fix use-after-free in taprio_change() (bsc#1232907).
- CVE-2024-50128: net: wwan: fix global oob in wwan_rtnl_policy (bsc#1232905).
- CVE-2024-50134: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape (bsc#1232890).
- CVE-2024-50135: nvme-pci: fix race condition between reset and nvme_dev_disable() (bsc#1232888).
- CVE-2024-50138: bpf: Use raw_spinlock_t in ringbuf (bsc#1232935).
- CVE-2024-50146: net/mlx5e: Do not call cleanup on profile rollback failure (bsc#1233056).
- CVE-2024-50147: net/mlx5: Fix command bitmask initialization (bsc#1233067).
- CVE-2024-50153: scsi: target: core: Fix null-ptr-deref in target_alloc_device() (bsc#1233061).
- CVE-2024-50154: tcp: Fix use-after-free of nreq in reqsk_timer_handler() (bsc#1233070).
- CVE-2024-50167: be2net: fix potential memory leak in be_xmit() (bsc#1233049).
- CVE-2024-50171: net: systemport: fix potential memory leak in bcm_sysport_xmit() (bsc#1233057).
- CVE-2024-50182: secretmem: disable memfd_secret() if arch cannot set direct map (bsc#1233129).
- CVE-2024-50184: virtio_pmem: Check device status before requesting flush (bsc#1233135).
- CVE-2024-50186: net: explicitly clear the sk pointer, when pf->create fails (bsc#1233110).
- CVE-2024-50188: net: phy: dp83869: fix memory corruption when enabling fiber (bsc#1233107).
- CVE-2024-50192: irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (bsc#1233106).
- CVE-2024-50195: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() (bsc#1233103).
- CVE-2024-50196: pinctrl: ocelot: fix system hang on level based interrupts (bsc#1233113).
- CVE-2024-50205: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() (bsc#1233293).
- CVE-2024-50208: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (bsc#1233117).
- CVE-2024-50229: nilfs2: fix potential deadlock with newly created symlinks (bsc#1233205).
- CVE-2024-50230: nilfs2: fix kernel bug due to missing clearing of checked flag (bsc#1233206).
- CVE-2024-50259: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() (bsc#1233214).
- CVE-2024-50261: macsec: Fix use-after-free while sending the offloading packet (bsc#1233253).
- CVE-2024-50264: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (bsc#1233453).
- CVE-2024-50267: usb: serial: io_edgeport: fix use after free in debug printk (bsc#1233456).
- CVE-2024-50271: signal: restore the override_rlimit logic (bsc#1233460).
- CVE-2024-50273: btrfs: reinitialize delayed ref list after deleting it from the list (bsc#1233462).
- CVE-2024-50274: idpf: avoid vport access in idpf_get_link_ksettings (bsc#1233463).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50289: media: av7110: fix a spectre vulnerability (bsc#1233478).
- CVE-2024-50295: net: arc: fix the device for dma_map_single/dma_unmap_single (bsc#1233484).
- CVE-2024-50298: net: enetc: allocate vf_state during PF probes (bsc#1233487).
- CVE-2024-53052: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (bsc#1233548).
- CVE-2024-53058: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data (bsc#1233552).
- CVE-2024-53061: media: s5p-jpeg: prevent buffer overflows (bsc#1233555).
- CVE-2024-53063: media: dvbdev: prevent the risk of out of memory access (bsc#1233557).
- CVE-2024-53068: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() (bsc#1233561).
- CVE-2024-53079: mm/thp: fix deferred split unqueue naming and locking (bsc#1233570).
- CVE-2024-53088: i40e: fix race condition by adding filter's intermediate sync state (bsc#1233580).
- CVE-2024-53104: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (bsc#1234025).
- CVE-2024-53110: vp_vdpa: fix id_table array not null terminated error (bsc#1234085).
The following non-security bugs were fixed:
- acpi: battery: Call power_supply_changed() when adding hooks (bsc#1232154)
- acpi: battery: Simplify battery hook locking (bsc#1232154)
- acpi: button: Add DMI quirk for Samsung Galaxy Book2 to fix initial lid detection issue (stable-fixes).
- acpi: CPPC: Fix _CPC register setting issue (git-fixes).
- acpi: CPPC: Make rmw_lock a raw_spin_lock (git-fixes).
- acpi: EC: Do not release locks during operation region accesses (stable-fixes).
- acpi: PAD: fix crash in exit_round_robin() (stable-fixes).
- acpi: PRM: Clean up guid type in struct prm_handler_info (git-fixes).
- acpi: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context (git-fixes).
- acpi: resource: Add another DMI match for the TongFang GMxXGxx (stable-fixes).
- acpi: resource: Add Asus ExpertBook B2502CVA to irq1_level_low_skip_override[] (stable-fixes).
- acpi: resource: Add Asus Vivobook X1704VAP to irq1_level_low_skip_override[] (stable-fixes).
- acpi: resource: Add LG 16T90SP to irq1_level_low_skip_override[] (stable-fixes).
- acpica: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() (stable-fixes).
- acpica: Fix memory leak if acpi_ps_get_next_field() fails (stable-fixes).
- acpica: Fix memory leak if acpi_ps_get_next_namepath() fails (stable-fixes).
- acpica: iasl: handle empty connection_node (stable-fixes).
- ad7780: fix division by zero in ad7780_write_raw() (git-fixes).
- adapt same struct naming as similar kABI workaround in SLE15-SP6 (prefixed with 'suse_' to make it more obvious its a downstream thing.
- add bug reference for a mana change (bsc#1229769).
- add bug references to existing mana changes (bsc#1232033, bsc#1232034, bsc#1232036).
- add bugreference to a hv_netvsc patch (bsc#1232413).
- afs: Revert 'afs: Hide silly-rename files from userspace' (git-fixes).
- alsa: 6fire: Release resources at card release (git-fixes).
- alsa: ac97: bus: Fix the mistake in the comment (git-fixes).
- alsa: asihpi: Fix potential OOB array access (stable-fixes).
- alsa: caiaq: Use snd_card_free_when_closed() at disconnection (git-fixes).
- alsa: core: add isascii() check to card ID generator (stable-fixes).
- alsa: firewire-lib: Avoid division by zero in apply_constraint_to_size() (git-fixes).
- alsa: firewire-lib: fix return value on fail in amdtp_tscm_init() (git-fixes).
- alsa: hda: cs35l41: fix module autoloading (git-fixes).
- alsa: hda: Fix kctl->id initialization (git-fixes).
- alsa: hda/conexant - Fix audio routing for HP EliteOne 1000 G2 (stable-fixes).
- alsa: hda/conexant - Use cached pin control for Node 0x1d on HP EliteOne 1000 G2 (git-fixes).
- alsa: hda/conexant: Fix conflicting quirk for System76 Pangolin (git-fixes).
- alsa: hda/cs8409: Fix possible NULL dereference (git-fixes).
- alsa: hda/generic: Unconditionally prefer preferred_dacs pairs (git-fixes).
- alsa: hda/realtek - Fixed ALC256 headphone no sound (stable-fixes).
- alsa: hda/realtek - FIxed ALC285 headphone no sound (stable-fixes).
- alsa: hda/realtek - Fixed Clevo platform headset Mic issue (stable-fixes).
- alsa: hda/realtek: Add a quirk for HP Pavilion 15z-ec200 (stable-fixes).
- alsa: hda/realtek: Add quirk for Huawei MateBook 13 KLV-WX9 (stable-fixes).
- alsa: hda/realtek: Add subwoofer quirk for Acer Predator G9-593 (stable-fixes).
- alsa: hda/realtek: Fix headset mic on TUXEDO Gemini 17 Gen3 (stable-fixes).
- alsa: hda/realtek: Fix headset mic on TUXEDO Stellaris 16 Gen6 mb1 (stable-fixes).
- alsa: hda/realtek: fix mute/micmute LEDs for a HP EliteBook 645 G10 (stable-fixes).
- alsa: hda/realtek: Fix the push button function for the ALC257 (git-fixes).
- alsa: hda/realtek: Limit internal Mic boost on Dell platform (stable-fixes).
- alsa: hda/realtek: Update ALC225 depop procedure (git-fixes).
- alsa: hda/realtek: Update ALC256 depop procedure (git-fixes).
- alsa: hda/realtek: Update default depop procedure (git-fixes).
- alsa: hdsp: Break infinite MIDI input flush loop (stable-fixes).
- alsa: line6: add hw monitor volume control to POD HD500X (stable-fixes).
- alsa: mixer_oss: Remove some incorrect kfree_const() usages (git-fixes).
- alsa: us122l: Use snd_card_free_when_closed() at disconnection (git-fixes).
- alsa: usb-audio: Add delay quirk for VIVO USB-C HEADSET (stable-fixes).
- alsa: usb-audio: Add input value sanity checks for standard types (stable-fixes).
- alsa: usb-audio: Add logitech Audio profile quirk (stable-fixes).
- alsa: usb-audio: Add native DSD support for Luxman D-08u (stable-fixes).
- alsa: usb-audio: Add quirk for HP 320 FHD Webcam (stable-fixes).
- alsa: usb-audio: Add quirks for Dell WD19 dock (stable-fixes).
- alsa: usb-audio: Define macros for quirk table entries (stable-fixes).
- alsa: usb-audio: Replace complex quirk lines with macros (stable-fixes).
- alsa: usx2y: Use snd_card_free_when_closed() at disconnection (git-fixes).
- amd-pstate: Set min_perf to nominal_perf for active mode performance gov (git-fixes).
- arm64: cputype: Add Neoverse-N3 definitions (git-fixes)
- arm64: dts: imx8mp: correct sdhc ipg clk (git-fixes).
- arm64: dts: rockchip: override BIOS_DISABLE signal via GPIO hog on RK3399 Puma (git-fixes).
- arm64: errata: Expand speculative SSBS workaround once more (git-fixes)
- arm64: esr: Define ESR_ELx_EC_* constants as UL (git-fixes)
- arm64: fix .data.rel.ro size assertion when CONFIG_LTO_CLANG (git-fixes)
- arm64: Force position-independent veneers (git-fixes).
- arm64: probes: Fix simulate_ldr*_literal() (git-fixes)
- arm64: probes: Fix uprobes for big-endian kernels (git-fixes)
- arm64: probes: Remove broken LDR (literal) uprobe support (git-fixes)
- arm64: smccc: Remove broken support for SMCCCv1.3 SVE discard hint (git-fixes)
- arm64: smccc: replace custom COUNT_ARGS() & CONCATENATE() (git-fixes)
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled (git-fixes)
- arm64:uprobe fix the uprobe SWBP_INSN in big-endian (git-fixes)
- arm64/sve: Discard stale CPU state when handling SVE traps (git-fixes)
- asoc: allow module autoloading for table db1200_pids (stable-fixes).
- asoc: amd: yc: Fix for enabling DMIC on acp6x via _DSD entry (git-fixes).
- asoc: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() (git-fixes).
- asoc: codecs: lpass-rx-macro: add missing CDC_RX_BCL_VBAT_RF_PROC2 to default regs values (stable-fixes).
- asoc: cs42l51: Fix some error handling paths in cs42l51_probe() (git-fixes).
- asoc: fsl_sai: Enable 'FIFO continue on error' FCONT bit (stable-fixes).
- asoc: imx-card: Set card.owner to avoid a warning calltrace if SND=m (git-fixes).
- asoc: intel: fix module autoloading (stable-fixes).
- asoc: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() (git-fixes).
- asoc: qcom: sm8250: add qrb4210-rb2-sndcard compatible string (stable-fixes).
- asoc: rt5682: Return devm_of_clk_add_hw_provider to transfer the error (git-fixes).
- asoc: soc-pcm: Do not zero TDM masks in __soc_pcm_open() (git-fixes).
- asoc: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove (git-fixes).
- asoc: tda7419: fix module autoloading (stable-fixes).
- blk-throttle: Fix io statistics for cgroup v1 (bsc#1233528).
- block: Avoid leaking hctx->nr_active counter on batched completion (bsc#1231923).
- block: print symbolic error name instead of error code (bsc#1231872).
- bluetooth: bnep: fix wild-memory-access in proto_unregister (git-fixes).
- bluetooth: btmrvl: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- bluetooth: btusb: Fix regression with fake CSR controllers 0a12:0001 (git-fixes).
- bluetooth: Call iso_exit() on module unload (git-fixes).
- bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE (git-fixes).
- bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (git-fixes).
- bluetooth: ISO: Fix multiple init when debugfs is disabled (git-fixes).
- bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync (git-fixes).
- bluetooth: Remove debugfs directory on module init failure (git-fixes).
- bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change (git-fixes).
- bnxt_en: Fix the PCI-AER routines (git-fixes).
- bnxt_en: refactor reset close code (git-fixes).
- bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() (git-fixes).
- bnxt_en: Reserve rings after PCIe AER recovery if NIC interface is down (git-fixes).
- bnxt_en: Reset PTP tx_avail after possible firmware reset (git-fixes).
- bnxt_en: Restore PTP tx_avail count in case of skb_pad() error (git-fixes).
- bnxt_en: Wait for FLR to complete during probe (git-fixes).
- bpf, lsm: Add disabled BPF LSM hook list (git-fixes).
- bpf, net: Fix a potential race in do_sock_getsockopt() (git-fixes).
- bpf, verifier: Correct tail_call_reachable for bpf prog (git-fixes).
- bpf, x64: Remove tail call detection (git-fixes).
- bpf,perf: Fix perf_event_detach_bpf_prog error handling (git-fixes).
- bpf: Add --skip_encoding_btf_inconsistent_proto, --btf_gen_optimized to pahole flags for v1.25 (bsc#1230414 bsc#1229450).
- bpf: Allow helpers to accept pointers with a fixed size (git-fixes).
- bpf: Check for helper calls in check_subprogs() (git-fixes).
- bpf: correctly handle malformed BPF_CORE_TYPE_ID_LOCAL relos (git-fixes).
- bpf: Fix bpf_strtol and bpf_strtoul helpers for 32bit (git-fixes).
- bpf: Fix helper writes to read-only maps (git-fixes).
- bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation (bsc#1231375).
- bpf: Fix tailcall cases in test_bpf (git-fixes).
- bpf: Improve check_raw_mode_ok test for MEM_UNINIT-tagged types (git-fixes).
- bpf: Remove truncation test in bpf_strtol and bpf_strtoul helpers (git-fixes).
- bpf: Zero former ARG_PTR_TO_{LONG,INT} args in case of error (git-fixes).
- btf, scripts: Exclude Rust CUs with pahole (bsc#1230414 bsc#1229450).
- bus: integrator-lm: fix OF node leak in probe() (git-fixes).
- can: c_can: c_can_handle_bus_err(): update statistics if skb allocation fails (git-fixes).
- can: c_can: fix {rx,tx}_errors statistics (git-fixes).
- can: ems_usb: ems_usb_rx_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: ifi_canfd: ifi_canfd_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: j1939: j1939_session_new(): fix skb reference counting (git-fixes).
- can: m_can: m_can_handle_lec_err(): fix {rx,tx}_errors statistics (git-fixes).
- can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL (git-fixes).
- can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics (git-fixes).
- ceph: fix cap ref leak via netfs init_request (bsc#1231383).
- cgroup/bpf: only cgroup v2 can be attached by bpf programs (bsc#1234108).
- char: tpm: Fix possible memory leak in tpm_bios_measurements_open() (git-fixes).
- chtls: fix tp->rcv_tstamp initialization (git-fixes).
- clk: Add a devm variant of clk_rate_exclusive_get() (bsc#1227885).
- clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get() (bsc#1227885).
- comedi: Flush partial mappings in error case (git-fixes).
- comedi: ni_routing: tools: Check when the file could not be opened (stable-fixes).
- cpufreq/amd-pstate: Fix amd_pstate mode switch on shared memory systems (git-fixes).
- crypto: bcm - add error check in the ahash_hmac_init function (git-fixes).
- crypto: caam - add error check to caam_rsa_set_priv_key_form (git-fixes).
- crypto: caam - Fix the pointer passed to caam_qi_shutdown() (git-fixes).
- crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() (git-fixes).
- crypto: cavium - Fix the if condition to exit loop after timeout (git-fixes).
- crypto: hisilicon - Remove pci_aer_clear_nonfatal_status() call (bsc#1232075)
- crypto: hisilicon/qm - re-enable communicate interrupt before notifying PF (bsc#1232075)
- crypto: inside-secure - Fix the return value of safexcel_xcbcmac_cra_init() (git-fixes).
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit (git-fixes).
- cxgb4: add forgotten u64 ivlan cast before shift (git-fixes).
- cxgb4: Properly lock TX queue for the selftest (git-fixes).
- cxgb4: unnecessary check for 0 in the free_sge_txq_uld() function (git-fixes).
- debugfs: fix automount d_fsdata usage (git-fixes).
- dn_route: set rt neigh to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- drbd: Add NULL check for net_conf to prevent dereference in state validation (git-fixes).
- drbd: Fix atomicity violation in drbd_uuid_set_bm() (git-fixes).
- driver core: bus: Return -EIO instead of 0 when show/store invalid bus attribute (stable-fixes).
- drivers: net: prevent tun_build_skb() to exceed the packet size limit (git-fixes).
- drm: Consistently use struct drm_mode_rect for FB_DAMAGE_CLIPS (git-fixes).
- drm: komeda: Fix an issue related to normalized zpos (stable-fixes).
- drm/amd: Fix initialization mistake for NBIO 7.7.0 (stable-fixes).
- drm/amd: Guard against bad data for ATIF ACPI method (git-fixes).
- drm/amd/amdgpu: Fix double unlock in amdgpu_mes_add_ring (git-fixes).
- drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2) (stable-fixes).
- drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream (stable-fixes).
- drm/amd/display: Allow backlight to go below `AMDGPU_DM_DEFAULT_MIN_BACKLIGHT` (stable-fixes).
- drm/amd/display: Check link_res->hpo_dp_link_enc before using it (bsc#1231944)
- drm/amd/display: Check null pointer before dereferencing se (stable-fixes).
- drm/amd/display: Check null pointers before using dc->clk_mgr (stable-fixes).
- drm/amd/display: Check stream before comparing them (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 color transformation (stable-fixes).
- drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation (stable-fixes).
- drm/amd/display: Fix index out of bounds in degamma hardware format translation (stable-fixes).
- drm/amd/display: Fix Synaptics Cascaded Panamera DSC Determination (stable-fixes).
- drm/amd/display: Fix system hang while resume with TBT monitor (stable-fixes).
- drm/amd/display: Handle null 'stream_status' in 'planes_changed_for_existing_stream' (stable-fixes).
- drm/amd/display: Initialize get_bytes_per_element's default to 1 (stable-fixes).
- drm/amd/display: Round calculated vtotal (stable-fixes).
- drm/amd/display: Validate backlight caps are sane (stable-fixes).
- drm/amd/pm: ensure the fw_info is not null before using it (stable-fixes).
- drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() (stable-fixes).
- drm/amdgpu: add raven1 gfxoff quirk (stable-fixes).
- drm/amdgpu: Adjust debugfs eviction and IB access permissions (stable-fixes).
- drm/amdgpu: disallow multiple BO_HANDLES chunks in one submit (stable-fixes).
- drm/amdgpu: enable gfxoff quirk on HP 705G4 (stable-fixes).
- drm/amdgpu: fix unchecked return value warning for amdgpu_gfx (stable-fixes).
- drm/amdgpu: prevent BO_HANDLES error from being overwritten (git-fixes).
- drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported (git-fixes).
- drm/amdgpu: properly handle vbios fake edid sizing (git-fixes).
- drm/amdgpu: Replace one-element array with flexible-array member (stable-fixes).
- drm/amdkfd: Fix resource leak in criu restore queue (stable-fixes).
- drm/bridge: anx7625: Drop EDID cache on bridge power off (git-fixes).
- drm/bridge: tc358767: Fix link properties discovery (git-fixes).
- drm/bridge: tc358768: Fix DSI command tx (git-fixes).
- drm/etnaviv: Request pages from DMA32 zone on addressing_limited (git-fixes).
- drm/imx/dcss: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused (git-fixes).
- drm/msm: Allocate memory for disp snapshot with kvzalloc() (git-fixes).
- drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() (git-fixes).
- drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- drm/msm/dpu: cast crtc_clk calculation to u64 in _dpu_core_perf_calc_clk() (git-fixes).
- drm/msm/dpu: do not always program merge_3d block (git-fixes).
- drm/msm/dpu: make sure phys resources are properly initialized (git-fixes).
- drm/msm/dsi: fix 32-bit signed integer extension in pclk_rate calculation (git-fixes).
- drm/omap: Fix locking in omap_gem_new_dmabuf() (git-fixes).
- drm/omap: Fix possible NULL dereference (git-fixes).
- drm/panfrost: Remove unused id_mask from struct panfrost_model (git-fixes).
- drm/printer: Allow NULL data in devcoredump printer (stable-fixes).
- drm/radeon: Fix encoder->possible_clones (git-fixes).
- drm/radeon: properly handle vbios fake edid sizing (git-fixes).
- drm/radeon: Replace one-element array with flexible-array member (stable-fixes).
- drm/radeon/r100: Handle unknown family in r100_cp_init_microcode() (stable-fixes).
- drm/rockchip: define gamma registers for RK3399 (stable-fixes).
- drm/rockchip: support gamma control on RK3399 (stable-fixes).
- drm/rockchip: vop: Fix a dereferenced before check warning (git-fixes).
- drm/sched: Add locking to drm_sched_entity_modify_sched (git-fixes).
- drm/sti: avoid potential dereference of error pointers (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check (git-fixes).
- drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check (git-fixes).
- drm/v3d: Address race-condition in MMU flush (git-fixes).
- drm/v3d: Stop the active perfmon before being destroyed (git-fixes).
- drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA (stable-fixes).
- drm/vc4: hvs: Do not write gamma luts on 2711 (git-fixes).
- drm/vc4: hvs: Fix dlist debug not resetting the next entry pointer (git-fixes).
- drm/vc4: hvs: Remove incorrect limit from hvs_dlist debugfs function (git-fixes).
- drm/vc4: Stop the active perfmon before being destroyed (git-fixes).
- drm/vmwgfx: Handle surface check failure correctly (git-fixes).
- drm/vmwgfx: Limit display layout ioctl array size to VMWGFX_NUM_DISPLAY_UNITS (stable-fixes).
- drop HD-audio conexant patch that caused a regression on Thinkpad (bsc#1228269)
- Drop OCFS2 patch causing a regression (bsc#1233255)
- drop USB dwc2 patch that caused a regression on RPi3 (bsc#1232342)
- e1000e: Fix S0ix residency on corporate systems (git-fixes).
- efi/memattr: Ignore table if the size is clearly bogus (bsc#1231465).
- efistub/tpm: Use ACPI reclaim memory for event log to avoid corruption (stable-fixes).
- erofs: avoid consecutive detection for Highmem memory (git-fixes).
- erofs: avoid infinite loop in z_erofs_do_read_page() when reading beyond EOF (git-fixes).
- erofs: fix pcluster use-after-free on UP platforms (git-fixes).
- erofs: fix potential overflow calculating xattr_isize (git-fixes).
- erofs: stop parsing non-compact HEAD index if clusterofs is invalid (git-fixes).
- eth: bnxt: fix counting packets discarded due to OOM and netpoll (git-fixes).
- exportfs: use pr_debug for unreachable debug statements (git-fixes).
- ext4: fix slab-use-after-free in ext4_split_extent_at() (bsc#1232201)
- fat: fix uninitialized variable (git-fixes).
- fbdev: pxafb: Fix possible use after free in pxafb_task() (stable-fixes).
- fbdev: sisfb: Fix strbuf array overflow (stable-fixes).
- fgraph: Change the name of cpuhp state to 'fgraph:online' (git-fixes).
- fgraph: Fix missing unlock in register_ftrace_graph() (git-fixes).
- fgraph: Use CPU hotplug mechanism to initialize idle shadow stacks (git-fixes).
- filelock: fix potential use-after-free in posix_lock_inode (git-fixes).
- firmware: google: Unregister driver_info on failure (git-fixes).
- firmware: tegra: bpmp: Drop unused mbox_client_to_bpmp() (git-fixes).
- Fix regression on AMDGPU driver (bsc#1233134)
- fs: Fix file_set_fowner LSM hook inconsistencies (git-fixes).
- fs/namespace: fnic: Switch to use %ptTd (git-fixes).
- fs/pipe: Fix lockdep false-positive in watchqueue pipe_write() (git-fixes).
- genirq/msi: Fix off-by-one error in msi_domain_alloc() (git-fixes).
- goldfish: Fix unused const variable 'goldfish_pipe_acpi_match' (git-fixes).
- gpio: aspeed: Add the flush write to ensure the write complete (git-fixes).
- gpio: aspeed: Use devm_clk api to manage clock source (git-fixes).
- gpio: davinci: fix lazy disable (git-fixes).
- gve: Fix an edge case for TSO skb validity check (git-fixes).
- gve: Fix skb truesize underestimation (git-fixes).
- gve: Fix XDP TX completion handling when counters overflow (git-fixes).
- gve: ignore nonrelevant GSO type bits when processing TSO headers (git-fixes).
- hid: amd_sfh: Switch to device-managed dmam_alloc_coherent() (git-fixes).
- hid: core: zero-initialize the report buffer (git-fixes).
- hid: intel-ish-hid: Fix uninitialized variable 'rv' in ish_fw_xfer_direct_dma (git-fixes).
- hid: lenovo: Add support for Thinkpad X1 Tablet Gen 3 keyboard (stable-fixes).
- hid: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad (stable-fixes).
- hid: multitouch: Add quirk for Logitech Bolt receiver w/ Casa touchpad (stable-fixes).
- hid: multitouch: Add support for B2402FVA track point (stable-fixes).
- hid: multitouch: Add support for GT7868Q (stable-fixes).
- hid: multitouch: Add support for Thinkpad X12 Gen 2 Kbd Portfolio (stable-fixes).
- hid: plantronics: Workaround for an unexcepted opposite volume key (stable-fixes).
- hid: wacom: Defer calculation of resolution until resolution_code is known (git-fixes).
- hid: wacom: fix when get product name maybe null pointer (git-fixes).
- hid: wacom: Interpret tilt data from Intuos Pro BT as signed values (git-fixes).
- hv_netvsc: Fix VF namespace also in synthetic NIC NETDEV_REGISTER event (git-fixes).
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer (git-fixes).
- hwmon: (adm9240) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tmp513) Add missing dependency on REGMAP_I2C (git-fixes).
- hwmon: (tps23861) Fix reporting of negative temperatures (git-fixes).
- i2c: i801: Use a different adapter-name for IDF adapters (stable-fixes).
- i2c: imx-lpi2c: return -EINVAL when i2c peripheral clk does not work (bsc#1227885).
- i2c: imx-lpi2c: use bulk clk API (bsc#1227885).
- i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume (git-fixes).
- i2c: xiic: Fix broken locking on tx_msg (stable-fixes).
- i2c: xiic: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- i2c: xiic: Fix RX IRQ busy check (stable-fixes).
- i2c: xiic: improve error message when transfer fails to start (stable-fixes).
- i2c: xiic: Switch from waitqueue to completion (stable-fixes).
- i2c: xiic: Try re-initialization on bus busy timeout (git-fixes).
- i2c: xiic: Use devm_clk_get_enabled() (stable-fixes).
- i2c: xiic: xiic_xfer(): Fix runtime PM leak on error path (git-fixes).
- i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() (git-fixes).
- i40e: avoid double calling i40e_pf_rxq_wait() (git-fixes).
- i40e: disable NAPI right after disabling irqs when handling xsk_pool (git-fixes).
- i40e: Fix filter input checks to prevent config with invalid values (git-fixes).
- i40e: fix use-after-free in i40e_aqc_add_filters() (git-fixes).
- i40e: Fix waiting for queues of all VSIs to be disabled (git-fixes).
- i40e: Fix XDP program unloading while removing the driver (git-fixes).
- i40e: Report MFS in decimal base instead of hex (git-fixes).
- i40e: Restore VF MSI-X state during PCI reset (git-fixes).
- i40e: take into account XDP Tx queues when stopping rings (git-fixes).
- iavf: do not process adminq tasks when __IAVF_IN_REMOVE_TASK is set (git-fixes).
- iavf: fix FDIR rule fields masks validation (git-fixes).
- iavf: Fix promiscuous mode configuration flow messages (git-fixes).
- iavf: Fix TC config comparison with existing adapter TC config (git-fixes).
- iavf: in iavf_down, disable queues when removing the driver (git-fixes).
- iavf: initialize waitqueues before starting watchdog_task (git-fixes).
- iavf: Introduce new state machines for flow director (git-fixes).
- iavf: send VLAN offloading caps once after VFR (git-fixes).
- iavf: validate tx_coalesce_usecs even if rx_coalesce_usecs is zero (git-fixes).
- ibmvnic: Do partial reset on login failure (bsc#1233150).
- ibmvnic: Enforce stronger sanity checks on login response (bsc#1233150).
- ibmvnic: Ensure login failure recovery is safe from other resets (bsc#1233150).
- ibmvnic: Handle DMA unmapping of login buffs in release functions (bsc#1233150).
- ibmvnic: Unmap DMA login rsp buffer on send login fail (bsc#1233150).
- ice: avoid executing commands on other ports when driving sync (git-fixes).
- ice: Block switchdev mode when ADQ is active and vice versa (git-fixes).
- ice: change q_index variable type to s16 to store -1 value (git-fixes).
- ice: fix accounting for filters shared by multiple VSIs (git-fixes).
- ice: fix accounting if a VLAN already exists (git-fixes).
- ice: fix ICE_LAST_OFFSET formula (git-fixes).
- ice: Fix link_down_on_close message (git-fixes).
- ice: Fix netif_is_ice() in Safe Mode (git-fixes).
- ice: Fix NULL pointer deref during VF reset (git-fixes).
- ice: fix over-shifted variable (git-fixes).
- ice: fix receive buffer size miscalculation (git-fixes).
- ice: fix VLAN replay after reset (git-fixes).
- ice: Fix VSI list rule with ICE_SW_LKUP_LAST type (git-fixes).
- ice: ice_aq_check_events: fix off-by-one check when filling buffer (git-fixes).
- ice: Interpret .set_channels() input differently (git-fixes).
- ice: reset first in crash dump kernels (git-fixes).
- ice: respect netif readiness in AF_XDP ZC related ndo's (git-fixes).
- ice: Shut down VSI with 'link-down-on-close' enabled (git-fixes).
- ice: tc: allow zero flags in parsing tc flower (git-fixes).
- ice: Unbind the workqueue (bsc#1231344).
- ice: virtchnl: stop pretending to support RSS over AQ or registers (git-fixes).
- idpf: avoid compiler introduced padding in virtchnl2_rss_key struct (git-fixes).
- idpf: avoid compiler padding in virtchnl2_ptype struct (git-fixes).
- idpf: disable local BH when scheduling napi for marker packets (git-fixes).
- idpf: distinguish vports by the dev_port attribute (git-fixes).
- idpf: do not enable NAPI and interrupts prior to allocating Rx buffers (git-fixes).
- idpf: fix corrupted frames and skb leaks in singleq mode (git-fixes).
- idpf: fix memleak in vport interrupt configuration (git-fixes).
- idpf: fix memory leaks and crashes while performing a soft reset (git-fixes).
- idpf: fix UAFs when destroying the queues (git-fixes).
- idpf: Interpret .set_channels() input differently (git-fixes).
- igb: Always call igb_xdp_ring_update_tail() under Tx lock (git-fixes).
- igb: extend PTP timestamp adjustments to i211 (git-fixes).
- igb: Fix missing time sync events (git-fixes).
- igb: Fix not clearing TimeSync interrupts for 82580 (git-fixes).
- igc: Check VLAN EtherType mask (git-fixes).
- igc: Check VLAN TCI mask (git-fixes).
- igc: Fix hicredit calculation (git-fixes).
- igc: Fix missing time sync events (git-fixes).
- igc: Remove temporary workaround (git-fixes).
- igc: Report VLAN EtherType matching back to user (git-fixes).
- igc: Unlock on error in igc_io_resume() (git-fixes).
- iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr() (git-fixes).
- iio: adc: ad7606: Fix typo in the driver name (git-fixes).
- iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer (git-fixes).
- iio: dac: ad5770r: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: ltc1660: add missing select REGMAP_SPI in Kconfig (git-fixes).
- iio: dac: stm32-dac-core: add missing select REGMAP_MMIO in Kconfig (git-fixes).
- iio: hid-sensors: Fix an error handling path in _hid_sensor_set_report_latency() (git-fixes).
- iio: light: al3010: Fix an error handling path in al3010_probe() (git-fixes).
- iio: light: opt3001: add missing full-scale range value (git-fixes).
- iio: light: veml6030: fix ALS sensor resolution (git-fixes).
- iio: light: veml6030: fix IIO device retrieval from embedded device (git-fixes).
- iio: light: veml6030: fix microlux value calculation (git-fixes).
- iio: proximity: mb1232: add missing select IIO_(TRIGGERED_)BUFFER in Kconfig (git-fixes).
- initramfs: avoid filename buffer overrun (bsc#1232436).
- input: adp5589-keys - fix adp5589_gpio_get_value() (git-fixes).
- input: adp5589-keys - fix NULL pointer dereference (git-fixes).
- input: ads7846 - ratelimit the spi_sync error message (stable-fixes).
- input: goodix - use the new soc_intel_is_byt() helper (stable-fixes).
- input: i8042 - add another board name for TUXEDO Stellaris Gen5 AMD line (git-fixes).
- input: i8042 - add Ayaneo Kun to i8042 quirk table (git-fixes).
- input: i8042 - add Fujitsu Lifebook E756 to i8042 quirk table (git-fixes).
- input: i8042 - add TUXEDO Stellaris 15 Slim Gen6 AMD to i8042 quirk table (git-fixes).
- input: i8042 - add TUXEDO Stellaris 16 Gen5 AMD to i8042 quirk table (git-fixes).
- input: synaptics - enable SMBus for HP Elitebook 840 G2 (stable-fixes).
- iommu/vt-d: Always reserve a domain ID for identity setup (git-fixes).
- ipv6: blackhole_netdev needs snmp6 counters (bsc#1216813).
- ipv6: give an IPv6 dev to blackhole_netdev (bsc#1216813).
- irqchip/gic-v3-its: Avoid explicit cpumask allocation on stack (git-fixes).
- irqchip/gic-v3-its: Fix VSYNC referencing an unmapped VPE on GIC v4.1 (git-fixes).
- itco_wdt: mask NMI_NOW bit for update_no_reboot_bit() call (git-fixes).
- ixgbe: {dis, en}able irqs in ixgbe_txrx_ring_{dis, en}able (git-fixes).
- ixgbe: avoid sleeping allocation in ixgbe_ipsec_vf_add_sa() (git-fixes).
- ixgbe: fix crash with empty VF macvlan list (git-fixes).
- ixgbe: fix timestamp configuration code (git-fixes).
- jfs: check if leafidx greater than num leaves per dmap tree (git-fixes).
- jfs: Fix sanity check in dbMount (git-fixes).
- jfs: Fix uaf in dbFreeBits (git-fixes).
- jfs: Fix uninit-value access of new_ea in ea_buffer (git-fixes).
- jfs: UBSAN: shift-out-of-bounds in dbFindBits (git-fixes).
- kab: fix after net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes).
- kabi fix of KVM: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes).
- kABI: bpf: enum bpf_{type_flag,arg_type} kABI workaround (git-fixes).
- kABI: bpf: struct bpf_func_proto kABI workaround (git-fixes).
- kabi: fix after kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- kabi: fix after KVM: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes).
- kabi: Restore exported __arm_smccc_sve_check (git-fixes)
- kbuild, bpf: Use test-ge check for v1.25-only pahole (bsc#1230414 bsc#1229450).
- kbuild,bpf: Add module-specific pahole flags for distilled base BTF (bsc#1230414 bsc#1229450).
- kbuild,bpf: Switch to using --btf_features for pahole v1.26 and later (bsc#1230414 bsc#1229450).
- kbuild: add test-{ge,gt,le,lt} macros (bsc#1230414 bsc#1229450).
- kbuild: avoid too many execution of scripts/pahole-flags.sh (bsc#1230414 bsc#1229450).
- kbuild: bpf: Tell pahole to DECL_TAG kfuncs (bsc#1230414 bsc#1229450).
- kernel-binary: Enable livepatch package only when livepatch is enabled Otherwise the filelist may be empty failing the build (bsc#1218644).
- kernel.h: split out COUNT_ARGS() and CONCATENATE() to args.h (git-fixes)
- kexec: fix a memory leak in crash_shrink_memory() (git-fixes).
- kvm: add guest_state_{enter,exit}_irqoff() (git-fixes).
- kvm: Add support for arch compat vm ioctls (git-fixes).
- kvm: arm64: Add missing memory barriers when switching to pKVM's hyp pgd (git-fixes).
- kvm: arm64: Allow AArch32 PSTATE.M to be restored as System mode (git-fixes).
- kvm: arm64: Fix AArch32 register narrowing on userspace write (git-fixes).
- kvm: arm64: GICv4: Do not perform a map to a mapped vLPI (git-fixes).
- kvm: arm64: Invalidate EL1&0 TLB entries for all VMIDs in nvhe hyp init (git-fixes).
- kvm: arm64: mixed-width check should be skipped for uninitialized vCPUs (git-fixes).
- kvm: arm64: Preserve PSTATE.SS for the guest while single-step is enabled (git-fixes).
- kvm: arm64: Release pfn, i.e. put page, if copying MTE tags hits ZONE_DEVICE (git-fixes).
- kvm: arm64: vgic-its: Test for valid IRQ in its_sync_lpi_pending_table() (git-fixes).
- kvm: arm64: vgic-its: Test for valid IRQ in MOVALL handler (git-fixes).
- kvm: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (git-fixes).
- kvm: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (git-fixes).
- kvm: arm64: vgic-v4: Restore pending state on host userspace write (git-fixes).
- kvm: eventfd: Fix false positive RCU usage warning (git-fixes).
- kvm: Fix coalesced_mmio_has_room() to avoid premature userspace exit (git-fixes).
- kvm: Fix lockdep false negative during host resume (git-fixes).
- kvm: fix memoryleak in kvm_init() (git-fixes).
- kvm: Grab a reference to KVM for VM and vCPU stats file descriptors (git-fixes).
- kvm: Optimize kvm_make_vcpus_request_mask() a bit (git-fixes).
- kvm: PPC: Book3S HV: remove unused varible (bsc#1194869).
- kvm: Pre-allocate cpumasks for kvm_make_all_cpus_request_except() (git-fixes).
- kvm: Reject overly excessive IDs in KVM_CREATE_VCPU (git-fixes).
- kvm: s390: Change virtual to physical address access in diag 0x258 handler (git-fixes bsc#1232631).
- kvm: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (git-fixes bsc#1231277).
- kvm: s390: gaccess: Check if guest address is in memslot (git-fixes bsc#1232630).
- kvm: SVM: Disallow guest from changing userspace's MSR_AMD64_DE_CFG value (git-fixes).
- kvm: SVM: Do not advertise Bus Lock Detect to guest if SVM support is missing (git-fixes).
- kvm: SVM: fix emulation of msr reads/writes of MSR_FS_BASE and MSR_GS_BASE (git-fixes).
- kvm: Unconditionally get a ref to /dev/kvm module when creating a VM (git-fixes).
- kvm: Write the per-page 'segment' when clearing (part of) a guest page (git-fixes).
- kvm: x86: Use a stable condition around all VT-d PI paths (git-fixes).
- kvm: x86/mmu: Fold rmap_recycle into rmap_add (git-fixes).
- kvm: x86/mmu: Rename slot_handle_leaf to slot_handle_level_4k (git-fixes).
- kvm/arm64: rework guest entry logic (git-fixes).
- mac80211: MAC80211_MESSAGE_TRACING should depend on TRACING (git-fixes).
- Makefile.compiler: replace cc-ifversion with compiler-specific macros (bsc#1230414 bsc#1229450).
- media: adv7604: prevent underflow condition when reporting colorspace (git-fixes).
- media: cx24116: prevent overflows on SNR calculus (git-fixes).
- media: dvb_frontend: do not play tricks with underflow values (git-fixes).
- media: dvb-usb-v2: af9035: fix missing unlock (git-fixes).
- media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer (stable-fixes).
- media: dvbdev: prevent the risk of out of memory access (git-fixes).
- media: pci: cx23885: check cx23885_vdev_init() return (stable-fixes).
- media: pulse8-cec: fix data timestamp at pulse8_setup() (git-fixes).
- media: stb0899_algo: initialize cfr before using it (git-fixes).
- media: v4l2-ctrls-api: fix error handling for v4l2_g_ctrl() (git-fixes).
- media: v4l2-tpg: prevent the risk of a division by zero (git-fixes).
- media: videobuf2-core: clear memory related fields in __vb2_plane_dmabuf_put() (stable-fixes).
- mei: use kvmalloc for read buffer (git-fixes).
- misc: apds990x: Fix missing pm_runtime_disable() (git-fixes).
- mm/hugetlb: fix nodes huge page allocation when there are surplus pages (bsc#1234012).
- mm/memory: add non-anonymous page check in the copy_present_page() (bsc#1231646).
- modpost: remove incorrect code in do_eisa_entry() (git-fixes).
- module: abort module loading when sysfs setup suffer errors (git-fixes).
- nbd: fix race between timeout and normal completion (bsc#1230918).
- net: add more sanity check in virtio_net_hdr_to_skb() (git-fixes).
- net: ena: Fix potential sign extension issue (git-fixes).
- net: ena: Remove ena_select_queue (git-fixes).
- net: ena: Wrong missing IO completions check order (git-fixes).
- net: mana: Implement get_ringparam/set_ringparam for mana (bsc#1229891).
- net: mana: Improve mana_set_channels() in low mem conditions (bsc#1230289).
- net: qede: use return from qede_parse_flow_attr() for flow_spec (git-fixes).
- net: relax socket state check at accept time (git-fixes).
- net: socket: suppress unused warning (git-fixes).
- net: test for not too small csum_start in virtio_net_hdr_to_skb() (git-fixes).
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device (git-fixes).
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration (git-fixes).
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition (stable-fixes).
- net: usb: usbnet: fix name regression (git-fixes).
- net: usb: usbnet: fix race in probe failure (git-fixes).
- net/mlx5: Add missing masks and QoS bit masks for scheduling elements (git-fixes).
- net/mlx5: Added cond_resched() to crdump collection (git-fixes).
- net/mlx5: Allow 0 for total host VFs (git-fixes).
- net/mlx5: Correctly compare pkt reformat ids (git-fixes).
- net/mlx5: DR, Can't go to uplink vport on RX rule (git-fixes).
- net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx (git-fixes).
- net/mlx5: DR, Use the right GVMI number for drop action (git-fixes).
- net/mlx5: Drain health before unregistering devlink (git-fixes).
- net/mlx5: E-switch, register event handler before arming the event (git-fixes).
- net/mlx5: Explicitly set scheduling element and TSAR type (git-fixes).
- net/mlx5: Fix fw tracer first block check (git-fixes).
- net/mlx5: fix potential memory leak in mlx5e_init_rep_rx (git-fixes).
- net/mlx5: fs, lock FTE when checking if active (git-fixes).
- net/mlx5: Handle fw tracer change ownership event based on MTRC (git-fixes).
- net/mlx5: LAG, Check correct bucket when modifying LAG (git-fixes).
- net/mlx5: Lag, do bond only if slaves agree on roce state (git-fixes).
- net/mlx5: Lag, do not use the hardcoded value of the first port (git-fixes).
- net/mlx5: Lag, restore buckets number to default after hash LAG deactivation (git-fixes).
- net/mlx5: Skip clock update work when device is in error state (git-fixes).
- net/mlx5: Unregister notifier on eswitch init failure (git-fixes).
- net/mlx5: Update the list of the PCI supported devices (git-fixes).
- net/mlx5: Use mlx5 device constant for selecting CQ period mode for ASO (git-fixes).
- net/mlx5: Use recovery timeout on sync reset flow (git-fixes).
- net/mlx5: Use RMW accessors for changing LNKCTL (git-fixes).
- net/mlx5e: Add a check for the return value from mlx5_port_set_eth_ptys (git-fixes).
- net/mlx5e: Add missing link modes to ptys2ethtool_map (git-fixes).
- net/mlx5e: Add mqprio_rl cleanup and free in mlx5e_priv_cleanup() (git-fixes).
- net/mlx5e: Again mutually exclude RX-FCS and RX-port-timestamp (git-fixes).
- net/mlx5e: Allow software parsing when IPsec crypto is enabled (git-fixes).
- net/mlx5e: Change the warning when ignore_flow_level is not supported (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version buffer (git-fixes).
- net/mlx5e: Check return value of snprintf writing to fw_version buffer for representors (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer (git-fixes).
- net/mlx5e: Correct snprintf truncation handling for fw_version buffer used by representors (git-fixes).
- net/mlx5e: Correctly report errors for ethtool rx flows (git-fixes).
- net/mlx5e: CT: Fix null-ptr-deref in add rule err flow (git-fixes).
- net/mlx5e: Do not offload internal port if filter device is out device (git-fixes).
- net/mlx5e: fix a potential double-free in fs_udp_create_groups (git-fixes).
- net/mlx5e: Fix crash moving to switchdev mode when ntuple offload is set (git-fixes).
- net/mlx5e: fix double free in macsec_fs_tx_create_crypto_table_groups (git-fixes).
- net/mlx5e: fix double free of encap_header (git-fixes).
- net/mlx5e: Fix features validation check for tunneled UDP (non-VXLAN) packets (git-fixes).
- net/mlx5e: Fix IPsec tunnel mode offload feature check (git-fixes).
- net/mlx5e: Fix pedit endianness (git-fixes).
- net/mlx5e: Fix possible deadlock on mlx5e_tx_timeout_work (git-fixes).
- net/mlx5e: fix return value check in mlx5e_ipsec_remove_trailer() (git-fixes).
- net/mlx5e: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list() (git-fixes).
- net/mlx5e: Fix UDP GSO for encapsulated packets (git-fixes).
- net/mlx5e: HTB, Fix inconsistencies with QoS SQs number (git-fixes).
- net/mlx5e: kTLS, Fix incorrect page refcounting (git-fixes).
- net/mlx5e: Move representor neigh cleanup to profile cleanup_tx (git-fixes).
- net/mlx5e: Reduce the size of icosq_str (git-fixes).
- net/mlx5e: Take state lock during tx timeout reporter (git-fixes).
- net/mlx5e: Use rx_missed_errors instead of rx_dropped for reporting buffer exhaustion (git-fixes).
- net/sched: taprio: Limit TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME to INT_MAX (bsc#1226797)
- netdevsim: use cond_resched() in nsim_dev_trap_report_work() (git-fixes).
- nfs: Avoid unnecessary rescanning of the per-server delegation list (git-fixes).
- nfs: Fix KMSAN warning in decode_getfattr_attrs() (git-fixes).
- nfs: fix memory leak in error path of nfs4_do_reclaim (git-fixes).
- nfsd: call cache_put if xdr_reserve_space returns NULL (git-fixes).
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (git-fixes).
- nfsd: Fix NFSv4's PUTPUBFH operation (git-fixes).
- nfsd: fix refcount leak when file is unhashed after being found (git-fixes).
- nfsd: map the EBADMSG to nfserr_io to avoid warning (git-fixes).
- nfsd: Mark filecache 'down' if init fails (git-fixes).
- nfsd: remove unneeded EEXIST error check in nfsd_do_file_acquire (git-fixes).
- nfsd: return -EINVAL when namelen is 0 (git-fixes).
- nfsv3: only use NFS timeout for MOUNT when protocols are compatible (bsc#1231016).
- nfsv4: Fix clearing of layout segments in layoutreturn (git-fixes).
- nilfs2: fix kernel bug due to missing clearing of buffer delay flag (git-fixes).
- nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error (git-fixes).
- ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() (git-fixes).
- ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition (stable-fixes).
- nvme-fabrics: fix kernel crash while shutting down controller (git-fixes).
- nvme-multipath: system fails to create generic nvme device (git-fixes).
- nvme-pci: fix freeing of the HMB descriptor table (git-fixes).
- nvme-pci: qdepth 1 quirk (git-fixes).
- nvme-pci: reverse request order in nvme_queue_rqs (git-fixes).
- nvmet-auth: assign dh_key to NULL after kfree_sensitive (git-fixes).
- ocfs2: fix the la space leak when unmounting an ocfs2 volume (git-fixes).
- ocfs2: fix uninit-value in ocfs2_get_block() (git-fixes).
- ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow (git-fixes).
- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() (git-fixes).
- parport: Proper fix for array out-of-bounds access (git-fixes).
- pci: Add ACS quirk for Qualcomm SA8775P (stable-fixes).
- pci: Add function 0 DMA alias quirk for Glenfly Arise chip (stable-fixes).
- pci: Add T_PVPERL macro (git-fixes).
- pci: endpoint: Clear secondary (not primary) EPC in pci_epc_remove_epf() (git-fixes).
- pci: Fix pci_enable_acs() support for the ACS quirks (bsc#1229019).
- pci: Fix reset_method_store() memory leak (git-fixes).
- pci: j721e: Deassert PERST# after a delay of PCIE_T_PVPERL_MS milliseconds (git-fixes).
- pci: keystone: Add link up check to ks_pcie_other_map_bus() (git-fixes).
- pci: keystone: Set mode as Root Complex for 'ti,keystone-pcie' compatible (git-fixes).
- pci: Mark Creative Labs EMU20k2 INTx masking as broken (stable-fixes).
- pci: rockchip-ep: Fix address translation unit programming (git-fixes).
- phy: tegra: xusb: Add error pointer check in xusb.c (git-fixes).
- platform/chrome: cros_ec_typec: fix missing fwnode reference decrement (git-fixes).
- platform/surface: aggregator_registry: Add support for Surface Laptop Go 3 (stable-fixes).
- platform/surface: aggregator: Fix warning when controller is destroyed in probe (git-fixes).
- platform/x86: dell-sysman: add support for alienware products (stable-fixes).
- platform/x86: dell-wmi: Ignore suspend notifications (stable-fixes).
- platform/x86: touchscreen_dmi: add nanote-next quirk (stable-fixes).
- posix-cpu-timers: Clear TICK_DEP_BIT_POSIX_TIMER on clone (bsc#1234098).
- power: reset: brcmstb: Do not go into infinite loop if reset fails (stable-fixes).
- power: supply: bq27xxx: Fix registers of bq27426 (git-fixes).
- power: supply: core: Remove might_sleep() from power_supply_put() (git-fixes).
- powerpc: Allow clearing and restoring registers independent of saved breakpoint state (bsc#1194869).
- powerpc: remove GCC version check for UPD_CONSTR (bsc#1194869).
- powerpc/64: Convert patch_instruction() to patch_u32() (bsc#1194869).
- powerpc/asm: Remove UPD_CONSTR after GCC 4.9 removal (bsc#1194869).
- powerpc/atomic: Use YZ constraints for DS-form instructions (bsc#1194869).
- powerpc/boot: Handle allocation failure in simple_realloc() (bsc#1194869).
- powerpc/boot: Only free if realloc() succeeds (bsc#1194869).
- powerpc/code-patching: Add generic memory patching (bsc#1194869).
- powerpc/code-patching: Consolidate and cache per-cpu patching context (bsc#1194869).
- powerpc/code-patching: Do not call is_vmalloc_or_module_addr() without CONFIG_MODULES (bsc#1194869).
- powerpc/code-patching: Fix error handling in do_patch_instruction() (bsc#1194869).
- powerpc/code-patching: Fix oops with DEBUG_VM enabled (bsc#1194869).
- powerpc/code-patching: Fix unmap_patch_area() error handling (bsc#1194869).
- powerpc/code-patching: introduce patch_instructions() (bsc#1194869).
- powerpc/code-patching: Perform hwsync in __patch_instruction() in case of failure (bsc#1194869).
- powerpc/code-patching: Pre-map patch area (bsc#1194869).
- powerpc/code-patching: Remove #ifdef CONFIG_STRICT_KERNEL_RWX (bsc#1194869).
- powerpc/code-patching: Remove pr_debug()/pr_devel() messages and fix check() (bsc#1194869).
- powerpc/code-patching: Reorganise do_patch_instruction() to ease error handling (bsc#1194869).
- powerpc/code-patching: Speed up page mapping/unmapping (bsc#1194869).
- powerpc/code-patching: Use jump_label to check if poking_init() is done (bsc#1194869).
- powerpc/code-patching: Use temporary mm for Radix MMU (bsc#1194869).
- powerpc/code-patching: Use WARN_ON and fix check in poking_init (bsc#1194869).
- powerpc/ftrace: Use patch_instruction() return directly (bsc#1194869).
- powerpc/imc-pmu: Fix use of mutex in IRQs disabled section (bsc#1054914 git-fixes).
- powerpc/imc-pmu: Use the correct spinlock initializer (bsc#1054914 git-fixes).
- powerpc/inst: Refactor ___get_user_instr() (bsc#1194869).
- powerpc/kexec: Fix return of uninitialized variable (bsc#1194869).
- powerpc/lib: Add __init attribute to eligible functions (bsc#1194869).
- powerpc/mm: Fix boot crash with FLATMEM (bsc#1194869).
- powerpc/mm: Fix boot warning with hugepages and CONFIG_DEBUG_VIRTUAL (bsc#1194869).
- powerpc/mm/fault: Fix kfence page fault reporting (bsc#1194869).
- powerpc/powernv: Free name on error in opal_event_init() (bsc#1194869).
- powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore (bsc#1194869).
- powerpc/pseries: Fix KVM guest detection for disabling hardlockup detector (bsc#1194869).
- powerpc/tlb: Add local flush for page given mm_struct and psize (bsc#1194869).
- powerpc/vdso: augment VDSO32 functions to support 64 bits build (bsc#1194869).
- powerpc/vdso: Fix VDSO data access when running in a non-root time namespace (bsc#1194869).
- powerpc/vdso: Merge vdso64 and vdso32 into a single directory (bsc#1194869).
- powerpc/vdso: Rework VDSO32 makefile to add a prefix to object files (bsc#1194869).
- powerpc/xics: Check return value of kasprintf in icp_native_map_one_cpu (bsc#1194869).
- powerpc/xmon: Fix disassembly CPU feature checks (bsc#1065729).
- qed: avoid truncating work queue length (git-fixes).
- rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow (bsc#1226631).
- rcu: Add rcutree.nohz_full_patience_delay to reduce nohz_full (bsc#1231327)
- rdma/bnxt_re: Add a check for memory allocation (git-fixes)
- rdma/bnxt_re: Check cqe flags to know imm_data vs inv_irkey (git-fixes)
- rdma/bnxt_re: Fix a bug while setting up Level-2 PBL pages (git-fixes)
- rdma/bnxt_re: Fix incorrect AVID type in WQE structure (git-fixes)
- rdma/bnxt_re: Fix the GID table length (git-fixes)
- rdma/bnxt_re: Fix the max CQ WQEs for older adapters (git-fixes)
- rdma/bnxt_re: Fix the usage of control path spin locks (git-fixes)
- rdma/bnxt_re: Return more meaningful error (git-fixes)
- rdma/bnxt_re: synchronize the qp-handle table array (git-fixes)
- rdma/cxgb4: Dump vendor specific QP details (git-fixes)
- rdma/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (git-fixes)
- rdma/hns: Add clear_hem return value to log (git-fixes)
- rdma/hns: Add mutex_destroy() (git-fixes)
- rdma/hns: Fix an AEQE overflow error caused by untimely update of eq_db_ci (git-fixes)
- rdma/hns: Fix cpu stuck caused by printings during reset (git-fixes)
- rdma/hns: Fix different dgids mapping to the same dip_idx (git-fixes)
- rdma/hns: Fix flush cqe error when racing with destroy qp (git-fixes)
- rdma/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() (git-fixes)
- rdma/hns: Fix out-of-order issue of requester when setting FENCE (git-fixes)
- rdma/hns: Remove unnecessary QP type checks (git-fixes)
- rdma/hns: Remove unused abnormal interrupt of type RAS (git-fixes)
- rdma/hns: Use dev_* printings in hem code instead of ibdev_* (git-fixes)
- rdma/hns: Use macro instead of magic number (git-fixes)
- rdma/irdma: Fix misspelling of 'accept*' (git-fixes)
- rdma/mad: Improve handling of timed out WRs of mad agent (git-fixes)
- rdma/mana_ib: use the correct page size for mapping user-mode doorbell page (git-fixes).
- rdma/mana_ib: use the correct page table index based on hardware page size (git-fixes).
- rdma/mlx5: Move events notifier registration to be after device registration (git-fixes)
- rdma/mlx5: Round max_rd_atomic/max_dest_rd_atomic up instead of down (git-fixes)
- rdma/mlx5: Use sq timestamp as QP timestamp when RoCE is disabled (git-fixes).
- rdma/rtrs-srv: Avoid null pointer deref during path establishment (git-fixes)
- rdma/rxe: Fix the qp flush warnings in req (git-fixes)
- rdma/rxe: Set queue pair cur_qp_state when being queried (git-fixes)
- rdma/srpt: Make slab cache names unique (git-fixes)
- Removed the duplicated check of static_assert(sizeof(struct work_struct) >= sizeof(struct rcu_head)).
- Removed unnecessary white-space change in kernel/bpf/syscall.c
- Revert 'cgroup: Fix memory leak caused by missing cgroup_bpf_offline' (bsc#1234108).
- Revert 'ixgbe: Manual AN-37 for troublesome link partners for X550 SFI' (git-fixes).
- Revert 'KVM: Prevent module exit until all VMs are freed' (git-fixes).
- Revert 'mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K' (git-fixes).
- Revert 'usb: gadget: composite: fix OS descriptors w_value logic' (git-fixes).
- Revert 'usb: yurex: Replace snprintf() with the safer scnprintf() variant' (stable-fixes).
- Revert PM changes that caused a regression on S4 resume (bsc#1231578).
- rpm/check-for-config-changes: add HAVE_RUST and RUSTC_SUPPORTS_ to IGNORED_CONFIGS_RE They depend on SHADOW_CALL_STACK.
- rpm/check-for-config-changes: Exclude ARCH_USING_PATCHABLE_FUNCTION_ENTRY gcc version dependent, at least on ppc
- rpm/release-projects: Add SLFO projects (bsc#1231293).
- rpm/scripts: Remove obsolete Symbols.list Symbols.list is not longer needed by the new klp-convert implementation. (bsc#1218644)
- rtc: ab-eoz9: do not fail temperature reads on undervoltage notification (git-fixes).
- rtc: abx80x: Fix WDT bit position of the status register (git-fixes).
- rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (git-fixes).
- rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (bsc#1228747).
- s390/sclp_vt220: Convert newlines to CRLF instead of LFCR (git-fixes bsc#1232632).
- sched/isolation: Prevent boot crash when the boot CPU is (bsc#1231327)
- scsi: aacraid: Rearrange order of struct aac_srb_unit (git-fixes).
- scsi: core: alua: I/O errors for ALUA state transitions (git-fixes).
- scsi: core: Fix the return value of scsi_logical_block_count() (git-fixes).
- scsi: core: Handle devices which return an unusually large VPD page count (git-fixes).
- scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del() (git-fixes).
- scsi: fnic: Move flush_work initialization out of if block (bsc#1230055).
- scsi: hpsa: Fix allocation size for Scsi_Host private data (git-fixes).
- scsi: libsas: Fix exp-attached device scan after probe failure scanned in again after probe failed (git-fixes).
- scsi: libsas: Fix the failure of adding phy with zero-address to port (git-fixes).
- scsi: lpfc: Add cleanup of nvmels_wq after HBA reset (bsc#1233241).
- scsi: lpfc: Add ELS_RSP cmd to the list of WQEs to flush in lpfc_els_flush_cmd() (bsc#1232757).
- scsi: lpfc: Call lpfc_sli4_queue_unset() in restart and rmmod paths (bsc#1233241).
- scsi: lpfc: Change lpfc_nodelist nlp_flag member into a bitmask (bsc#1233241).
- scsi: lpfc: Check devloss callbk done flag for potential stale NDLP ptrs (bsc#1233241).
- scsi: lpfc: Check SLI_ACTIVE flag in FDMI cmpl before submitting follow up FDMI (bsc#1233241).
- scsi: lpfc: Copyright updates for 14.4.0.6 patches (bsc#1233241).
- scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance (bsc#1232757).
- scsi: lpfc: Fix kref imbalance on fabric ndlps from dev_loss_tmo handler (bsc#1232757).
- scsi: lpfc: Modify CGN warning signal calculation based on EDC response (bsc#1233241).
- scsi: lpfc: Prevent NDLP reference count underflow in dev_loss_tmo callback (bsc#1233241).
- scsi: lpfc: Remove NLP_RELEASE_RPI flag from nodelist structure (bsc#1233241).
- scsi: lpfc: Remove trailing space after \n newline (bsc#1232757).
- scsi: lpfc: Restrict support for 32 byte CDBs to specific HBAs (git-fixes).
- scsi: lpfc: Revise TRACE_EVENT log flag severities from KERN_ERR to KERN_WARNING (bsc#1232757).
- scsi: lpfc: Support loopback tests with VMID enabled (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.5 (bsc#1232757).
- scsi: lpfc: Update lpfc version to 14.4.0.6 (bsc#1233241).
- scsi: lpfc: Update lpfc_els_flush_cmd() to check for SLI_ACTIVE before BSG flag (bsc#1233241).
- scsi: lpfc: Update phba link state conditional before sending CMF_SYNC_WQE (bsc#1232757).
- scsi: mac_scsi: Disallow bus errors during PDMA send (git-fixes).
- scsi: mac_scsi: Refactor polling loop (git-fixes).
- scsi: mac_scsi: Revise printk(KERN_DEBUG ...) messages (git-fixes).
- scsi: mpi3mr: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: mpi3mr: Fix ATA NCQ priority support (git-fixes).
- scsi: mpt3sas: Avoid IOMMU page faults on REPORT ZONES (git-fixes).
- scsi: NCR5380: Check for phase match during PDMA fixup (git-fixes).
- scsi: qedf: Set qed_slowpath_params to zero before use (git-fixes).
- scsi: scsi_transport_fc: Allow setting rport state to current state (git-fixes).
- scsi: sd_zbc: Use kvzalloc() to allocate REPORT ZONES buffer (git-fixes).
- scsi: smartpqi: correct stream detection (git-fixes).
- scsi: smartpqi: revert propagate-the-multipath-failure-to-SML-quickly (git-fixes).
- scsi: spi: Fix sshdr use (git-fixes).
- scsi: wd33c93: Do not use stale scsi_pointer value (git-fixes).
- security/keys: fix slab-out-of-bounds in key_task_permission (git-fixes).
- selftests/bpf: Add a test case to write mtu result into .rodata (git-fixes).
- selftests/bpf: Add a test case to write strtol result into .rodata (git-fixes).
- selftests/bpf: Fix ARG_PTR_TO_LONG {half-,}uninitialized test (git-fixes).
- selftests/bpf: Rename ARG_PTR_TO_LONG test description (git-fixes).
- selftests/bpf: test for malformed BPF_CORE_TYPE_ID_LOCAL relocation (git-fixes).
- serial: 8250: omap: Move pm_runtime_get_sync (git-fixes).
- sfc: Check firmware supports Ethernet PTP filter (git-fixes).
- sfc: do not unregister flow_indr if it was never registered (git-fixes).
- sfc: fix a double-free bug in efx_probe_filters (git-fixes).
- signal: Replace BUG_ON()s (bsc#1234093).
- spi: atmel-quadspi: Fix register name in verbose logging function (git-fixes).
- spi: bcm63xx: Enable module autoloading (stable-fixes).
- spi: bcm63xx: Fix module autoloading (git-fixes).
- spi: Fix acpi deferred irq probe (git-fixes).
- spi: lpspi: release requested DMA channels (stable-fixes).
- spi: lpspi: Silence error message upon deferred probe (stable-fixes).
- spi: lpspi: Simplify some error message (git-fixes).
- spi: ppc4xx: Avoid returning 0 when failed to parse and map IRQ (git-fixes).
- spi: ppc4xx: handle irq_of_parse_and_map() errors (git-fixes).
- spi: s3c64xx: fix timeout counters in flush_fifo (git-fixes).
- spi: spi-fsl-lpspi: Undo runtime PM changes at driver exit time (git-fixes).
- spi: spi-imx: Fix pm_runtime_set_suspended() with runtime pm enabled (git-fixes).
- spi: spidev: Add missing spi_device_id for jg10309-01 (git-fixes).
- staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg() (git-fixes).
- static_call: Do not make __static_call_return0 static (git-fixes).
- sunrpc: clnt.c: Remove misleading comment (git-fixes).
- sunrpc: Fix integer overflow in decode_rc_list() (git-fixes).
- sunrpc: Fixup gss_status tracepoint error output (git-fixes).
- thermal: core: Initialize thermal zones before registering them (git-fixes).
- thermal: intel: int340x: processor: Fix warning during module unload (git-fixes).
- tpm: Lock TPM chip in tpm_pm_suspend() first (bsc#1082555 git-fixes).
- tracing: Consider the NULL character when validating the event length (git-fixes).
- tracing/hwlat: Fix a race during cpuhp processing (git-fixes).
- tracing/uprobes: Use trace_event_buffer_reserve() helper (git-fixes).
- tun: Fix xdp_rxq_info's queue_index when detaching (git-fixes).
- tun: prevent negative ifindex (git-fixes).
- ucounts: fix counter leak in inc_rlimit_get_ucounts() (bsc#1233460).
- Update config files (bsc#1218644). LIVEPATCH_IPA_CLONES=n => LIVEPATCH=n
- Update config files. Enabled IDPF for ARM64 (bsc#1221309)
- uprobe: avoid out-of-bounds memory access of fetching args (git-fixes).
- uprobes: encapsulate preparation of uprobe args buffer (git-fixes).
- usb: appledisplay: close race between probe and completion handler (stable-fixes).
- usb: chaoskey: fail open after removal (git-fixes).
- usb: chaoskey: Fix possible deadlock chaoskey_list_lock (git-fixes).
- usb: chipidea: udc: enable suspend interrupt after usb reset (stable-fixes).
- usb: dwc2: Adjust the timing of USB Driver Interrupt Registration in the Crashkernel Scenario (stable-fixes).
- usb: dwc3: core: Stop processing of pending events if controller is halted (git-fixes).
- usb: dwc3: gadget: Add missing check for single port RAM in TxFIFO resizing logic (git-fixes).
- usb: dwc3: gadget: Fix checking for number of TRBs left (git-fixes).
- usb: dwc3: gadget: Fix looping of queued SG entries (git-fixes).
- usb: ehci-spear: fix call balance of sehci clk handling routines (git-fixes).
- usb: gadget: core: force synchronous registration (git-fixes).
- usb: misc: cypress_cy7c63: check for short transfer (stable-fixes).
- usb: misc: yurex: fix race between read and write (stable-fixes).
- usb: musb: sunxi: Fix accessing an released usb phy (git-fixes).
- usb: phy: Fix API devm_usb_put_phy() can not release the phy (git-fixes).
- usb: serial: ftdi_sio: Fix atomicity violation in get_serial_info() (git-fixes).
- usb: serial: io_edgeport: fix use after free in debug printk (git-fixes).
- usb: serial: option: add Fibocom FG132 0x0112 composition (stable-fixes).
- usb: serial: option: add Quectel RG650V (stable-fixes).
- usb: serial: option: add support for Quectel EG916Q-GL (stable-fixes).
- usb: serial: option: add Telit FN920C04 MBIM compositions (stable-fixes).
- usb: serial: pl2303: add device id for Macrosilicon MS3020 (stable-fixes).
- usb: serial: qcserial: add support for Sierra Wireless EM86xx (stable-fixes).
- usb: storage: ignore bogus device raised by JieLi BR21 USB sound chip (stable-fixes).
- usb: typec: altmode should keep reference to parent (git-fixes).
- usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() (git-fixes).
- usb: typec: fix unreleased fwnode_handle in typec_port_register_altmodes() (git-fixes).
- usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() (git-fixes).
- usb: xhci: Fix problem with xhci resume from suspend (stable-fixes).
- usb: xhci: Fix TD invalidation under pending Set TR Dequeue (git-fixes).
- usb: yurex: Fix inconsistent locking bug in yurex_read() (git-fixes).
- usb: yurex: make waiting on yurex_write interruptible (git-fixes).
- usb: yurex: Replace snprintf() with the safer scnprintf() variant (stable-fixes).
- usbip: tools: Fix detach_port() invalid port error path (git-fixes).
- usbnet: ipheth: fix carrier detection in modes 1 and 4 (stable-fixes).
- Use pahole -j1 option for reproducible builds (bsc#1230414 bsc#1229450).
- vdpa/mlx5: preserve CVQ vringh index (git-fixes).
- vhost_vdpa: assign irq bypass producer token correctly (git-fixes).
- vhost/scsi: null-ptr-dereference in vhost_scsi_get_req() (git-fixes).
- virtio_console: fix misc probe bugs (git-fixes).
- virtio_net: fixing XDP for fully checksummed packets handling (git-fixes).
- virtio-net: synchronize probe with ndo_set_features (git-fixes).
- vmxnet3: add command to allow disabling of offloads (bsc#1226498).
- vmxnet3: add latency measurement support in vmxnet3 (bsc#1226498).
- vmxnet3: prepare for version 9 changes (bsc#1226498).
- vmxnet3: update to version 9 (bsc#1226498).
- vsock/virtio: fix packet delivery to tap device (git-fixes).
- watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() (git-fixes).
- watchdog: rti: of: honor timeout-sec property (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss1 (git-fixes).
- wifi: ath10k: fix invalid VHT parameters in supported_vht_mcs_rate_nss2 (git-fixes).
- wifi: ath10k: Fix memory leak in management tx (git-fixes).
- wifi: ath11k: fix array out-of-bound access in SoC stats (stable-fixes).
- wifi: ath11k: Fix invalid ring usage in full monitor mode (git-fixes).
- wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit (stable-fixes).
- wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (git-fixes).
- wifi: ath9k: fix parameter check in ath9k_init_debug() (stable-fixes).
- wifi: ath9k: fix possible integer overflow in ath9k_get_et_stats() (stable-fixes).
- wifi: ath9k: Remove error checks when creating debugfs entries (git-fixes).
- wifi: brcm80211: BRCM_TRACING should depend on TRACING (git-fixes).
- wifi: iwlegacy: Clear stale interrupts before resuming device (stable-fixes).
- wifi: iwlwifi: clear trans->state earlier upon error (stable-fixes).
- wifi: iwlwifi: lower message level for FW buffer destination (stable-fixes).
- wifi: iwlwifi: mvm: disconnect station vifs if recovery failed (stable-fixes).
- wifi: iwlwifi: mvm: fix iwl_mvm_scan_fits() calculation (stable-fixes).
- wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() (git-fixes).
- wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower (git-fixes).
- wifi: mac80211: skip non-uploaded keys in ieee80211_iter_keys (git-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext() (stable-fixes).
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (git-fixes).
- wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() (git-fixes).
- wifi: rtw88: select WANT_DEV_COREDUMP (stable-fixes).
- workqueue: Avoid using isolated cpus' timers on (bsc#1231327)
- workqueue: mark power efficient workqueue as unbounded if (bsc#1231327)
- x86/bugs: Do not use UNTRAIN_RET with IBPB on entry (git-fixes).
- x86/bugs: Skip RSB fill at VMEXIT (git-fixes).
- x86/cpufeatures: Add a IBPB_NO_RET BUG flag (git-fixes).
- x86/cpufeatures: Define X86_FEATURE_AMD_IBPB_RET (git-fixes).
- x86/entry: Have entry_ibpb() invalidate return predictions (git-fixes).
- x86/hyperv: Set X86_FEATURE_TSC_KNOWN_FREQ when Hyper-V provides frequency (git-fixes).
- x86/kaslr: Expose and use the end of the physical memory address space (bsc#1230405).
- x86/kvm: fix is_stale_page_fault() (bsc#1221333).
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (bsc#1216813).
- xhci: Fix incorrect stream context type macro (git-fixes).
- xhci: Fix Link TRB DMA in command ring stopped completion event (git-fixes).
- xhci: Mitigate failed set dequeue pointer commands (git-fixes).
- xhci: Separate PORT and CAPs macros into dedicated file (stable-fixes).
- xhci: Use pm_runtime_get to prevent RPM on unsupported systems (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2024:4377-1
Released: Thu Dec 19 07:10:53 2024
Summary: Feature update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: feature
Severity: low
References: 1232024
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Add amazon-dracut-config, google-dracut-config, microsoft-dracut-config to Public Cloud 15-SP[3-6] channels (bsc#1232024)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4378-1
Released: Thu Dec 19 08:23:55 2024
Summary: Recommended update for aaa_base
Type: recommended
Severity: moderate
References: 1203617
This update for aaa_base fixes the following issues:
- Added Midnigh Commander helpers for tcsh and bash resources (bsc#1203617)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4383-1
Released: Thu Dec 19 09:05:03 2024
Summary: Recommended update for grub2
Type: recommended
Severity: moderate
References: 1231604,1232573
This update for grub2 fixes the following issues:
- xen-debug Subpackage Created: Debug files (with the .module suffix) previously included in the main xen package have
been moved to a separate xen-debug subpackage (bsc#1232573)
- minix Filesystem Misdetection Fixed: Addressed an issue where leftover data on disk could cause a misdetection and
errors (bsc#1231604)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4386-1
Released: Thu Dec 19 15:04:16 2024
Summary: Security update for avahi
Type: security
Severity: moderate
References: 1226586,1233420,CVE-2024-52616
This update for avahi fixes the following issues:
- CVE-2024-52616: Fixed Avahi Wide-Area DNS Predictable Transaction IDs (bsc#1233420)
Other fixes:
- no longer supply bogus services to callbacks (bsc#1226586).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4403-1
Released: Fri Dec 20 16:42:05 2024
Summary: Recommended update for libzypp
Type: recommended
Severity: moderate
References: 1234749
This update for libzypp fixes the following issues:
- Url: queryparams without value should not have a trailing '='
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:4410-1
Released: Mon Dec 23 12:19:40 2024
Summary: Recommended update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: recommended
Severity: moderate
References: 1234708
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Fix support level to L3 (bsc#1234708)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:29-1
Released: Tue Jan 7 11:41:20 2025
Summary: Security update for python-Jinja2
Type: security
Severity: important
References: 1234809,CVE-2024-56326
This update for python-Jinja2 fixes the following issues:
- CVE-2024-56326: Fixed sandbox breakout through indirect reference to format method (bsc#1234809)
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:73-1
Released: Mon Jan 13 07:10:00 2025
Summary: Recommended update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config
Type: recommended
Severity: moderate
References: 1232024
This update for amazon-dracut-config, google-dracut-config, microsoft-dracut-config fixes the following issues:
- Add amazon-dracut-config, google-dracut-config, microsoft-dracut-config to MicroOS 5.1, 5.2 and Micro 5.3, 5.4, 5.5 channels (bsc#1232024)
- Move dracut config files to usr/lib/ dir
- Add provides and conflicts on generic name dracut-instance-change-config
- Rename config for nvme for consistency
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:76-1
Released: Mon Jan 13 10:42:05 2025
Summary: Recommended update for containerd
Type: recommended
Severity: moderate
References:
This update for containerd fixes the following issues:
containerd was updated from version 1.7.21 to 1.7.23:
- Changes in version 1.7.23:
* Highlights:
+ Added error definition aliases
+ Allow proxy plugins to have capabilities
+ Revert a previous errdefs package migration
* Container Runtime Interface (CRI):
+ Added check for CNI plugins before tearing down pod network
* Image Distribution:
+ Fixed the race condition during GC of snapshots when client retries
* Full Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.23
- Changes in version 1.7.22:
* Highlights:
+ Build and Release Toolchain
+ Updated Go (go1.22.7 and go1.23.1)
* Container Runtime Interface (CRI):
+ Added a fix for decreasing cumulative stats
* Runtime:
+ Fixed bug where init exits were being dropped
+ Update runc binary to 1.1.14
* Full Upstream release notes: https://github.com/containerd/containerd/releases/tag/v1.7.22
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:148-1
Released: Thu Jan 16 17:00:45 2025
Summary: Recommended update for cryptsetup
Type: recommended
Severity: moderate
References: 1234273
This update for cryptsetup fixes the following issue:
- luksFormat succeeds despite creating corrupt device (bsc#1234273).
* Add a better warning if luksFormat ends with image without any space for data.
* Print warning early if LUKS container is too small for activation.
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:196-1
Released: Tue Jan 21 09:34:32 2025
Summary: Security update for dhcp
Type: security
Severity: moderate
References: 1192020
This update for dhcp fixes the following issues:
- Fixed dhcp not starting in case group nogroup is missing (bsc#1192020)
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:201-1
Released: Tue Jan 21 13:51:32 2025
Summary: Security update for the Linux Kernel
Type: security
Severity: important
References: 1170891,1173139,1185010,1190358,1190428,1203332,1205521,1209288,1209798,1211593,1211595,1214635,1215304,1215523,1216813,1216909,1219608,1222878,1223044,1225758,1225820,1226694,1228190,1229809,1230422,1230697,1231388,1231453,1231854,1232045,1232157,1232166,1232419,1232436,1232472,1232823,1233038,1233050,1233070,1233096,1233127,1233200,1233239,1233324,1233467,1233468,1233469,1233485,1233547,1233550,1233558,1233564,1233568,1233637,1233642,1233701,1233769,1233837,1234072,1234073,1234075,1234076,1234077,1234087,1234120,1234156,1234219,1234220,1234240,1234241,1234281,1234282,1234294,1234338,1234357,1234437,1234464,1234605,1234639,1234650,1234727,1234811,1234827,1234834,1234843,1234846,1234853,1234856,1234891,1234912,1234920,1234921,1234960,1234963,1234971,1234973,1235004,1235035,1235037,1235039,1235054,1235056,1235061,1235073,1235220,1235224,1235246,1235507,CVE-2021-47202,CVE-2022-36280,CVE-2022-48742,CVE-2022-49033,CVE-2022-49035,CVE-2023-1382,CVE-2023-33951,CVE-2023-33952,CV
E-2023-52920,CVE-2024-24860,CVE-2024-26886,CVE-2024-26924,CVE-2024-36915,CVE-2024-42232,CVE-2024-44934,CVE-2024-47666,CVE-2024-47678,CVE-2024-49944,CVE-2024-49952,CVE-2024-50018,CVE-2024-50143,CVE-2024-50154,CVE-2024-50166,CVE-2024-50181,CVE-2024-50202,CVE-2024-50211,CVE-2024-50256,CVE-2024-50262,CVE-2024-50278,CVE-2024-50279,CVE-2024-50280,CVE-2024-50296,CVE-2024-53051,CVE-2024-53055,CVE-2024-53056,CVE-2024-53064,CVE-2024-53072,CVE-2024-53090,CVE-2024-53095,CVE-2024-53101,CVE-2024-53113,CVE-2024-53114,CVE-2024-53119,CVE-2024-53120,CVE-2024-53122,CVE-2024-53125,CVE-2024-53130,CVE-2024-53131,CVE-2024-53142,CVE-2024-53146,CVE-2024-53150,CVE-2024-53156,CVE-2024-53157,CVE-2024-53158,CVE-2024-53161,CVE-2024-53162,CVE-2024-53173,CVE-2024-53179,CVE-2024-53206,CVE-2024-53210,CVE-2024-53213,CVE-2024-53214,CVE-2024-53239,CVE-2024-53240,CVE-2024-53241,CVE-2024-56539,CVE-2024-56548,CVE-2024-56549,CVE-2024-56570,CVE-2024-56571,CVE-2024-56575,CVE-2024-56598,CVE-2024-56604,CVE-2024-56605,CVE-2024-
56619,CVE-2024-56755,CVE-2024-8805
The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes.
The following security bugs were fixed:
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-48742: rtnetlink: make sure to refresh master_dev/m_ops in __rtnl_newlink() (bsc#1226694).
- CVE-2022-49033: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() (bsc#1232045).
- CVE-2023-1382: Fixed denial of service in tipc_conn_close (bsc#1209288).
- CVE-2023-33951: Fixed a race condition that could have led to an information disclosure inside the vmwgfx driver (bsc#1211593).
- CVE-2023-33952: Fixed a double free that could have led to a local privilege escalation inside the vmwgfx driver (bsc#1211595).
- CVE-2023-52920: bpf: support non-r10 register spill/fill to/from stack in precision tracking (bsc#1232823).
- CVE-2024-26886: Bluetooth: af_bluetooth: Fix deadlock (bsc#1223044).
- CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (bsc#1225820).
- CVE-2024-36915: nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies (bsc#1225758).
- CVE-2024-44934: net: bridge: mcast: wait for previous gc cycles when removing port (bsc#1229809).
- CVE-2024-47666: scsi: pm80xx: Set phy->enable_completion only when we wait for it (bsc#1231453).
- CVE-2024-47678: icmp: change the order of rate limits (bsc#1231854).
- CVE-2024-49944: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start (bsc#1232166).
- CVE-2024-49952: netfilter: nf_tables: prevent nf_skb_duplicated corruption (bsc#1232157).
- CVE-2024-50018: net: napi: Prevent overflow of napi_defer_hard_irqs (bsc#1232419).
- CVE-2024-50143: udf: fix uninit-value use in udf_get_fileshortad (bsc#1233038).
- CVE-2024-50166: fsl/fman: Fix refcount handling of fman-related devices (bsc#1233050).
- CVE-2024-50181: clk: imx: Remove CLK_SET_PARENT_GATE for DRAM mux for i.MX7D (bsc#1233127).
- CVE-2024-50202: nilfs2: propagate directory read errors from nilfs_find_entry() (bsc#1233324).
- CVE-2024-50211: udf: refactor inode_bmap() to handle error (bsc#1233096).
- CVE-2024-50256: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (bsc#1233200).
- CVE-2024-50262: bpf: Fix out-of-bounds write in trie_get_next_key() (bsc#1233239).
- CVE-2024-50278, CVE-2024-50280: dm cache: fix flushing uninitialized delayed_work on cache_ctr error (bsc#1233467 bsc#1233469).
- CVE-2024-50278: dm cache: fix potential out-of-bounds access on the first resume (bsc#1233467).
- CVE-2024-50279: dm cache: fix out-of-bounds access to the dirty bitset when resizing (bsc#1233468).
- CVE-2024-50296: net: hns3: fix kernel crash when uninstalling driver (bsc#1233485).
- CVE-2024-53051: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability (bsc#1233547).
- CVE-2024-53055: wifi: iwlwifi: mvm: fix 6 GHz scan construction (bsc#1233550).
- CVE-2024-53056: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() (bsc#1233568).
- CVE-2024-53064: idpf: fix idpf_vc_core_init error path (bsc#1233558 bsc#1234464).
- CVE-2024-53072: platform/x86/amd/pmc: Detect when STB is not available (bsc#1233564).
- CVE-2024-53090: afs: Fix lock recursion (bsc#1233637).
- CVE-2024-53095: smb: client: Fix use-after-free of network namespace (bsc#1233642).
- CVE-2024-53101: fs: Fix uninitialized value issue in from_kuid and from_kgid (bsc#1233769).
- CVE-2024-53113: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof (bsc#1234077).
- CVE-2024-53114: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client (bsc#1234072).
- CVE-2024-53119: virtio/vsock: Fix accept_queue memory leak (bsc#1234073).
- CVE-2024-53122: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (bsc#1234076).
- CVE-2024-53125: bpf: sync_linked_regs() must preserve subreg_def (bsc#1234156).
- CVE-2024-53130: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint (bsc#1234219).
- CVE-2024-53131: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint (bsc#1234220).
- CVE-2024-53146: NFSD: Prevent a potential integer overflow (bsc#1234853).
- CVE-2024-53150: ALSA: usb-audio: Fix out of bounds reads when finding clock sources (bsc#1234834).
- CVE-2024-53156: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() (bsc#1234846).
- CVE-2024-53157: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware (bsc#1234827).
- CVE-2024-53158: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() (bsc#1234811).
- CVE-2024-53161: EDAC/bluefield: Fix potential integer overflow (bsc#1234856).
- CVE-2024-53162: crypto: qat/qat_4xxx - fix off by one in uof_get_name() (bsc#1234843).
- CVE-2024-53173: NFSv4.0: Fix a use-after-free problem in the asynchronous open() (bsc#1234891).
- CVE-2024-53179: smb: client: fix use-after-free of signing key (bsc#1234921).
- CVE-2024-53210: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (bsc#1234971).
- CVE-2024-53213: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation (bsc#1234973).
- CVE-2024-53214: vfio/pci: Properly hide first-in-list PCIe extended capability (bsc#1235004).
- CVE-2024-53239: ALSA: 6fire: Release resources at card release (bsc#1235054).
- CVE-2024-53240: xen/netfront: fix crash when removing device (bsc#1234281).
- CVE-2024-53241: x86/xen: use new hypercall functions instead of hypercall page (XSA-466 bsc#1234282).
- CVE-2024-56539: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() (bsc#1234963).
- CVE-2024-56548: hfsplus: do not query the device logical block size multiple times (bsc#1235073).
- CVE-2024-56549: cachefiles: Fix NULL pointer dereference in object->file (bsc#1234912).
- CVE-2024-56570: ovl: Filter invalid inodes with missing lookup function (bsc#1235035).
- CVE-2024-56571: media: uvcvideo: Require entities to have a non-zero unique ID (bsc#1235037).
- CVE-2024-56575: media: imx-jpeg: Ensure power suppliers be suspended before detach them (bsc#1235039).
- CVE-2024-56598: jfs: array-index-out-of-bounds fix in dtReadFirst (bsc#1235220).
- CVE-2024-56604: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() (bsc#1235056).
- CVE-2024-56605: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() (bsc#1235061).
- CVE-2024-56619: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (bsc#1235224).
- CVE-2024-56755: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING (bsc#1234920).
The following non-security bugs were fixed:
- ACPI/HMAT: Move HMAT messages to pr_debug() (bsc#1234294)
- Documentation: Add x86/amd_hsmp driver (jsc#PED-1295).
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet (git-fixes).
- Drop a couple of block layer git-fixes (bsc#1170891 bsc#1173139)
- KVM: x86: fix sending PV IPI (git-fixes).
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget (git-fixes).
- NFSD: Fix nfsd4_shutdown_copy() (git-fixes).
- NFSD: Move fill_pre_wcc() and fill_post_wcc() (bsc#1234650 bsc#1233701 bsc#1232472).
- NFSD: Prevent NULL dereference in nfsd4_process_cb_update() (git-fixes).
- NFSD: Prevent a potential integer overflow (git-fixes).
- NFSD: reduce locking in nfsd_lookup() (bsc#1234650 bsc#1233701 bsc#1232472).
- NFSv4.0: Fix a use-after-free problem in the asynchronous open() (git-fixes).
- PCI: vmd: Fix secondary bus reset for Intel bridges (git-fixes).
- RDMA/hns: Disassociate mmap pages for all uctx when HW is being reset (git-fixes)
- README: Clean-up trailing whitespace
- SUNRPC: make sure cache entry active before cache_show (git-fixes).
- amd_hsmp: Add HSMP protocol version 5 messages (jsc#PED-1295).
- arm64: Ensure bits ASID[15:8] are masked out when the kernel uses (bsc#1234605)
- arm64: dts: allwinner: pinephone: Add mount matrix to accelerometer (git-fixes).
- arm64: dts: rockchip: Fix LED triggers on rk3308-roc-cc (git-fixes).
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards (git-fixes).
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator (git-fixes).
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion (git-fixes).
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 (git-fixes).
- autofs: fix memory leak of waitqueues in autofs_catatonic_mode (git-fixes).
- autofs: use flexible array in ioctl structure (git-fixes).
- devlink: allow registering parameters after the instance (bsc#1231388 bsc#1230422).
- devlink: do not require setting features before registration (bsc#1231388 bsc#1230422).
- dma-fence: Fix reference leak on fence merge failure path (git-fixes).
- dmaengine: idxd: Check for driver name match before sva user feature (bsc#1234357).
- dmaengine: idxd: add wq driver name support for accel-config user tool (bsc#1234357).
- drm/sti: Add __iomem for mixer_dbg_mxn's parameter (git-fixes).
- drm/v3d: Enable Performance Counters before clearing them (git-fixes).
- exfat: fix uninit-value in __exfat_get_dentry_set (git-fixes).
- fixup 'rpm: support gz and zst compression methods' once more (bsc#1190428, bsc#1190358) Fixes: 3b8c4d9bcc24 ('rpm: support gz and zst compression methods') Fixes: 23510fce36ec ('fixup 'rpm: support gz and zst compression methods'')
- hfsplus: do not query the device logical block size multiple times (git-fixes).
- idpf: add support for SW triggered interrupts (bsc#1235507).
- idpf: enable WB_ON_ITR (bsc#1235507).
- idpf: trigger SW interrupt when exiting wb_on_itr mode (bsc#1235507).
- ipc/sem: Fix dangling sem_array access in semtimedop race (bsc#1234727).
- jffs2: Fix rtime decompressor (git-fixes).
- jffs2: Prevent rtime decompress memory corruption (git-fixes).
- jffs2: fix use of uninitialized variable (git-fixes).
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree (git-fixes).
- jfs: array-index-out-of-bounds fix in dtReadFirst (git-fixes).
- jfs: fix array-index-out-of-bounds in jfs_readdir (git-fixes).
- jfs: fix shift-out-of-bounds in dbSplit (git-fixes).
- jfs: xattr: check invalid xattr size more strictly (git-fixes).
- kabi/severities: ignore intermodule symbols between fsl_fman and fsl_dpaa_eth
- kernel-binary: do not BuildIgnore m4. It is actually needed for regenerating zconf when it is not up-to-date due to merge.
- kobject: Add sanity check for kset->kobj.ktype in kset_register() (bsc#1234639).
- memory: tegra: Add API for retrieving carveout bounds (jsc#PED-1763).
- mm/kfence: reset PG_slab and memcg_data before freeing __kfence_pool (bsc#1234120).
- mmc: core: Further prevent card detect during shutdown (git-fixes).
- net/ipv6: release expired exception dst cached in socket (bsc#1216813).
- net: mana: Increase the DEF_RX_BUFFERS_PER_QUEUE to 1024 (bsc#1235246).
- nfsd: make sure exp active before svc_export_show (git-fixes).
- nfsd: remove unsafe BUG_ON from set_change_info (bsc#1234650 bsc#1233701 bsc#1232472).
- nfsd: restore callback functionality for NFSv4.0 (git-fixes).
- nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() (git-fixes).
- nilfs2: prevent use of deleted inode (git-fixes).
- ocfs2: uncache inode which has failed entering the group (bsc#1234087).
- phy: tegra: p2u: Set ENABLE_L2_EXIT_RATE_CHANGE in calibration (jsc#PED-1763).
- platform/x86: Add AMD system management interface (jsc#PED-1295).
- proc/softirqs: replace seq_printf with seq_put_decimal_ull_width (git-fixes).
- pwm: tegra: Improve required rate calculation (jsc#PED-1763).
- regmap: detach regmap from dev on regmap_exit (git-fixes).
- rpm/kernel-binary.spec.in: Fix build regression The previous fix forgot to take over grep -c option that broke the conditional expression
- scatterlist: fix incorrect func name in kernel-doc (git-fixes).
- scripts/git_sort/git_sort.py: add tegra DRM and linux-pwm repo
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (git-fixes).
- serial: tegra: Read DMA status before terminating (jsc#PED-1763).
- smb: client: fix TCP timers deadlock after rmmod (git-fixes) [hcarvalho: this fixes issue discussed in bsc#1233642].
- spi: mpc52xx: Add cancel_work_sync before module remove (git-fixes).
- sunrpc: simplify two-level sysctl registration for svcrdma_parm_table (git-fixes).
- supported.conf: add bsc1185010 dependency
- supported.conf: hyperv_drm (jsc#sle-19733)
- svcrdma: Address an integer overflow (git-fixes).
- svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() (git-fixes).
- tpm_tis_spi: Release chip select when flow control fails (bsc#1234338)
- ubifs: Correct the total block count by deducting journal reservation (git-fixes).
- ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit (git-fixes).
- udf: Handle error when adding extent to a file (bsc#1234437).
- udf: refactor udf_current_aext() to handle error (bsc#1234240).
- udf: refactor udf_next_aext() to handle error (bsc#1234241).
- usb: roles: Call try_module_get() from usb_role_switch_find_by_fwnode() (git-fixes).
- usb: typec: tps6598x: Fix return value check in tps6598x_probe() (git-fixes).
- x86/bug: Merge annotate_reachable() into _BUG_FLAGS() asm (git-fixes).
- x86/fpu/xsave: Handle compacted offsets correctly with supervisor states (git-fixes).
- x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation (git-fixes).
- x86/fpu: Remove unused supervisor only offsets (git-fixes).
- x86/kvm: Do not use pv tlb/ipi/sched_yield if on 1 vCPU (git-fixes).
- x86/mce/inject: Avoid out-of-bounds write when setting flags (git-fixes).
- x86/mce: Allow instrumentation during task work queueing (git-fixes).
- x86/mce: Mark mce_end() noinstr (git-fixes).
- x86/mce: Mark mce_panic() noinstr (git-fixes).
- x86/mce: Mark mce_read_aux() noinstr (git-fixes).
- x86/mm: Flush global TLB when switching to trampoline page-table (git-fixes).
- x86/sev: Make enc_dec_hypercall() accept a size instead of npages (bsc#1214635).
- x86/sgx: Free backing memory after faulting the enclave page (git-fixes).
- x86/sgx: Silence softlockup detection when releasing large enclaves (git-fixes).
- x86/uaccess: Move variable into switch case statement (git-fixes).
- x86: Annotate call_on_stack() (git-fixes).
- xfs: can't use kmem_zalloc() for attribute buffers (bsc#1216909).
- zonefs: fix zone report size in __zonefs_io_error() (git-fixes).
-----------------------------------------------------------------
Advisory ID: SUSE-OU-2025:218-1
Released: Wed Jan 22 04:33:35 2025
Summary: Optional update for augeas
Type: optional
Severity: moderate
References:
This update ships the augeas commandline tool and the augeas-lenses to SUSE Linux Enterprise Micro 5.5.
-----------------------------------------------------------------
Advisory ID: SUSE-feature-2025:224-1
Released: Wed Jan 22 12:31:25 2025
Summary: Feature update for zypper, libzypp
Type: feature
Severity: low
References:
This update for zypper, libzypp fixes the following issues:
- info: Allow to query a specific version (jsc#PED-11268)
To query for a specific version simply append '-<version>' or
'-<version>-<release>' to the '<name>' pattern. Note that the
edition part must always match exactly.
- version 1.14.79
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2025:225-1
Released: Wed Jan 22 15:31:54 2025
Summary: Recommended update for vim
Type: recommended
Severity: moderate
References: 1234214,1234245,1234333
This update for vim fixes the following issues:
- Fix for migration problems related to 'xxd', a subpackages of vim (bsc#1234333 / bsc#1234214 / bsc#1234245).
Package 'xxd' has been obsoleted by Vim, as it provides the xxd
files directly.
However, because the 'Obsoletes' entry was versioned, depending on
which version of 'xxd' that is installed, the 'Obsoletes' isn't
actually triggered. Thus, there is a conflict between 'vim' and
'xxd' in these cases.
Fixing this by removing the version completely. The 'vim' package
should always replace 'xxd', even if people are migrating from an
older SLE15 service pack which has the exact same version.
The following package changes have been done:
- aaa_base-84.87+git20180409.04c9dae-150300.10.23.1 updated
- containerd-ctr-1.7.23-150000.120.1 updated
- containerd-1.7.23-150000.120.1 updated
- crypto-policies-20210917.c9d86d1-150400.3.8.1 updated
- curl-8.0.1-150400.5.59.1 updated
- dhcp-client-4.3.6.P1-150000.6.22.1 updated
- dhcp-4.3.6.P1-150000.6.22.1 updated
- docker-26.1.5_ce-150000.212.1 updated
- grub2-i386-pc-2.06-150500.29.37.1 updated
- grub2-x86_64-efi-2.06-150500.29.37.1 updated
- grub2-2.06-150500.29.37.1 updated
- hwdata-0.390-150000.3.74.2 updated
- kernel-default-5.14.21-150500.55.91.1 updated
- libaugeas0-1.12.0-150400.3.5.1 updated
- libavahi-client3-0.8-150400.7.20.1 updated
- libavahi-common3-0.8-150400.7.20.1 updated
- libcryptsetup12-2.4.3-150400.3.6.2 updated
- libcurl4-8.0.1-150400.5.59.1 updated
- libexpat1-2.4.4-150400.3.25.1 updated
- libglib-2_0-0-2.70.5-150400.3.17.1 updated
- libpython3_6m1_0-3.6.15-150300.10.78.1 updated
- libsolv-tools-base-0.7.31-150500.6.5.1 updated
- libsolv-tools-0.7.31-150500.6.5.1 updated
- libsystemd0-249.17-150400.8.46.1 updated
- libudev1-249.17-150400.8.46.1 updated
- libuv1-1.44.2-150500.3.5.1 updated
- libzypp-17.35.16-150500.6.33.1 updated
- microsoft-dracut-config-0.0.4-150300.7.9.2 added
- python3-Jinja2-2.10.1-150000.3.18.1 updated
- python3-base-3.6.15-150300.10.78.1 updated
- python3-3.6.15-150300.10.78.1 updated
- rsyslog-module-relp-8.2306.0-150400.5.33.1 updated
- rsyslog-8.2306.0-150400.5.33.1 updated
- samba-client-libs-4.17.12+git.485.dd39ea0501e-150500.3.26.5 updated
- socat-1.8.0.0-150400.14.6.1 updated
- suseconnect-ng-1.13.0-150500.3.32.1 updated
- systemd-sysvinit-249.17-150400.8.46.1 updated
- systemd-249.17-150400.8.46.1 updated
- udev-249.17-150400.8.46.1 updated
- vim-data-common-9.1.0836-150500.20.18.1 updated
- vim-9.1.0836-150500.20.18.1 updated
- wget-1.20.3-150000.3.26.1 updated
- zypper-1.14.79-150500.6.17.1 updated
More information about the sle-container-updates
mailing list